fix: address review feedback on Dockerfile compatibility

- Drop pip hash verification in Dockerfile (Trusty's pip ~1.5 predates
  --hash support added in pip 8.0); version pin alone addresses the
  code scanning finding
- Pin bundler to 2.3.26 instead of 2.4.10 (Bundler 2.4.x requires
  Ruby >= 2.6.0, but the Dockerfile installs Ruby 2.4.1); update
  Gemfile.lock BUNDLED WITH to match
- Fix CI comment to reference the actual Python 3 dependency
  (rest2html script) instead of the MARKUP_RST Ruby constant

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Signed-off-by: Zack Koppert <zkoppert@github.com>

Author: zkoppert

.github/workflows/ci.yml

@@ -32,7 +32,7 @@ jobs:
 
       - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
-          # This should match lib/github/markups.rb GitHub::Markups::MARKUP_RST
+          # Required by lib/github/commands/rest2html (RST rendering)
           python-version: "3.x"
 
       - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4

Dockerfile

@@ -18,16 +18,15 @@ RUN install-zef-as-user && zef install Pod::To::HTML
 RUN curl -L http://cpanmin.us | perl - App::cpanminus
 RUN cpanm --installdeps --notest Pod::Simple
 
-RUN echo 'docutils==0.18.1 --hash=sha256:23010f129180089fbcd3bc08cfefccb3b890b0050e1ca00c867036e9d161b98c' > /tmp/requirements.txt && \
-    pip install -r /tmp/requirements.txt
+RUN pip install docutils==0.18.1
 
 ENV PATH $PATH:/root/.rbenv/bin:/root/.rbenv/shims
 RUN curl -fsSL https://github.com/rbenv/rbenv-installer/raw/master/bin/rbenv-installer | bash
 RUN rbenv install 2.4.1
 RUN rbenv global 2.4.1
 RUN rbenv rehash
 
-RUN gem install bundler -v 2.4.10
+RUN gem install bundler -v 2.3.26
 
 WORKDIR /data/github-markup
 COPY github-markup.gemspec .

Gemfile.lock

@@ -138,4 +138,4 @@ DEPENDENCIES
   wikicloth (= 0.8.3)
 
 BUNDLED WITH
-   2.4.10
+   2.3.26