Skip to content

Remove gosu binary from our images #37677

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
potiuk merged 1 commit into from
Feb 24, 2024
Merged

Remove gosu binary from our images #37677

potiuk merged 1 commit into from
Feb 24, 2024

Conversation

@potiuk
Copy link
Member

@potiuk potiuk commented Feb 24, 2024

We have a "gosu" binary installed in Airflow image but it does not seem to be used and it brings in a number of security vulnerabilities because gosu uses an older go stdlib library.

This PR removes the gosu binary from the image altogether.

^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in a newsfragment file, named {pr_number}.significant.rst or {issue_number}.significant.rst, in newsfragments.

@potiuk
Remove gosu binary from our images
41cbab2 
We have a "gosu" binary installed in Airflow image but it does not
seem to be used and it brings in a number of security vulnerabilities
because gosu uses an older go stdlib library.

This PR removes the gosu binary from the image altogether.
@potiuk potiuk requested a review from ashb as a code owner February 24, 2024 17:09
@boring-cyborg boring-cyborg bot added area:dev-tools area:production-image Production image improvements and fixes kind:documentation labels Feb 24, 2024
@potiuk potiuk added this to the Airflow 2.8.3 milestone Feb 24, 2024
@potiuk potiuk merged commit 349e8bd into apache:main Feb 24, 2024
@potiuk potiuk deleted the remove-gosu-from-image branch February 24, 2024 19:07
@ephraimbuddy ephraimbuddy added the type:misc/internal Changelog: Misc changes that should appear in change log label Mar 6, 2024
ephraimbuddy pushed a commit that referenced this pull request Mar 6, 2024
@potiuk @ephraimbuddy
Remove gosu binary from our images (#37677)
0a4bb15 
We have a "gosu" binary installed in Airflow image but it does not
seem to be used and it brings in a number of security vulnerabilities
because gosu uses an older go stdlib library.

This PR removes the gosu binary from the image altogether.

(cherry picked from commit 349e8bd)
@ephraimbuddy ephraimbuddy mentioned this pull request Mar 7, 2024
Closed
14 tasks
@Taragolis Taragolis mentioned this pull request Mar 18, 2024
Merged
@ephraimbuddy ephraimbuddy added changelog:skip Changes that should be skipped from the changelog (CI, tests, etc..) and removed type:misc/internal Changelog: Misc changes that should appear in change log labels Mar 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hussein-awala hussein-awala hussein-awala approved these changes

@eladkal eladkal eladkal approved these changes

@jedcunningham jedcunningham jedcunningham approved these changes

@ashb ashb Awaiting requested review from ashb ashb is a code owner

@Taragolis Taragolis Awaiting requested review from Taragolis

@ephraimbuddy ephraimbuddy Awaiting requested review from ephraimbuddy

@pierrejeambrun pierrejeambrun Awaiting requested review from pierrejeambrun

Assignees

No one assigned

Labels

area:dev-tools area:production-image Production image improvements and fixes changelog:skip Changes that should be skipped from the changelog (CI, tests, etc..) kind:documentation

Projects

None yet

Milestone

Airflow 2.8.3

Development

Successfully merging this pull request may close these issues.

5 participants

@potiuk @hussein-awala @eladkal @jedcunningham @ephraimbuddy