highperfocused/danswer
1
0
Fork 0
mirror of https://github.com/danswer-ai/danswer.git synced 2025-09-27 20:38:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

Remove py library due to denial of service CVE (#391)

Browse Source
This commit is contained in:
Yuhong Sun
2023-09-03 16:36:13 -07:00
committed by GitHub
parent 884f746211
commit c28f4d4527
2 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
backend/Dockerfile
View File

@@ -8,6 +8,10 @@ RUN apt-get update \
COPY ./requirements/default.txt /tmp/requirements.txt COPY ./requirements/default.txt /tmp/requirements.txt
RUN pip install --no-cache-dir --upgrade -r /tmp/requirements.txt RUN pip install --no-cache-dir --upgrade -r /tmp/requirements.txt
# Remove py which is pulled in by retry, py is not needed and is a CVE
RUN pip uninstall py
RUN playwright install chromium RUN playwright install chromium
RUN playwright install-deps chromium RUN playwright install-deps chromium

4
backend/requirements/default.txt
View File

@@ -37,9 +37,9 @@ python-multipart==0.0.6
qdrant-client==1.2.0 qdrant-client==1.2.0
requests==2.31.0 requests==2.31.0
requests-oauthlib==1.3.1 requests-oauthlib==1.3.1
retry==0.9.2 retry==0.9.2 # This pulls in py which is in CVE-2022-42969, must remove py from image
rfc3986==1.5.0 rfc3986==1.5.0
# need to pin `safetensors` version, since the latest versions require # need to pin `safetensors` version, since the latest versions requires
# building from source using Rust # building from source using Rust
safetensors==0.3.1 safetensors==0.3.1
sentence-transformers==2.2.2 sentence-transformers==2.2.2