Skip to content

build(deps): bump nginx from 1.29.1 to 1.29.4 / r35 to 36#490

Open
dekobon wants to merge 1 commit intomainfrom
nginx-1.29.4-or-r36
Open

build(deps): bump nginx from 1.29.1 to 1.29.4 / r35 to 36#490
dekobon wants to merge 1 commit intomainfrom
nginx-1.29.4-or-r36

Conversation

@dekobon
Copy link
Copy Markdown
Collaborator

@dekobon dekobon commented Jan 6, 2026

Proposed changes

Bumps nginx from 1.29.1 to 1.29.4 and nginx-plus from r35 to r36.

Checklist

Before creating a pull request (PR), run through this checklist and mark each as complete:

@dekobon dekobon requested a review from 4141done January 6, 2026 18:42
@dekobon dekobon requested a review from a team as a code owner January 6, 2026 18:42
Copilot AI review requested due to automatic review settings January 6, 2026 18:42
Copilot AI reviewed Jan 6, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the NGINX base images to their latest versions: NGINX OSS from 1.29.1 to 1.29.4 and NGINX Plus from r35 to r36, including updated SHA256 digests for all container images.

Key Changes:

  • Updated NGINX OSS base image to version 1.29.4
  • Updated NGINX Plus base and modules images to r36
  • Updated all container image SHA256 digests for security verification

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
Dockerfile.oss Updates NGINX OSS base image from 1.29.1 to 1.29.4 with new SHA256 digest
Dockerfile.plus Updates NGINX Plus base and xslt module images from r35 to r36 with new SHA256 digests

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread Dockerfile.plus Outdated
FROM private-registry.nginx.com/nginx-plus/modules:r36-xslt-debian@sha256:54b3e6d9d25f3fb7ad2b93fc7d66ccae1dbc3186b3ce417eda4194a45ee398c3 AS xslt

FROM private-registry.nginx.com/nginx-plus/base:r35-debian-bookworm@sha256:9a82ad3f96d58be861257efd621f215d599e226ebedd24d9f3211bdd743c3c27
FROM private-registry.nginx.com/nginx-plus/base@sha256:7dd5de94b8c5d6e726918eb36ea78435efad4f9f63be4325c96919c48603a102
Copy link

Copilot AI Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version tag has been removed from the NGINX Plus base image reference. While the SHA256 digest provides immutability, including the version tag (e.g., 'r36-debian-bookworm') improves maintainability by making the intended version explicit and easier to audit without looking up the digest.

Suggested change
FROM private-registry.nginx.com/nginx-plus/base@sha256:7dd5de94b8c5d6e726918eb36ea78435efad4f9f63be4325c96919c48603a102
FROM private-registry.nginx.com/nginx-plus/base:r36-debian-bookworm@sha256:7dd5de94b8c5d6e726918eb36ea78435efad4f9f63be4325c96919c48603a102

Copilot uses AI. Check for mistakes.
@dekobon dekobon mentioned this pull request Jan 6, 2026
Closed
@dekobon dekobon force-pushed the nginx-1.29.4-or-r36 branch from bca2c80 to b9c9ba4 Compare January 6, 2026 19:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@4141done 4141done Awaiting requested review from 4141done

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dekobon