I finally got around to making a release 0.9.0 of Ebirah. (0.8.0 was released October 2022)
The Ebirah repository has see multiple updates, primarily targetting the infrastructure and all handled by Dependabot.
- The website is handled by Jekyll, so many PRs are related to Jekyll and related components
- The repository uses several GitHub Actions, also resulting in quite a few
- Docker based repositories are also recipients of PRs related to things changing outside the repository
However there are some humans involved and this particular release was triggered by a PR from Glasswalk3r.
The PR was proposing an improvement in the security posture, by introducing use of a non-root user, so if you are interested in this do checkout PR #82.
At the same time Perl version 5.40.0 was released, so the base image of the Docker image, was updated accordingly. I am looking into updated to the latest Debian release "Bookworm", which is the base image of the Perl Docker image. Currently the images are based on "Bullseye", the Debian release prior to "Bookworm". Actually the "Bookworm" based image can be used as "latest".
I did a brief check using Snyk and by updating from "Bullseye" to "Bookwork" the number of critical security issues dropped from 2 to 3. Changing to a slim image would improve these numbers even further, so this is being considered, see #34.
With the release also Dist::Zilla was updated to the latest release, I am working on how to manifest this in the repository, I believe that I might need to rely on cpanfile.snapshot
and at the same time be able to update this file using Docker, I know how to do this manually, but would love an automated process.
The change log is not long, reflecting somewhat what was mentioned above, the blog post only services to add some more context, but if you want the full blown description, do check out the auto-generated change log.
Change log
0.9.0 2024-06-24 Feature release, update recommended
Via PR #82 from @glasswalk3r, the Docker image has been updated to use a non-root user, this is a most welcome security enhancement
The Docker base image has been updated from Perl 5.38.2 to Perl 5.40.0 via PR #89 from @dependabot
This release updates the dependency: Dist::Zilla from version
6.025
to6.032
, please see the change log of Dist::Zilla