chore(deps): bump keycloak/keycloak from 25.0.6 to 26.0.5 in /docker-jans-saml

[dependabot]

Bumps keycloak/keycloak from 25.0.6 to 26.0.5.

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dryrunsecurity]

DryRun Security Summary

The provided code change updates the Dockerfile for the "docker-jans-saml" project, focusing on improving security and maintainability by updating base images, installing additional packages, integrating a custom Keycloak plugin, synchronizing assets, installing Python dependencies, and setting a large number of environment variables, while also highlighting the need to review the custom components and configurations to ensure proper security and maintenance.

Expand for full summary

Summary:

This code change appears to be updating the Dockerfile for the "docker-jans-saml" project. The key changes include updating the base images for Keycloak and OpenJRE, installing additional Alpine packages, integrating a custom Keycloak plugin, synchronizing assets from the "jans-linux-setup" repository, installing Python dependencies, and setting a large number of environment variables.

From an application security perspective, the changes are generally positive, as they focus on keeping dependencies up-to-date, installing additional security-related packages, and running the container as a non-root user. However, there are a few areas that require closer attention:

1. The custom "kc-jans-spi" Keycloak plugin should be reviewed for potential security vulnerabilities or misconfigurations, as it could introduce new attack vectors.
2. The large number of environment variables, some of which may contain sensitive information, should be carefully managed and secured to prevent unauthorized access or exposure.
3. The additional Alpine packages installed may introduce new attack surfaces, so it's important to ensure they are properly configured and maintained.

Overall, the changes appear to be focused on improving the security and maintainability of the Janssen project's Docker environment, but it's crucial to thoroughly review the custom components and configurations to ensure they are properly secured and maintained.

Files Changed:

• docker-jans-saml/Dockerfile: This file has been updated to include the following changes:
  • Keycloak version updated from 25.0.6 to 26.0.5
  • OpenJRE version updated to the latest version
  • Additional Alpine packages installed, including openssl, python3, tini, curl, py3-cryptography, py3-psycopg2, py3-grpcio, and bash
  • "kc-jans-spi" Keycloak plugin downloaded and installed
  • Various static files and schemas synchronized from the "jans-linux-setup" repository
  • Python dependencies installed from a requirements.txt file
  • A large number of environment variables related to configuration, secrets, and persistence set
  • A non-root user created, and permissions adjusted accordingly

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[moabu]

@dependabot recreate

[dependabot]

Superseded by #10240.