Without pull:true, the weekly security rebuild may use stale base
images cached on GitHub runners, missing security patches like
c-ares 1.34.6-r0 (CVE-2025-62408).
This update revises the planning document to address the c-ares security vulnerability (CVE-2025-62408) and removes the previous analysis regarding Go version compatibility issues. The document now emphasizes the need to rebuild the Docker image to pull the patched version of c-ares from Alpine repositories, with no Dockerfile changes required.
Key changes include:
- Removal of outdated Go version mismatch analysis.
- Addition of details regarding the c-ares vulnerability and its impact.
- Streamlined focus on remediation steps and testing checklist.
