Bumping packages to latest stable versions

[distroless-bot]

Bumping packages to latest stable version

140,144c140,144
< libssl3_3.0.16-1_deb12u1_amd64 eaa2bab2130820f09361dc8186ddeb11d2a18ec5e5e3806f24414d5d8065a57a
< libssl3_3.0.16-1_deb12u1_arm64 fbb2dae46eb5549723a59075aeb4bc33cb6d0c9d2f37b6c8617d4d61de02a2ef
< libssl3_3.0.16-1_deb12u1_armhf 07d70c7744cd9fd2df0f9e154dc499cb74d6efc837bee8c3dab5aceaabfc6aed
< libssl3_3.0.16-1_deb12u1_ppc64el bdd19dd5cd4677d5daa06592a8e93bb4ee3678553d375cb371653e5438cc206d
< libssl3_3.0.16-1_deb12u1_s390x 00c5ce3be9d0c38a68a1e7385cbb284b1d5609fc81ad7441205c9799ac10b0a4
---
> libssl3_3.0.17-1_deb12u1_amd64 14075b7152724b0643b131414f0bbd6d58c737b5b1aad66f7fa5fbd4edb41c4e
> libssl3_3.0.17-1_deb12u1_arm64 ffdf215cce9ae960c4f6fa8179a3b2f08c274b561e070a67e2bb2600dff4564d
> libssl3_3.0.17-1_deb12u1_armhf dfa168b4f00a0c8618ddc7906ea6c9e1833561369f6470eeb30be195431e45bf
> libssl3_3.0.17-1_deb12u1_ppc64el 1e5c1835d3669ddc62a70fb99f88ea6e44e9c3a5637d5cb8c0455d1ca49f1d13
> libssl3_3.0.17-1_deb12u1_s390x 31de0441f2b665795b657543ed9ecab2823533d8416790a3a67a83a96c2b329b
177,181c177,181
< openssl_3.0.16-1_deb12u1_amd64 7db3b071c667eb81d9a7940f077c3325b0f89bbb696c8fa336e40f538058cedf
< openssl_3.0.16-1_deb12u1_arm64 7b396d99f14f56ff5ac72cb646d30f36931f177d4845f5afa3483846c59b8f28
< openssl_3.0.16-1_deb12u1_armhf 5b261b927945a323e10889f12b342a4cf1209308321d345da84645454e3856d7
< openssl_3.0.16-1_deb12u1_ppc64el 7f6de22170bf7a27a2e4dc49032f5767cc307b8d6cd3c16ae830e1869c97ee42
< openssl_3.0.16-1_deb12u1_s390x 98043495fbc213577d14b79c7a0cc446cd8d6d6e4388ec7c94f43d75ae2c0dcc
---
> openssl_3.0.17-1_deb12u1_amd64 23d69f65984c37d7136a626da6c8d9edbc9b872653e0ce60e4317c32e42b4be9
> openssl_3.0.17-1_deb12u1_arm64 7e135fca31c51180556036faeba66ef40f97691ce3a60fd5f30e39e04a8e312b
> openssl_3.0.17-1_deb12u1_armhf e793442e55e5ef9853ddc982821622a3413ed5fa70f31dd18bf131cb37d2063f
> openssl_3.0.17-1_deb12u1_ppc64el 48bb02cf9d65fd28e5ad50af569b7f472f89b0a31aa7cc8d81de351c96489f72
> openssl_3.0.17-1_deb12u1_s390x 337a8e2093fb9ff4fa1a1d6a4008c2ac620740397c948c5468830df721a563e2

[gemini-code-assist]

Summary of Changes

Hello @distroless-bot, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on updating various Debian package dependencies to their latest stable versions. The primary change involves updating the snapshot URLs in the lock files and YAML configurations to pull from a more recent Debian archive. Notably, the versions of libssl3 and openssl have been explicitly bumped to address potential security or stability improvements.

Highlights

• Snapshot URL Updates: Updated the snapshot URLs across multiple .lock.json and .yaml files from 20250613T202933Z to 20250731T202225Z. This ensures that the builds pull from a more recent Debian snapshot.
• libssl3 Version Bump: Bumped libssl3 from version 3.0.16-1deb12u1 to 3.0.17-1deb12u1 for amd64, arm64, armhf, ppc64el, and s390x architectures.
• openssl Version Bump: Bumped openssl from version 3.0.16-1deb12u1 to 3.0.17-1deb12u1 for amd64, arm64, armhf, ppc64el, and s390x architectures.
• Checksum Updates: Updated checksums for libssl3 and openssl corresponding to their new versions.
• Other Package Snapshot URL Updates: Other packages like base-files, ca-certificates, libc6, libc-bin, tzdata, gcc-12-base, libgcc-s1, libgomp1, libstdc++6, fontconfig-config, fonts-dejavu-core, libbrotli1, libcrypt1, libexpat1, libfontconfig1, libfreetype6, libglib2.0-0, libgraphite2-3, libharfbuzz0b, libjpeg62-turbo, liblcms2-2, libpcre2-8-0, libpng16-16, libuuid1, openjdk-17-jdk-headless, openjdk-17-jre-headless, zlib1g, dash, libdb5.3, libffi8, libgssapi-krb5-2, libk5crypto3, libkeyutils1, libkrb5-3, libkrb5support0, liblzma5, libncursesw6, libnsl2, libpython3.11-minimal, libpython3.11-stdlib, libreadline8, libsqlite3-0, libtinfo6, libtirpc3, python3-distutils, and python3.11-minimal had their snapshot URLs updated, but their versions remained consistent.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments or fill out our survey to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request updates various packages to their latest stable versions, most notably OpenSSL to 3.0.17-1~deb12u1 which includes security fixes. The changes also involve updating Debian snapshot URLs across several configuration and lock files. The updates are consistent and correctly applied. My review includes suggestions to improve the maintainability of the YAML configuration files by using anchors to avoid redundant URL definitions.

[gemini-code-assist]

To improve maintainability, you could use a YAML anchor to avoid repeating the same URL for bookworm main and bookworm-updates main. This makes it easier to update in the future.

sources:
  - channel: bookworm main
    url: &debian_url https://snapshot.debian.org/archive/debian/20250731T202225Z
  - channel: bookworm-updates main
    url: *debian_url
  - channel: bookworm-security main
    url: https://snapshot.debian.org/archive/debian-security/20250731T202225Z

[gemini-code-assist]

To improve maintainability, you could use a YAML anchor to avoid repeating the same URL for bookworm main and bookworm-updates main. This makes it easier to update in the future.

sources:
  - channel: bookworm main
    url: &debian_url https://snapshot.debian.org/archive/debian/20250731T202225Z
  - channel: bookworm-updates main
    url: *debian_url
  - channel: bookworm-security main
    url: https://snapshot.debian.org/archive/debian-security/20250731T202225Z

[gemini-code-assist]

To improve maintainability, you could use a YAML anchor to avoid repeating the same URL for bookworm main and bookworm-updates main. This makes it easier to update in the future.

sources:
  - channel: bookworm main
    url: &debian_url https://snapshot.debian.org/archive/debian/20250731T202225Z
  - channel: bookworm-updates main
    url: *debian_url
  - channel: bookworm-security main
    url: https://snapshot.debian.org/archive/debian-security/20250731T202225Z

[github-actions]

🌳 🔄 Image Check

This pull request has modified the following images:

//base:base_root_amd64_debian12
//base:debug_nonroot_amd64_debian12
//base:debug_root_amd64_debian12
//base:base_root_amd64_debian12
//base:base_nonroot_amd64_debian12
//base:debug_root_amd64_debian12
//base:debug_nonroot_amd64_debian12
//base:debug_nonroot_arm64_debian12
//base:base_nonroot_amd64_debian12
//base:base_root_arm_debian12
//base:base_nonroot_arm64_debian12
//base:debug_nonroot_arm64_debian12
//base:base_root_arm_debian12
//base:base_root_arm64_debian12
//base:base_nonroot_arm_debian12
//base:debug_root_arm_debian12
//base:base_root_s390x_debian12
//base:base_nonroot_ppc64le_debian12
//base:base_root_s390x_debian12
//base:debug_root_s390x_debian12
//base:debug_nonroot_arm_debian12
//base:debug_root_arm64_debian12
//base:base_root_ppc64le_debian12
//base:debug_root_arm_debian12
//base:base_root_ppc64le_debian12
//base:debug_nonroot_ppc64le_debian12
//base:debug_root_ppc64le_debian12
//base:debug_root_s390x_debian12
//base:base_root_arm64_debian12
//base:debug_nonroot_arm_debian12
//base:debug_nonroot_ppc64le_debian12
//base:debug_nonroot_s390x_debian12
//base:base_nonroot_arm64_debian12
//base:debug_nonroot_s390x_debian12
//base:base_nonroot_s390x_debian12
//cc:cc_nonroot_amd64_debian12
//cc:debug_nonroot_amd64_debian12
//cc:cc_root_arm64_debian12
//cc:debug_nonroot_amd64_debian12
//cc:debug_root_arm64_debian12
//cc:debug_nonroot_arm64_debian12
//cc:cc_root_arm64_debian12
//cc:debug_root_arm_debian12
//base:base_nonroot_s390x_debian12
//cc:debug_root_arm_debian12
//cc:cc_root_arm_debian12
//cc:cc_nonroot_arm_debian12
//cc:debug_nonroot_s390x_debian12
//cc:cc_nonroot_ppc64le_debian12
//cc:cc_root_arm_debian12
//cc:cc_nonroot_arm_debian12
//cc:debug_root_ppc64le_debian12
//cc:debug_root_s390x_debian12
//cc:cc_nonroot_arm64_debian12
//cc:cc_root_s390x_debian12
//cc:debug_nonroot_ppc64le_debian12
//cc:debug_root_arm64_debian12
//cc:cc_root_amd64_debian12
//cc:cc_nonroot_ppc64le_debian12
//cc:debug_root_ppc64le_debian12
//cc:debug_nonroot_arm_debian12
//python3:python3_root_amd64_debian12
//base:base_nonroot_ppc64le_debian12
//python3:debug_root_amd64_debian12
//base:debug_root_ppc64le_debian12
//python3:python3_root_amd64_debian12
//cc:cc_nonroot_arm64_debian12
//cc:cc_nonroot_amd64_debian12
//cc:cc_root_amd64_debian12
//python3:debug_nonroot_amd64_debian12
//python3:debug_nonroot_arm64_debian12
//python3:debug_root_arm64_debian12
//cc:cc_root_s390x_debian12
//cc:cc_root_ppc64le_debian12
//cc:cc_root_ppc64le_debian12
//cc:debug_nonroot_ppc64le_debian12
//cc:debug_root_amd64_debian12
//cc:cc_nonroot_s390x_debian12
//cc:debug_root_amd64_debian12
//cc:debug_nonroot_arm64_debian12
//base:base_nonroot_arm_debian12
//python3:python3_nonroot_amd64_debian12
//python3:python3_nonroot_amd64_debian12
//cc:debug_root_s390x_debian12
//python3:python3_root_arm64_debian12
//python3:python3_root_arm64_debian12
//nodejs:nodejs20_debug_nonroot_amd64_debian12
//python3:python3_nonroot_arm64_debian12
//python3:debug_nonroot_arm64_debian12
//python3:debug_root_amd64_debian12
//nodejs:nodejs20_root_amd64_debian12
//base:debug_root_arm64_debian12
//cc:cc_nonroot_s390x_debian12
//nodejs:nodejs20_debug_root_arm64_debian12
//python3:debug_nonroot_amd64_debian12
//cc:debug_nonroot_s390x_debian12
//python3:python3_nonroot_arm64_debian12
//python3:debug_root_arm64_debian12
//nodejs:nodejs20_nonroot_arm_debian12
//cc:debug_nonroot_arm_debian12
//nodejs:nodejs20_root_arm_debian12
//nodejs:nodejs20_debug_root_arm64_debian12
//nodejs:nodejs20_debug_root_amd64_debian12
//nodejs:nodejs20_root_arm64_debian12
//nodejs:nodejs20_debug_root_s390x_debian12
//nodejs:nodejs20_debug_root_amd64_debian12
//nodejs:nodejs20_debug_root_s390x_debian12
//nodejs:nodejs20_debug_nonroot_arm_debian12
//nodejs:nodejs20_nonroot_amd64_debian12
//nodejs:nodejs20_nonroot_amd64_debian12
//nodejs:nodejs20_nonroot_arm64_debian12
//nodejs:nodejs20_root_arm_debian12
//nodejs:nodejs20_debug_nonroot_s390x_debian12
//nodejs:nodejs20_debug_root_ppc64le_debian12
//nodejs:nodejs20_nonroot_s390x_debian12
//nodejs:nodejs20_nonroot_ppc64le_debian12
//nodejs:nodejs20_nonroot_ppc64le_debian12
//nodejs:nodejs20_nonroot_arm64_debian12
//nodejs:nodejs20_nonroot_arm_debian12
//nodejs:nodejs20_debug_nonroot_s390x_debian12
//nodejs:nodejs20_debug_root_arm_debian12
//nodejs:nodejs20_debug_nonroot_arm_debian12
//nodejs:nodejs20_root_arm64_debian12
//nodejs:nodejs20_debug_nonroot_ppc64le_debian12
//nodejs:nodejs20_root_amd64_debian12
//nodejs:nodejs22_debug_nonroot_amd64_debian12
//nodejs:nodejs20_nonroot_s390x_debian12
//nodejs:nodejs20_root_s390x_debian12
//nodejs:nodejs20_debug_nonroot_ppc64le_debian12
//nodejs:nodejs20_debug_nonroot_amd64_debian12
//nodejs:nodejs20_root_ppc64le_debian12
//nodejs:nodejs22_debug_root_arm_debian12
//nodejs:nodejs20_debug_root_arm_debian12
//nodejs:nodejs20_debug_nonroot_arm64_debian12
//nodejs:nodejs22_debug_root_amd64_debian12
//nodejs:nodejs22_root_arm64_debian12
//nodejs:nodejs22_nonroot_arm_debian12
//nodejs:nodejs22_nonroot_amd64_debian12
//nodejs:nodejs22_debug_root_arm_debian12
//nodejs:nodejs22_nonroot_amd64_debian12
//nodejs:nodejs22_debug_root_s390x_debian12
//nodejs:nodejs22_root_arm_debian12
//nodejs:nodejs20_debug_root_ppc64le_debian12
//nodejs:nodejs22_root_arm_debian12
//nodejs:nodejs22_nonroot_s390x_debian12
//nodejs:nodejs22_nonroot_arm64_debian12
//nodejs:nodejs22_root_s390x_debian12
//nodejs:nodejs22_debug_root_arm64_debian12
//nodejs:nodejs22_root_arm64_debian12
//nodejs:nodejs22_debug_root_arm64_debian12
//nodejs:nodejs22_debug_root_amd64_debian12
//nodejs:nodejs24_root_amd64_debian12
//nodejs:nodejs22_debug_nonroot_ppc64le_debian12
//nodejs:nodejs22_nonroot_arm64_debian12
//nodejs:nodejs22_nonroot_s390x_debian12
//nodejs:nodejs22_root_ppc64le_debian12
//nodejs:nodejs22_nonroot_ppc64le_debian12
//nodejs:nodejs22_debug_nonroot_arm_debian12
//nodejs:nodejs22_debug_nonroot_ppc64le_debian12
//nodejs:nodejs22_debug_nonroot_arm_debian12
//nodejs:nodejs22_debug_root_s390x_debian12
//nodejs:nodejs22_debug_root_ppc64le_debian12
//nodejs:nodejs24_root_amd64_debian12
//nodejs:nodejs20_root_s390x_debian12
//nodejs:nodejs20_root_ppc64le_debian12
//nodejs:nodejs22_debug_nonroot_arm64_debian12
//nodejs:nodejs22_root_ppc64le_debian12
//nodejs:nodejs24_debug_nonroot_amd64_debian12
//nodejs:nodejs22_debug_nonroot_s390x_debian12
//nodejs:nodejs24_root_s390x_debian12
//nodejs:nodejs24_debug_nonroot_arm64_debian12
//nodejs:nodejs22_nonroot_ppc64le_debian12
//nodejs:nodejs24_debug_root_amd64_debian12
//nodejs:nodejs24_debug_root_arm64_debian12
//nodejs:nodejs24_nonroot_s390x_debian12
//nodejs:nodejs24_debug_root_arm64_debian12
//nodejs:nodejs24_root_ppc64le_debian12
//nodejs:nodejs22_root_s390x_debian12
//nodejs:nodejs24_debug_root_s390x_debian12
//nodejs:nodejs24_nonroot_arm64_debian12
//nodejs:nodejs24_debug_nonroot_s390x_debian12
//nodejs:nodejs24_debug_nonroot_amd64_debian12
//nodejs:nodejs24_nonroot_ppc64le_debian12
//nodejs:nodejs24_root_ppc64le_debian12
//nodejs:nodejs22_nonroot_arm_debian12
//nodejs:nodejs24_nonroot_amd64_debian12
//nodejs:nodejs24_debug_nonroot_ppc64le_debian12
//nodejs:nodejs24_nonroot_amd64_debian12
//nodejs:nodejs24_nonroot_arm64_debian12
//nodejs:nodejs22_debug_nonroot_amd64_debian12
//nodejs:nodejs24_debug_nonroot_arm64_debian12
//nodejs:nodejs24_root_arm64_debian12
//nodejs:nodejs24_root_s390x_debian12
//nodejs:nodejs22_debug_nonroot_s390x_debian12
//nodejs:nodejs24_debug_nonroot_s390x_debian12
//nodejs:nodejs24_nonroot_ppc64le_debian12
//nodejs:nodejs20_debug_nonroot_arm64_debian12
//nodejs:nodejs24_nonroot_s390x_debian12
//nodejs:nodejs24_debug_root_ppc64le_debian12
//nodejs:nodejs24_debug_root_s390x_debian12
//nodejs:nodejs24_debug_nonroot_ppc64le_debian12
//nodejs:nodejs22_root_amd64_debian12
//nodejs:nodejs24_debug_root_amd64_debian12
//nodejs:nodejs22_debug_root_ppc64le_debian12
//nodejs:nodejs24_root_arm64_debian12
//nodejs:nodejs24_debug_root_ppc64le_debian12
//nodejs:nodejs22_root_amd64_debian12
//nodejs:nodejs22_debug_nonroot_arm64_debian12

You can check the details in the report here