fix: Dockerfile to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN12-GNUTLS28-8705121
- https://snyk.io/vuln/SNYK-DEBIAN12-LIBTASN16-8689970
- https://snyk.io/vuln/SNYK-DEBIAN12-ZLIB-6008963
- https://snyk.io/vuln/SNYK-DEBIAN12-KRB5-8679228
- https://snyk.io/vuln/SNYK-DEBIAN12-GLIBC-8658672

.gitea/workflows/build.yaml

@@ -31,17 +31,6 @@ jobs:
         run: echo "POETRY_VERSION=$(poetry version --short)" >> $GITHUB_ENV
       - name: Build and push Docker image
         run: |
-          docker build -t ajurna/cbwebreader:${{ env.POETRY_VERSION }} .
+          docker build -t ajurna/cbwebreader:latest -t ajurna/cbwebreader:${{ env.POETRY_VERSION }} .
           docker push ajurna/cbwebreader:${{ env.POETRY_VERSION }}
-#      - name: Build and push version
-#        uses: docker/build-push-action@v4
-#        with:
-#          context: .
-#          push: true
-#          tags: ajurna/cbwebreader:latest
-#      - name: Build and push latest
-#        uses: docker/build-push-action@v4
-#        with:
-#          context: .
-#          push: true
-#          tags: ajurna/cbwebreader:${{poetry version -s}}
+          docker push ajurna/cbwebreader:latest

Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.10-slim-bullseye
+FROM python:3.13.2-slim-bookworm
 
 ENV PYTHONFAULTHANDLER=1 \
     PYTHONHASHSEED=random \
@@ -15,17 +15,17 @@ WORKDIR /src
 
 COPY . /src/
 
+RUN  echo "deb http://ftp.uk.debian.org/debian bookworm non-free non-free-firmware" > /etc/apt/sources.list.d/non-free.list
+
+
 RUN apt update \
-    && apt install -y software-properties-common \
-    && apt-add-repository non-free \
-    && apt update \
-    && apt install -y npm cron unrar libmariadb-dev libpq-dev pkg-config \
+    && apt install -y npm cron unrar libmariadb-dev libpq-dev pkg-config swig \
     && pip install --upgrade pip \
     && pip install -r requirements.txt \
     && cd frontend \
     && npm install \
     && npm run build \
-    && apt remove -y npm software-properties-common pkg-config \
+    && apt remove -y npm software-properties-common pkg-config swig \
     && rm -r node_modules \
     && apt -y auto-remove \
     && apt clean \

build.ps1

@@ -1,4 +1,4 @@
 poetry export --without-hashes -f requirements.txt --output requirements.txt
 $version=poetry version -s
-docker build . --no-cache -t ajurna/cbwebreader -t ajurna/cbwebreader:$version
+docker build .  -t ajurna/cbwebreader -t ajurna/cbwebreader:$version
 docker push ajurna/cbwebreader --all-tags

cbreader/settings/base.py

@@ -191,10 +191,13 @@ BOOTSTRAP4 = {
     },
 }
 CSP_DEFAULT_SRC = ("'none'",)
-CSP_STYLE_SRC = ("'self'", "'sha256-MBVp6JYxbC/wICelYC6eULCRpgi9kGezXXSaq/TS2+I='")
+CSP_STYLE_SRC = (
+    "'self'",
+    "'unsafe-inline'"
+)
 CSP_IMG_SRC = ("'self'", "data:")
 CSP_FONT_SRC = ("'self'",)
-CSP_SCRIPT_SRC = ("'self'",)
+CSP_SCRIPT_SRC = ("'self'", "'sha256-IYBrMxCTJ62EwagLTIRncEIpWwTmoXcXkqv3KZm/Wik='")
 CSP_CONNECT_SRC = ("'self'",)
 CSP_INCLUDE_NONCE_IN = ['script-src']
 CSP_SCRIPT_SRC_ATTR = ("'self'",)  # "'unsafe-inline'")

docker-compose.yml

@@ -13,7 +13,7 @@ services:
     expose:
       - 8000
     volumes:
-      - ${COMIC_BOOK_VOLUME}:${COMIC_BOOK_VOLUME}
+      - ${COMIC_BOOK_VOLUME}:/comics
 #      - c:/comics:/comics
       - static_files:/static
       - media_files:/media
@@ -35,7 +35,7 @@ services:
 #    command: /bin/bash entrypoint-cron.sh
 
   database:
-    image: postgres:14-alpine
+    image: postgres:16-alpine
     expose:
       - 5432
     volumes:

pyproject.toml

@@ -3,36 +3,36 @@ line_length = 119
 
 [tool.poetry]
 name = "cbwebreader"
-version = "1.1.6"
+version = "1.1.8"
 description = "CBR/Z Web Reader"
 authors = ["ajurna <ajurna@gmail.com>"]
 license = "Creative Commons Attribution-ShareAlike 4.0 International License"
 
 [tool.poetry.dependencies]
-python = "^3.10"
+python = "^3.12"
 Django = "^4.1"
-gunicorn = "^20.0.4"
-dj-database-url = "^1.3.0"
+gunicorn = "^21.2.0"
+dj-database-url = "^2.1.0"
 python-dotenv = "^1.0.0"
 loguru = "^0.7.0"
 django-silk = "^5.0.0"
 mysqlclient = "^2.0.1"
-psycopg2 = "^2.9.6"
+psycopg2-binary = "^2.9.6"
 rarfile = "^4.0"
 django-extensions = "^3.2.1"
-Pillow = "^9.3.0"
-django-imagekit = "^4.0.2"
+Pillow = "^10.0.1"
+django-imagekit = "^5.0.0"
 PyMuPDF = "~1.20.2"
 django-bootstrap4 = "^23.1"
 django-csp = "^3.7"
 django-boost = "^2.1"
-django-sri = "^0.5.0"
+django-sri = "^0.7.0"
 django-permissions-policy = "^4.15.0"
 djangorestframework = "^3.13.1"
 django-filter = "^23.1"
-django-cors-headers = "^3.14.0"
+django-cors-headers = "^4.2.0"
 djangorestframework-simplejwt = "^5.2.0"
-django-webpack-loader = "^1.6.0"
+django-webpack-loader = "^2.0.1"
 drf-yasg = "^1.20.0"
 drf-extensions = "^0.7.1"
 

requirements.txt

@@ -1,49 +1,46 @@
-asgiref==3.7.2 ; python_version >= "3.10" and python_version < "4.0"
-autopep8==2.0.4 ; python_version >= "3.10" and python_version < "4.0"
-beautifulsoup4==4.12.2 ; python_version >= "3.10" and python_version < "4.0"
-colorama==0.4.6 ; python_version >= "3.10" and python_version < "4.0" and sys_platform == "win32"
-dj-database-url==1.3.0 ; python_version >= "3.10" and python_version < "4.0"
-django-appconf==1.0.5 ; python_version >= "3.10" and python_version < "4.0"
-django-boost==2.1 ; python_version >= "3.10" and python_version < "4.0"
-django-bootstrap4==23.2 ; python_version >= "3.10" and python_version < "4.0"
-django-cors-headers==3.14.0 ; python_version >= "3.10" and python_version < "4.0"
-django-csp==3.7 ; python_version >= "3.10" and python_version < "4.0"
-django-extensions==3.2.3 ; python_version >= "3.10" and python_version < "4.0"
-django-filter==23.2 ; python_version >= "3.10" and python_version < "4.0"
-django-imagekit==4.1.0 ; python_version >= "3.10" and python_version < "4.0"
-django-permissions-policy==4.17.0 ; python_version >= "3.10" and python_version < "4.0"
-django-silk==5.0.3 ; python_version >= "3.10" and python_version < "4.0"
-django-sri==0.5.0 ; python_version >= "3.10" and python_version < "4.0"
-django-webpack-loader==1.8.1 ; python_version >= "3.10" and python_version < "4.0"
-django==4.2.4 ; python_version >= "3.10" and python_version < "4.0"
-djangorestframework-simplejwt==5.3.0 ; python_version >= "3.10" and python_version < "4.0"
-djangorestframework==3.14.0 ; python_version >= "3.10" and python_version < "4.0"
-drf-extensions==0.7.1 ; python_version >= "3.10" and python_version < "4.0"
-drf-yasg==1.21.7 ; python_version >= "3.10" and python_version < "4.0"
-gprof2dot==2022.7.29 ; python_version >= "3.10" and python_version < "4.0"
-gunicorn==20.1.0 ; python_version >= "3.10" and python_version < "4.0"
-inflection==0.5.1 ; python_version >= "3.10" and python_version < "4.0"
-loguru==0.7.0 ; python_version >= "3.10" and python_version < "4.0"
-mysqlclient==2.2.0 ; python_version >= "3.10" and python_version < "4.0"
-packaging==23.1 ; python_version >= "3.10" and python_version < "4.0"
-pilkit==2.0 ; python_version >= "3.10" and python_version < "4.0"
-pillow==9.5.0 ; python_version >= "3.10" and python_version < "4.0"
-psycopg2==2.9.7 ; python_version >= "3.10" and python_version < "4.0"
-pycodestyle==2.11.0 ; python_version >= "3.10" and python_version < "4.0"
-pyjwt==2.8.0 ; python_version >= "3.10" and python_version < "4.0"
-pymupdf==1.20.2 ; python_version >= "3.10" and python_version < "4.0"
-python-dotenv==1.0.0 ; python_version >= "3.10" and python_version < "4.0"
-pytz==2023.3 ; python_version >= "3.10" and python_version < "4.0"
-pyyaml==6.0.1 ; python_version >= "3.10" and python_version < "4.0"
-rarfile==4.0 ; python_version >= "3.10" and python_version < "4.0"
-setuptools==68.1.2 ; python_version >= "3.10" and python_version < "4.0"
-six==1.16.0 ; python_version >= "3.10" and python_version < "4.0"
-soupsieve==2.4.1 ; python_version >= "3.10" and python_version < "4.0"
-sqlparse==0.4.4 ; python_version >= "3.10" and python_version < "4.0"
-tomli==2.0.1 ; python_version >= "3.10" and python_version < "3.11"
-typing-extensions==4.7.1 ; python_version >= "3.10" and python_version < "4.0"
-tzdata==2023.3 ; python_version >= "3.10" and python_version < "4.0" and sys_platform == "win32"
-ua-parser==0.18.0 ; python_version >= "3.10" and python_version < "4.0"
-uritemplate==4.1.1 ; python_version >= "3.10" and python_version < "4.0"
-user-agents==2.2.0 ; python_version >= "3.10" and python_version < "4.0"
-win32-setctime==1.1.0 ; python_version >= "3.10" and python_version < "4.0" and sys_platform == "win32"
+asgiref==3.7.2 ; python_version >= "3.12" and python_version < "4.0"
+autopep8==2.0.4 ; python_version >= "3.12" and python_version < "4.0"
+beautifulsoup4==4.12.2 ; python_version >= "3.12" and python_version < "4.0"
+colorama==0.4.6 ; python_version >= "3.12" and python_version < "4.0" and sys_platform == "win32"
+dj-database-url==2.1.0 ; python_version >= "3.12" and python_version < "4.0"
+django-appconf==1.0.5 ; python_version >= "3.12" and python_version < "4.0"
+django-boost==2.1 ; python_version >= "3.12" and python_version < "4.0"
+django-bootstrap4==23.2 ; python_version >= "3.12" and python_version < "4.0"
+django-cors-headers==4.2.0 ; python_version >= "3.12" and python_version < "4.0"
+django-csp==3.7 ; python_version >= "3.12" and python_version < "4.0"
+django-extensions==3.2.3 ; python_version >= "3.12" and python_version < "4.0"
+django-filter==23.3 ; python_version >= "3.12" and python_version < "4.0"
+django-imagekit==5.0.0 ; python_version >= "3.12" and python_version < "4.0"
+django-permissions-policy==4.17.0 ; python_version >= "3.12" and python_version < "4.0"
+django-silk==5.0.4 ; python_version >= "3.12" and python_version < "4.0"
+django-sri==0.7.0 ; python_version >= "3.12" and python_version < "4.0"
+django-webpack-loader==2.0.1 ; python_version >= "3.12" and python_version < "4.0"
+django==4.2.5 ; python_version >= "3.12" and python_version < "4.0"
+djangorestframework-simplejwt==5.3.0 ; python_version >= "3.12" and python_version < "4.0"
+djangorestframework==3.14.0 ; python_version >= "3.12" and python_version < "4.0"
+drf-extensions==0.7.1 ; python_version >= "3.12" and python_version < "4.0"
+drf-yasg==1.21.7 ; python_version >= "3.12" and python_version < "4.0"
+gprof2dot==2022.7.29 ; python_version >= "3.12" and python_version < "4.0"
+gunicorn==21.2.0 ; python_version >= "3.12" and python_version < "4.0"
+inflection==0.5.1 ; python_version >= "3.12" and python_version < "4.0"
+loguru==0.7.2 ; python_version >= "3.12" and python_version < "4.0"
+mysqlclient==2.2.0 ; python_version >= "3.12" and python_version < "4.0"
+packaging==23.2 ; python_version >= "3.12" and python_version < "4.0"
+pilkit==3.0 ; python_version >= "3.12" and python_version < "4.0"
+pillow==10.0.1 ; python_version >= "3.12" and python_version < "4.0"
+psycopg2-binary==2.9.9 ; python_version >= "3.12" and python_version < "4.0"
+pycodestyle==2.11.0 ; python_version >= "3.12" and python_version < "4.0"
+pyjwt==2.8.0 ; python_version >= "3.12" and python_version < "4.0"
+pymupdf==1.20.2 ; python_version >= "3.12" and python_version < "4.0"
+python-dotenv==1.0.0 ; python_version >= "3.12" and python_version < "4.0"
+pytz==2023.3.post1 ; python_version >= "3.12" and python_version < "4.0"
+pyyaml==6.0.1 ; python_version >= "3.12" and python_version < "4.0"
+rarfile==4.1 ; python_version >= "3.12" and python_version < "4.0"
+soupsieve==2.5 ; python_version >= "3.12" and python_version < "4.0"
+sqlparse==0.4.4 ; python_version >= "3.12" and python_version < "4.0"
+typing-extensions==4.8.0 ; python_version >= "3.12" and python_version < "4.0"
+tzdata==2023.3 ; python_version >= "3.12" and python_version < "4.0" and sys_platform == "win32"
+ua-parser==0.18.0 ; python_version >= "3.12" and python_version < "4.0"
+uritemplate==4.1.1 ; python_version >= "3.12" and python_version < "4.0"
+user-agents==2.2.0 ; python_version >= "3.12" and python_version < "4.0"
+win32-setctime==1.1.0 ; python_version >= "3.12" and python_version < "4.0" and sys_platform == "win32"