From 7b0e8624ac697b5d4c8e7ecf966d4aeac3baaf6e Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 28 Oct 2025 01:26:43 +0000
Subject: [PATCH 1/4] Initial plan


From 992a11f3e6c72c7b7381323e5ed95ba27ba14ecd Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 28 Oct 2025 01:31:16 +0000
Subject: [PATCH 2/4] Add apt-get update and upgrade to data-loader.Dockerfile
 to fix ImageMagick CVE-2025-57807

Co-authored-by: kebe7jun <7303612+kebe7jun@users.noreply.github.com>
---
 data-loader.Dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/data-loader.Dockerfile b/data-loader.Dockerfile
index 6ac8782..79f6f6e 100644
--- a/data-loader.Dockerfile
+++ b/data-loader.Dockerfile
@@ -16,6 +16,8 @@ RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -ldflags
 
 FROM python:3.13
 
+RUN apt-get update && apt-get upgrade -y && apt-get clean && rm -rf /var/lib/apt/lists/*
+
 RUN pip install --no-cache-dir "huggingface_hub[cli]"==0.33.1 modelscope==1.27.1 setuptools && \
     rclone_version=v1.70.1 && \
     arch=$(uname -m | sed -E 's/x86_64/amd64/g;s/aarch64/arm64/g') && \

From c54c29abc970006aa40975eb7a7ac1b9ed72337e Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 28 Oct 2025 01:32:30 +0000
Subject: [PATCH 3/4] Refine fix to specifically upgrade imagemagick package
 only

Co-authored-by: kebe7jun <7303612+kebe7jun@users.noreply.github.com>
---
 data-loader.Dockerfile | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/data-loader.Dockerfile b/data-loader.Dockerfile
index 79f6f6e..f2aae0a 100644
--- a/data-loader.Dockerfile
+++ b/data-loader.Dockerfile
@@ -16,7 +16,9 @@ RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -ldflags
 
 FROM python:3.13
 
-RUN apt-get update && apt-get upgrade -y && apt-get clean && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && \
+    apt-get install --only-upgrade -y imagemagick && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
 
 RUN pip install --no-cache-dir "huggingface_hub[cli]"==0.33.1 modelscope==1.27.1 setuptools && \
     rclone_version=v1.70.1 && \

From 69f4e6ff3169baa5554fab2ef8919bd1d092ed04 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 28 Oct 2025 01:40:27 +0000
Subject: [PATCH 4/4] Revert unnecessary ImageMagick upgrade step - python:3.13
 already has the fix

Co-authored-by: kebe7jun <7303612+kebe7jun@users.noreply.github.com>
---
 data-loader.Dockerfile | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/data-loader.Dockerfile b/data-loader.Dockerfile
index f2aae0a..6ac8782 100644
--- a/data-loader.Dockerfile
+++ b/data-loader.Dockerfile
@@ -16,10 +16,6 @@ RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -ldflags
 
 FROM python:3.13
 
-RUN apt-get update && \
-    apt-get install --only-upgrade -y imagemagick && \
-    apt-get clean && rm -rf /var/lib/apt/lists/*
-
 RUN pip install --no-cache-dir "huggingface_hub[cli]"==0.33.1 modelscope==1.27.1 setuptools && \
     rclone_version=v1.70.1 && \
     arch=$(uname -m | sed -E 's/x86_64/amd64/g;s/aarch64/arm64/g') && \