Skip to content

Dockerfile hygiene: Python 3.14, CVE paths, compose context#43

Merged
AndrewAltimit merged 1 commit into
mainfrom
update-dockerfiles-python-314
May 14, 2026
Merged

Dockerfile hygiene: Python 3.14, CVE paths, compose context#43
AndrewAltimit merged 1 commit into
mainfrom
update-dockerfiles-python-314

Conversation

@AndrewAltimit
Copy link
Copy Markdown
Owner

@AndrewAltimit AndrewAltimit commented May 14, 2026

Summary

  • Python 3.12 -> 3.14 on 5 lab Dockerfiles (mock-saml, mock-databricks, mock-sccm, copilot-app, vulnerable-lab-app); all other python:*-slim images were already on 3.14
  • CVE COPY paths fixed -- 5 Dockerfiles referenced cve-XXXX-XXXX-repo/ (old flat layout); updated to cves/<browser>/<year>/CVE-<id>/ matching current tree (cve-2024-9680-debug/test, cve-2025-4919-test, cve-2026-2441-test, chrome-x64-test)
  • firefox-browser base bumped ubuntu:22.04 -> 24.04 -- the 22.04 image fails GPG verification under QEMU amd64 emulation; updated libasound2 -> libasound2t64 and libxt6 -> libxt6t64 for the 24.04 renames
  • mock-sccm compose context fixed -- docker-compose.lab.yml had context: . but the Dockerfile uses a bare COPY mock_sccm.py .; changed to context: infra/lab/mock-sccm / dockerfile: Dockerfile to match mock-saml/mock-databricks pattern

Test plan

  • All 5 bumped Dockerfiles built and verified locally (python:3.14-slim, including mock-saml xmlsec C-ext compile)
  • All 9 existing python:3.14-slim Dockerfiles build cleanly
  • All 5 CVE-test Dockerfiles pass after path fix
  • firefox-browser passes after ubuntu:24.04 bump
  • mock-sccm builds from infra/lab/mock-sccm context
  • Heavy source-compile Dockerfiles (firefox124-browser-native, fuzz-asan, fuzzilli) -- still building locally, no regressions expected

Generated with Claude Code

@claude
Dockerfile hygiene: Python 3.14, CVE paths, compose context
a12bb01 
- Bump python:3.12-slim → 3.14-slim on 5 lab Dockerfiles
  (mock-saml, mock-databricks, mock-sccm, copilot-app, vulnerable-lab-app)
- Fix CVE COPY paths: cve-XXXX-XXXX-repo/ → cves/<browser>/<year>/CVE-<id>/
  (cve-2024-9680-debug/test, cve-2025-4919-test, cve-2026-2441-test, chrome-x64-test)
- Bump firefox-browser base ubuntu:22.04 → 24.04; update libasound2t64/libxt6t64
- Fix mock-sccm compose context: context:. → context:infra/lab/mock-sccm
  so COPY mock_sccm.py resolves correctly

All 31 Dockerfiles build cleanly (verified locally).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@AndrewAltimit AndrewAltimit merged commit 2b9def5 into main May 14, 2026
2 checks passed
@AndrewAltimit AndrewAltimit deleted the update-dockerfiles-python-314 branch May 14, 2026 22:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@AndrewAltimit