update dependencies to fix various high/critical security vulnerabilities

2025-07-02 11:50:37 +08:00 · 2024-07-31 13:20:33 -07:00
parent d671c78233
commit 346ea8fbae
2 changed files with 12 additions and 12 deletions
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -1,4 +1,4 @@
-FROM python:3.10 as base
+FROM python:3.10 AS base

 WORKDIR /app
 ADD pyproject.toml .
@ -6,36 +6,36 @@ ADD requirements.txt .
 RUN pip install . && rm pyproject.toml requirements.txt
 ENV PYTHONPATH=/app

-FROM base as github_app
+FROM base AS github_app
 ADD pr_agent pr_agent
 CMD ["python", "-m", "gunicorn", "-k", "uvicorn.workers.UvicornWorker", "-c", "pr_agent/servers/gunicorn_config.py", "--forwarded-allow-ips", "*", "pr_agent.servers.github_app:app"]

-FROM base as bitbucket_app
+FROM base AS bitbucket_app
 ADD pr_agent pr_agent
 CMD ["python", "pr_agent/servers/bitbucket_app.py"]

-FROM base as bitbucket_server_webhook
+FROM base AS bitbucket_server_webhook
 ADD pr_agent pr_agent
 CMD ["python", "pr_agent/servers/bitbucket_server_webhook.py"]

-FROM base as github_polling
+FROM base AS github_polling
 ADD pr_agent pr_agent
 CMD ["python", "pr_agent/servers/github_polling.py"]

-FROM base as gitlab_webhook
+FROM base AS gitlab_webhook
 ADD pr_agent pr_agent
 CMD ["python", "pr_agent/servers/gitlab_webhook.py"]

-FROM base as azure_devops_webhook
+FROM base AS azure_devops_webhook
 ADD pr_agent pr_agent
 CMD ["python", "pr_agent/servers/azuredevops_server_webhook.py"]

-FROM base as test
+FROM base AS test
 ADD requirements-dev.txt .
 RUN pip install -r requirements-dev.txt && rm requirements-dev.txt
 ADD pr_agent pr_agent
 ADD tests tests

-FROM base as cli
+FROM base AS cli
 ADD pr_agent pr_agent
 ENTRYPOINT ["python", "pr_agent/cli.py"]
--- a/requirements.txt
+++ b/requirements.txt
@ -1,4 +1,4 @@
-aiohttp==3.9.1
+aiohttp==3.9.4
 anthropic[vertex]==0.21.3
 atlassian-python-api==3.41.4
 azure-devops==7.1.0b3
@ -6,7 +6,7 @@ azure-identity==1.15.0
 boto3==1.33.6
 dynaconf==3.2.4
 fastapi==0.111.0
-GitPython==3.1.32
+GitPython==3.1.41
 google-cloud-aiplatform==1.38.0
 google-cloud-storage==2.10.0
 Jinja2==3.1.2
@ -24,7 +24,7 @@ tiktoken==0.7.0
 ujson==5.8.0
 uvicorn==0.22.0
 tenacity==8.2.3
-gunicorn==20.1.0
+gunicorn==22.0.0
 # Uncomment the following lines to enable the 'similar issue' tool
 # pinecone-client
 # pinecone-datasets @ git+https://github.com/mrT23/pinecone-datasets.git@main