Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump python from 3.11.9-slim-bookworm to 3.13.1-slim-bookworm #11390

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 9, 2024

Bumps python from 3.11.9-slim-bookworm to 3.13.1-slim-bookworm.

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
python [>= 3.9.a, < 3.10]

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file docker labels Dec 9, 2024
Copy link

dryrunsecurity bot commented Dec 9, 2024

DryRun Security Summary

The code changes involve updating base Docker images to Python 3.13.1, installing additional dependencies, implementing package caching, and improving configuration for integration tests, Django applications, and NGINX web servers, with a focus on enhancing security and performance.

Expand for full summary

Summary:

The provided code changes are focused on updating the base Docker images used for the application's integration tests, Django application, and NGINX web server. The key changes include upgrading the Python version from 3.11.9 to 3.13.1, installing additional dependencies, implementing caching mechanisms for Python packages, and updating the NGINX configuration.

From an application security perspective, these changes generally appear to be positive and follow good security practices. Upgrading the Python version can help address known security vulnerabilities, and the use of secure base images, dependency management, and configuration updates are all steps in the right direction.

However, it's important to review the specific changes in each Dockerfile to ensure there are no potential security issues or vulnerabilities introduced. This includes reviewing the installed dependencies, environment variables, entrypoint scripts, and NGINX configurations to verify that they are properly secured and do not expose any sensitive information or introduce any security risks.

Files Changed:

  1. Dockerfile.integration-tests-debian:

    • Updates the base Docker image from Python 3.11.9 to Python 3.13.1.
    • Installs Google Chrome and ChromeDriver for running Selenium-based integration tests.
    • Sets environment variables for the integration test configuration.
    • Includes several entrypoint scripts for running different components of the tests.
  2. Dockerfile.django-alpine:

    • Updates the base Docker image from Python 3.11.9-alpine3.20 to Python 3.13.1-alpine3.20.
    • Installs various dependencies, such as PostgreSQL client, xmlsec, and development tools.
    • Implements a caching mechanism for Python package wheels.
    • Sets up a dedicated user account (appuser) for running the application.
    • Includes entrypoint scripts for different components of the Django application.
  3. Dockerfile.nginx-alpine:

    • Updates the base Docker image from Python 3.11.9-alpine3.20 to Python 3.13.1-alpine3.20.
    • Installs Node.js and Yarn for client-side JavaScript development and build processes.
    • Uses the @sha256 tag for the base images to ensure consistency and security.
    • Includes a step to generate the static files for the application.
    • Sets up the NGINX web server with the necessary configuration files and environment variables.
  4. Dockerfile.django-debian:

    • Updates the base Docker image from Python 3.11.9-slim-bookworm to Python 3.13.1-slim-bookworm.
    • Installs various dependencies, such as gcc, build-essential, and libpq-dev.
    • Implements a caching mechanism for Python package wheels.
    • Sets several environment variables for the Django application configuration.
    • Includes several entrypoint scripts for running different components of the Django application.
  5. Dockerfile.nginx-debian:

    • Updates the base Docker image from Python 3.11.9-slim-bookworm to Python 3.13.1-slim-bookworm.
    • Adds additional dependencies, such as gcc, build-essential, and libcurl4-openssl-dev.
    • Includes a collectstatic stage to gather the Django application's static files.
    • Updates the final nginx stage to use the nginx:1.27.3-alpine image and sets up the necessary configuration files and environment variables.

Code Analysis

We ran 9 analyzers against 5 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

@dependabot dependabot bot force-pushed the dependabot/docker/dev/python-3.13.1-slim-bookworm branch from f805309 to e49ea22 Compare December 11, 2024 20:17
Bumps python from 3.11.9-slim-bookworm to 3.13.1-slim-bookworm.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/docker/dev/python-3.13.1-slim-bookworm branch from e49ea22 to 7badcb2 Compare December 11, 2024 20:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file docker
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants