Bump scality/vault from 7.76.0 to 7.86.0 in /.github/docker#6157
Bump scality/vault from 7.76.0 to 7.86.0 in /.github/docker#6157dependabot[bot] wants to merge 1 commit intodevelopment/9.3from
Conversation
Bumps scality/vault from 7.76.0 to 7.86.0. --- updated-dependencies: - dependency-name: scality/vault dependency-version: 7.86.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
Hello dependabot[bot],My role is to assist you with the merge of this Available options
Available commands
Status report is not available. The following options are set: bypass_author_approval, bypass_jira_check |
Request integration branchesWaiting for integration branch creation to be requested by the user. To request integration branches, please comment on this pull request with the following command: Alternatively, the The following options are set: bypass_author_approval, bypass_jira_check |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files
@@ Coverage Diff @@
## development/9.3 #6157 +/- ##
===================================================
- Coverage 84.41% 84.35% -0.07%
===================================================
Files 206 206
Lines 13283 13283
===================================================
- Hits 11213 11205 -8
- Misses 2070 2078 +8
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Dependency Bump Evaluation
Version change: scality/vault 7.76.0 -> 7.86.0 (minor, Docker image)
Semver bump type: Minor (spanning 10 minor versions)
Changes:
- Updates the scality/vault Docker image tag in .github/docker/docker-compose.yaml from 7.76.0 to 7.86.0
- Single-line change in CI test infrastructure only — no application code modified
Breaking changes: Unable to assess — vault is a private Scality repository with no publicly accessible release notes or changelog
Security concerns: Vault is the IAM/authentication service. Since this is a Scality-internal dependency with controlled releases, supply chain risk is low. The image is pulled from ghcr.io/scality/vault (Scality's own registry). No new transitive dependencies introduced.
Impact on codebase:
- Change is scoped entirely to CI infrastructure (docker-compose.yaml)
- No production code, configuration, or runtime behavior is affected
- The vault service is used in functional tests with S3VAULT=scality profile for IAM authentication testing
- SSE migration tests reference separate vault versions (7.70.31/7.70.32) and are not affected by this bump
- lib/auth/vault.js and other vault client integrations are unchanged
CI status: Lint, unit tests, CodeQL, codecov, dependency-review, and alert tests all passed. Build job is still in progress — functional tests that exercise the vault image will run after build completes.
Recommendation: SAFE TO MERGE
Notes:
- The 10-minor-version jump (7.76 to 7.86) is significant but manageable since Scality controls both repositories
- Confirm the build job and downstream functional tests pass before merging, as those will exercise the updated vault image in integration scenarios
- If vault 7.86.0 introduces any breaking API changes to IAM endpoints, functional tests with S3VAULT=scality should catch them
— Claude Code
1 participant
Bumps scality/vault from 7.76.0 to 7.86.0.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)