pin versions

2026-03-22 12:23:52 +01:00
parent 0f12c5f5a8
commit caa1c7f471
3 changed files with 4 additions and 4 deletions
--- a/review.md
+++ b/review.md
@@ -10,5 +10,5 @@
 | 6  | High     | `scripts/deploy.sh:13`          | `source .env` in a root-privileged script can execute arbitrary commands. Consider safer parsing or variable validation                                                                                                            | DONE   |
 | 7  | Medium   | `monitoring/docker-compose.yml` | Docker socket + `/proc` + `/sys` + `/` mounted into Alloy container. Consider using a Docker socket proxy to limit API access                                                                                                      | DONE   |
 | 8  | Medium   | `caddy/Caddyfile`               | No rate limiting configured at the reverse proxy layer                                                                                                                                                                             | DONE   |
-| 9  | Low      | `gitea/docker-compose.yml`      | `gitea/gitea:latest-rootless` unpinned — pin to specific version like Nextcloud does                                                                                                                                               | TODO   |
-| 10 | Low      | `monitoring/docker-compose.yml` | `grafana/alloy:latest` unpinned — pin to specific version                                                                                                                                                                          | TODO   |
+| 9  | Low      | `gitea/docker-compose.yml`      | `gitea/gitea:latest-rootless` unpinned — pin to specific version like Nextcloud does                                                                                                                                               | DONE   |
+| 10 | Low      | `monitoring/docker-compose.yml` | `grafana/alloy:latest` unpinned — pin to specific version                                                                                                                                                                          | DONE   |