fix: CVE caused by h11 python lib (#449)

2025-08-04 16:37:24 +08:00
parent 3fe4031531
commit f78d297311
3 changed files with 4 additions and 22 deletions
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@ -33,9 +33,8 @@ RUN apk add --no-cache --virtual .python-build-deps build-base py3-pip git && \
    # Activate venv and install packages
    . /app/.venv/bin/activate && \
    # If you want to use other third-party libraries, you can install them here.
-    pip install git+https://gitcode.com/gh_mirrors/re/requests-async.git@master && \
    pip install urllib3==1.26.16 && \
-    pip install --no-cache-dir pillow==11.2.1 pdfplumber==0.11.7 python-docx==1.2.0 numpy==2.3.1 && \
+    pip install --no-cache-dir h11==0.16.0 httpx==0.28.1 pillow==11.2.1 pdfplumber==0.11.7 python-docx==1.2.0 numpy==2.3.1 && \
    # Deactivate (optional, as RUN is a new shell)
    # deactivate && \
    # Remove build dependencies
--- a/backend/domain/workflow/internal/nodes/code/code.go
+++ b/backend/domain/workflow/internal/nodes/code/code.go
@ -108,8 +108,8 @@ var pythonBuiltinBlacklist = map[string]struct{}{
 // If you want to use other third-party libraries, you can add them to this whitelist.
 // And you also need to install them in `/scripts/setup/python.sh` and `/backend/Dockerfile` via `pip install`.
 var pythonThirdPartyWhitelist = map[string]struct{}{
-	"requests_async": {},
-	"numpy":          {},
+	"httpx": {},
+	"numpy": {},
 }

 type Config struct {