chore(deps): bump bellsoft/liberica-openjre-alpine from 17.0.12 to 23-38 in /docker-jans-persistence-loader

[dependabot]

Bumps bellsoft/liberica-openjre-alpine from 17.0.12 to 23-38.

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
bellsoft/liberica-openjre-alpine	[>= 21.pre.37.a, < 22]
bellsoft/liberica-openjre-alpine	[>= 20.pre.37.a, < 21]
bellsoft/liberica-openjre-alpine	[>= 19.pre.37.a, < 20]
bellsoft/liberica-openjre-alpine	[>= 18.pre.37.a, < 19]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dryrunsecurity]

DryRun Security Summary

The provided code changes update the Docker image for the "jans-persistence-loader" component, including updating the base image, performing Alpine Linux package updates, synchronizing configuration assets from a Git repository, installing Python dependencies, setting environment variables, and disabling a key regeneration feature, all with a focus on security-oriented improvements.

Expand for full summary

Summary:

The provided code changes are related to updating the Docker image for the "jans-persistence-loader" component. The changes include updating the base image to a newer version of the Java runtime, performing Alpine Linux package updates, synchronizing configuration assets from a Git repository, installing Python dependencies, setting environment variables, and disabling a key regeneration feature.

From an application security perspective, the most important aspects to review are the secure management of the source code repository, the review of Python dependencies for known vulnerabilities, the handling of environment variables to ensure no sensitive information is exposed, and the impact of the configuration changes on the overall security of the application. Overall, the changes seem to be security-oriented, but it's essential to carefully review the specific details to ensure that no security vulnerabilities are introduced.

Files Changed:

• docker-jans-persistence-loader/Dockerfile: The changes in this file include:
  1. Updating the base image from "bellsoft/liberica-openjre-alpine:17.0.12" to "bellsoft/liberica-openjre-alpine:23-38", which likely includes the latest security patches and bug fixes for the Java runtime.
  2. Performing an update and upgrade of the Alpine Linux packages to ensure the latest security patches are applied.
  3. Cloning a Git repository and checking out a specific commit to fetch various configuration files, scripts, and templates. This process should be carefully reviewed to ensure the source repository and the specific commit are trusted and do not contain any malicious content.
  4. Installing Python dependencies from a "requirements.txt" file, which should be reviewed for known vulnerabilities.
  5. Setting various environment variables related to configuration adapters, caching, and other settings. These environment variables should be carefully reviewed to ensure they do not contain any sensitive information.
  6. Disabling the "keyRegenerationEnabled" feature in the "jans-auth-config.json" file, which should be reviewed to understand the impact on the overall security of the application.
  7. Creating a non-root user with UID 1000 and setting appropriate permissions, which is a good security practice.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.