Closed dependabot[bot] closed 11 months ago
{"runs":[{"results":[{"ruleId":"DL3008","message":{"text":"Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`"},"level":"warning","locations":[{"physicalLocation":{"region":{"sourceLanguage":"dockerfile","startColumn":1,"endColumn":1,"startLine":17,"endLine":17},"artifactLocation":{"uri":"./Dockerfile"}}}]},{"ruleId":"DL3015","message":{"text":"Avoid additional packages by specifying `--no-install-recommends`"},"level":"note","locations":[{"physicalLocation":{"region":{"sourceLanguage":"dockerfile","startColumn":1,"endColumn":1,"startLine":17,"endLine":17},"artifactLocation":{"uri":"./Dockerfile"}}}]},{"ruleId":"SC2086","message":{"text":"Double quote to prevent globbing and word splitting."},"level":"note","locations":[{"physicalLocation":{"region":{"sourceLanguage":"sh","startColumn":1,"endColumn":1,"startLine":17,"endLine":17},"artifactLocation":{"uri":"./Dockerfile"}}}]},{"ruleId":"DL4006","message":{"text":"Set the SHELL option -o pipefail before RUN with a pipe in it. If you are using /bin/sh in an alpine image or if your shell is symlinked to busybox then consider explicitly setting your SHELL to /bin/ash, or disable this check"},"level":"warning","locations":[{"physicalLocation":{"region":{"sourceLanguage":"dockerfile","startColumn":1,"endColumn":1,"startLine":17,"endLine":17},"artifactLocation":{"uri":"./Dockerfile"}}}]},{"ruleId":"DL3059","message":{"text":"Multiple consecutive `RUN` instructions. Consider consolidation."},"level":"note","locations":[{"physicalLocation":{"region":{"sourceLanguage":"dockerfile","startColumn":1,"endColumn":1,"startLine":40,"endLine":40},"artifactLocation":{"uri":"./Dockerfile"}}}]}],"tool":{"driver":{"fullName":"Haskell Dockerfile Linter","shortDescription":{"text":"Dockerfile linter, validate inline bash, written in Haskell"},"name":"Hadolint","version":"v2.9.3-0-g346e419-dirty","downloadUri":"https://github.com/hadolint/hadolint"}},"defaultSourceLanguage":"dockerfile"}],"version":"2.1.0","$schema":"http://json.schemastore.org/sarif-2.1.0"}
Superseded by #344.
Bumps postgres from 15.3 to 15.4.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show