Update rabbitmq Docker tag from 3.13.2 to v3.13.4 (docker-compose.yml)

[renovate]

This PR contains the following updates:

Package	Update	Change
rabbitmq	patch	3.13.2-alpine -> 3.13.4-alpine

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Server-Side Request Forgery Analyzer	✅	0 findings
SQL Injection Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code change in the docker-compose.yml file updates the RabbitMQ container image from version 3.13.2-alpine to 3.13.4-alpine, which is a minor version update. This is generally a good security practice, as it ensures that the application is using the latest version of RabbitMQ with the latest security patches and bug fixes. However, it's important to review the release notes and changelogs to understand what changes have been made and how they might impact the application.

Additionally, the docker-compose.yml file uses several environment variables to configure the application, including database connections, Celery broker URL, and secret keys. It's crucial to ensure that these environment variables are properly secured and not exposed in the codebase or deployment process. The file also mentions the use of an AES-256 key for storing credentials, which is a secure way to store sensitive information, but the key management process must be carefully reviewed to ensure it's properly generated, stored, and managed. Finally, the database and Celery configurations should be reviewed to ensure they are properly secured and hardened against potential attacks.

Files Changed:

• docker-compose.yml: This file updates the RabbitMQ container image from version 3.13.2-alpine to 3.13.4-alpine, which is a minor version update. The file also configures the application's environment variables, database connections, Celery broker, and the use of an AES-256 key for storing credentials. These configurations should be reviewed to ensure they are properly secured and hardened against potential security vulnerabilities.

Powered by DryRun Security

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (3.13.4-alpine). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.