fix setuptools CVE

Signed-off-by: wwanarif <[email protected]>

Author: wwanarif

app-backend/Dockerfile

@@ -1,14 +1,10 @@
-
-
-# Copyright (C) 2024 Intel Corporation
-# SPDX-License-Identifier: Apache-2.0
-
 FROM python:3.11-slim
 
 RUN apt-get update -y && apt-get install -y --no-install-recommends --fix-missing \
-    libgl1-mesa-glx \
-    libjemalloc-dev \
-    git
+    libgl1-mesa-glx=22.3.6-1+deb12u1 \
+    libjemalloc-dev=5.3.0-1 \
+    git=1:2.39.5-0+deb12u1 && \
+    rm -rf /var/lib/apt/lists/*
 
 RUN useradd -m -s /bin/bash user && \
     mkdir -p /home/user && \
@@ -18,7 +14,7 @@ WORKDIR /home/user/
 RUN git clone https://github.com/opea-project/GenAIComps.git
 
 WORKDIR /home/user/GenAIComps
-RUN pip install --no-cache-dir --upgrade pip && \
+RUN pip install --no-cache-dir --upgrade pip==24.3.1 setuptools==75.3.0 && \
     pip install --no-cache-dir -r /home/user/GenAIComps/requirements.txt
 
 COPY ./app_gateway.py /home/user/app_gateway.py

app-frontend/Dockerfile

@@ -3,18 +3,16 @@
 
 # Use node 20.11.1 as the base image
 FROM node:20.11.1 AS vite-app
- 
+
 COPY react /usr/app/react
 WORKDIR /usr/app/react
 
-RUN ["npm", "install"]
-RUN ["npm", "run", "build"]
-
+RUN npm install && npm run build
 
 FROM nginx:alpine
 
 # Install uuidgen in the nginx:alpine image
-RUN apk add --no-cache util-linux
+RUN apk add --no-cache util-linux=2.40.1-r1
 
 COPY --from=vite-app /usr/app/react/dist /usr/share/nginx/html
 COPY ./react/env.sh /docker-entrypoint.d/env.sh

studio-backend/Dockerfile

@@ -1,14 +1,15 @@
 # Use an official Python runtime as a parent image
-FROM python:3.9-slim
+FROM python:3.11-slim
 
 # Set the working directory in the container
 WORKDIR /usr/src/
 
 # Copy the current directory contents into the container at /usr/src/app
 COPY app /usr/src/app
 
-# Install any needed packages specified in requirements.txt
-RUN pip install --no-cache-dir -r /usr/src/app/requirements.txt
+# Upgrade setuptools to a safe version and install any needed packages specified in requirements.txt
+RUN pip install --no-cache-dir --upgrade pip==24.3.1 setuptools==75.3.0 && \
+    pip install --no-cache-dir -r /usr/src/app/requirements.txt
 
 # Define environment variable
 ENV PORT=5000

studio-frontend/Dockerfile

@@ -1,34 +1,26 @@
-# Build local monorepo image
-# docker build --no-cache -t  flowise .
-
-# Run image
-# docker run -d -p 3000:3000 flowise
-
 FROM node:20-alpine
-RUN apk add --update libc6-compat python3 make g++
-# needed for pdfjs-dist
-RUN apk add --no-cache build-base cairo-dev pango-dev
-
-# Install Chromium
-RUN apk add --no-cache chromium
 
-#install PNPM globaly
-RUN npm install -g pnpm
+# Install necessary packages
+RUN apk add --no-cache gcompat=1.1.0-r4 python3=3.12.7-r0 make=4.4.1-r2 g++=13.2.1_git20240309-r0 \
+    # Needed for pdfjs-dist
+    build-base=0.5-r3 cairo-dev=1.18.0-r0 pango-dev=1.52.2-r0 \
+    # Install Chromium
+    chromium=130.0.6723.116-r0 && \
+    # Install PNPM globally
+    npm install -g [email protected]
 
 ENV PUPPETEER_SKIP_DOWNLOAD=true
 ENV PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium-browser
-
 ENV NODE_OPTIONS=--max-old-space-size=8192
 
 WORKDIR /usr/src
 
 # Copy app source
 COPY . .
 
-RUN pnpm install
-
-RUN pnpm build
+# Install dependencies and build the app
+RUN pnpm install && pnpm build
 
 EXPOSE 3000
 
-CMD [ "pnpm", "start" ]
+CMD ["pnpm", "start"]