From d06644f204f22e8f04765be837a26807567ebc4d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 18 Jun 2026 08:58:29 +0000 Subject: [PATCH] build(deps): bump the docker group across 2 directories with 2 updates Bumps the docker group with 1 update in the /build/dashboard directory: python. Bumps the docker group with 1 update in the /build/tor directory: alpine. Updates `python` from `a3ab0b9` to `ae52c5b` Updates `alpine` from `5b10f43` to `28bd5fe` --- updated-dependencies: - dependency-name: python dependency-version: 3.11-slim dependency-type: direct:production dependency-group: docker - dependency-name: alpine dependency-version: latest dependency-type: direct:production dependency-group: docker ... Signed-off-by: dependabot[bot] --- build/dashboard/Dockerfile | 2 +- build/tor/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build/dashboard/Dockerfile b/build/dashboard/Dockerfile index de7b824..a51fd1c 100644 --- a/build/dashboard/Dockerfile +++ b/build/dashboard/Dockerfile @@ -4,7 +4,7 @@ # uv's own CVEs into image scans, #282). uv lives only in the build/test stages. # ========================================================================== # Pinned by digest (#135) so the python:3.11-slim tag can't be silently re-pointed. -FROM python:3.11-slim@sha256:a3ab0b966bc4e91546a033e22093cb840908979487a9fc0e6e38295747e49ac0 AS base +FROM python:3.11-slim@sha256:ae52c5bef62a6bdd42cd1e8dffef86b9cd284bde9427da79839de7a4b983e7ca AS base # Run from a project venv on PATH (so entrypoint.sh's `python3` resolves to it); use the # digest-pinned base interpreter (never let uv download a different Python); compile bytecode and diff --git a/build/tor/Dockerfile b/build/tor/Dockerfile index 77a2341..676b094 100644 --- a/build/tor/Dockerfile +++ b/build/tor/Dockerfile @@ -1,6 +1,6 @@ # Pinned by digest (#135). NOTE: still the floating `latest` tag — a follow-up could move this to a # specific alpine version; the digest already makes the build reproducible regardless. -FROM alpine:latest@sha256:5b10f432ef3da1b8d4c7eb6c487f2f5a8f096bc91145e68878dd4a5019afde11 +FROM alpine:latest@sha256:28bd5fe8b56d1bd048e5babf5b10710ebe0bae67db86916198a6eec434943f8b # Install Tor plus the tools the bootstrap healthcheck needs: netcat (talk to the # control port) and xxd (hex-encode the auth cookie). --no-cache keeps the image small.