Skip to content

Commit

Permalink
[bump] Ragger dependency
Browse files Browse the repository at this point in the history
  • Loading branch information
@lpascal-ledger
lpascal-ledger committed Apr 3, 2024
1 parent 926ec83 commit 609e2d6
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 2 deletions.
5 changes: 4 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [3.19.0] - 2024-04-03

### Added
- Flex target
- Flex targe

### Changed
- dev-tools: Bump ragger version to 1.16+

## [3.18.0] - 2024-03-27

Expand Down
2 changes: 1 addition & 1 deletion dev-tools/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,4 +20,4 @@ ARG PYTHON_BUILD_DEPS=libffi-dev,python3-dev,py3-virtualenv
RUN apk add $(echo -n "$PYTHON_BUILD_DEPS" | tr , ' ')

# Install test tools (Ragger framework, Speculos emulator, Ledgerblue...)
RUN pip3 install ragger[tests,all_backends]==1.16.0
RUN pip3 install ragger[tests,all_backends]==1.16.2

Check warning on line 23 in dev-tools/Dockerfile

View check run for this annotation

Ledger Wiz (CSPM & secret detection) / Wiz IaC Scanner

Unpinned Package Version in Pip Install 

Rule ID: c9d92d07-9951-4503-8875-7c96f04359ad
Severity: Medium
Resource: FROM={{ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest}}.{{RUN pip3 install ragger[tests,all_backends]==1.16.2}}

Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes
Raw output 
Expected: RUN instruction with 'pip/pip3 install <package>' should use package pinning form 'pip/pip3 install <package>=<version>'
Found: RUN instruction pip3 install ragger[tests,all_backends]==1.16.2 does not use package pinning form

Check warning on line 23 in dev-tools/Dockerfile

View check run for this annotation

Ledger Wiz (CSPM & secret detection) / Wiz IaC Scanner

Pip install keeping cached packages 

Rule ID: 825ae084-a21d-4595-9378-0b5b9edbc4d1
Severity: Medium
Resource: FROM={{ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest}}.{{pip3 install ragger[tests,all_backends]==1.16.2}}

When installing packages with pip, the '--no-cache-dir' flag should be set to make Docker images smaller
Raw output 
Expected: The '--no-cache-dir' flag should be set when running 'pip/pip3 install'
Found: The '--no-cache-dir' flag isn't set when running 'pip/pip3 install'

0 comments on commit 609e2d6

Please sign in to comment.