Ensure hardcoded version in gem install

When you don't specify a version, it tries to find the combination of gem versions that will make the whole project compatible, make all the gems within a project compatible with one another, because each gem has its own dependencies with maybe specific versions.

Suggest Edits

Risk Level: medium
Platform: Docker
Spectral Rule ID: DOCKR017

REMEDIATION

Add hardcoded version for gem install command.

FROM alpine:3.5
RUN apk add --update py2-pip
- RUN gem install bundler
+ RUN gem install bundler:2.0.2

- RUN gem install grpc
+ RUN gem install grpc -v ${GRPC_RUBY_VERSION}
#  OR
- RUN gem install grpc grpc-tools
+ RUN gem install grpc:${GRPC_VERSION} grpc-tools:${GRPC_VERSION}

https://www.moncefbelyamani.com/what-happens-when-you-don-t-specify-a-version-in-your-gemfile/

Updated over 1 year ago

REMEDIATION

Read more: