Remove tornado key + remove nodejs once copied into playwright + remove old semver module (#402)

2025-04-02 08:58:11 +02:00 · 2023-09-05 19:18:35 -07:00 · 2023-09-05 19:18:35 -07:00 · 630386c8c4
commit 630386c8c4
parent b06e53a51e
2 changed files with 12 additions and 0 deletions
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@ -29,12 +29,19 @@ RUN apt-get update
 RUN apt-get install nodejs -y
 # replace nodejs packaged with playwright (18.17.0) with the one installed above
 RUN cp /usr/bin/node /usr/local/lib/python3.11/site-packages/playwright/driver/node
+# remove nodejs (except for the binary we moved into playwright)
+RUN apt-get remove -y nodejs

 # Cleanup for CVEs and size reduction
 RUN apt-get remove -y linux-libc-dev \
    && apt-get autoremove -y \
    && rm -rf /var/lib/apt/lists/*

+# Remove tornado test key to placate vulnerability scanners
+# More details can be found here:
+# https://github.com/tornadoweb/tornado/issues/3107
+RUN rm /usr/local/lib/python3.11/site-packages/tornado/test/test.key
+
 WORKDIR /app
 COPY ./danswer /app/danswer
 COPY ./alembic /app/alembic
--- a/web/Dockerfile
+++ b/web/Dockerfile
@ -39,6 +39,11 @@ RUN npm run build
 FROM base AS runner
 WORKDIR /app

+# Remove global node modules, since they are not needed by the actual app
+# (all dependencies are copied over into the `/app` dir itself). These
+# global modules may be outdated and trigger security scans.
+RUN rm -rf /usr/local/lib/node_modules
+
 # Not needed, set by compose 
 # ENV NODE_ENV production