diff --git a/deploy/docker/Dockerfile.ci b/deploy/docker/Dockerfile.ci index 4ab01ceb..b87962b7 100644 --- a/deploy/docker/Dockerfile.ci +++ b/deploy/docker/Dockerfile.ci @@ -8,7 +8,7 @@ FROM nvcr.io/nvidia/base/ubuntu:noble-20251013 -ARG DOCKER_VERSION=29.3.0 +ARG DOCKER_VERSION=29.3.1 ARG BUILDX_VERSION=v0.32.1 ARG TARGETARCH @@ -34,6 +34,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ xz-utils \ jq \ rsync \ + && apt-get install -y --only-upgrade gpgv python3 \ && rm -rf /var/lib/apt/lists/* # Install Docker CLI and buildx plugin used by CI jobs diff --git a/deploy/docker/Dockerfile.images b/deploy/docker/Dockerfile.images index af17b9b0..d078429d 100644 --- a/deploy/docker/Dockerfile.images +++ b/deploy/docker/Dockerfile.images @@ -15,8 +15,8 @@ # Pin by tag AND manifest-list digest to prevent silent upstream republishes # from breaking the build. Update both when bumping k3s versions. # To refresh: docker buildx imagetools inspect rancher/k3s: | head -3 -ARG K3S_VERSION=v1.35.2-k3s1 -ARG K3S_DIGEST=sha256:c3184157c3048112bab0c3e17405991da486cb3413511eba23f7650efd70776b +ARG K3S_VERSION=v1.35.3-k3s1 +ARG K3S_DIGEST=sha256:4607083d3cac07e1ccde7317297271d13ed5f60f35a78f33fcef84858a9f1d69 ARG K9S_VERSION=v0.50.18 ARG HELM_VERSION=v3.17.3 ARG NVIDIA_CONTAINER_TOOLKIT_VERSION=1.18.2-1 @@ -165,7 +165,9 @@ COPY --from=supervisor-builder /build/out/openshell-sandbox /openshell-sandbox FROM nvcr.io/nvidia/base/ubuntu:noble-20251013 AS gateway RUN apt-get update && apt-get install -y --no-install-recommends \ - ca-certificates && rm -rf /var/lib/apt/lists/* + ca-certificates && \ + apt-get install -y --only-upgrade gpgv && \ + rm -rf /var/lib/apt/lists/* RUN useradd --create-home --user-group openshell @@ -230,6 +232,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ iptables \ mount \ dnsutils \ + && apt-get install -y --only-upgrade gpgv \ && rm -rf /var/lib/apt/lists/* COPY --from=k3s /bin/ /bin/ diff --git a/mise.toml b/mise.toml index d204f531..4bcb4e07 100644 --- a/mise.toml +++ b/mise.toml @@ -20,7 +20,7 @@ uv = "0.10.2" protoc = "29.6" helm = "4.1.1" "ubi:mozilla/sccache" = { version = "0.14.0", matching = "sccache-v" } -"ubi:anchore/syft" = { version = "1.42.2", matching = "syft_" } +"ubi:anchore/syft" = { version = "1.42.3", matching = "syft_" } "ubi:EmbarkStudios/cargo-about" = "0.8.4" [env]