From 621088848150511c9320855b065f7b0a376725ab Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 24 May 2026 10:35:53 +0000 Subject: [PATCH 1/2] chore: Update Infrastructure dependencies --- .github/actions/build-apko-base/action.yml | 2 +- .github/actions/build-scan-image/action.yml | 14 +++++++------- .github/actions/publish-image-loaded/action.yml | 2 +- .github/actions/publish-image-retag/action.yml | 2 +- .github/workflows/ci.yml | 16 ++++++++-------- .github/workflows/cli.yml | 2 +- .github/workflows/codspeed.yml | 2 +- .github/workflows/docker.yml | 4 ++-- .github/workflows/lighthouse.yml | 4 ++-- .github/workflows/pages-preview.yml | 4 ++-- .github/workflows/pages.yml | 2 +- .github/workflows/refresh-test-durations.yml | 2 +- .github/workflows/scorecard.yml | 2 +- cli/internal/compose/compose.yml.tmpl | 2 +- cli/internal/config/state.go | 4 ++-- docker/backend/Dockerfile | 2 +- docker/compose.yml | 6 +++--- docker/fine-tune/Dockerfile | 2 +- 18 files changed, 37 insertions(+), 37 deletions(-) diff --git a/.github/actions/build-apko-base/action.yml b/.github/actions/build-apko-base/action.yml index fdbd924413..d1ea39cca2 100644 --- a/.github/actions/build-apko-base/action.yml +++ b/.github/actions/build-apko-base/action.yml @@ -132,7 +132,7 @@ runs: - name: Upload SARIF to GitHub Security if: always() - uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5 + uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 with: # zizmor: ignore[template-injection] sarif_file: trivy-${{ inputs.image-name }}-base.sarif category: trivy-${{ inputs.image-name }}-base diff --git a/.github/actions/build-scan-image/action.yml b/.github/actions/build-scan-image/action.yml index ba2c03c1d2..8c3aa878f7 100644 --- a/.github/actions/build-scan-image/action.yml +++ b/.github/actions/build-scan-image/action.yml @@ -149,7 +149,7 @@ runs: platforms: arm64 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 with: # `docker` driver is required for `load: true` on PR builds so # Trivy can scan a locally loaded image; `docker-container` @@ -178,7 +178,7 @@ runs: - name: Extract metadata id: meta - uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 + uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0 with: images: ghcr.io/aureliolo/synthorg-${{ inputs.image-name }} tags: | @@ -193,7 +193,7 @@ runs: # persisted -- PR builds never feed the publish-image action. - name: Build image (PR, loaded for scan) if: github.event_name == 'pull_request' - uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 + uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 with: context: ${{ inputs.context }} file: ${{ inputs.dockerfile }} @@ -213,7 +213,7 @@ runs: # tarballs and reassemble the multi-arch manifest at push time. - name: Build amd64 tarball (non-PR) if: github.event_name != 'pull_request' - uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 + uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 with: context: ${{ inputs.context }} file: ${{ inputs.dockerfile }} @@ -237,7 +237,7 @@ runs: - name: Build arm64 tarball (non-PR, multi-arch) if: github.event_name != 'pull_request' && inputs.enable-arm64 == 'true' - uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 + uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 with: context: ${{ inputs.context }} file: ${{ inputs.dockerfile }} @@ -380,7 +380,7 @@ runs: - name: Upload SARIF amd64 to GitHub Security if: always() - uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5 + uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 with: sarif_file: trivy-${{ inputs.image-name }}-amd64.sarif category: trivy-${{ inputs.image-name }}-amd64 @@ -397,7 +397,7 @@ runs: - name: Upload SARIF arm64 to GitHub Security if: always() && github.event_name != 'pull_request' && inputs.enable-arm64 == 'true' - uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5 + uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 with: sarif_file: trivy-${{ inputs.image-name }}-arm64.sarif category: trivy-${{ inputs.image-name }}-arm64 diff --git a/.github/actions/publish-image-loaded/action.yml b/.github/actions/publish-image-loaded/action.yml index 29914f0374..86e4d7c1cc 100644 --- a/.github/actions/publish-image-loaded/action.yml +++ b/.github/actions/publish-image-loaded/action.yml @@ -80,7 +80,7 @@ runs: - name: Extract metadata id: meta - uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 + uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0 with: images: ghcr.io/aureliolo/synthorg-${{ inputs.image-name }} tags: | diff --git a/.github/actions/publish-image-retag/action.yml b/.github/actions/publish-image-retag/action.yml index d30c3f57dd..6d7b0c802e 100644 --- a/.github/actions/publish-image-retag/action.yml +++ b/.github/actions/publish-image-retag/action.yml @@ -73,7 +73,7 @@ runs: # surface as a missing tag on the release. - name: Extract metadata id: meta - uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 + uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0 with: images: ghcr.io/aureliolo/synthorg-${{ inputs.image-name }} tags: | diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 85f20e7b62..0f7686156a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -518,7 +518,7 @@ jobs: shard: [1, 2, 3, 4] services: postgres: - image: postgres:18-alpine + image: postgres:18-alpine@sha256:96d56f7f57c6aacd1fcb908bc83b345ec5f83231ee486dd66a1baadce274db88 env: POSTGRES_USER: synthorg POSTGRES_PASSWORD: synthorg-test @@ -635,7 +635,7 @@ jobs: contents: read services: postgres: - image: postgres:18-alpine + image: postgres:18-alpine@sha256:96d56f7f57c6aacd1fcb908bc83b345ec5f83231ee486dd66a1baadce274db88 env: POSTGRES_USER: synthorg POSTGRES_PASSWORD: synthorg-test @@ -1117,7 +1117,7 @@ jobs: persist-credentials: false - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: - node-version: 24.15.0 + node-version: 24.16.0 cache: npm cache-dependency-path: web/package-lock.json - run: npm ci @@ -1143,7 +1143,7 @@ jobs: persist-credentials: false - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: - node-version: 24.15.0 + node-version: 24.16.0 cache: npm cache-dependency-path: web/package-lock.json - name: Download OpenAPI schema artifact @@ -1172,7 +1172,7 @@ jobs: persist-credentials: false - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: - node-version: 24.15.0 + node-version: 24.16.0 cache: npm cache-dependency-path: web/package-lock.json - name: Download OpenAPI schema artifact @@ -1219,7 +1219,7 @@ jobs: persist-credentials: false - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: - node-version: 24.15.0 + node-version: 24.16.0 cache: npm cache-dependency-path: web/package-lock.json - name: Download OpenAPI schema artifact @@ -1263,7 +1263,7 @@ jobs: persist-credentials: false - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: - node-version: 24.15.0 + node-version: 24.16.0 cache: npm cache-dependency-path: web/package-lock.json - run: npm ci @@ -1288,7 +1288,7 @@ jobs: persist-credentials: false - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: - node-version: 24.15.0 + node-version: 24.16.0 cache: npm cache-dependency-path: web/package-lock.json - run: npm ci diff --git a/.github/workflows/cli.yml b/.github/workflows/cli.yml index 21e413fd0d..ec53476c13 100644 --- a/.github/workflows/cli.yml +++ b/.github/workflows/cli.yml @@ -71,7 +71,7 @@ jobs: run: go vet ./... - name: golangci-lint - uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0 + uses: golangci/golangci-lint-action@82606bf257cbaff209d206a39f5134f0cfbfd2ee # v9.2.1 with: # renovate: datasource=github-releases depName=golangci/golangci-lint version: v2.12.2 diff --git a/.github/workflows/codspeed.yml b/.github/workflows/codspeed.yml index b0e71a8ed1..a66a5feff6 100644 --- a/.github/workflows/codspeed.yml +++ b/.github/workflows/codspeed.yml @@ -128,7 +128,7 @@ jobs: - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: - node-version: 24.15.0 + node-version: 24.16.0 cache: npm cache-dependency-path: web/package-lock.json diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 8392564303..6db00010d4 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -651,7 +651,7 @@ jobs: - name: Set up Node.js uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: - node-version: "24.15.0" + node-version: "24.16.0" package-manager-cache: false - name: Set up Python + uv (OpenAPI export + docs build) @@ -861,7 +861,7 @@ jobs: - name: Upload SARIF to GitHub Security (web) if: always() - uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5 + uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 with: sarif_file: trivy-web.sarif category: trivy-web diff --git a/.github/workflows/lighthouse.yml b/.github/workflows/lighthouse.yml index 6c031087ab..1a28be2359 100644 --- a/.github/workflows/lighthouse.yml +++ b/.github/workflows/lighthouse.yml @@ -114,7 +114,7 @@ jobs: - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: - node-version: 24.15.0 + node-version: 24.16.0 cache: npm cache-dependency-path: web/package-lock.json @@ -162,7 +162,7 @@ jobs: - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: - node-version: 24.15.0 + node-version: 24.16.0 cache: npm cache-dependency-path: web/package-lock.json diff --git a/.github/workflows/pages-preview.yml b/.github/workflows/pages-preview.yml index 6ab3e228e3..23b94346c7 100644 --- a/.github/workflows/pages-preview.yml +++ b/.github/workflows/pages-preview.yml @@ -187,7 +187,7 @@ jobs: - name: Set up Node.js uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: - node-version: "24.15.0" + node-version: "24.16.0" - name: Install Astro dependencies working-directory: site @@ -308,7 +308,7 @@ jobs: - name: Set up Node.js uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: - node-version: "24.15.0" + node-version: "24.16.0" - name: Deploy to Cloudflare Pages env: diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index 43d29a1de3..96003f6544 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -154,7 +154,7 @@ jobs: - name: Set up Node.js uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: - node-version: "24.15.0" + node-version: "24.16.0" - name: Install Astro dependencies working-directory: site diff --git a/.github/workflows/refresh-test-durations.yml b/.github/workflows/refresh-test-durations.yml index 91eebe1dc0..c51772b9b8 100644 --- a/.github/workflows/refresh-test-durations.yml +++ b/.github/workflows/refresh-test-durations.yml @@ -36,7 +36,7 @@ jobs: contents: read services: postgres: - image: postgres:18-alpine + image: postgres:18-alpine@sha256:96d56f7f57c6aacd1fcb908bc83b345ec5f83231ee486dd66a1baadce274db88 env: POSTGRES_USER: synthorg POSTGRES_PASSWORD: synthorg-test diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 026d996c3f..b05794e813 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -37,7 +37,7 @@ jobs: - name: Upload SARIF if: ${{ !cancelled() }} - uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5 + uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 with: sarif_file: results.sarif diff --git a/cli/internal/compose/compose.yml.tmpl b/cli/internal/compose/compose.yml.tmpl index 6cfe2e6f1e..916191f5c5 100644 --- a/cli/internal/compose/compose.yml.tmpl +++ b/cli/internal/compose/compose.yml.tmpl @@ -55,7 +55,7 @@ services: # cannot self-chown, so this one-shot container sets ownership on first start. data-init: # renovate: datasource=docker depName=busybox - image: busybox:1.37-musl@sha256:19b646668802469d968a05342a601e78da4322a414a7c09b1c9ee25165042138 + image: busybox:1.38-musl@sha256:f36701e0a15a97186ccc59bbe9a6217b649edecb36ce32d07fa31bf5ad15e56d volumes: - synthorg-data:/data {{- if postgresEnabled}} diff --git a/cli/internal/config/state.go b/cli/internal/config/state.go index a82065b012..38cf681baa 100644 --- a/cli/internal/config/state.go +++ b/cli/internal/config/state.go @@ -158,10 +158,10 @@ const ( DefaultDHIRegistry = "dhi.io" // renovate: datasource=docker depName=dhi.io/postgres DefaultPostgresImageTag = "18-debian13" - DefaultPostgresImageDigest = "sha256:6aa59b8ff6ffcbcea41f285c435243734a9cb60e0068a8345b8284b41e5e650b" + DefaultPostgresImageDigest = "sha256:21d6e884d25134f59723b11a0c1f78b199b38591d1c6f2d492934e31827f8376" // renovate: datasource=docker depName=dhi.io/nats DefaultNATSImageTag = "2.14-debian13" - DefaultNATSImageDigest = "sha256:e545a823f5d6ceaa33983c2b055d85e200d497ef5f949c3b991698e268f34875" + DefaultNATSImageDigest = "sha256:5ce86b96c969f5089c65ac6c786556999e39980e3873140e1c5b034d4a8f8a92" DefaultNATSURLValue = "nats://nats:4222" DefaultNATSStreamPrefixValue = "SYNTHORG" diff --git a/docker/backend/Dockerfile b/docker/backend/Dockerfile index 2deb5e8bb4..445cc9aae5 100644 --- a/docker/backend/Dockerfile +++ b/docker/backend/Dockerfile @@ -22,7 +22,7 @@ ARG BASE_IMAGE # --------------------------------------------------------------------------- FROM python:3.14.3-slim@sha256:5e59aae31ff0e87511226be8e2b94d78c58f05216efda3b07dbbed938ec8583b AS builder -COPY --from=ghcr.io/astral-sh/uv:0.11.15@sha256:e590846f4776907b254ac0f44b5b380347af5d90d668138ca7938d1b0c2f98d3 /uv /uvx /bin/ +COPY --from=ghcr.io/astral-sh/uv:0.11.16@sha256:440fd6477af86a2f1b38080c539f1672cd22acb1b1a47e321dba5158ab08864d /uv /uvx /bin/ ENV UV_COMPILE_BYTECODE=1 \ UV_LINK_MODE=copy diff --git a/docker/compose.yml b/docker/compose.yml index 1ab8a6ec2b..e74485b17b 100644 --- a/docker/compose.yml +++ b/docker/compose.yml @@ -7,7 +7,7 @@ x-logging: &logging services: postgres: # renovate: datasource=docker depName=dhi.io/postgres - image: dhi.io/postgres:18-debian13@sha256:6aa59b8ff6ffcbcea41f285c435243734a9cb60e0068a8345b8284b41e5e650b + image: dhi.io/postgres:18-debian13@sha256:21d6e884d25134f59723b11a0c1f78b199b38591d1c6f2d492934e31827f8376 ports: - "${POSTGRES_PORT:-3002}:5432" volumes: @@ -54,7 +54,7 @@ services: # /nats-data -> 65532 (nats) data-init: # renovate: datasource=docker depName=busybox - image: busybox:1.37-musl@sha256:19b646668802469d968a05342a601e78da4322a414a7c09b1c9ee25165042138 + image: busybox:1.38-musl@sha256:f36701e0a15a97186ccc59bbe9a6217b649edecb36ce32d07fa31bf5ad15e56d volumes: - synthorg-data:/data - synthorg-pgdata:/pgdata @@ -173,7 +173,7 @@ services: # --max_payload CLI flag, so non-default settings need a config file. nats: # renovate: datasource=docker depName=dhi.io/nats - image: dhi.io/nats:2.14-debian13@sha256:e545a823f5d6ceaa33983c2b055d85e200d497ef5f949c3b991698e268f34875 + image: dhi.io/nats:2.14-debian13@sha256:5ce86b96c969f5089c65ac6c786556999e39980e3873140e1c5b034d4a8f8a92 command: ["-c", "/etc/nats/nats.conf"] ports: - "${NATS_CLIENT_PORT:-3003}:4222" diff --git a/docker/fine-tune/Dockerfile b/docker/fine-tune/Dockerfile index c5eec81208..c621307168 100644 --- a/docker/fine-tune/Dockerfile +++ b/docker/fine-tune/Dockerfile @@ -22,7 +22,7 @@ ARG FINE_TUNE_EXTRA=fine-tune-gpu # --------------------------------------------------------------------------- FROM python:3.14.3-slim@sha256:5e59aae31ff0e87511226be8e2b94d78c58f05216efda3b07dbbed938ec8583b AS builder -COPY --from=ghcr.io/astral-sh/uv:0.11.15@sha256:e590846f4776907b254ac0f44b5b380347af5d90d668138ca7938d1b0c2f98d3 /uv /uvx /bin/ +COPY --from=ghcr.io/astral-sh/uv:0.11.16@sha256:440fd6477af86a2f1b38080c539f1672cd22acb1b1a47e321dba5158ab08864d /uv /uvx /bin/ ENV UV_COMPILE_BYTECODE=1 \ UV_LINK_MODE=copy From c316d7bac75693eac0096c14d8b49ba49a8efd5b Mon Sep 17 00:00:00 2001 From: Aurelio <19254254+Aureliolo@users.noreply.github.com> Date: Sun, 24 May 2026 12:38:31 +0200 Subject: [PATCH 2/2] fix: regenerate CLI compose goldens for busybox 1.38-musl + dhi.io digest bumps --- cli/testdata/compose_custom_ports.yml | 2 +- cli/testdata/compose_default.yml | 2 +- cli/testdata/compose_digest_pins.yml | 2 +- cli/testdata/compose_sandbox.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cli/testdata/compose_custom_ports.yml b/cli/testdata/compose_custom_ports.yml index df0b345f23..7ce640833c 100644 --- a/cli/testdata/compose_custom_ports.yml +++ b/cli/testdata/compose_custom_ports.yml @@ -8,7 +8,7 @@ services: # cannot self-chown, so this one-shot container sets ownership on first start. data-init: # renovate: datasource=docker depName=busybox - image: busybox:1.37-musl@sha256:19b646668802469d968a05342a601e78da4322a414a7c09b1c9ee25165042138 + image: busybox:1.38-musl@sha256:f36701e0a15a97186ccc59bbe9a6217b649edecb36ce32d07fa31bf5ad15e56d volumes: - synthorg-data:/data command: ["sh", "-c", "set -e; mkdir -p /data/logs /data/memory; chown -R 65532:65532 /data"] diff --git a/cli/testdata/compose_default.yml b/cli/testdata/compose_default.yml index 909247112b..f9390a600d 100644 --- a/cli/testdata/compose_default.yml +++ b/cli/testdata/compose_default.yml @@ -8,7 +8,7 @@ services: # cannot self-chown, so this one-shot container sets ownership on first start. data-init: # renovate: datasource=docker depName=busybox - image: busybox:1.37-musl@sha256:19b646668802469d968a05342a601e78da4322a414a7c09b1c9ee25165042138 + image: busybox:1.38-musl@sha256:f36701e0a15a97186ccc59bbe9a6217b649edecb36ce32d07fa31bf5ad15e56d volumes: - synthorg-data:/data command: ["sh", "-c", "set -e; mkdir -p /data/logs /data/memory; chown -R 65532:65532 /data"] diff --git a/cli/testdata/compose_digest_pins.yml b/cli/testdata/compose_digest_pins.yml index dd17d82764..709956097d 100644 --- a/cli/testdata/compose_digest_pins.yml +++ b/cli/testdata/compose_digest_pins.yml @@ -8,7 +8,7 @@ services: # cannot self-chown, so this one-shot container sets ownership on first start. data-init: # renovate: datasource=docker depName=busybox - image: busybox:1.37-musl@sha256:19b646668802469d968a05342a601e78da4322a414a7c09b1c9ee25165042138 + image: busybox:1.38-musl@sha256:f36701e0a15a97186ccc59bbe9a6217b649edecb36ce32d07fa31bf5ad15e56d volumes: - synthorg-data:/data command: ["sh", "-c", "set -e; mkdir -p /data/logs /data/memory; chown -R 65532:65532 /data"] diff --git a/cli/testdata/compose_sandbox.yml b/cli/testdata/compose_sandbox.yml index b68a387219..70e7783146 100644 --- a/cli/testdata/compose_sandbox.yml +++ b/cli/testdata/compose_sandbox.yml @@ -8,7 +8,7 @@ services: # cannot self-chown, so this one-shot container sets ownership on first start. data-init: # renovate: datasource=docker depName=busybox - image: busybox:1.37-musl@sha256:19b646668802469d968a05342a601e78da4322a414a7c09b1c9ee25165042138 + image: busybox:1.38-musl@sha256:f36701e0a15a97186ccc59bbe9a6217b649edecb36ce32d07fa31bf5ad15e56d volumes: - synthorg-data:/data command: ["sh", "-c", "set -e; mkdir -p /data/logs /data/memory; chown -R 65532:65532 /data"]