yosifkit
yosifkit
> Given this image contains OpenSSL (and today's CVE-2024-6119: https://openssl-library.org/news/secadv/20240903.txt), would you like to roll that into this update, or just wait for the next image update instead? 🙇My apologies!🙇...
I haven't looked at the full content of the Dockerfile, but here are a couple changes to fix the build failures: From the "Diff Comment" test (and also affecting the...
The entrypoint changes are causing the image to fail on the `override-cmd` test. This test helps ensure our ["Consistency"](https://github.com/docker-library/official-images/blob/050756878846f85a0cb039a629c4245de74550b1/README.md#consistency) requirement, which basically means that `docker run -it --rm redis bash`...
`libexpat.so.1` is not required by `pypa/auditwheel`. It is just on an allow list for users when building packages to distribute via `pip` so that they don't have to include a...
From PEP 0513 > work on a stock CentOS 5.11 [...] system **that contains the system package manager’s provided versions of these libraries** Nothing in the PEPs require that the...
The `-slim` images have always been targeted as a minimal installation that has just enough to run `python` and where size-conscious users can control which extra libraries they install. The...
Sure, it has the specific library that is disrupting your workflow today, but not every library in the [`lib_whitelist`](https://github.com/pypa/auditwheel/blob/dd3df250063f520950f7f7c3e30544c701b5ec9c/src/auditwheel/policy/manylinux-policy.json#L30) is installed (like `libGL.so.1` or `libICE.so.6`): ``` "lib_whitelist": ["libgcc_s.so.1", "libstdc++.so.6", "libm.so.6",...
🙇‍♂️ Sorry for the delay. Is this ready and applicable to the current images?
If there are any other updates from OS packages, they will be address at the next Dockerfile change (like version bump) or base image update. Edit: for example, the CVE's...
@madduci, All of the IDs shown in your screenshot are from `gosu` and thus are false positives; see the previous discussion and [SECURITY.md](https://github.com/tianon/gosu/blob/master/SECURITY.md) in the `gosu` repo.