Merge pull request #130 from manics/dependabot-pin-dockerfile

manics · web-flow · commit 0fd70e6e196d · 2024-09-15T16:58:02.000+01:00
Pin dockerfile SHA, bump monthly with dependabot
diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
@@ -15,3 +15,10 @@ updates:
       interval: monthly
       time: "05:00"
       timezone: Etc/UTC
+
+  # Bump dockerfile FROM
+  - package-ecosystem: docker
+    directory: /
+    labels: [dependencies]
+    schedule:
+      interval: monthly
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM quay.io/jupyter/base-notebook:latest
+FROM quay.io/jupyter/base-notebook@sha256:876e3c3e40c4f0a25d3a16223a158a2d582b1ad77ac94269d43a5f6256eb4eec
 
 USER root
 

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-FROM quay.io/jupyter/base-notebook:latest`
	`1`	`+FROM quay.io/jupyter/base-notebook@sha256:876e3c3e40c4f0a25d3a16223a158a2d582b1ad77ac94269d43a5f6256eb4eec`
`2`	`2`
`3`	`3`	`USER root`
`4`	`4`