From b2994c65ebf6b6ec700743c5480443b15bba3e0f Mon Sep 17 00:00:00 2001 From: detmerl Date: Thu, 3 Oct 2024 14:25:17 -0400 Subject: [PATCH 1/2] fix: ensure we are upgrading to the latest version of packages to avoid vunerabilities --- docker/owlbot/nodejs_mono_repo/Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docker/owlbot/nodejs_mono_repo/Dockerfile b/docker/owlbot/nodejs_mono_repo/Dockerfile index 82cba4b54..135d5454e 100644 --- a/docker/owlbot/nodejs_mono_repo/Dockerfile +++ b/docker/owlbot/nodejs_mono_repo/Dockerfile @@ -29,6 +29,9 @@ ENV PATH "$PATH:/usr/local/bin" ###################### Install git. RUN apt-get update && apt-get install -y git +###################### Update image to latest +RUN apt-get upgrade -y + ###################### Install synthtool's requirements. COPY requirements.txt /synthtool/requirements.txt RUN pip install --require-hashes -r /synthtool/requirements.txt From 75092ca52000c5866ef2be5c09ad3789ece57ba4 Mon Sep 17 00:00:00 2001 From: detmerl Date: Fri, 4 Oct 2024 14:46:18 -0400 Subject: [PATCH 2/2] fix: ensure we are upgrading to the latest version of packages to avoid vunerabilities --- docker/owlbot/nodejs_mono_repo/Dockerfile | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/docker/owlbot/nodejs_mono_repo/Dockerfile b/docker/owlbot/nodejs_mono_repo/Dockerfile index 135d5454e..5fa44c301 100644 --- a/docker/owlbot/nodejs_mono_repo/Dockerfile +++ b/docker/owlbot/nodejs_mono_repo/Dockerfile @@ -26,11 +26,8 @@ RUN tar -C /usr/local --strip-components=1 -xJf /tmp/nodejs.tar.xz RUN rm -f /tmp/nodejs.tar.xz ENV PATH "$PATH:/usr/local/bin" -###################### Install git. -RUN apt-get update && apt-get install -y git - -###################### Update image to latest -RUN apt-get upgrade -y +###################### Install git and update image to latest. +RUN apt-get update && apt-get install -y git && apt-get upgrade -y ###################### Install synthtool's requirements. COPY requirements.txt /synthtool/requirements.txt