From ccdeb60fc0f0edfd3b1e20d5feafd64790017839 Mon Sep 17 00:00:00 2001
From: Don-Swanson <32144818+Don-Swanson@users.noreply.github.com>
Date: Wed, 26 Nov 2025 16:36:34 -0600
Subject: [PATCH] Update Dockerfile to use Python 3.12-alpine3.22 and remove
 unnecessary bridge package

- Changed base image from python:3.12.6-alpine3.20 to python:3.12-alpine3.22 for improved security and compatibility.
- Added command to remove the bridge package to mitigate CVEs, ensuring a cleaner build environment.
- Ensured pip is upgraded consistently across stages.
---
 Dockerfile | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 7412599..56b029f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,7 +8,7 @@
 # 2. Add linux/arm/v7 to --platform flag when building:
 #    docker buildx build --platform linux/amd64,linux/arm/v7,linux/arm64 .
 
-FROM python:3.12.6-alpine3.20 AS builder
+FROM python:3.12-alpine3.22 AS builder
 
 RUN apk --no-cache add \
     build-base \
@@ -22,13 +22,16 @@ COPY requirements.txt .
 RUN pip install --upgrade pip
 RUN pip install --prefix /install --no-warn-script-location --no-cache-dir -r requirements.txt
 
-FROM python:3.12.6-alpine3.20
+FROM python:3.12-alpine3.22
 
-RUN apk add --no-cache tor curl openrc libstdc++
+# Remove bridge package to avoid CVEs (not needed for Docker containers)
+RUN apk add --no-cache --no-scripts tor curl openrc libstdc++ && \
+    apk del --no-cache bridge || true
 # git go //for obfs4proxy
 # libcurl4-openssl-dev
-
-RUN apk --no-cache upgrade
+RUN pip install --upgrade pip
+RUN apk --no-cache upgrade && \
+    apk del --no-cache --rdepends bridge || true
 
 # uncomment to build obfs4proxy
 # RUN git clone https://gitlab.com/yawning/obfs4.git