File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 5050 sudo apt-get install -y python3-pip python3-venv
5151 python3 -m venv venv
5252 source venv/bin/activate
53- pip install --upgrade requests chardet urllib3 unidiff boto3 PyGithub
53+ pip install --upgrade requests chardet urllib3 unidiff ' boto3==1.43.33' PyGithub
5454 pip install testflows==$TESTFLOWS_VERSION awscli==1.33.28
5555 echo PATH=$PATH >>$GITHUB_ENV
5656
Original file line number Diff line number Diff line change @@ -7,12 +7,13 @@ ARG DEBIAN_FRONTEND=noninteractive
77# ARG for quick switch to a given ubuntu mirror
88ARG apt_archive="http://archive.ubuntu.com"
99
10- # We shouldn't use `apt upgrade` to not change the upstream image. It's updated biweekly
10+ # Upgrade already installed Ubuntu packages to apply available security fixes
11+ # without installing recommended packages.
1112
1213# user/group precreated explicitly with fixed uid/gid on purpose.
1314# It is especially important for rootless containers: in that case entrypoint
1415# can't do chown and owners of mounted volumes should be configured externally.
15- # We do that in advance at the begining of Dockerfile before any packages will be
16+ # We do that in advance at the beginning of Dockerfile before any packages will be
1617# installed to prevent picking those uid / gid by some unrelated software.
1718# The same uid / gid (101) is used both for alpine and ubuntu.
1819# Update gpgv to resolve CVE-2025-68973
@@ -27,7 +28,9 @@ RUN sed -i "s|http://archive.ubuntu.com|${apt_archive}|g" /etc/apt/sources.list
2728 tzdata \
2829 wget \
2930 gpgv \
31+ && apt-get upgrade --yes --no-install-recommends \
3032 && busybox --install -s \
33+ && apt-get clean \
3134 && rm -rf /var/lib/apt/lists/* /var/cache/debconf /tmp/*
3235
3336#docker-official-library:off
You can’t perform that action at this time.
0 commit comments