Skip to content

Update redis Docker tag from 7.2.5 to v7.2.7 (docker-compose.yml) #12241

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 23, 2025
Merged

Update redis Docker tag from 7.2.5 to v7.2.7 (docker-compose.yml) #12241

merged 1 commit into from
Apr 23, 2025

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Apr 14, 2025
edited
Loading

This PR contains the following updates:

Package Update Change
redis patch 7.2.5-alpine -> 7.2.7-alpine

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Apr 14, 2025
@renovate renovate bot requested review from Maffooch and mtesauro as code owners April 14, 2025 16:03
@dryrunsecurity DryRunSecurity
Copy link

DryRun Security

This pull request contains multiple security vulnerabilities, including exposed sensitive environment variables, an overly permissive network configuration that allows connections from any host, and services configured with default credentials that could enable unauthorized access.

💭 Unconfirmed Findings (3)
Vulnerability Sensitive Environment Variables Exposure
Description Multiple environment variables with potentially sensitive information detected, including secret keys, credential keys, and database credentials. Using default values increases the risk of credential leakage and unauthorized access.
Vulnerability Overly Permissive Configuration
Description DD_ALLOWED_HOSTS set to '*', which allows connections from any host. This configuration significantly expands the potential attack surface and enables potential unauthorized network access.
Vulnerability Default Credential Risks
Description Postgres and Redis services configured with default credentials, which substantially increases the risk of unauthorized system access. Unset credentials will default to insecure values.

All finding details can be found in the DryRun Security Dashboard.

@renovate renovate bot changed the title Update redis Docker tag from 7.2.5 to v7.2.7 (docker-compose.yml) chore(deps): update redis docker tag from 7.2.5 to v7.2.7 (docker-compose.yml) Apr 14, 2025
@kiblik
Copy link
Contributor

kiblik commented Apr 14, 2025
edited
Loading

Looks like #12190 worked. Now dependabot.

@renovate renovate bot changed the title chore(deps): update redis docker tag from 7.2.5 to v7.2.7 (docker-compose.yml) Update redis Docker tag from 7.2.5 to v7.2.7 (docker-compose.yml) Apr 14, 2025
mtesauro
mtesauro approved these changes Apr 23, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro mtesauro merged commit 4ffaac9 into dev Apr 23, 2025
77 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

@Maffooch Maffooch Maffooch approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file docker
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kiblik @mtesauro @Maffooch