Skip to content

chore(deps): update gcr.io/distroless/static:nonroot docker digest to d29e660#51

Open
scality-renovate[bot] wants to merge 1 commit into
mainfrom
renovate/gcr.io-distroless-static-nonroot
Open

chore(deps): update gcr.io/distroless/static:nonroot docker digest to d29e660#51
scality-renovate[bot] wants to merge 1 commit into
mainfrom
renovate/gcr.io-distroless-static-nonroot

Conversation

@scality-renovate

Copy link
Copy Markdown

This PR contains the following updates:

Package Type Update Change
gcr.io/distroless/static final digest 963fa6cd29e660

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • "before 9am on monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

@scality-renovate scality-renovate Bot requested a review from a team as a code owner July 13, 2026 04:08
@scality-renovate scality-renovate Bot added dependencies Pull requests that update a dependency file digest docker labels Jul 13, 2026
@github-actions

Copy link
Copy Markdown

Dependency Bump Evaluation

Package: gcr.io/distroless/static:nonroot (Docker base image)
Version change: digest 963fa6cd29e660 (same tag, updated build)
Bump type: digest pin update

Changes:

  • Updated the pinned SHA256 digest of the gcr.io/distroless/static:nonroot base image in the Dockerfile
  • Distroless static images contain only CA certificates, timezone data, and a passwd entry — no shell, no libc, no package manager
  • Digest updates typically include refreshed CA certificates and base layer security patches

Breaking changes: None — the image tag is unchanged; only the pinned digest is updated. The application binary is statically compiled (CGO_ENABLED=0) and copied in, so base image changes cannot affect application behavior.

Security concerns: None — this is a well-maintained Google image specifically designed to minimize attack surface. Keeping the digest current is a security best practice.

Impact on codebase: None. The only file changed is Dockerfile (1 line). No Go code, dependencies, or configuration are affected.

CI status: Several checks (build, lint, test) are still in progress at time of evaluation. renovate/stability-days is pending.

Recommendation: SAFE TO MERGE (once CI is green)

Notes: This is a routine base image digest refresh with no risk of behavioral changes. The binary is statically linked and the distroless image provides only the minimal runtime filesystem.

— Claude Code

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file digest docker

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants