Skip to content

ci: fix debian security docker-ptf#26242

Merged
StormLiangMS merged 1 commit intosonic-net:masterfrom
auspham:austinpham/36979761-debian-security-vuln-resolve
Mar 19, 2026
Merged

ci: fix debian security docker-ptf#26242
StormLiangMS merged 1 commit intosonic-net:masterfrom
auspham:austinpham/36979761-debian-security-vuln-resolve

Conversation

@auspham
Copy link
Contributor

@auspham auspham commented Mar 18, 2026

Why I did it

Upgrading individual packages will get us keep getting flagged for new security issues. We should upgrade all what we could.

Work item tracking
  • Microsoft ADO (number only):

How I did it

How to verify it

Which release branch to backport (provide reason below if selected)

  • 202305
  • 202311
  • 202405
  • 202411
  • 202505
  • 202511

Tested branch (Please provide the tested image version)

Description for the changelog

Link to config_db schema for YANG module changes

A picture of a cute animal (not mandatory but encouraged)

@auspham auspham requested a review from lguohan as a code owner March 18, 2026 10:07
Copilot AI review requested due to automatic review settings March 18, 2026 10:07
@mssonicbld
Copy link
Collaborator

mssonicbld commented Mar 18, 2026

/azp run Azure.sonic-buildimage

@azure-pipelines
Copy link

azure-pipelines bot commented Mar 18, 2026

Azure Pipelines successfully started running 1 pipeline(s).

Copilot AI reviewed Mar 18, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the docker-ptf container build to reduce security scan findings by applying broader OS package upgrades and ensuring a minimum setuptools version in the image.

Changes:

  • Replace targeted apt-get --only-upgrade of specific packages with a full apt-get upgrade.
  • Add a pip3 install "setuptools>=70.0.0" step to address a referenced GHSA.

StormLiangMS
StormLiangMS approved these changes Mar 19, 2026
View reviewed changes
Copy link
Contributor

@StormLiangMS StormLiangMS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@StormLiangMS StormLiangMS merged commit a852861 into sonic-net:master Mar 19, 2026
25 checks passed
@auspham
Copy link
Contributor Author

auspham commented Mar 19, 2026

TODO: cherry pick 202511 & 202505

This was referenced Mar 19, 2026
Merged
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@StormLiangMS StormLiangMS StormLiangMS approved these changes

@lguohan lguohan Awaiting requested review from lguohan lguohan is a code owner

Assignees

No one assigned

Labels

Cherry Pick Conflict_202505 Request for 202505 Branch Request for 202511 Branch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@auspham @mssonicbld @StormLiangMS