dockerfile: apply debian 10 security updates

- add debian-security archive repository
- run apt-get upgrade for all available patches
- upgrade pip/setuptools/wheel to latest py2.7 versions

reduces container vulnerabilities from 293 to 130

Dockerfile

@@ -2,13 +2,19 @@ FROM python:2.7-slim
 
 WORKDIR /app
 
-# fix EOL debian buster repos and install build dependencies for pyasn
+# fix EOL debian buster repos and apply all available security updates
 RUN sed -i 's/deb.debian.org/archive.debian.org/g' /etc/apt/sources.list && \
     sed -i 's/security.debian.org/archive.debian.org/g' /etc/apt/sources.list && \
     sed -i '/buster-updates/d' /etc/apt/sources.list && \
-    apt-get update && apt-get install -y --no-install-recommends gcc libc-dev && \
+    echo 'deb http://archive.debian.org/debian-security buster/updates main' >> /etc/apt/sources.list && \
+    apt-get update && \
+    apt-get upgrade -y && \
+    apt-get install -y --no-install-recommends gcc libc-dev && \
     rm -rf /var/lib/apt/lists/*
 
+# upgrade pip/setuptools to latest Python 2.7 compatible versions
+RUN pip install --upgrade "pip<21" "setuptools<45" "wheel<0.38"
+
 # install dependencies (optional - bs4 can be skipped with --nobs)
 COPY requirements.txt .
 RUN pip install -r requirements.txt || true