geckon01/local-deep-research
1
0
Fork 0
mirror of https://github.com/LearningCircuit/local-deep-research.git synced 2026-06-15 19:46:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
a5cd3c58d73c7b0d8d11beaa28617323296ae0c5
local-deep-research/cookiecutter-docker
History
LearningCircuit 04a55f106f security: replace gosu with setpriv and suppress 8 unfixable CVEs (#2501) 
Replace gosu (Go binary) with setpriv (util-linux, already in base image)
for privilege dropping in the container entrypoint. This eliminates 7 Go
stdlib CVEs (CVE-2025-4674, CVE-2025-61732, CVE-2025-61731, CVE-2025-47907,
CVE-2025-61729, CVE-2025-58187, CVE-2025-58188) by removing the only Go
binary from the image.

For the remaining 8 CVEs that are unfixable in Debian Trixie (libtiff6,
coreutils, libc6, Chrome DevTools), add documented suppressions to both
.grype.yaml (new) and .trivyignore with review date 2026-09-01.

Also updates the base image digest to pick up latest security patches,
and bumps Playwright from 1.57.0 to 1.58.0 (matching pyproject.toml)
with the corresponding chromium-1208 revision.
2026-03-01 23:37:26 +01:00
..
{{cookiecutter.config_name}}
security: replace gosu with setpriv and suppress 8 unfixable CVEs (#2501)
2026-03-01 23:37:26 +01:00
hooks
cookiecutter.json