Bump arigaio/atlas from 58bc1dd to 3cb1204 in /pkg/assembler/backends/ent/migrate
#2771
Conversation
Bumps arigaio/atlas from `58bc1dd` to `3cb1204`. --- updated-dependencies: - dependency-name: arigaio/atlas dependency-version: latest-alpine dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
dependabot
bot
added
dependencies
![kodiakhq[bot]](https://avatars.githubusercontent.com/in/29196?s=60&v=4){kind=small}
Kusari Analysis Results:
Combined analysis shows the PR is safe to merge with one notable security improvement needed. Dependency analysis found no issues with pinned versions, secrets, or code problems. Code analysis identified one HIGH impact issue (running as root user in Docker container) but confirmed no critical vulnerabilities, secrets, or workflow problems. The Dockerfile demonstrates good security practices with proper SHA pinning. Since this is a migration container, the root user requirement may be operationally justified, and a clear mitigation path exists to add a non-root user. The isolated nature of the security issue combined with clean dependency analysis supports proceeding. Note View full detailed analysis result for more information on the output and the checks that were run.
Found this helpful? Give it a 👍 or 👎 reaction! |
kodiakhq
bot
deleted the
dependabot/docker/pkg/assembler/backends/ent/migrate/arigaio/atlas-3cb1204
branch
Bumps arigaio/atlas from
58bc1ddto3cb1204.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)