b9dfb86260
Security hardening release addressing CodeQL and Dependabot alerts: - Fix stack trace exposure in error responses - Add SSRF protection with DNS resolution checking - Implement proper URL hostname validation (replaces substring matching) - Add centralized path sanitization to prevent path traversal - Fix ReDoS vulnerability in email validation regex - Improve HTML sanitization in validation utilities - Fix capability wildcard matching in auth utilities - Update glob dependency to address CVE - Add CodeQL suppression comments for verified false positives 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
25 lines
709 B
YAML
25 lines
709 B
YAML
# Docker Compose x86_64 GPU Overlay
|
|
# Auto-applied by installer when NVIDIA GPU + Container Toolkit detected
|
|
# This overlay enables GPU passthrough for the vLLM embeddings container
|
|
|
|
services:
|
|
vllm-embeddings:
|
|
deploy:
|
|
resources:
|
|
# GPU mode: model loads into VRAM (~2.5GB), minimal system RAM needed
|
|
limits:
|
|
memory: 4G
|
|
reservations:
|
|
memory: 2G
|
|
devices:
|
|
- driver: nvidia
|
|
count: 1
|
|
capabilities: [gpu]
|
|
environment:
|
|
# GPU-specific settings
|
|
- CUDA_VISIBLE_DEVICES=0
|
|
- PYTORCH_CUDA_ALLOC_CONF=expandable_segments:True
|
|
labels:
|
|
- "gt2.gpu=enabled"
|
|
- "gt2.gpu.vendor=nvidia"
|