@@ -65,6 +65,7 @@ RUN apt-get update \
6565 uuid-dev \
6666 wget \
6767 zlib1g-dev \
68+ && apt remove -y python3-setuptools \
6869 && apt-get clean autoclean \
6970 && apt-get autoremove -y \
7071 && rm -rf /var/lib/apt/lists/* \
@@ -116,7 +117,7 @@ RUN set -ex \
116117 && export GNUPGHOME="$(mktemp -d)" \
117118 && echo "disable-ipv6" >> "${GNUPGHOME}/dirmngr.conf" \
118119 && /tmp/fetch_gpg_keys.sh \
119- && for PYTHON_VERSION in 2.7.18 3.7.17 3.8.20 3.9.20 3.10.15 3.11.10 3.12.7 3.13.0 ; do \
120+ && for PYTHON_VERSION in 2.7.18 3.7.17 3.8.20 3.9.23 3.10.18 3.11.13 3.12.11 3.13.5 ; do \
120121 wget --no-check-certificate -O python-${PYTHON_VERSION}.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz" \
121122 && wget --no-check-certificate -O python-${PYTHON_VERSION}.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc" \
122123 && gpg --batch --verify python-${PYTHON_VERSION}.tar.xz.asc python-${PYTHON_VERSION}.tar.xz \
@@ -144,7 +145,7 @@ RUN set -ex \
144145# Install pip on Python 3.10 only.
145146# If the environment variable is called "PIP_VERSION", pip explodes with
146147# "ValueError: invalid truth value '<VERSION>'"
147- ENV PYTHON_PIP_VERSION 21.3.1
148+ ENV PYTHON_PIP_VERSION 23.1.2
148149RUN wget --no-check-certificate -O /tmp/get-pip-3-7.py 'https://bootstrap.pypa.io/pip/3.7/get-pip.py' \
149150 && wget --no-check-certificate -O /tmp/get-pip-3-8.py 'https://bootstrap.pypa.io/pip/3.8/get-pip.py' \
150151 && wget --no-check-certificate -O /tmp/get-pip.py 'https://bootstrap.pypa.io/get-pip.py' \
@@ -165,6 +166,8 @@ RUN python3.9 /tmp/get-pip.py
165166RUN python3.8 /tmp/get-pip-3-8.py
166167RUN python3.7 /tmp/get-pip-3-7.py
167168RUN rm /tmp/get-pip.py
169+ RUN rm /tmp/get-pip-3-8.py
170+ RUN rm /tmp/get-pip-3-7.py
168171
169172# Test Pip
170173RUN python3 -m pip
@@ -176,17 +179,37 @@ RUN python3.11 -m pip
176179RUN python3.12 -m pip
177180RUN python3.13 -m pip
178181
179- # Install "setuptools" for Python 3.12+ (see https://docs.python.org/3/whatsnew/3.12.html#distutils)
180- RUN python3.12 -m pip install --no-cache-dir setuptools
181- RUN python3.13 -m pip install --no-cache-dir setuptools
182+ # Remove setuptools installations for Python 2.7, 3.7, 3.8
183+ # since there is no fix for CVE-2025-47273/CVE-2025-47273.
184+ # See https://github.com/python/cpython/issues/135374#issuecomment-2963361124
185+ RUN for PYTHON_VERSION in 2.7 3.7 3.8; do \
186+ /usr/local/bin/python${PYTHON_VERSION} -m pip \
187+ uninstall -y \
188+ setuptools \
189+ ; done
190+
191+ # Install/upgrade setuptools installations for Python 3.9, 3.10 and 3.11
192+ # for CVE-2025-47273/CVE-2025-47273.
193+ # See https://github.com/python/cpython/issues/135374#issuecomment-2963361124
194+ # Also install "setuptools" for Python 3.12+ since it's not included automatically
195+ # (see https://docs.python.org/3/whatsnew/3.12.html#distutils)
196+ COPY requirements.txt /requirements.txt
197+
198+ RUN for PYTHON_VERSION in 3.9 3.10 3.11 3.12 3.13; do \
199+ /usr/local/bin/python${PYTHON_VERSION} -m pip \
200+ install \
201+ --no-cache-dir \
202+ --require-hashes \
203+ -r /requirements.txt \
204+ ; done
182205
183206# Install "virtualenv", since the vast majority of users of this image will want it.
184207RUN pip install --no-cache-dir virtualenv
185208
186209# Setup Cloud SDK
187- ENV CLOUD_SDK_VERSION 502 .0.0
188- # Use system python for cloud sdk.
189- ENV CLOUDSDK_PYTHON python3.10
210+ ENV CLOUD_SDK_VERSION 528 .0.0
211+ # Use python 3.12 for cloud sdk.
212+ ENV CLOUDSDK_PYTHON python3.12
190213RUN wget https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-$CLOUD_SDK_VERSION-linux-x86_64.tar.gz
191214RUN tar xzf google-cloud-sdk-$CLOUD_SDK_VERSION-linux-x86_64.tar.gz
192215RUN /google-cloud-sdk/install.sh
0 commit comments