Skip to content

chore(deps): bump the docker group across 1 directory with 2 updates#43

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/docker/java_25/docker-a3e8df119f
Open

chore(deps): bump the docker group across 1 directory with 2 updates#43
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/docker/java_25/docker-a3e8df119f

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 25, 2026

Copy link
Copy Markdown
Contributor

Bumps the docker group with 2 updates in the /java_25 directory: alpine and eclipse-temurin.

Updates alpine from 3.22 to 3.24

Updates eclipse-temurin from 25.0.2_10-jre-alpine to 26.0.1_8-jre-alpine

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file docker Pull requests that update docker code labels May 25, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 25, 2026 21:45
@dependabot dependabot Bot added the docker Pull requests that update docker code label May 25, 2026
Comment thread java_25/Dockerfile Outdated
@@ -1,4 +1,4 @@
FROM alpine:3.22 AS builder
FROM alpine:3.23.4 AS builder

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

High IaC Finding

Missing User Instruction
on resource Dockerfile

More Details
This rule checks whether a `USER` instruction is specified in the Dockerfile. The rule fails when the `USER` instruction is missing, causing the container to run with root privileges (UID 0). If an attacker compromises an application running as root, they gain the privileges needed to potentially escape the container and attack the host node. It also increases the blast radius of a breach, allowing full control to modify files or install malware within the container. Enforcing a non-root user is a fundamental security measure that minimizes the attack surface and contains the impact of a potential compromise.

Expected

The multi-stage Dockerfile should contain at least one 'USER' instruction

Found

The multi-stage Dockerfile does not contain any 'USER' instruction

Rule ID: ab2f6e83-448d-4ed5-bda3-618a1545ca87


To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason

If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).


To get more details on how to remediate this issue using AI, reply to this conversation with #wiz remediate

Bumps the docker group with 2 updates in the /java_25 directory: alpine and eclipse-temurin.


Updates `alpine` from 3.22 to 3.24

Updates `eclipse-temurin` from 25.0.2_10-jre-alpine to 26.0.1_8-jre-alpine

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.23.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: docker
- dependency-name: eclipse-temurin
  dependency-version: 26.0.1_8-jre-alpine
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: docker
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): bump the docker group in /java_25 with 2 updates chore(deps): bump the docker group across 1 directory with 2 updates Jul 6, 2026
@dependabot dependabot Bot force-pushed the dependabot/docker/java_25/docker-a3e8df119f branch from a8c4aec to 83b5e45 Compare July 6, 2026 15:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file docker Pull requests that update docker code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants