From d713c23769b4daa2a8166b716b5157a30d90c55f Mon Sep 17 00:00:00 2001 From: Daniil Yaroslavtsev Date: Wed, 21 May 2025 15:42:31 +0200 Subject: [PATCH 1/3] LLM-6233 Fix Docker CIS compliance rule [4.7 Ensure update instructions are not use alone in the Dockerfile] --- Dockerfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1ae4dc03..977f577e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,9 +31,7 @@ ENV TZ=Asia/Jerusalem RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone RUN echo "Updated on 2 Apr 2024" # Change to force apt to update the cache -RUN apt-get -y update && apt-get -y upgrade - -RUN apt-get install -y software-properties-common && add-apt-repository ppa:deadsnakes/ppa && \ +RUN set -x && apt-get -qqy update && apt-get install -y software-properties-common && add-apt-repository ppa:deadsnakes/ppa && \ apt install -y git python3.11 python3.11-dev python3.11-distutils curl g++ libpq-dev && \ curl -sS https://bootstrap.pypa.io/get-pip.py | python3.11 From 5ebdc9edc217f3ff543e3e5c7d76d756bcae4a52 Mon Sep 17 00:00:00 2001 From: Daniil Yaroslavtsev Date: Wed, 21 May 2025 15:56:34 +0200 Subject: [PATCH 2/3] LLM-6233 Fix Docker CIS compliance rule [4.4: Ensure images are scanned and rebuilt to include security patches] --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 977f577e..4dad1107 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,7 @@ # along with Deepchecks. If not, see . # ---------------------------------------------------------------------------- -FROM --platform=$BUILDPLATFORM node:16.15-alpine3.14 AS frontend +FROM --platform=$BUILDPLATFORM node:20.10-alpine3.19 AS frontend WORKDIR /code From e514cdd953bad97ef31a86d48abe1b598f168a33 Mon Sep 17 00:00:00 2001 From: DovnarAlexander Date: Mon, 26 May 2025 09:38:32 +0300 Subject: [PATCH 3/3] fixed license versions (added comments & excludes) --- .github/workflows/license-check.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/license-check.yml b/.github/workflows/license-check.yml index 25bee6a1..26820d67 100644 --- a/.github/workflows/license-check.yml +++ b/.github/workflows/license-check.yml @@ -50,7 +50,7 @@ jobs: with: requirements: "backend/requirements-all.txt" fail: "Copyleft,Other,Error" - exclude: '(category_encoders.*2\.7\..*|attrs.*25\.3\..*|referencing.*0\.36\..*|envier.*0\.5\.0|psycopg2.*2\.9\.3|fqdn.*1\.5\.1|pyzmq.*25\.1\.2|debugpy.*1\.6\.7|certifi.*2025\.1\.31|tqdm.*4\.67\..*|webencodings.*0\.5\.1|torch.*1\.10\.2.*|torch.*1\.11\.0.*|pytorch-ignite.*0\.4\.10.*|torchaudio.*0\.11\.0.*|torchvision.*0\.12\.0.*|terminado.*0\.15\.0|qudida.*0\.0\.4|expiringdict.*1\.2\.2|botocore.*1\.29\.80|orderedmultidict.*1\.0\.1|termcolor.*3\.0\.1|pillow.*11\.2\.1|deepchecks.*)' + exclude: '(category_encoders.*2\.7\..*|attrs.*25\.3\..*|referencing.*0\.36\..*|envier.*0\.5\.0|psycopg2.*2\.9\.3|fqdn.*1\.5\.1|pyzmq.*25\.1\.2|debugpy.*1\.6\.7|certifi.*2025\.4\.26|tqdm.*4\.67\..*|webencodings.*0\.5\.1|torch.*1\.10\.2.*|torch.*1\.11\.0.*|pytorch-ignite.*0\.4\.10.*|torchaudio.*0\.11\.0.*|torchvision.*0\.12\.0.*|terminado.*0\.15\.0|qudida.*0\.0\.4|expiringdict.*1\.2\.2|botocore.*1\.29\.80|orderedmultidict.*1\.0\.1|termcolor.*3\.1\.0|pillow.*11\.2\.1|jsonschema-specifications.*2025\.4\.1|types-python-dateutil.*|deepchecks.*)' # psycopg2 is LGPL 2 # category_encoders is BSD https://github.com/scikit-learn-contrib/category_encoders/tree/master?tab=BSD-3-Clause-1-ov-file # attrs is MIT https://github.com/python-attrs/attrs/blob/main/LICENSE @@ -66,6 +66,8 @@ jobs: # terminado is BSD https://github.com/jupyter/terminado/blob/main/LICENSE # termcolor is MIT https://github.com/termcolor/termcolor/blob/main/COPYING.txt # orderedmultidict is freeley distributed https://github.com/gruns/orderedmultidict/blob/master/LICENSE.md + # jsonschema-specifications not found license, no License file in the repository + # types-python-dateutil not found license, no correct licence in the package spec - name: Print report if: ${{ always() }} run: echo "${{ steps.license_check_report.outputs.report }}"