Fix vulnerabilities (#281)

Author: danyi1212

Dockerfile

@@ -66,7 +66,7 @@ RUN if [ -f /custom/custom_opa.tar.gz ]; \
 # MAIN IMAGE ----------------------------------------
 # Main image setup (optimized)
 # ---------------------------------------------------
-FROM python:3.10-alpine AS main
+FROM python:3.10-alpine3.22 AS main
 
 WORKDIR /app
 
@@ -79,6 +79,7 @@ RUN mkdir -p /app/backup && chmod -R 777 /app/backup
 
 # Install necessary libraries in a single RUN command
 RUN apk update && \
+    apk upgrade && \
     apk add --no-cache bash build-base libffi-dev libressl-dev musl-dev zlib-dev gcompat wget
 
 # Copy OPA binary from the build stage

Makefile

@@ -2,6 +2,8 @@
 
 .DEFAULT_GOAL := help
 
+VERSION ?= next
+
 prepare:
 ifndef VERSION
 	$(error You must set VERSION variable to build local image)
@@ -23,6 +25,9 @@ build-amd64: prepare
 build-arm64: prepare
 	@docker buildx build --platform linux/arm64 -t permitio/pdp-v2:$(VERSION) . --load
 
+build: prepare
+	@docker buildx build -t permitio/pdp-v2:$(VERSION) . --load
+
 run: run-prepare
 	@docker run -it --rm -p 7766:7000 --env PDP_API_KEY=$(API_KEY) --env PDP_DEBUG=true permitio/pdp-v2:$(VERSION)
 

requirements.txt

@@ -1,8 +1,10 @@
-aiohttp>=3.10.11,<4
-fastapi>=0.109.1,<1
+aiohttp>=3.12.14,<4
+fastapi>=0.115.6,<1
 Jinja2>=3.1.2,<4
 pydantic[email]>=1.9.1,<2
-requests>=2.31.0,<3
+requests>=2.32.4,<3
+urllib3>=2.5.0,<3
+gunicorn>=23.0.0,<24
 tenacity>=8.0.1,<9
 typer>=0.4.1,<1
 uvicorn[standard]>=0.17.6,<1
@@ -14,5 +16,5 @@ httpx>=0.27.0,<1
 # TODO: change to use re2 in the future, currently not supported in alpine due to c++ library issues
 # google-re2 # use re2 instead of re for regex matching because it's simiplier and safer for user inputted regexes
 protobuf>=3.20.2 # not directly required, pinned by Snyk to avoid a vulnerability
-opal-common==0.8.2
-opal-client==0.8.2
+opal-common==0.8.3
+opal-client==0.8.3