Update mccutchen/go-httpbin Docker tag from v2.14.1 to v2.15.0 (docker-compose.override.unit_tests_cicd.yml)

[renovate]

This PR contains the following updates:

Package	Update	Change
mccutchen/go-httpbin	minor	v2.14.1 -> v2.15.0

---

Release Notes

mccutchen/go-httpbin (mccutchen/go-httpbin)

v2.15.0

Compare Source

Summary

• ⚠️ Minimum Go version is now 1.22 ⚠️ due to use of new stdlib router enhancements
• New /trailers endpoint added
• Server-Timings headers/trailers added to endpoints with client-controlled response times

What's Changed

• chore(build): bump docker image to 1.23 by @​mccutchen in https://github.com/mccutchen/go-httpbin/pull/180
• feat: use enhanced stdlib HTTP router by @​mccutchen in https://github.com/mccutchen/go-httpbin/pull/181
• chore(ci): fix code coverage uploads by @​mccutchen in https://github.com/mccutchen/go-httpbin/pull/183
• refactor: small tweak to template rendering helpers by @​mccutchen in https://github.com/mccutchen/go-httpbin/pull/182
• feat: add /trailers endpoint by @​mccutchen in https://github.com/mccutchen/go-httpbin/pull/184
• refactor: minor tweaks to /drip implementation by @​mccutchen in https://github.com/mccutchen/go-httpbin/pull/185
• feat: add Server-Timing headers/trailers where relevant by @​mccutchen in https://github.com/mccutchen/go-httpbin/pull/186

Full Changelog: mccutchen/go-httpbin@v2.14.1...v2.15.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[dryrunsecurity]

DryRun Security Summary

The provided code changes focus on updating Docker image versions, configuring the Docker environment for the application's development and unit testing, and handling sensitive information through environment variables, with a general consideration for security best practices.

Expand for full summary

Summary:

The provided code changes are primarily focused on updating the Docker image versions and configuring the Docker environment for the application's development and unit testing purposes. The key changes include:

1. Updating the "webhook.endpoint" service to use a newer version of the mccutchen/go-httpbin image, from v2.14.1 to v2.15.0. This is a minor version update that typically includes bug fixes and improvements, and does not raise any immediate security concerns.

2. Configuring the Docker environment for unit testing, including the use of image digest verification to ensure the correct, trusted image is being used, and the intentional disabling of certain services to reduce the attack surface.

3. Handling sensitive information, such as database connection details and Celery broker configuration, through environment variables, which should be properly secured to prevent unauthorized access.

4. Mounting volumes to persist data for the unit tests, which should be reviewed to ensure that the data is properly secured and access is restricted as needed.

Overall, the code changes appear to be focused on maintaining the application's infrastructure and tooling, with a general consideration for security best practices, such as keeping dependencies up-to-date, using image digest verification, and reducing the attack surface. However, it's essential to continue reviewing the entire application and infrastructure setup to ensure that all security and data protection measures are properly implemented.

Files Changed:

1. docker-compose.override.dev.yml: This file is used for the development environment and updates the "webhook.endpoint" service to use a newer version of the mccutchen/go-httpbin image. The change does not introduce any obvious security concerns, but it's important to review the release notes and change logs for the new version to ensure there are no known security issues or breaking changes.

2. docker-compose.override.unit_tests_cicd.yml: This file configures the Docker environment for the unit testing environment, including the use of image digest verification and the intentional disabling of certain services to reduce the attack surface. The file also handles sensitive information, such as database credentials and Celery broker configuration, through environment variables, which should be properly secured.

3. docker-compose.override.unit_tests.yml: This file is similar to the docker-compose.override.unit_tests_cicd.yml file and also includes the use of image digest verification and the intentional disabling of certain services for the unit testing environment.

Code Analysis

We ran 9 analyzers against 3 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[mtesauro]

Approved