docker: Remove unnecessary packages with known security vulnerabilities

docker: Remove unnecessary packages with known security vulnerabilities

diff --git a/Dockerfile b/Dockerfile
index 62c83ba..037122a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,13 +9,23 @@ COPY Gemfile Gemfile.lock mobystash.gemspec /home/mobystash/
 ARG GIT_REVISION=invalid-build
 ENV MOBYSTASH_GIT_REVISION=$GIT_REVISION
 
-RUN docker_group="$(getent group 999 | cut -d : -f 1)" \
+RUN DEBIAN_FRONTEND=noninteractive apt-get update \
+	&& DEBIAN_FRONTEND=noninteractive apt-get -y dist-upgrade \
+	&& DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends \
+		build-essential \
+		libjemalloc-dev \
+	&& docker_group="$(getent group 999 | cut -d : -f 1)" \
 	&& if [ -z "$docker_group" ]; then groupadd --gid 999 docker; docker_group=docker; fi \
 	&& addgroup mobystash "$docker_group" \
-  && apt-get update \
-  && apt-get install -y libjemalloc-dev build-essential \
-  && cd /home/mobystash && su -l mobystash -c "bundle install --deployment --without development" \
-  && apt-get purge -y --auto-remove build-essential
+	&& cd /home/mobystash && su -l mobystash -c "bundle install --deployment --without development" \
+	&& DEBIAN_FRONTEND=noninteractive apt-get -y purge \
+		build-essential \
+		linux-libc-dev \
+	&& DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove \
+	&& DEBIAN_FRONTEND=noninteractive apt-get clean \
+	&& ( find /var/lib/apt/lists -mindepth 1 -maxdepth 1 -delete || true ) \
+	&& ( find /var/tmp -mindepth 1 -maxdepth 1 -delete || true ) \
+	&& ( find /tmp -mindepth 1 -maxdepth 1 -delete || true )
 
 COPY lib /home/mobystash/lib
 

GitHub sha: 9da2f7ab