Hi, engineering teams at my company are using the https://github.com/pact-foundation/pact-ruby-cli (via its Docker image https://hub.docker.com/r/pactfoundation/pact-cli) for publishing pacts to PactFlow. However, a recent internal security audit flagged 10+ high or critical security vulnerabilities as part of the latest tag i.e.

pactfoundation/pact-cli:0.51.0.0

. The audit was done by running the Trivy security scanner and result can be easily reproduced locally. As the latest tag is published 3 months ago, I'm wondering if there is a plan to release a newer image to patch those vulnerabilities?

You’re best raising (and checking) an issue here: https://github.com/pact-foundation/pact-ruby-cli/issues We also use trivy, so i’m surprised we haven’t caught that yet. Or maybe we have, and just haven’t looked at them yet

Thanks Matt! I created https://github.com/pact-foundation/pact-ruby-cli/issues/91 just now.