shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-03 13:08:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
v2.32.2
coder/scripts
T
History
Seth Shelnutt d944b92a99 fix(scripts/ironbank): update base image to UBI9 and remove urllib3 (CVE-2026-44431) (#25249) 
## Summary

Update the IronBank Dockerfile to use UBI9 (9.6) instead of UBI8 (8.7)
and explicitly remove `python3-urllib3` to address CVE-2026-44431.

### Changes
- **Dockerfile**: Upgrade base image from `ubi8-minimal:8.7` to
`ubi9-minimal:9.6`
- **Dockerfile**: Add `microdnf remove python3-urllib3` step after
package install
- **build_ironbank.sh**: Update local build args to match the new UBI9
base image

### Context
urllib3 1.26.5 is bundled in the UBI base image. Coder is a Go binary
and does not invoke Python at runtime, so this library is unused. The
removal step is a belt-and-suspenders safeguard in case UBI9 still ships
the package.

Fixes: ENT-52

> [!NOTE]
> This PR was generated by [Coder
Agents](https://coder.com/docs/agents).
2026-05-13 10:39:09 -04:00
..
apidocgen
refactor: replace sort.Strings with slices.Sort (#23457)
2026-03-23 23:19:23 +02:00
apikeyscopesgen
refactor: add wildcard scope entries for API key scopes (#20032)
2025-10-06 12:08:17 +02:00
apitypings
refactor: make ChatMessagePart a discriminated union in TypeScript (#23168)
2026-03-18 09:27:51 +00:00
atomicwrite
build(Makefile): enable parallel make -j gen with correct dependency graph (#22612)
2026-03-05 11:58:10 +00:00
auditdocgen
refactor: deduplicate utility helpers across the codebase (#23338)
2026-03-20 15:12:41 +00:00
audittypegen
fix: fix slog to always use array of Fields (#21426)
2026-01-08 10:29:41 +04:00
check-scopes
refactor: replace sort.Strings with slices.Sort (#23457)
2026-03-23 23:19:23 +02:00
clidocgen
build(Makefile): enable parallel make -j gen with correct dependency graph (#22612)
2026-03-05 11:58:10 +00:00
dbgen
build(Makefile): enable parallel make -j gen with correct dependency graph (#22612)
2026-03-05 11:58:10 +00:00
develop
feat: add automatic database migration recovery to scripts/develop (#23466)
2026-03-24 22:04:56 +02:00
docker-dev
chore: add compose alternative to develop.sh (#22157)
2026-02-19 09:28:52 +00:00
echoserver
chore: update golang to 1.24.1 (#17035)
2025-03-26 01:56:39 -05:00
embedded-pg
ci: cache embedded postgres downloaded binaries (#18477)
2025-06-25 12:00:20 +01:00
examplegen
chore: move docker-chat-sandbox under templates/x (#23777)
2026-03-30 15:17:55 +02:00
gensite
build(Makefile): enable parallel make -j gen with correct dependency graph (#22612)
2026-03-05 11:58:10 +00:00
githooks
feat: smart file-based target selection for scripts/githooks (#23358)
2026-03-20 17:05:44 +02:00
ironbank
fix(scripts/ironbank): update base image to UBI9 and remove urllib3 (CVE-2026-44431) (#25249)
2026-05-13 10:39:09 -04:00
lib
build(scripts/lib): allow MAKE_TIMED=1 to show last 20 lines of failed jobs (#22985)
2026-03-13 17:41:33 +00:00
linux-pkg
chore: update docs links (#14221)
2024-08-17 11:51:13 +00:00
metricsdocgen
fix(scripts/metricsdocgen): shush the prometheus scanner in CI (#23642)
2026-03-26 12:58:02 +00:00
migrate-ci
chore: add /v2 to import module path (#9072)
2023-08-18 18:55:43 +00:00
migrate-test
fix: correct spurious edits made during the lint fixing slog (#17113)
2025-03-27 01:13:21 -05:00
modeloptionsgen
feat: polish model config form UI (#24047)
2026-04-06 10:49:42 -04:00
oauth2
feat: implement RFC 6750 Bearer token authentication (#18644)
2025-07-02 19:14:54 +02:00
rbac-authz
chore: improve rbac and add benchmark tooling (#18584)
2025-06-27 12:05:34 +01:00
release
feat: add release candidate (RC) support to release tooling (#23600)
2026-04-01 16:00:49 -04:00
releasemigrations
chore: arrange imports in a standard way (#21452)
2026-01-08 15:24:11 +04:00
releaser
chore: tag RCs on main, cut release branch only for releases (#24001)
2026-04-07 15:21:22 -04:00
telemetry-server
fix(scripts): handle ignored enc.Encode error in telemetry server (#22855)
2026-03-09 19:03:06 +02:00
testidp
chore: arrange imports in a standard way (#21452)
2026-01-08 15:24:11 +04:00
typegen
refactor: deduplicate utility helpers across the codebase (#23338)
2026-03-20 15:12:41 +00:00
win-installer
fix: do not truncate system PATH in win installer (#5243)
2022-12-02 09:56:49 +10:00
workspace-runtime-audit
chore(coderd/database/dbfake): add support for provisioner job timestamp control (#21944)
2026-02-06 09:44:40 +00:00
archive.sh
chore: build releases on a single Linux runner (switch to rcodesign) (#3890)
2022-09-07 18:56:46 +00:00
atomic_protoc.sh
build(Makefile): use atomic writes for remaining gen targets (#22670)
2026-03-05 22:32:18 +02:00
backport-pr.sh
feat: use -x option in backport script to improve tracability (#23984)
2026-04-02 10:23:31 -06:00
biome_format.sh
build(Makefile): use atomic writes for remaining gen targets (#22670)
2026-03-05 22:32:18 +02:00
build_docker_multiarch.sh
chore: parallel makefile attempt 3 (#3926)
2022-09-08 02:40:17 +10:00
build_docker.sh
feat: add SBOM generation and attestation to GitHub workflow (#17277)
2025-04-07 17:54:05 +02:00
build_go.sh
fix(scripts): fix Windows version format for RC builds (#23542)
2026-03-24 18:59:44 -04:00
build_windows_installer.sh
chore: sign the windows installer (#14353)
2024-08-19 20:33:37 -04:00
check_bootstrap_quotes.sh
ci: add lint check to prevent single quotes in bootstrap scripts (#22664)
2026-03-06 13:09:56 +01:00
check_codersdk_imports.sh
chore: add lint for codersdk dependencies (#14638)
2024-09-12 15:34:03 +10:00
check_enterprise_imports.sh
chore(scripts/rules.go): broaden scope of testingWithOwnerUser linter (#10548)
2023-11-08 14:54:48 +00:00
check_go_versions.sh
ci: check go versions are consistent (#17149)
2025-04-01 09:03:54 +01:00
check_pg_schema.sh
fix: remove unreachable exit after error call in check_pg_schema.sh (#21530)
2026-01-16 10:48:20 +02:00
check_site_icons.sh
fix: return error if agent init script fails to download valid binary (#13280)
2024-05-30 13:33:00 +02:00
check_unstaged.sh
fix(scripts/check_unstaged.sh): modify shebang (#19419)
2025-08-19 19:24:20 +01:00
coder-dev.sh
fix(scripts): allow graceful shutdown when --debug/dlv is used in develop.sh (#23023)
2026-03-13 15:40:53 +02:00
deploy-pr.sh
chore(scripts): auto authenticate gh CLI in scripts on dogfood (#13107)
2024-04-30 19:36:12 +03:00
dev-oidc.sh
feat(cli/server.go): allow the use of public OIDC clients (#16489)
2025-02-07 14:06:38 +01:00
develop.sh
refactor: rewrite develop.sh orchestrator in Go (#23054)
2026-03-16 16:13:57 +02:00
Dockerfile
chore: fix depot build (#6057)
2023-02-06 16:49:33 +00:00
Dockerfile.base
chore: bump bundled terraform to 1.14.5 (#22167)
2026-02-18 12:18:38 +01:00
fixtures.sh
feat(scripts): add fixtures.sh to add license to dev deployment (#19374)
2025-08-18 17:32:53 +01:00
format_go_file.sh
chore: manage tool versions in go.mod (#21455)
2026-01-08 16:25:28 +00:00
helm.sh
chore(site): regenerate provisioner stub (#9151)
2023-08-18 10:50:43 +02:00
image_tag.sh
chore: pin dogfood to release branch during release freeze (#20028)
2025-10-02 12:12:29 +10:00
lib.sh
fix(scripts): allow docs_update_experiments.sh to be run on macOS (#14658)
2024-09-12 21:28:07 +00:00
list_dependencies.sh
chore: add lint for codersdk dependencies (#14638)
2024-09-12 15:34:03 +10:00
normalize_path.sh
chore: run test-go-pg on macOS and Windows in regular CI (#17853)
2025-05-22 15:53:37 +02:00
notarize_darwin.sh
feat: add git to Docker image (#6034)
2023-02-07 02:30:35 +10:00
package.sh
Revert "chore: fix build ci (#13164)" (#13180)
2024-05-06 13:13:24 +00:00
pnpm_install.sh
chore: only run pnpm when node_modules are out of date in Makefile (#16017)
2025-01-03 18:37:25 +05:00
release_promote_stable.sh
chore(scripts): fix stable release promote script (#13204)
2024-05-17 08:25:10 +00:00
release.sh
chore: add new interactive release package (#22624)
2026-03-18 12:19:54 -04:00
remote_playwright.sh
chore(site): update @playwright/test to version 1.47.2 (#14912)
2024-10-01 13:59:49 +00:00
rules.go
fix: fix slog to always use array of Fields (#21426)
2026-01-08 10:29:41 +04:00
should_deploy.sh
chore: revert force deploying main (#23290) (#24072) (#24166)
2026-04-08 14:31:50 -04:00
sign_darwin.sh
ci: remove dylib build pipeline (#22592)
2026-03-05 01:50:50 +11:00
sign_windows.sh
feat: sign windows binaries (#13086)
2024-04-29 10:43:27 -05:00
sign_with_gpg.sh
fix: explicitly trust our own GPG key (#23556)
2026-03-25 10:24:31 +01:00
traiage.sh
ci: assign tasks to triggering username in ai triage workflow (#20022)
2025-09-30 09:51:28 +01:00
update-flake.sh
chore(dogfood): include multiple templates under dogfood/ (#16846)
2025-03-11 13:17:40 +00:00
update-release-calendar.sh
chore: fix release calendar and script (#17745)
2025-05-14 00:04:37 +05:00
version.sh
fix: fix shallow clones not retrieving a valid semver (#13609)
2024-06-22 00:02:12 +10:00
which-release.sh
chore: add which-release script (#18657)
2025-07-01 08:05:44 +00:00
zizmor.sh
chore: add actionlint and zizmor linters (#19459)
2025-08-21 22:14:43 +10:00