chore(deps): bump bellsoft/liberica-openjre-alpine from 17.0.12 to 23-38 in /docker-jans-casa

[dependabot]

Bumps bellsoft/liberica-openjre-alpine from 17.0.12 to 23-38.

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
bellsoft/liberica-openjre-alpine	[>= 21.pre.37.a, < 22]
bellsoft/liberica-openjre-alpine	[>= 20.pre.37.a, < 21]
bellsoft/liberica-openjre-alpine	[>= 19.pre.37.a, < 20]
bellsoft/liberica-openjre-alpine	[>= 18.pre.37.a, < 19]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dryrunsecurity]

DryRun Security Summary

The provided code changes update the base Docker image used for the docker-jans-casa/Dockerfile file from bellsoft/liberica-openjre-alpine:17.0.12 to bellsoft/liberica-openjre-alpine:23-38, install several Alpine Linux packages, download and install the Jetty web server and the Casa application, synchronize various static files, schemas, and templates, and set various environment variables, which should be reviewed thoroughly to ensure that the updated components do not introduce any new security vulnerabilities or misconfigurations.

Expand for full summary

Summary:

The provided code changes are related to updating the base Docker image used for the docker-jans-casa/Dockerfile file. The base image is being updated from bellsoft/liberica-openjre-alpine:17.0.12 to bellsoft/liberica-openjre-alpine:23-38. From an application security perspective, this update is generally a positive change, as it can include security patches and bug fixes. However, it's important to ensure that the new base image does not introduce any new vulnerabilities or compatibility issues.

The Dockerfile also installs several Alpine Linux packages, downloads and installs the Jetty web server and the Casa application, and synchronizes various static files, schemas, and templates from the jans-linux-setup repository. Additionally, the Dockerfile sets various environment variables and creates a non-root user named jetty to minimize the risk of privilege escalation. While these changes appear to be routine updates, it's essential to review them thoroughly to ensure that the updated components do not introduce any new security vulnerabilities or misconfigurations.

Files Changed:

• docker-jans-casa/Dockerfile: The changes in this file update the base Docker image from bellsoft/liberica-openjre-alpine:17.0.12 to bellsoft/liberica-openjre-alpine:23-38. The Dockerfile also installs several Alpine Linux packages, downloads and installs the Jetty web server and the Casa application, synchronizes various static files, schemas, and templates, and sets various environment variables. Overall, these changes appear to be routine updates, but they should be reviewed carefully to ensure that they do not introduce any new security vulnerabilities or misconfigurations.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[iromli]

The suggested version is incompatible.

@dependabot ignore this major version

[dependabot]

OK, I won't notify you about version 23-38.x.x again, unless you re-open this PR.