Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump python from 3.11.9-slim-bookworm to 3.13.1-slim-bookworm #11390

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

Bump python from 3.11.9-slim-bookworm to 3.13.1-slim-bookworm #11390

wants to merge 1 commit into from
+5 −5

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 9, 2024
edited
Loading

Bumps python from 3.11.9-slim-bookworm to 3.13.1-slim-bookworm.

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
python [>= 3.9.a, < 3.10]

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file docker labels Dec 9, 2024
@dependabot dependabot bot mentioned this pull request Dec 9, 2024
Closed
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Dec 9, 2024
edited
Loading

DryRun Security Summary

The code changes focus on updating Docker images for integration tests and Django application deployment, primarily improving security and reliability by updating Python versions, managing dependencies, implementing secure configurations, and enabling monitoring.

Expand for full summary

Summary:

The provided code changes are focused on updating the base Docker images used for the integration tests and the Django application deployment. These changes are primarily aimed at improving the security and reliability of the application by keeping the underlying dependencies up-to-date and implementing best practices for secure configuration and deployment.

The key security-relevant aspects of these changes include:

  1. Python Version Updates: The Dockerfiles are being updated to use the latest versions of Python (3.13.1) to ensure the application is running on a secure and supported runtime.
  2. Dependency Management: The code changes include updates to the requirements.txt files, which manage the Python dependencies. Regularly reviewing and updating dependencies is crucial to address potential security vulnerabilities in third-party libraries.
  3. Secure Configuration: The Dockerfiles include steps to set appropriate file permissions, use non-root users, and configure TLS/SSL for secure communication. These are important security practices to harden the application's deployment.
  4. Monitoring and Metrics: The Nginx-based Dockerfiles include options to enable metrics and monitoring, which can be useful for detecting and responding to security-related issues.

Overall, the changes appear to be focused on improving the security and reliability of the application's deployment, which is a positive step. However, it's important to thoroughly review the changes, test the application, and ensure that no new security vulnerabilities are introduced.

Files Changed:

  1. Dockerfile.integration-tests-debian:

    • Updated the base image for the "build" stage from Python 3.11.9 to Python 3.13.1.
    • Updated the installation of Google Chrome and ChromeDriver to version 127.0.6533.119.
    • Expanded the list of additional packages to be installed for the integration test environment.

  2. Dockerfile.django-debian:

    • Updated the base image from python:3.11.9-slim-bookworm to python:3.13.1-slim-bookworm.
    • Installed additional system-level dependencies, such as gcc, build-essential, libpq-dev, and postgresql-client.
    • Included several entrypoint scripts for Celery and uWSGI.

  3. Dockerfile.django-alpine:

    • Updated the base image from python:3.11.9-alpine3.20 to python:3.13.1-alpine3.20.
    • Updated the requirements.txt file to manage Python dependencies.
    • Included steps to manage file and directory permissions for the application.

  4. Dockerfile.nginx-alpine:

    • Updated the base image from python:3.11.9-alpine3.20 to python:3.13.1-alpine3.20.
    • Installed Node.js and Yarn for building client-side assets.
    • Included configuration files for NGINX and the UWSGI server.

  5. Dockerfile.nginx-debian:

    • Updated the base image from python:3.11.9-slim-bookworm to python:3.13.1-slim-bookworm.
    • Installed additional packages, such as gcc, build-essential, and libpq-dev.
    • Included configuration for TLS/SSL and Nginx metrics.

Code Analysis

We ran 9 analyzers against 5 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

@dependabot dependabot bot force-pushed the dependabot/docker/dev/python-3.13.1-slim-bookworm branch 2 times, most recently from e49ea22 to 7badcb2 Compare December 11, 2024 20:18
@dependabot
Bump python from 3.11.9-slim-bookworm to 3.13.1-slim-bookworm
1822396 
Bumps python from 3.11.9-slim-bookworm to 3.13.1-slim-bookworm.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/docker/dev/python-3.13.1-slim-bookworm branch from 7badcb2 to 1822396 Compare January 6, 2025 14:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file docker
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants