search

atomist-skills / skill-base

Apache License 2.0
0 stars 0 forks source link

Re-pin Docker base image in Dockerfile #53

Closed atomist[bot] closed 2 years ago

atomist[bot] commented 3 years ago

This pull request re-pins the Docker base image ubuntu:rolling in Dockerfile to the current digest.

https://github.com/atomist-skills/skill-base/blob/6a39940ab05a6cc26711034bc2c54c24d0000a26/Dockerfile#L1-L1

Digest sha256:f53c26896aaebc7727f3255c24e261b1b6f630a848a2e67c8cc5848d7c33f93f references a multi-CPU architecture image manifest. This image supports the following architectures:

Changelog for ubuntu:rolling

### Commit New image build caused by commit docker-library/official-images@c77b1e59f6674eed6cc74fd7fe1f867c2d1f81be to [`library/ubuntu`](https://github.com/docker-library/official-images/blob/c77b1e59f6674eed6cc74fd7fe1f867c2d1f81be/library/ubuntu): ``` ubuntu: Update impish and add jammy ``` --- ### Comparison Comparing Docker image `ubuntu:rolling` at digests _Current_ `sha256:cc6f342e3aad515ae49ec9355d852bbba50c3d63e57786438ec36d8989b72f91` (80mb) and _Proposed_ `sha256:f53c26896aaebc7727f3255c24e261b1b6f630a848a2e67c8cc5848d7c33f93f` (77mb): #### Packages The following package differences were detected: | Name | Current | Proposed | Type | | ---- | ------- | -------- | ---- | | `apt` | `2.2.4ubuntu0.1` | `2.3.9` | Apt | | `base-files` | `11ubuntu19` | `11.1ubuntu5` | Apt | | `base-passwd` | `3.5.49ubuntu1` | `3.5.51` | Apt | | `bash` | `5.1-2ubuntu1` | `5.1-3ubuntu2` | Apt | | `bsdutils` | `1:2.36.1-7ubuntu2` | `1:2.36.1-8ubuntu1` | Apt | | `dash` | `0.5.11 git20200708+dd9ef66+really0.5.11+git20200708+dd9ef66-5ubuntu1` | `0.5.11 git20210120+802ebd4-1build1` | Apt | | `debconf` | `1.5.74` | `1.5.77` | Apt | | `diffutils` | `1:3.7-3ubuntu1` | `1:3.8-0ubuntu1` | Apt | | `dpkg` | `1.20.9ubuntu1` | `1.20.9ubuntu2` | Apt | | `e2fsprogs` | `1.45.7-1ubuntu2` | `1.46.3-1ubuntu3` | Apt | | `findutils` | `4.8.0-1ubuntu1` | `4.8.0-1ubuntu2` | Apt | | `gcc-11-base` | `11.1.0-1ubuntu1~21.04` | `11.2.0-7ubuntu2` | Apt | | `gpgv` | `2.2.20-1ubuntu3` | `2.2.20-1ubuntu4` | Apt | | `grep` | `3.6-1` | `3.7-0ubuntu1` | Apt | | `gzip` | `1.10-2ubuntu3` | `1.10-4ubuntu1` | Apt | | `hostname` | `3.23` | `3.23ubuntu1` | Apt | | `init-system-helpers` | `1.60` | `1.60build1` | Apt | | `libacl1` | `2.2.53-10ubuntu1` | `2.2.53-10ubuntu2` | Apt | | `libapt-pkg6.0` | `2.2.4ubuntu0.1` | `2.3.9` | Apt | | `libattr1` | `1:2.4.48-6build1` | `1:2.4.48-6build2` | Apt | | `libaudit-common` | `1:3.0-2ubuntu1` | `1:3.0-2ubuntu2` | Apt | | `libaudit1` | `1:3.0-2ubuntu1` | `1:3.0-2ubuntu2` | Apt | | `libblkid1` | `2.36.1-7ubuntu2` | `2.36.1-8ubuntu1` | Apt | | `libc-bin` | `2.33-0ubuntu5` | `2.34-0ubuntu3` | Apt | | `libc6` | `2.33-0ubuntu5` | `2.34-0ubuntu3` | Apt | | `libcom-err2` | `1.45.7-1ubuntu2` | `1.46.3-1ubuntu3` | Apt | | `libcrypt1` | `1:4.4.17-1ubuntu3` | `1:4.4.18-4ubuntu1` | Apt | | `libdb5.3` | `5.3.28 dfsg1-0.6ubuntu4` | `5.3.28 dfsg1-0.8ubuntu1` | Apt | | `libext2fs2` | `1.45.7-1ubuntu2` | `1.46.3-1ubuntu3` | Apt | | `libgcc-s1` | `11.1.0-1ubuntu1~21.04` | `11.2.0-7ubuntu2` | Apt | | `libgcrypt20` | `1.8.7-2ubuntu2.1` | `1.8.7-5ubuntu2` | Apt | | `libgnutls30` | `3.7.1-3ubuntu1` | `3.7.1-5ubuntu1` | Apt | | `libgssapi-krb5-2` | `1.18.3-4` | `1.18.3-6` | Apt | | `libhogweed6` | `3.7-2.1ubuntu1.1` | `3.7.3-1` | Apt | | `libidn2-0` | `2.3.0-5` | `2.3.1-1` | Apt | | `libk5crypto3` | `1.18.3-4` | `1.18.3-6` | Apt | | `libkrb5-3` | `1.18.3-4` | `1.18.3-6` | Apt | | `libkrb5support0` | `1.18.3-4` | `1.18.3-6` | Apt | | `liblz4-1` | `1.9.3-1ubuntu0.1` | `1.9.3-2` | Apt | | `liblzma5` | `5.2.5-1.0build2` | `5.2.5-2` | Apt | | `libmount1` | `2.36.1-7ubuntu2` | `2.36.1-8ubuntu1` | Apt | | `libnettle8` | `3.7-2.1ubuntu1.1` | `3.7.3-1` | Apt | | `libnsl2` | `1.3.0-0ubuntu3` | `1.3.0-2build1` | Apt | | `libp11-kit0` | `0.23.22-1` | `0.23.22-1build1` | Apt | | `libpam-modules` | `1.3.1-5ubuntu6.21.04.1` | `1.3.1-5ubuntu11` | Apt | | `libpam-modules-bin` | `1.3.1-5ubuntu6.21.04.1` | `1.3.1-5ubuntu11` | Apt | | `libpam-runtime` | `1.3.1-5ubuntu6.21.04.1` | `1.3.1-5ubuntu11` | Apt | | `libpam0g` | `1.3.1-5ubuntu6.21.04.1` | `1.3.1-5ubuntu11` | Apt | | `libpcre2-8-0` | `10.36-2ubuntu5` | `10.37-0ubuntu2` | Apt | | `libprocps8` | `2:3.3.16-5ubuntu3.1` | `2:3.3.17-5ubuntu3` | Apt | | `libselinux1` | `3.1-3build1` | `3.1-3build2` | Apt | | `libsemanage-common` | `3.1-1ubuntu1` | `3.1-1ubuntu2` | Apt | | `libsemanage1` | `3.1-1ubuntu1` | `3.1-1ubuntu2` | Apt | | `libsepol1` | `3.1-1ubuntu1` | `3.1-1ubuntu2` | Apt | | `libsmartcols1` | `2.36.1-7ubuntu2` | `2.36.1-8ubuntu1` | Apt | | `libss2` | `1.45.7-1ubuntu2` | `1.46.3-1ubuntu3` | Apt | | `libssl1.1` | `1.1.1j-1ubuntu3.5` | `1.1.1l-1ubuntu1` | Apt | | `libstdc++6` | `11.1.0-1ubuntu1~21.04` | `11.2.0-7ubuntu2` | Apt | | `libsystemd0` | `247.3-3ubuntu3.6` | `248.3-1ubuntu8` | Apt | | `libtirpc-common` | `1.3.1-1build1` | `1.3.2-2` | Apt | | `libtirpc3` | `1.3.1-1build1` | `1.3.2-2` | Apt | | `libudev1` | `247.3-3ubuntu3.6` | `248.3-1ubuntu8` | Apt | | `libunistring2` | `0.9.10-4` | `0.9.10-6` | Apt | | `libuuid1` | `2.36.1-7ubuntu2` | `2.36.1-8ubuntu1` | Apt | | `libxxhash0` | `0.8.0-2` | `0.8.0-2build1` | Apt | | `libzstd1` | `1.4.8 dfsg-2build2` | `1.4.8 dfsg-2.1` | Apt | | `login` | `1:4.8.1-1ubuntu8.1` | `1:4.8.1-1ubuntu9` | Apt | | `logsave` | `1.45.7-1ubuntu2` | `1.46.3-1ubuntu3` | Apt | | `lsb-base` | `11.1.0ubuntu2` | `11.1.0ubuntu3` | Apt | | `mount` | `2.36.1-7ubuntu2` | `2.36.1-8ubuntu1` | Apt | | `passwd` | `1:4.8.1-1ubuntu8.1` | `1:4.8.1-1ubuntu9` | Apt | | `perl-base` | `5.32.1-3ubuntu2.1` | `5.32.1-3ubuntu3` | Apt | | `procps` | `2:3.3.16-5ubuntu3.1` | `2:3.3.17-5ubuntu3` | Apt | | `sysvinit-utils` | `2.96-6ubuntu1` | `2.96-7ubuntu1` | Apt | | `usrmerge` | `24ubuntu3` | `25ubuntu1` | Apt | | `util-linux` | `2.36.1-7ubuntu2` | `2.36.1-8ubuntu1` | Apt | | `zlib1g` | `1:1.2.11.dfsg-2ubuntu6` | `1:1.2.11.dfsg-2ubuntu7` | Apt | #### Files The following file modifications were detected: | Name | Current | Proposed | Diff | | ---- | ------- | -------- | ---- | | `/etc/alternatives/w` | | `-` | `-17b` | | `/etc/apt/sources.list` | `2.7kb` | `2.7kb` | `-22b` | | `/etc/debian_version` | `13b` | `5b` | `-8b` | | `/etc/dpkg` (2 files changed) | `420b` | `447b` | `27b` | | `/etc/issue` | `20b` | `20b` | `0b` | | `/etc/issue.net` | `13b` | `13b` | `0b` | | `/etc/ld.so.cache` | `5.4kb` | `5.5kb` | `67b` | | `/etc/lsb-release` | `100b` | `99b` | `-1b` | | `/etc/pam.d/common-auth` | `1.2kb` | `1.2kb` | `-7b` | | `/etc/profile` | `581b` | `582b` | `1b` | | `/etc/shadow` | `501b` | `501b` | `0b` | | `/usr/bin` (119 files changed) | `15mb` | `14mb` | `-962kb` | | `/usr/lib` (429 files changed) | `40mb` | `39mb` | `-929kb` | | `/usr/lib64/ld-linux-x86-64.so.2` | `32b` | `42b` | `10b` | | `/usr/sbin` (90 files changed) | `5.6mb` | `5.0mb` | `-628kb` | | `/usr/share` (87 files changed) | `394kb` | `293kb` | `-101kb` | | `/var/cache` (2 files changed) | `470kb` | `479kb` | `9.7kb` | | `/var/lib` (206 files changed) | `1.1mb` | `1.2mb` | `16kb` | | `/var/log` (5 files changed) | `237kb` | `229kb` | `-7.2kb` | #### History The following differences in [`docker history`](https://docs.docker.com/engine/reference/commandline/history/) were detected: ```diff -/bin/sh -c #(nop) ADD file:3a18768000089a105cd4f288985d6249e8aee2c742a055a892a47aab413f25c0 in / +/bin/sh -c #(nop) ADD file:41d75787395224d025bcc0f7feca7c56fd4c1adea7cce667e2472fad282054fc in / /bin/sh -c #(nop) CMD ["bash"] ``` #### Ports No different exposed ports detected #### Environment Variables No different environment variables detected

Pinning FROM lines to digests makes your builds repeatable. Atomist will raise new pull requests whenever the tag moves, so that you know when the base image has been updated. You can follow a new tag at any time. Just replace the digest with the new tag you want to follow. Atomist, will switch to following this new tag.

File changed:

atomist[bot] commented 3 years ago
Vulnerabilities
Comparison

🎉 Fixes 26 high severity vulnerabilities compared with target branch main

More details are available in the vulnerability report