discourse/base: remove vim package (#582)

discourse/base: remove vim package (#582)

A buffer overflow vulnerability (CVE-2021-3973) has been discovered in vim. As of the moment, this remains unpatched in Debian. Admittedly the likelihood of encountering this exploit in the wild within the Discourse base image is pretty low, but given this image is intended to run non-interactively vim is not strictly required as a part of the image. In any case, the package can be added at runtime for debugging purposes.

See CVE-2021-3973.

diff --git a/image/base/Dockerfile b/image/base/Dockerfile
index 349a498..9a390c3 100644
--- a/image/base/Dockerfile
+++ b/image/base/Dockerfile
@@ -40,7 +40,7 @@ RUN apt -y install build-essential rsync \
                        postgresql-${PG_MAJOR} postgresql-client-${PG_MAJOR} \
                        postgresql-contrib-${PG_MAJOR} libpq-dev libreadline-dev \
                        anacron wget \
-                       psmisc vim whois brotli libunwind-dev \
+                       psmisc whois brotli libunwind-dev \
                        libtcmalloc-minimal4 cmake \
                        pngcrush pngquant
 RUN sed -i -e 's/start -q anacron/anacron -s/' /etc/cron.d/anacron

GitHub sha: cbacbffe1121bf24caccb0ea689153ce63d3200b

This commit appears in #582 which was approved by martin. It was merged by fitzy1011.