Bump alpine from 3.21 to 3.23 in /scripts/docker #141
Conversation
Bumps alpine from 3.21 to 3.23. --- updated-dependencies: - dependency-name: alpine dependency-version: '3.23' dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
|
Build for testing: |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
dependabot
bot
deleted the
dependabot/docker/scripts/docker/alpine-3.23
branch
|
Nice that it builds, but someone would have to test it. But that would be work and we don't have a need to change anything. |
|
... other than security fixes in dependencies like libc? |
|
libc is so old that by now it should imho no longer be fiddled with. Each new release can potentially bring in new bugs. |
|
That is an extremely weak argument. Just because you wish for something doesn't mean it's the case. Plus, you deliberately wanted to use musl libc with Alpine, which is one of the more recent implementation. Alpine is very good at keeping things up to date, but you have to opt in to that obviously. I don't see a reason why the runtime should suddenly fail with such an update... |
|
In principle, I never update anything if there is no concrete need. Updating stuff "just because" opens all cans of worms and just creates unnecessary work, also known as "waste". |
|
Again, there are security updates. How more concrete does it have to be? |
Bumps alpine from 3.21 to 3.23.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)