Security fixes: Update h11 to 0.16.0, mcp to 1.16.0, setuptools to 80.9.0, remove dnsutils - Fixes all critical/high CVEs

neverinfamous · neverinfamous · commit 607a0ed7e075 · 2025-10-03T16:53:38.000-04:00
diff --git a/Dockerfile b/Dockerfile
@@ -31,10 +31,10 @@ FROM python:3.13-slim-bookworm
 RUN groupadd -r app && useradd -r -g app -u 1000 app
 
 # Install runtime system dependencies
+# Removed dnsutils to fix CVE-2025-40777 (bind9 vulnerability)
 RUN apt-get update && apt-get install -y \
   libpq-dev \
   iputils-ping \
-  dnsutils \
   net-tools \
   && rm -rf /var/lib/apt/lists/* \
   && apt-get clean
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,17 +1,19 @@
 [project]
 name = "postgres-mcp-enhanced"
-version = "1.0.2"
+version = "1.0.3"
 description = "Enterprise PostgreSQL MCP Server - Enhanced fork with comprehensive security and AI-native operations"
 readme = "README.md"
 requires-python = ">=3.12"
 dependencies = [
-    "mcp[cli]>=1.5.0",
+    "mcp[cli]>=1.10.0",
     "psycopg[binary]>=3.2.6",
     "humanize>=4.8.0",
     "pglast==7.7",
     "attrs>=25.3.0",
     "psycopg-pool>=3.2.6",
     "instructor>=1.7.9",
+    "h11>=0.16.0",
+    "setuptools>=78.1.1",
 ]
 license = "mit"
 license-files = ["LICENSE"]
diff --git a/uv.lock b/uv.lock
