From 8206d7c4834a71a231c61ef740fde4bfe83a0105 Mon Sep 17 00:00:00 2001
From: Ashley Sommer <ashleysommer@gmail.com>
Date: Sat, 12 Oct 2024 10:06:49 +1000
Subject: [PATCH] Fix dockerfile python package versions

---
 Dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 991b340..d2e9ce3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -5,6 +5,8 @@ LABEL org.opencontainers.image.source="https://github.com/RDFLib/pySHACL"
 LABEL maintainer="ashleysommer@gmail.com"
 RUN apk add --no-cache --update tini-static cython
 RUN apk add --no-cache --update --virtual build-dependencies build-base libffi-dev python3-dev py3-cffi
+# Update to latest setuptools and pip in /usr/local/lib to mitigate CVE-2024-6345
+RUN pip3 install -U pip setuptools
 WORKDIR /home/pyshacl
 RUN addgroup -g 1000 -S pyshacl &&\
     adduser --disabled-password --gecos "" --home "$(pwd)" --ingroup "pyshacl" --no-create-home --uid 1000 pyshacl