Updated fix for vulnerability issue CVE-2024-46901 (devcontainers#1518)

Kaniska244 · web-flow · commit c5dc00ea19a2 · 2025-09-01T11:21:57.000+01:00
* Updated fix for vulnerability issue CVE-2024-46901 * version bump and readme files updates and housekeeping
diff --git a/src/go/.devcontainer/scripts/install-subversion.sh b/src/go/.devcontainer/scripts/install-subversion.sh
@@ -1,6 +1,20 @@
 #!/bin/bash
 set -eux
 
+REQUIRED="1.14.5"
+
+# Determine current svn version if present
+current=""
+if command -v svn >/dev/null 2>&1; then
+  current="$(svn --version --quiet 2>/dev/null || true)"
+fi
+
+# If current version is >= REQUIRED, skip building
+if [ -n "${current}" ] && dpkg --compare-versions "${current}" ge "${REQUIRED}"; then
+  echo "Subversion ${current} is >= ${REQUIRED}; skipping build."
+  exit 0
+fi
+
 URL="https://archive.apache.org/dist/subversion/subversion-1.14.5.tar.gz"
 TMP="/tmp"
 TARBALL="subversion-1.14.5.tar.gz"
diff --git a/src/go/README.md b/src/go/README.md
@@ -31,11 +31,11 @@ Refer to [this guide](https://containers.dev/guide/dockerfile) for more details.
 
 You can decide how often you want updates by referencing a [semantic version](https://semver.org/) of each image. For example:
 
-- `mcr.microsoft.com/devcontainers/go:1-1.25` (or `1-1.25-trixie`, `1-1.25-bookworm`)
-- `mcr.microsoft.com/devcontainers/go:1.4-1.25` (or `1.4-1.25-bookworm`, `1.4-1.25-bullseye`)
-- `mcr.microsoft.com/devcontainers/go:1.4.0-1.25` (or `1.4.0-1.25-bookworm`, `1.4.0-1.25-bullseye`)
+- `mcr.microsoft.com/devcontainers/go:2-1.25` (or `2-1.25-trixie`, `2-1.25-bookworm`)
+- `mcr.microsoft.com/devcontainers/go:2.0-1.25` (or `2.0-1.25-trixie`, `2.0-1.25-bookworm`)
+- `mcr.microsoft.com/devcontainers/go:2.0.1-1.25` (or `2.0.1-1.25-trixie`, `2.0.1-1.25-bookworm`)
 
-However, we only do security patching on the latest [non-breaking, in support](https://github.com/devcontainers/images/issues/90) versions of images (e.g. `1-1.25`). You may want to run `apt-get update && apt-get upgrade` in your Dockerfile if you lock to a more specific version to at least pick up OS security updates.
+However, we only do security patching on the latest [non-breaking, in support](https://github.com/devcontainers/images/issues/90) versions of images (e.g. `2-1.25`). You may want to run `apt-get update && apt-get upgrade` in your Dockerfile if you lock to a more specific version to at least pick up OS security updates.
 
 See [history](history) for information on the contents of each version and [here for a complete list of available tags](https://mcr.microsoft.com/v2/devcontainers/go/tags/list).
 
diff --git a/src/go/manifest.json b/src/go/manifest.json
@@ -1,5 +1,5 @@
 {
-  "version": "2.0.0",
+  "version": "2.0.1",
   "variants": [
     "1.25-trixie",
     "1.24-trixie",
diff --git a/src/javascript-node/.devcontainer/scripts/install-subversion.sh b/src/javascript-node/.devcontainer/scripts/install-subversion.sh
@@ -1,6 +1,20 @@
 #!/bin/bash
 set -eux
 
+REQUIRED="1.14.5"
+
+# Determine current svn version if present
+current=""
+if command -v svn >/dev/null 2>&1; then
+  current="$(svn --version --quiet 2>/dev/null || true)"
+fi
+
+# If current version is >= REQUIRED, skip building
+if [ -n "${current}" ] && dpkg --compare-versions "${current}" ge "${REQUIRED}"; then
+  echo "Subversion ${current} is >= ${REQUIRED}; skipping build."
+  exit 0
+fi
+
 URL="https://archive.apache.org/dist/subversion/subversion-1.14.5.tar.gz"
 TMP="/tmp"
 TARBALL="subversion-1.14.5.tar.gz"
diff --git a/src/javascript-node/README.md b/src/javascript-node/README.md
@@ -30,7 +30,7 @@ You can decide how often you want updates by referencing a [semantic version](ht
 
 - `mcr.microsoft.com/devcontainers/javascript-node:4-24` (or `4-24-trixie`, `4-24-bookworm`, `4-24-bullseye`)
 - `mcr.microsoft.com/devcontainers/javascript-node:4.0-24` (or `4.0-24-trixie`, `4.0-24-bookworm`, `3.0-24-bullseye`)
-- `mcr.microsoft.com/devcontainers/javascript-node:4.0.0-24` (or `4.0.0-24-trixie`, `4.0.0-24-bookworm`, `4.0.0-24-bullseye`)
+- `mcr.microsoft.com/devcontainers/javascript-node:4.0.1-24` (or `4.0.1-24-trixie`, `4.0.1-24-bookworm`, `4.0.1-24-bullseye`)
 
 However, we only do security patching on the latest [non-breaking, in support](https://github.com/devcontainers/images/issues/90) versions of images (e.g. `4-24`). You may want to run `apt-get update && apt-get upgrade` in your Dockerfile if you lock to a more specific version to at least pick up OS security updates.
 
diff --git a/src/javascript-node/manifest.json b/src/javascript-node/manifest.json
@@ -1,5 +1,5 @@
 {
-	"version": "4.0.0",
+	"version": "4.0.1",
 	"variants": [
 		"24-trixie",
 		"22-trixie",
diff --git a/src/jekyll/.devcontainer/scripts/install-subversion.sh b/src/jekyll/.devcontainer/scripts/install-subversion.sh
@@ -1,6 +1,20 @@
 #!/bin/bash
 set -eux
 
+REQUIRED="1.14.5"
+
+# Determine current svn version if present
+current=""
+if command -v svn >/dev/null 2>&1; then
+  current="$(svn --version --quiet 2>/dev/null || true)"
+fi
+
+# If current version is >= REQUIRED, skip building
+if [ -n "${current}" ] && dpkg --compare-versions "${current}" ge "${REQUIRED}"; then
+  echo "Subversion ${current} is >= ${REQUIRED}; skipping build."
+  exit 0
+fi
+
 URL="https://archive.apache.org/dist/subversion/subversion-1.14.5.tar.gz"
 TMP="/tmp"
 TARBALL="subversion-1.14.5.tar.gz"
diff --git a/src/jekyll/README.md b/src/jekyll/README.md
@@ -36,9 +36,9 @@ You can directly reference pre-built versions of `Dockerfile` by using the `imag
 
 You can decide how often you want updates by referencing a [semantic version](https://semver.org/) of each image. For example:
 
-- `mcr.microsoft.com/devcontainers/jekyll:2` (or `2-bookworm`, `2-bullseye`, `2-buster` to pin to an OS version)
-- `mcr.microsoft.com/devcontainers/jekyll:2.0` (or `2.0-bookworm`, `2.0-bullseye`, `2.0-buster` to pin to an OS version)
-- `mcr.microsoft.com/devcontainers/jekyll:2.0.0` (or `2.0.0-bookworm`, `2.0.0-bullseye`, `2.0.0-buster` to pin to an OS version)
+- `mcr.microsoft.com/devcontainers/jekyll:2` (or `2-bookworm`, `2-bullseye` to pin to an OS version)
+- `mcr.microsoft.com/devcontainers/jekyll:2.1` (or `2.1-bookworm`, `2.1-bullseye` to pin to an OS version)
+- `mcr.microsoft.com/devcontainers/jekyll:2.1.20` (or `2.1.20-bookworm`, `2.1.20-bullseye` to pin to an OS version)
 
 However, we only do security patching on the latest [non-breaking, in support](https://github.com/devcontainers/images/issues/90) versions of images (e.g. `2-bullseye`). You may want to run `apt-get update && apt-get upgrade` in your Dockerfile if you lock to a more specific version to at least pick up OS security updates.
 
diff --git a/src/jekyll/manifest.json b/src/jekyll/manifest.json
@@ -1,5 +1,5 @@
 {
-	"version": "2.1.19",
+	"version": "2.1.20",
 	"variants": [
 		"3.3-bookworm",
 		"3.3-bullseye"
diff --git a/src/python/.devcontainer/scripts/install-subversion.sh b/src/python/.devcontainer/scripts/install-subversion.sh
@@ -1,6 +1,20 @@
 #!/bin/bash
 set -eux
 
+REQUIRED="1.14.5"
+
+# Determine current svn version if present
+current=""
+if command -v svn >/dev/null 2>&1; then
+  current="$(svn --version --quiet 2>/dev/null || true)"
+fi
+
+# If current version is >= REQUIRED, skip building
+if [ -n "${current}" ] && dpkg --compare-versions "${current}" ge "${REQUIRED}"; then
+  echo "Subversion ${current} is >= ${REQUIRED}; skipping build."
+  exit 0
+fi
+
 URL="https://archive.apache.org/dist/subversion/subversion-1.14.5.tar.gz"
 TMP="/tmp"
 TARBALL="subversion-1.14.5.tar.gz"
diff --git a/src/python/README.md b/src/python/README.md
@@ -36,7 +36,7 @@ You can decide how often you want updates by referencing a [semantic version](ht
 
 - `mcr.microsoft.com/devcontainers/python:2-3.13` (or `2-3.13-bullseye`)
 - `mcr.microsoft.com/devcontainers/python:2.0-3.13` (or `2.0-3.13-bullseye`)
-- `mcr.microsoft.com/devcontainers/python:2.0.0-3.13` (or `2.0.0-3.13-bullseye`)
+- `mcr.microsoft.com/devcontainers/python:2.0.1-3.13` (or `2.0.1-3.13-bullseye`)
 
 However, we only do security patching on the latest [non-breaking, in support](https://github.com/devcontainers/images/issues/90) versions of images (e.g. `2-3`). 
 You may want to run `apt-get update && apt-get upgrade` in your Dockerfile if you lock to a more specific version to at least pick up OS security updates.
diff --git a/src/python/manifest.json b/src/python/manifest.json
@@ -1,5 +1,5 @@
 {
-	"version": "2.0.0",
+	"version": "2.0.1",
 	"variants": [
 		"3.13-trixie",
 		"3.12-trixie",
diff --git a/src/ruby/.devcontainer/scripts/install-subversion.sh b/src/ruby/.devcontainer/scripts/install-subversion.sh
@@ -1,6 +1,20 @@
 #!/bin/bash
 set -eux
 
+REQUIRED="1.14.5"
+
+# Determine current svn version if present
+current=""
+if command -v svn >/dev/null 2>&1; then
+  current="$(svn --version --quiet 2>/dev/null || true)"
+fi
+
+# If current version is >= REQUIRED, skip building
+if [ -n "${current}" ] && dpkg --compare-versions "${current}" ge "${REQUIRED}"; then
+  echo "Subversion ${current} is >= ${REQUIRED}; skipping build."
+  exit 0
+fi
+
 URL="https://archive.apache.org/dist/subversion/subversion-1.14.5.tar.gz"
 TMP="/tmp"
 TARBALL="subversion-1.14.5.tar.gz"
diff --git a/src/ruby/README.md b/src/ruby/README.md
@@ -32,10 +32,10 @@ Refer to [this guide](https://containers.dev/guide/dockerfile) for more details.
 You can decide how often you want updates by referencing a [semantic version](https://semver.org/) of each image. For example:
 
 - `mcr.microsoft.com/devcontainers/ruby:1-3`     (or `1-3-bookworm`, `1-3-bullseye` to pin to an OS version)
-- `mcr.microsoft.com/devcontainers/ruby:1.3-3`   (or `1.3-3-bookworm`, `1.3-3-bullseye` to pin to an OS version)
-- `mcr.microsoft.com/devcontainers/ruby:1.3.0-3` (or `1.3.0-3-bookworm`, `1.3.0-3-bullseye` to pin to an OS version)
+- `mcr.microsoft.com/devcontainers/ruby:1.4-3`   (or `1.4-3-bookworm`, `1.4-3-bullseye` to pin to an OS version)
+- `mcr.microsoft.com/devcontainers/ruby:1.4.5-3` (or `1.4.5-3-bookworm`, `1.4.5-3-bullseye` to pin to an OS version)
 
-However, we only do security patching on the latest [non-breaking, in support](https://github.com/devcontainers/images/issues/90) versions of images (e.g. `1-3.2`). You may want to run `apt-get update && apt-get upgrade` in your Dockerfile if you lock to a more specific version to at least pick up OS security updates.
+However, we only do security patching on the latest [non-breaking, in support](https://github.com/devcontainers/images/issues/90) versions of images (e.g. `1-3.4`). You may want to run `apt-get update && apt-get upgrade` in your Dockerfile if you lock to a more specific version to at least pick up OS security updates.
 
 See [history](history) for information on the contents of each version and [here for a complete list of available tags](https://mcr.microsoft.com/v2/devcontainers/ruby/tags/list).
 
diff --git a/src/ruby/manifest.json b/src/ruby/manifest.json
@@ -1,5 +1,5 @@
 {
-	"version": "1.4.4",
+	"version": "1.4.5",
 	"variants": [
 		"3.4-bookworm",		
 		"3.3-bookworm",
diff --git a/src/rust/.devcontainer/scripts/install-subversion.sh b/src/rust/.devcontainer/scripts/install-subversion.sh
@@ -1,6 +1,20 @@
 #!/bin/bash
 set -eux
 
+REQUIRED="1.14.5"
+
+# Determine current svn version if present
+current=""
+if command -v svn >/dev/null 2>&1; then
+  current="$(svn --version --quiet 2>/dev/null || true)"
+fi
+
+# If current version is >= REQUIRED, skip building
+if [ -n "${current}" ] && dpkg --compare-versions "${current}" ge "${REQUIRED}"; then
+  echo "Subversion ${current} is >= ${REQUIRED}; skipping build."
+  exit 0
+fi
+
 URL="https://archive.apache.org/dist/subversion/subversion-1.14.5.tar.gz"
 TMP="/tmp"
 TARBALL="subversion-1.14.5.tar.gz"
diff --git a/src/rust/README.md b/src/rust/README.md
@@ -28,11 +28,11 @@ Refer to [this guide](https://containers.dev/guide/dockerfile) for more details.
 
 You can decide how often you want updates by referencing a [semantic version](https://semver.org/) of each image. For example:
 
-- `mcr.microsoft.com/devcontainers/rust:1-1` (or `1-1-trixie`, `1-1-bookworm`, `1-1-bullseye` to pin to an OS version)
-- `mcr.microsoft.com/devcontainers/rust:1.0-1` (or `1.0-1-trixie`, `1.0-1-bookworm`, `1.0-1-bullseye` to pin to an OS version)
-- `mcr.microsoft.com/devcontainers/rust:1.0.0-1` (or `1.0.0-1-trixie`, `1.0.0-1-bookworm`, `1.0.0-1-bullseye` to pin to an OS version)
+- `mcr.microsoft.com/devcontainers/rust:2-1` (or `2-1-trixie`, `2-1-bookworm`, `2-1-bullseye` to pin to an OS version)
+- `mcr.microsoft.com/devcontainers/rust:2.0-1` (or `2.0-1-trixie`, `2.0-1-bookworm`, `2.0-1-bullseye` to pin to an OS version)
+- `mcr.microsoft.com/devcontainers/rust:2.0.1-1` (or `2.0.1-1-trixie`, `2.0.1-1-bookworm`, `2.0.1-1-bullseye` to pin to an OS version)
 
-However, we only do security patching on the latest [non-breaking, in support](https://github.com/devcontainers/images/issues/90) versions of images (e.g. `1-1`). You may want to run `apt-get update && apt-get upgrade` in your Dockerfile if you lock to a more specific version to at least pick up OS security updates.
+However, we only do security patching on the latest [non-breaking, in support](https://github.com/devcontainers/images/issues/90) versions of images (e.g. `2-1`). You may want to run `apt-get update && apt-get upgrade` in your Dockerfile if you lock to a more specific version to at least pick up OS security updates.
 
 See [history](history) for information on the contents of each version and [here for a complete list of available tags](https://mcr.microsoft.com/v2/devcontainers/rust/tags/list).
 
diff --git a/src/rust/manifest.json b/src/rust/manifest.json
@@ -1,5 +1,5 @@
 {
-	"version": "2.0.0",
+	"version": "2.0.1",
 	"variants": [
 		"trixie",
 		"bookworm",
diff --git a/src/typescript-node/.devcontainer/scripts/install-subversion.sh b/src/typescript-node/.devcontainer/scripts/install-subversion.sh
@@ -1,6 +1,20 @@
 #!/bin/bash
 set -eux
 
+REQUIRED="1.14.5"
+
+# Determine current svn version if present
+current=""
+if command -v svn >/dev/null 2>&1; then
+  current="$(svn --version --quiet 2>/dev/null || true)"
+fi
+
+# If current version is >= REQUIRED, skip building
+if [ -n "${current}" ] && dpkg --compare-versions "${current}" ge "${REQUIRED}"; then
+  echo "Subversion ${current} is >= ${REQUIRED}; skipping build."
+  exit 0
+fi
+
 URL="https://archive.apache.org/dist/subversion/subversion-1.14.5.tar.gz"
 TMP="/tmp"
 TARBALL="subversion-1.14.5.tar.gz"
diff --git a/src/typescript-node/README.md b/src/typescript-node/README.md
@@ -30,7 +30,7 @@ You can decide how often you want updates by referencing a [semantic version](ht
 
 - `mcr.microsoft.com/devcontainers/typescript-node:3-24` (or `3-24-bookworm`, `3-24-bullseye`)
 - `mcr.microsoft.com/devcontainers/typescript-node:3.0-24` (or `3.0-24-bookworm`, `3.0-24-bullseye`)
-- `mcr.microsoft.com/devcontainers/typescript-node:3.0.0-24` (or `3.0.0-24-bookworm`, `3.0.0-24-bullseye`)
+- `mcr.microsoft.com/devcontainers/typescript-node:3.0.2-24` (or `3.0.2-24-bookworm`, `3.0.2-24-bullseye`)
 
 However, we only do security patching on the latest [non-breaking, in support](https://github.com/devcontainers/images/issues/90) versions of images (e.g. `3-24`). You may want to run `apt-get update && apt-get upgrade` in your Dockerfile if you lock to a more specific version to at least pick up OS security updates.
 
diff --git a/src/typescript-node/manifest.json b/src/typescript-node/manifest.json
@@ -1,5 +1,5 @@
 {
-	"version": "3.0.1",
+	"version": "3.0.2",
 	"variants": [
 		"24-bookworm",
 		"22-bookworm",

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`{`
`2`		`- "version": "2.0.0",`
	`2`	`+ "version": "2.0.1",`
`3`	`3`	`"variants": [`
`4`	`4`	`"1.25-trixie",`
`5`	`5`	`"1.24-trixie",`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`{`
`2`		`- "version": "4.0.0",`
	`2`	`+ "version": "4.0.1",`
`3`	`3`	`"variants": [`
`4`	`4`	`"24-trixie",`
`5`	`5`	`"22-trixie",`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`{`
`2`		`- "version": "2.1.19",`
	`2`	`+ "version": "2.1.20",`
`3`	`3`	`"variants": [`
`4`	`4`	`"3.3-bookworm",`
`5`	`5`	`"3.3-bullseye"`