Chore: [AEA-0000] - update syft, grype, poetry, node#92
Chore: [AEA-0000] - update syft, grype, poetry, node#92anthony-nhs wants to merge 4 commits intomainfrom
Conversation
|
This PR is linked to a ticket in an NHS Digital JIRA Project. Here's a handy link to the ticket: AEA-0000 |
There was a problem hiding this comment.
Pull request overview
Routine devcontainer/tooling version bumps to keep build and security scanning tools current across the Node 24 + Python language images and base scanner images.
Changes:
- Bump Poetry in Node 24 + Python 3.12/3.13/3.14 devcontainers to 2.3.4.
- Bump Syft to 1.42.4 in the Syft devcontainer image build.
- Bump Grype to 0.111.0 in the Grype devcontainer image build.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| src/languages/node_24_python_3_14/.devcontainer/.tool-versions | Updates Poetry version for Python 3.14 devcontainer tooling. |
| src/languages/node_24_python_3_13/.devcontainer/.tool-versions | Updates Poetry version for Python 3.13 devcontainer tooling. |
| src/languages/node_24_python_3_12/.devcontainer/.tool-versions | Updates Poetry version for Python 3.12 devcontainer tooling. |
| src/base/.devcontainer/Dockerfile.syft | Updates Syft version used in the Syft scratch image build. |
| src/base/.devcontainer/Dockerfile.grype | Updates Grype version used in the Grype scratch image build. |
| python 3.12.13 | ||
| poetry 2.3.2 | ||
| poetry 2.3.4 |
There was a problem hiding this comment.
PR description says poetry is updated to 2.3.4, but only the Python 3.12–3.14 devcontainers are updated; node_24_python_3_10 still pins poetry 2.1.3 (src/languages/node_24_python_3_10/.devcontainer/.tool-versions:2). Either update that devcontainer too, or clarify in the PR description that the poetry bump is only for 3.12+ images.
anthony-nhs
changed the title
Summary
Details