Merge pull request #337 from nakamo326/fix/renovate-update-stable-ngi…

…nx-only fix: Add allowedVersions to restrict Nginx to stable releases
coreruleset · Feb 22, 2025 · b79e914 · b79e914
2 parents 016e130 + 2ed9555
commit b79e914
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -42,7 +42,7 @@ Examples:
 
 ## OS Variants
 
-* nginx – *latest stable ModSecurity v3 on Nginx 1.27.3 official stable base image, and latest stable OWASP CRS 4.11.0*
+* nginx – *latest stable ModSecurity v3 on Nginx 1.26.3 official stable base image, and latest stable OWASP CRS 4.11.0*
    * [nginx](https://github.com/coreruleset/modsecurity-crs-docker/blob/master/nginx/Dockerfile)
    * [nginx-alpine](https://github.com/coreruleset/modsecurity-crs-docker/blob/master/nginx/Dockerfile-alpine)
 * Apache httpd – *last stable ModSecurity v2 on Apache 2.4.63 official stable base image, and latest stable OWASP CRS 4.11.0*

diff --git a/docker-bake.hcl b/docker-bake.hcl
@@ -16,7 +16,7 @@ variable "crs-version" {
 
 variable "nginx-version" {
     # renovate: depName=nginxinc/nginx-unprivileged datasource=docker
-    default = "1.27.3"
+    default = "1.26.3"
 }
 
 variable "httpd-version" {

diff --git a/renovate.json b/renovate.json
@@ -48,6 +48,12 @@
         "ModSecurity2"
       ],
       "allowedVersions": "/^v2.*/"
+    },
+    {
+      "matchDepNames": [
+        "nginxinc/nginx-unprivileged"
+      ],
+      "allowedVersions": "/^[0-9]+\\.(?:[1-9]\\d*)?[02468]\\.[0-9]+$/"
     }
   ],
   "customManagers": [