update dependencies of sample apps to fix security vulnerability (#660)

* update dependencies of sample apps to fix security vulnerability Signed-off-by: Johnson Shih <[email protected]> * use packages with specific version Signed-off-by: Johnson Shih <[email protected]> * remove duplicate installation Signed-off-by: Johnson Shih <[email protected]> * Update patch version Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> --------- Signed-off-by: Johnson Shih <[email protected]> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
project-akri · Sep 26, 2023 · 95adb80 · 95adb80
1 parent f01f161
commit 95adb80
Show file tree

Hide file tree

Showing 29 changed files with 86 additions and 300 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/agent/Cargo.toml b/agent/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "agent"
-version = "0.12.8"
+version = "0.12.9"
 license = "Apache-2.0"
 authors = ["Kate Goldenring <[email protected]>", "<[email protected]>"]
 edition = "2018"

diff --git a/build/containers/Dockerfile.anomaly-detection-app b/build/containers/Dockerfile.anomaly-detection-app
@@ -4,15 +4,14 @@ FROM ${PLATFORM}/debian:bullseye-slim
 # Avoid tzdata prompt 
 ARG DEBIAN_FRONTEND=noninteractive
 
+WORKDIR /app
+COPY ./samples/apps/anomaly-detection-app .
+
 RUN echo "Creating container based on ${PLATFORM}/debian:bullseye-slim" && \
     apt-get update && \
-    apt-get install -y protobuf-compiler libprotoc-dev python3-pip \
-    python3-grpcio python3-sklearn && \
+    apt-get install -y protobuf-compiler libprotoc-dev python3-pip && \
     apt-get clean && \
-    pip3 install numpy protobuf flask
-
-WORKDIR /app
-COPY ./samples/apps/anomaly-detection-app .
+    pip3 install -r ./requirements.txt
 
 # Link the container to the Akri repository
 LABEL org.opencontainers.image.source https://github.com/project-akri/akri

diff --git a/build/containers/Dockerfile.video-streaming-app b/build/containers/Dockerfile.video-streaming-app
@@ -4,14 +4,14 @@ FROM ${PLATFORM}/debian:bullseye-slim
 # Avoid tzdata prompt 
 ARG DEBIAN_FRONTEND=noninteractive
 
+WORKDIR /app
+COPY ./samples/apps/video-streaming-app .
+
 RUN echo "Creating container based on ${PLATFORM}/debian:bullseye-slim" && \
     apt-get update && \
-    apt-get install -y protobuf-compiler libprotoc-dev python3-pip python3-grpcio python3-kubernetes && \
+    apt-get install -y protobuf-compiler libprotoc-dev python3-pip && \
     apt-get clean && \
-    pip3 install protobuf flask
-
-WORKDIR /app
-COPY ./samples/apps/video-streaming-app .
+    pip3 install -r ./requirements.txt
 
 # Link the container to the Akri repository
 LABEL org.opencontainers.image.source https://github.com/project-akri/akri

diff --git a/controller/Cargo.toml b/controller/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "controller"
-version = "0.12.8"
+version = "0.12.9"
 license = "Apache-2.0"
 authors = ["<[email protected]>", "<[email protected]>"]
 edition = "2018"

diff --git a/deployment/helm/Chart.yaml b/deployment/helm/Chart.yaml
@@ -16,9 +16,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.12.8
+version: 0.12.9
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 0.12.8
+appVersion: 0.12.9
diff --git a/deployment/samples/akri-anomaly-detection-app.yaml b/deployment/samples/akri-anomaly-detection-app.yaml
@@ -17,6 +17,7 @@ spec:
         image: ghcr.io/project-akri/akri/anomaly-detection-app:latest-dev
         imagePullPolicy: Always
         securityContext:
+          runAsUser: 1000
           allowPrivilegeEscalation: false
           runAsNonRoot: true
           readOnlyRootFilesystem: true

diff --git a/discovery-handler-modules/debug-echo-discovery-handler/Cargo.toml b/discovery-handler-modules/debug-echo-discovery-handler/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "debug-echo-discovery-handler"
-version = "0.12.8"
+version = "0.12.9"
 license = "Apache-2.0"
 authors = ["Kate Goldenring <[email protected]>"]
 edition = "2018"

diff --git a/discovery-handler-modules/onvif-discovery-handler/Cargo.toml b/discovery-handler-modules/onvif-discovery-handler/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "onvif-discovery-handler"
-version = "0.12.8"
+version = "0.12.9"
 license = "Apache-2.0"
 authors = ["Kate Goldenring <[email protected]>"]
 edition = "2018"

diff --git a/discovery-handler-modules/opcua-discovery-handler/Cargo.toml b/discovery-handler-modules/opcua-discovery-handler/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "opcua-discovery-handler"
-version = "0.12.8"
+version = "0.12.9"
 license = "Apache-2.0"
 authors = ["Kate Goldenring <[email protected]>"]
 edition = "2018"

diff --git a/discovery-handler-modules/udev-discovery-handler/Cargo.toml b/discovery-handler-modules/udev-discovery-handler/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "udev-discovery-handler"
-version = "0.12.8"
+version = "0.12.9"
 license = "Apache-2.0"
 authors = ["Kate Goldenring <[email protected]>"]
 edition = "2018"

diff --git a/discovery-handlers/debug-echo/Cargo.toml b/discovery-handlers/debug-echo/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "akri-debug-echo"
-version = "0.12.8"
+version = "0.12.9"
 license = "Apache-2.0"
 authors = ["Kate Goldenring <[email protected]>"]
 edition = "2018"

diff --git a/discovery-handlers/onvif/Cargo.toml b/discovery-handlers/onvif/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "akri-onvif"
-version = "0.12.8"
+version = "0.12.9"
 license = "Apache-2.0"
 authors = ["Kate Goldenring <[email protected]>"]
 edition = "2018"

diff --git a/discovery-handlers/opcua/Cargo.toml b/discovery-handlers/opcua/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "akri-opcua"
-version = "0.12.8"
+version = "0.12.9"
 license = "Apache-2.0"
 authors = ["Kate Goldenring <[email protected]>"]
 edition = "2018"

diff --git a/discovery-handlers/udev/Cargo.toml b/discovery-handlers/udev/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "akri-udev"
-version = "0.12.8"
+version = "0.12.9"
 license = "Apache-2.0"
 authors = ["Kate Goldenring <[email protected]>"]
 edition = "2018"

diff --git a/discovery-utils/Cargo.toml b/discovery-utils/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "akri-discovery-utils"
-version = "0.12.8"
+version = "0.12.9"
 license = "Apache-2.0"
 authors = ["Kate Goldenring <[email protected]>"]
 edition = "2018"

diff --git a/samples/apps/anomaly-detection-app/README.md b/samples/apps/anomaly-detection-app/README.md
@@ -24,8 +24,8 @@ To clean up, simply run `pip uninstall -r requirements.txt -y`.
 ## Generating Protobuf Code
 Set the path of the `opcua_node.proto` file and generate using `grpc-tools.protoc`. `grpc-tools` should've been installed in the previous step. The following assumes the `akri` repository is in the `$HOME` directory.
 ```
-export SRC_DIR=$HOME/akri/samples/brokers/opcua-monitoring-broker
-python -m grpc_tools.protoc -I=$SRC_DIR --python_out=. --grpc_python_out=. $SRC_DIR/opcua_node.proto
+export SRC_DIR=../../../samples/brokers/opcua-monitoring-broker
+python3 -m grpc_tools.protoc -I=$SRC_DIR --python_out=. --grpc_python_out=. $SRC_DIR/opcua_node.proto
 ```
 
 ## Running

diff --git a/samples/apps/anomaly-detection-app/generategrpc.sh b/samples/apps/anomaly-detection-app/generategrpc.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
 # based on https://grpc.io/docs/tutorials/basic/python/
-ABS_PATH=$(dirname $(readlink -e ../../samples/brokers/opcua-monitoring-broker/opcua_node.proto))
+ABS_PATH=$(dirname $(readlink -e ../../../samples/brokers/opcua-monitoring-broker/opcua_node.proto))
 echo "absolute path to proto file is $ABS_PATH"
-python -m grpc_tools.protoc -I./ --python_out=. --grpc_python_out=. opcua_node.proto --proto_path=$ABS_PATH
+python3 -m grpc_tools.protoc -I./ --python_out=. --grpc_python_out=. opcua_node.proto --proto_path=$ABS_PATH