Skip to content

v0.3.5

Choose a tag to compare

View all tags
@tmatens tmatens released this 18 Apr 04:59
· 241 commits to main since this release
v0.3.5
This tag was signed with the committer’s verified signature.
tmatens Todd Matens
SSH Key Fingerprint: rXwV6kh4InD248G0NM3tcK2kJPaX3GqTj/Zdwm+F5Oo
Verified
Learn about vigilant mode.
990a266
This commit was signed with the committer’s verified signature.
tmatens Todd Matens
SSH Key Fingerprint: rXwV6kh4InD248G0NM3tcK2kJPaX3GqTj/Zdwm+F5Oo
Verified
Learn about vigilant mode.

Changed

  • Runtime Docker image switched from python:3.13-alpine to
    gcr.io/distroless/python3-debian13:nonroot. The image no longer
    ships /bin/sh, apk, or busybox — only the Python interpreter,
    stdlib, libc, and the project venv. Attack surface in the event of
    a container escape is significantly reduced. See
    ADR-009 for the rationale.
  • docker run examples in the README now show --read-only --cap-drop ALL --security-opt no-new-privileges --network none with a
    read-only mount, modelling the least-privilege posture the linter
    itself recommends. The simpler form still works.

Fixed

  • Parser post-YAML traversals (_collect_lines, _strip_lines) no
    longer recurse one Python frame per nesting level, so pathologically-
    deep input raises ComposeError (or lints cleanly) instead of
    crashing with an uncaught RecursionError. Found by ClusterFuzzLite.

Security

  • Dockerfile sets USER 65532:65532 explicitly at the runtime stage.
    Distroless :nonroot already enforces this; the redundancy survives
    a future base-image swap that might not default to nonroot.

No CLI, config, or finding-shape changes. Exit codes (0/1/2) are
preserved. A Compose file that passed on 0.3.4 passes identically on
0.3.5.

Assets 2
Loading