chore: update Docker images for security vulnerability fixes#18
Merged
josecelano merged 4 commits intomainfrom Apr 13, 2026
Merged
Conversation
…hanges Add guidance to committer agent and commit skill documentation to clarify that skill/workflow documentation changes must be committed separately from implementation changes. This keeps the commit history logically separated and easier to review. Also update create-issue-branch skill to clarify that branches are created locally only and pushed when creating the pull request.
Update service images in docker-compose.yml to patch versions: - Prometheus: v3.5.0 → v3.5.1 - Grafana: 12.3.1 → 12.4.2 - Caddy: 2.10 → 2.10.2 These updates address multiple security vulnerabilities as documented in torrust-tracker-deployer#428 and #436. Refs: #14
Add new skill documentation for opening pull requests in the repository. Includes workflow for pushing branches, preparing PR titles and descriptions, and creating PRs with GitHub CLI while linking to related issues.
Add a language tag to a fenced code block in the new PR skill and add 'oneline' to the project dictionary for cspell compliance.
Member
Author
|
ACK b1f0c31 |
josecelano
deleted the
14-update-docker-images-for-security-vulnerability-fixes
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Updates Docker service images to patch versions addressing security vulnerabilities as documented in torrust-tracker-deployer#428 and torrust-tracker-deployer#436.
Changes
Docker Image Updates
v3.5.0→v3.5.1(16 HIGH → 6 HIGH, 4 CRITICAL)12.3.1→12.4.2(18 HIGH, 6 CRITICAL → 4 HIGH, 0 CRITICAL)2.10→2.10.2(18 HIGH, 6 CRITICAL → 14 HIGH, 4 CRITICAL)Documentation Updates
.github/agents/commiter.agent.mdand.github/skills/commit/skill.mdto clarify that skill/workflow documentation changes must be separate commits from implementation changes.github/skills/create-issue-branch/skill.mdto clarify that branches are created locally only and pushed when creating a pull request.github/skills/open-pull-request/skill.mdwith instructions for pushing a branch and opening a pull request with proper issue linking (Fixes #<issue-number>)Verification Checklist
docker compose psFixes #14