Skip to content

Commit b45f8b9

Browse files
rahuldass19rahuldass19
committed
fix(docker): upgrade pip and wheel to patch CVE-2026-24049 (Critical) and CVE-2025-8869 
1 parent c44ec2d commit b45f8b9

File tree

1 file changed

+5
-0
lines changed

1 file changed

+5
-0
lines changed

Dockerfile

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,11 @@ RUN apt-get update && apt-get install -y --no-install-recommends gosu dos2unix &
2525
# Copy requirements file first to leverage cache
2626
COPY requirements.txt /app/requirements.txt
2727

28+
# Vulnerability Fix: Upgrade pip and wheel to patch base image CVEs
29+
# CVE-2026-24049 (Critical): wheel<=0.46.1 -> 0.46.2
30+
# CVE-2025-8869 (Medium): pip==24.0 -> latest
31+
RUN pip install --no-cache-dir --upgrade "pip>=25.0" "wheel>=0.46.2"
32+
2833
# Install dependencies with hash verification
2934
# Vulnerability Fix: Pin versions with hashes to prevent supply chain attacks
3035
RUN pip install --no-cache-dir --require-hashes -r /app/requirements.txt

0 commit comments

Comments
 (0)