We're not actually using (for example) docker-compose at runtime, and is only used for testing purposes in the other *images repos. Moving this to a test dependency reduces "security surface area" as well as any other benefits (like not accidentally pulling in less desirable licenses into our docker containers)
We're not actually using (for example)
docker-compose
at runtime, and is only used for testing purposes in the other*images
repos. Moving this to a test dependency reduces "security surface area" as well as any other benefits (like not accidentally pulling in less desirable licenses into our docker containers)