Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade ubuntu from 22.10 to lunar-20230615 #11927

Merged
merged 3 commits into from
Aug 1, 2023
Merged

[Snyk] Security upgrade ubuntu from 22.10 to lunar-20230615 #11927

merged 3 commits into from
Aug 1, 2023

Conversation

glenn-jocher
Copy link
Member

@glenn-jocher glenn-jocher commented Aug 1, 2023
edited by UltralyticsAssistant
Loading

This PR was automatically created by Snyk using the credentials of a real user.


Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Changes included in this PR

  • utils/docker/Dockerfile-cpu

We recommend upgrading to ubuntu:lunar-20230615, as this image has only 7 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Some of the most important vulnerabilities in your base image include:

Severity Priority Score / 1000 Issue Exploit Maturity
medium severity 300 Improper Validation of Integrity Check Value
SNYK-UBUNTU2210-SYSTEMD-5721329		 No Known Exploit
medium severity 300 Improper Validation of Integrity Check Value
SNYK-UBUNTU2210-SYSTEMD-5721343		 No Known Exploit
medium severity 300 Improper Validation of Integrity Check Value
SNYK-UBUNTU2210-SYSTEMD-5721343		 No Known Exploit
medium severity 300 Improper Validation of Integrity Check Value
SNYK-UBUNTU2210-SYSTEMD-5721350		 No Known Exploit
medium severity 300 Improper Validation of Integrity Check Value
SNYK-UBUNTU2210-SYSTEMD-5721350		 No Known Exploit

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

🛠️ PR Summary

Made with ❤️ by Ultralytics Actions

🌟 Summary

Updated Dockerfile for improved compatibility and package management in YOLOv5 CPU Docker image.

📊 Key Changes

  • Changed the base Ubuntu image from 22.10 to a specific lunar-20230615 snapshot.
  • Added g++ and libusb-1.0-0 to the list of packages installed via apt to support building certain Python packages.
  • Removed the file /usr/lib/python3.11/EXTERNALLY-MANAGED to prevent issues with Ubuntu's nightly build process when using pip install.
  • Simplified package installation commands by combining them into fewer RUN instructions.

🎯 Purpose & Impact

  • 🚀 Ensuring the Docker image is based on a stable snapshot of Ubuntu Lunar for consistent builds and avoiding potential issues with the latest rolling updates.
  • 🛠 Supporting the building and installation of Python packages (tflite_support and lap) that require additional C++ libraries and USB support.
  • 🐍 Resolving conflicts with Python's packaging system in the Ubuntu nightlies that could cause errors during package installation.
  • 🧹 Streamlining the Dockerfile for efficiency and reduced complexity, which can lead to faster build times and easier maintenance.

Potential impact to users:

These changes are likely to improve the stability and functionality of the YOLOv5 CPU Docker image, leading to a smoother experience for developers deploying YOLOv5 on CPU-only environments.

@glenn-jocher glenn-jocher merged commit 05e4c05 into master Aug 1, 2023
7 checks passed
@glenn-jocher glenn-jocher deleted the snyk-fix-006e66fbcaff1ad703de754a473c9cac branch August 1, 2023 12:42
pleb631 pushed a commit to pleb631/yolov5 that referenced this pull request Jan 6, 2024
@glenn-jocher @snyk-bot @pleb631
[Snyk] Security upgrade ubuntu from 22.10 to lunar-20230615 (ultralyt…
d103cd7 
…ics#11927)

* fix: utils/docker/Dockerfile-cpu to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-UBUNTU2210-SYSTEMD-5721329
- https://snyk.io/vuln/SNYK-UBUNTU2210-SYSTEMD-5721343
- https://snyk.io/vuln/SNYK-UBUNTU2210-SYSTEMD-5721343
- https://snyk.io/vuln/SNYK-UBUNTU2210-SYSTEMD-5721350
- https://snyk.io/vuln/SNYK-UBUNTU2210-SYSTEMD-5721350

* Update Dockerfile-cpu

Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com>

---------

Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com>
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@glenn-jocher @snyk-bot