From fc0f803cdfb983449281fbadc93c5a807177d6b9 Mon Sep 17 00:00:00 2001
From: Kyle Brennan <kyle@gitpod.io>
Date: Mon, 2 Dec 2024 14:59:48 +0000
Subject: [PATCH] Bump base image
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This fixes:
│    Library     │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                            Title                             │
├────────────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤
│ linux-libc-dev │ CVE-2024-26800 │ HIGH     │ fixed  │ 5.15.0-124.134    │ 5.15.0-125.135 │ kernel: tls: fix use-after-free on failed backlog decryption │
│                │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-26800                   │
│                ├────────────────┤          │        │                   │                ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-43882 │          │        │                   │                │ kernel: exec: Fix ToCToU between perm check and set-uid/gid  │
│                │                │          │        │                   │                │ usage                                                        │
│                │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-43882
---
 base/Dockerfile | 54 ++++++++++++++++++++++++-------------------------
 1 file changed, 27 insertions(+), 27 deletions(-)

diff --git a/base/Dockerfile b/base/Dockerfile
index ed9920d9c..6f7d03525 100644
--- a/base/Dockerfile
+++ b/base/Dockerfile
@@ -1,39 +1,39 @@
 FROM buildpack-deps:jammy@sha256:9c6387be70924dc253a6c5594fd11bf8c90a19528442ee8b0b4040362bf1a662
 
 # Dazzle does not rebuild a layer until one of its lines are changed. Increase this counter to rebuild this layer.
-ENV TRIGGER_REBUILD=1
+ENV TRIGGER_REBUILD=2
 
 COPY install-packages upgrade-packages /usr/bin/
 
 ### base ###
 RUN yes | unminimize \
     && install-packages \
-        zip \
-        unzip \
-        bash-completion \
-        build-essential \
-        ninja-build \
-        clang \
-        htop \
-        iputils-ping \
-        jq \
-        less \
-        locales \
-        man-db \
-        nano \
-        ripgrep \
-        software-properties-common \
-        sudo \
-        stow \
-        time \
-        emacs-nox \
-        vim \
-        multitail \
-        lsof \
-        ssl-cert \
-        fish \
-        zsh \
-        rlwrap \
+    zip \
+    unzip \
+    bash-completion \
+    build-essential \
+    ninja-build \
+    clang \
+    htop \
+    iputils-ping \
+    jq \
+    less \
+    locales \
+    man-db \
+    nano \
+    ripgrep \
+    software-properties-common \
+    sudo \
+    stow \
+    time \
+    emacs-nox \
+    vim \
+    multitail \
+    lsof \
+    ssl-cert \
+    fish \
+    zsh \
+    rlwrap \
     && locale-gen en_US.UTF-8
 
 ENV LANG=en_US.UTF-8