Skip to content

revert: Revert Manual NPM Linux Dockerfile perl-base Package Installation #3929

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 14, 2025
Merged

revert: Revert Manual NPM Linux Dockerfile perl-base Package Installation #3929

merged 1 commit into from
Aug 14, 2025

Conversation

@rayaisaiah
Copy link
Contributor

@rayaisaiah rayaisaiah commented Aug 13, 2025
edited
Loading

Reason for Change:
Reverts manual package installations made to the NPM Linux dockerfile for perl-base 5.38.2-3.2ubuntu0.2 made here #3922. These changes were made as NPM base image (Ubuntu) did not have the updated packages installed which lead to CVEs on the base image. Ubuntu has since been patched to have the CVEs resolved so there is no need to manually install the packages at a specific version.

Trivy:

isaiah@CPC-isaia-1HIMP:~/AzureRepo/azure-container-networking$  trivy --scanners vuln image  --ignore-unfixed -f table  acnpublic.azurecr.io/azure-npm:pertBaseRemoved
2025-08-13T18:21:05Z    INFO    [vuln] Vulnerability scanning is enabled
2025-08-13T18:21:08Z    INFO    Detected OS     family="ubuntu" version="24.04"
2025-08-13T18:21:08Z    INFO    [ubuntu] Detecting vulnerabilities...   os_version="24.04" pkg_num=110
2025-08-13T18:21:08Z    INFO    Number of language-specific files       num=1
2025-08-13T18:21:08Z    INFO    [gobinary] Detecting vulnerabilities...

acnpublic.azurecr.io/azure-npm:pertBaseRemoved (ubuntu 24.04)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

Issue Fixed:

Requirements:

Notes:

Copilot AI review requested due to automatic review settings August 13, 2025 18:19
@rayaisaiah rayaisaiah requested a review from a team as a code owner August 13, 2025 18:19
@rayaisaiah rayaisaiah requested a review from vakalapa August 13, 2025 18:19
@rayaisaiah rayaisaiah added npm Related to NPM. linux labels Aug 13, 2025
@rayaisaiah
Copy link
Contributor Author

rayaisaiah commented Aug 13, 2025

/azp run Azure Container Networking PR, NPM Scale Test, NPM Conformance Tests

Copilot AI reviewed Aug 13, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR reverts the manual installation of a specific version of perl-base package from the NPM Linux Dockerfile. The change removes the explicitly pinned perl-base version 5.38.2-3.2ubuntu0.2 that was previously added to address CVEs, as the Ubuntu base image has since been updated to include the necessary security fixes.

  • Removes explicit perl-base package installation with version pinning
  • Simplifies the apt-get install command by relying on base image packages
  • Reduces maintenance overhead by removing manual package version management

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@azure-pipelines
Copy link

azure-pipelines bot commented Aug 13, 2025

Azure Pipelines successfully started running 3 pipeline(s).

@rayaisaiah
Copy link
Contributor Author

rayaisaiah commented Aug 13, 2025
edited
Loading

Scale: https://msazure.visualstudio.com/One/_build/results?buildId=133740549&view=results
Conformance: https://msazure.visualstudio.com/One/_build/results?buildId=133755684&view=results

@rayaisaiah rayaisaiah added this pull request to the merge queue Aug 13, 2025
Merged via the queue into release/v1.6 with commit 7387fa3 Aug 14, 2025
28 of 33 checks passed
@rayaisaiah rayaisaiah deleted the isaiahraya/remove-perl-base-manual-installation branch August 14, 2025 00:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@vakalapa vakalapa vakalapa approved these changes

Assignees

No one assigned

Labels

linux npm Related to NPM.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rayaisaiah @vakalapa