From e33ba6d7460f7b3da0b22b1c59025395a0bca325 Mon Sep 17 00:00:00 2001
From: Giulio Giunta <56529931+giulio-giunta@users.noreply.github.com>
Date: Sun, 2 Jun 2024 14:08:38 +0100
Subject: [PATCH] Update dependencies version (#729)

* fix: docker/development/Dockerfile to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6032386
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6032386
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6055795
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6055795
- https://snyk.io/vuln/SNYK-ALPINE318-SQLITE-6179217

* Upgraded base image in Dockerfiles to solve vulnerabilities

* Reverted base image tag and added line to upgrade dependencies in the image; upgraded dependency in requirements.txt

* Updated executor image tag

* Updated dependency version

* Updated dependency version

* Updated dependency version

* Updated dependency version

* Updated Django version

* Updated deprecated keys in circleci config and executor image tag

* Updated executor image tag

---------

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
---
 .circleci/config.yml          | 10 +++++-----
 docker/backend/Dockerfile     |  6 ++++--
 docker/development/Dockerfile |  2 ++
 docker/proxy/Dockerfile       |  4 +++-
 requirements.txt              | 10 +++++-----
 5 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index e6bf0a5a..2c8160a6 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -8,7 +8,7 @@ jobs:
     steps:
       - checkout
       - setup_remote_docker:
-          version: 20.10.14
+          version: default
       - run:
           name: Skip ci
           command: |
@@ -49,13 +49,13 @@ jobs:
           name: Run Snyk scan on backend image
           command: |
             snyk test --docker geekzone/backend:$TAG --severity-threshold=high --fail-on=all
-      - deploy:
+      - run:
           name: Push frontend image to Docker Hub
           background: true
           command: |
             docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
             docker push geekzone/frontend:$TAG
-      - deploy:
+      - run:
           name: Push backend image to Docker Hub
           command: |
             docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
@@ -72,7 +72,7 @@ jobs:
 
   deploy-test:
     docker:
-      - image: "geekzone/infra:0.1.410"
+      - image: "geekzone/infra:0.1.421"
     environment:
       TAG: 0.1.<< pipeline.number >>
     steps:
@@ -109,7 +109,7 @@ jobs:
 
   deploy-prod:
     docker:
-      - image: "geekzone/infra:0.1.410"
+      - image: "geekzone/infra:0.1.421"
     environment:
       TAG: 0.1.<< pipeline.number >>
     steps:
diff --git a/docker/backend/Dockerfile b/docker/backend/Dockerfile
index 65a598ea..f1f868c4 100644
--- a/docker/backend/Dockerfile
+++ b/docker/backend/Dockerfile
@@ -1,11 +1,13 @@
-FROM python:3.12.0rc2-alpine
+FROM python:3.13.0a5-alpine
 
 RUN apk update && \
     apk add --update --virtual build-deps gcc libc-dev linux-headers && \
-    apk add jpeg-dev zlib-dev libpq python3-dev && \
+    apk add jpeg-dev zlib-dev libpq=16.2-r1 python3-dev && \
     apk add postgresql-dev && \
     apk add netcat-openbsd
 
+RUN apk upgrade
+
 ENV PYTHONDONTWRITEBYTECODE 1
 ENV PYTHONUNBUFFERED 1
 
diff --git a/docker/development/Dockerfile b/docker/development/Dockerfile
index 75b3d640..8cd000f4 100644
--- a/docker/development/Dockerfile
+++ b/docker/development/Dockerfile
@@ -6,6 +6,8 @@ RUN apk update && \
     apk add postgresql-dev && \
     apk add netcat-openbsd
 
+RUN apk upgrade
+
 RUN apk add --update nodejs-current npm
 
 ENV PYTHONDONTWRITEBYTECODE 1
diff --git a/docker/proxy/Dockerfile b/docker/proxy/Dockerfile
index cab5d5f7..153c8bc1 100644
--- a/docker/proxy/Dockerfile
+++ b/docker/proxy/Dockerfile
@@ -6,6 +6,8 @@ RUN apk update && \
     apk add postgresql-dev && \
     apk add netcat-openbsd
 
+RUN apk upgrade
+
 WORKDIR /usr/src/app
 
 COPY . .
@@ -14,7 +16,7 @@ RUN ["python", "manage.py", "collectstatic"]
 
 CMD [ "gunicorn", "web.wsgi", "-b 0.0.0.0:8000" ]
 
-FROM nginx:1.25.3-alpine3.18
+FROM nginx:alpine
 
 RUN apk update && apk upgrade
 
diff --git a/requirements.txt b/requirements.txt
index c32f0853..c0715a4c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,22 +4,22 @@ beautifulsoup4==4.9.3
 cached-property==1.5.2
 certifi==2023.7.22
 chardet==4.0.0
-Django==4.2.7
+Django==4.2.11
 django-environ==0.4.5
 django-extensions==3.1.1
 django-livereload-server~=0.3
 django-probes~=1.6
 django-tailwind~=3.3.0
 django-widget-tweaks~=1.4
-idna==2.10
+idna==3.7
 importlib-metadata>=6.6.0
-Pillow==10.0.1
-psycopg2==2.9.6
+Pillow==10.3.0
+psycopg[c]==3.1.18
 pytz==2023.3
 requests==2.31.0
 six==1.16.0
 soupsieve~=2.2
-sqlparse==0.4.4
+sqlparse==0.5.0
 stripe==5.4.0
 tornado==6.3.3
 urllib3>=2.0.7