Skip to content

Commit fe6a40c

Browse files
BrianEllwoodBrianEllwood
authored
Patch analytical-platform-airflow-python-base due to CVE-2025-9900 (#124)
patch various software versions
1 parent 328c51a commit fe6a40c

File tree

2 files changed

+7
-8
lines changed

2 files changed

+7
-8
lines changed

Dockerfile

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,6 @@
11
#checkov:skip=CKV_DOCKER_2: HEALTHCHECK not required - Health checks are implemented downstream of this image
22

3-
FROM public.ecr.aws/ubuntu/ubuntu:24.04@sha256:b40d671bf589b6e5eaaceae32d7eb325a69182963519760571161df996d0d62a
4-
3+
FROM public.ecr.aws/ubuntu/ubuntu:24.04@sha256:5dcf95d194f9781a99394c4084c4d2930fb7576c36f5abf817ccc13ef6a55c34
54
LABEL org.opencontainers.image.vendor="Ministry of Justice" \
65
org.opencontainers.image.authors="Analytical Platform (analytical-platform@digital.justice.gov.uk)" \
76
org.opencontainers.image.title="Airflow Python Base" \
@@ -19,14 +18,14 @@ ENV CONTAINER_USER="analyticalplatform" \
1918
ANALYTICAL_PLATFORM_DIRECTORY="/opt/analyticalplatform" \
2019
DEBIAN_FRONTEND="noninteractive" \
2120
PIP_BREAK_SYSTEM_PACKAGES="1" \
22-
AWS_CLI_VERSION="2.28.20" \
21+
AWS_CLI_VERSION="2.31.4" \
2322
CUDA_VERSION="12.9.1" \
2423
NVIDIA_DISABLE_REQUIRE="true" \
2524
NVIDIA_CUDA_CUDART_VERSION="12.9.79-1" \
2625
NVIDIA_CUDA_COMPAT_VERSION="575.57.08-0ubuntu1" \
2726
NVIDIA_VISIBLE_DEVICES="all" \
2827
NVIDIA_DRIVER_CAPABILITIES="compute,utility" \
29-
UV_VERSION="0.8.14" \
28+
UV_VERSION="0.8.22" \
3029
LD_LIBRARY_PATH="/usr/local/nvidia/lib:/usr/local/nvidia/lib64" \
3130
PATH="/usr/local/nvidia/bin:/usr/local/cuda/bin:/home/analyticalplatform/.local/bin:${PATH}"
3231

@@ -59,7 +58,7 @@ apt-get install --yes \
5958
"git=1:2.43.0-1ubuntu7.3" \
6059
"jq=1.7.1-3ubuntu0.24.04.1" \
6160
"python3.12=3.12.3-1ubuntu0.8" \
62-
"python3-pip=24.0+dfsg-1ubuntu1.2" \
61+
"python3-pip=24.0+dfsg-1ubuntu1.3" \
6362
"unzip=6.0-28ubuntu4.1"
6463

6564
apt-get clean --yes

test/container-structure-test.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -42,17 +42,17 @@ commandTests:
4242
- name: "aws"
4343
command: "aws"
4444
args: ["--version"]
45-
expectedOutput: ["aws-cli/2.28.20"]
45+
expectedOutput: ["aws-cli/2.31.4"]
4646

4747
- name: "uv"
4848
command: "uv"
4949
args: ["--version"]
50-
expectedOutput: ["uv 0.8.14"]
50+
expectedOutput: ["uv 0.8.22"]
5151

5252
- name: "uvx"
5353
command: "uvx"
5454
args: ["--version"]
55-
expectedOutput: ["uvx 0.8.14"]
55+
expectedOutput: ["uvx 0.8.22"]
5656

5757
fileExistenceTests:
5858
- name: "/opt/analyticalplatform"

0 commit comments

Comments
 (0)