Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Update mccutchen/go-httpbin Docker tag from 2.18.0 to v2.18.1 (docker-compose.override.unit_tests_cicd.yml) #12172

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 4, 2025
Merged

Update mccutchen/go-httpbin Docker tag from 2.18.0 to v2.18.1 (docker-compose.override.unit_tests_cicd.yml) #12172

merged 1 commit into from
Apr 4, 2025

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Apr 4, 2025

This PR contains the following updates:

Package Update Change
mccutchen/go-httpbin patch 2.18.0 -> 2.18.1

Release Notes

mccutchen/go-httpbin (mccutchen/go-httpbin)

v2.18.1

Compare Source

What's Changed

Full Changelog: mccutchen/go-httpbin@v2.18.0...v2.18.1

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from mtesauro as a code owner April 4, 2025 12:28
@renovate renovate bot added the dependencies Pull requests that update a dependency file label Apr 4, 2025
@renovate renovate bot requested a review from Maffooch as a code owner April 4, 2025 12:28
@github-actions github-actions bot added the docker label Apr 4, 2025
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Apr 4, 2025

DryRun Security Summary

Docker Compose configurations were updated with multiple security vulnerabilities, including default credentials, exposed network ports, debug settings, and insecure communication in the development environment.

Expand for full summary

Summary: Multiple Docker Compose configuration files were updated, primarily focusing on image version changes for the webhook.endpoint service, with several notable security considerations in the development environment.

Security Findings:
• Default Credentials Risk

  • DD_ADMIN_USER set to default "admin"
  • DD_ADMIN_PASSWORD set to default "admin"
  • Significant security risk if credentials are not changed

• Exposed Network Ports

  • Postgres port 5432 exposed
  • Mailhog ports 1025 and 8025 exposed directly on host network

• Development Debug Configuration

  • DD_DEBUG set to 'True' across multiple services
  • Potential for sensitive information leakage

• Insecure Communication

  • SMTP configuration uses unencrypted local mailhog service (smtp://mailhog:1025)

• Development Environment Security Concerns

  • Relaxed security controls present
  • Multiple configurations not suitable for production use

View PR in the DryRun Dashboard.

mtesauro
mtesauro approved these changes Apr 4, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch merged commit 6808854 into dev Apr 4, 2025
77 checks passed
@renovate renovate bot deleted the renovate/mccutchen-go-httpbin-2.x branch April 7, 2025 15:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

@Maffooch Maffooch Maffooch approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file docker
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mtesauro @Maffooch