Skip to content

fix: pin adminer and mongo-express image versions#11630

Open
dsk-dev-ai wants to merge 3 commits intoappwrite:1.9.xfrom
dsk-dev-ai:fix-adminer-mongo-tags
Open

fix: pin adminer and mongo-express image versions#11630
dsk-dev-ai wants to merge 3 commits intoappwrite:1.9.xfrom
dsk-dev-ai:fix-adminer-mongo-tags

Conversation

@dsk-dev-ai
Copy link
Copy Markdown

@dsk-dev-ai dsk-dev-ai commented Mar 24, 2026

Closes #11629

What does this PR do?

Pins Docker image versions for adminer and mongo-express instead of using implicit latest tags.

Why?

Using latest can lead to:

  • Inconsistent environments
  • Unexpected breaking changes
  • Difficult debugging

Changes

  • adminer → pinned to 4.8.1
  • mongo-express → pinned to 1.0.2

Notes

Follows best practices for Docker image versioning.

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai bot commented Mar 24, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 17c2768b-00bd-49c4-8c6d-d4146c7604cf

📥 Commits

Reviewing files that changed from the base of the PR and between 76a47f5 and 30130d4.

📒 Files selected for processing (1)
  • docker-compose.override.yml
🚧 Files skipped from review as they are similar to previous changes (1)
  • docker-compose.override.yml
📝 Walkthrough

Walkthrough

The docker-compose.override.yml file was changed to pin two service images: appwrite-mongo-express now uses mongo-express:1.1.0-rc.3, and adminer now uses adminer:4.17.1. No other service configuration, environment variables, ports, networks, configs, or labels were modified.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name Status Explanation Resolution
Linked Issues check ❓ Inconclusive The PR addresses the core objective from #11629 by pinning Docker image versions for adminer and mongo-express, though the specific versions differ from what was stated in the description. Verify that the pinned versions (1.1.0-rc.3 for mongo-express, 4.17.1 for adminer) match the intended stable versions or clarify the discrepancy with stated versions (1.0.2, 4.8.1).
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly and concisely summarizes the main change: pinning Docker image versions for adminer and mongo-express.
Description check ✅ Passed The description is related to the changeset and explains the rationale for pinning image versions, though specific versions mentioned differ from actual implementation.
Out of Scope Changes check ✅ Passed All changes are directly related to the linked issue #11629 objective of pinning adminer and mongo-express image versions in docker-compose.override.yml.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps bot commented Mar 24, 2026
edited
Loading

Greptile Summary

This PR pins Docker image versions for adminer and mongo-express in docker-compose.override.yml to avoid the pitfalls of implicit latest tags. The intent is correct and follows Docker best practices, but there are two issues to address:

  • Outdated adminer version: adminer:4.8.1 is pinned to an old release. The Docker Hub official image currently tracks 4.17.1 as the latest 4.x release and 5.4.2 as the overall latest. Pinning to 4.8.1 likely skips significant security patches, undermining the stated goal.
  • Incomplete coverage: redis/redisinsight:latest (line 54) was not pinned as part of this change, leaving a latest tag in the same file that is subject to the same concerns described in the PR description.

mongo-express:1.0.2 is correctly pinned and matches the last published tag for that (now deprecated) official image.

Confidence Score: 3/5

  • Safe to merge for local dev tooling, but the outdated adminer version and the missed redis/redisinsight:latest tag should be addressed before merging.
  • The file is only used for local development (explicitly excluded from CI per the comment at the top), so the risk is contained. However, pinning adminer to 4.8.1 — a significantly outdated release — may expose developers to known vulnerabilities, and the redis/redisinsight:latest omission contradicts the PR's own stated goals.
  • docker-compose.override.yml — adminer version should be updated to 4.17.1 (or later), and redis/redisinsight should also be pinned.

Important Files Changed

Filename Overview
docker-compose.override.yml Pins mongo-express and adminer image versions, but adminer is pinned to an outdated version (4.8.1 vs current 4.17.1), and redis/redisinsight:latest is left unpinned — partially achieving the PR's stated goal.

Comments Outside Diff (1)

  1. docker-compose.override.yml, line 54 (link)

    P2 redis/redisinsight still uses latest tag

    The PR's stated goal is to pin all image versions to avoid inconsistent environments and unexpected breaking changes, but redis/redisinsight:latest on this line was not addressed. For consistency, this image should also be pinned to a specific version.

    (Replace 2.68.0 with the actual latest stable release you intend to target.)

Reviews (1): Last reviewed commit: "fix: pin adminer and mongo-express image..." | Re-trigger Greptile

greptile-apps[bot]
greptile-apps bot reviewed Mar 24, 2026
View reviewed changes
@dsk-dev-ai @greptile-apps
Update docker-compose.override.yml
76a47f5 
updated by given suggestion.

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
coderabbitai[bot]
coderabbitai bot reviewed Mar 24, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (1)
docker-compose.override.yml (1)

54-54: Consider pinning redis-insight version for full consistency.

The PR pins adminer and mongo-express to improve consistency and avoid relying on implicit latest tags. However, redis-insight still uses :latest, which could lead to the same reproducibility issues. Consider pinning it to a specific version to fully align with the PR's objectives of uniform versioning practices across all dev tools.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@docker-compose.override.yml` at line 54, The redis-insight image is using the
:latest tag which breaks reproducibility; update the image entry
"redis/redisinsight:latest" to an explicit versioned tag (matching the same
pinning style used for adminer and mongo-express), e.g.
"redis/redisinsight:<desired-version>" so the compose file consistently pins all
dev tool images—choose and replace with the specific release you want to lock
to.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docker-compose.override.yml`:
- Line 8: Update the docker image tag for mongo-express in the
docker-compose.override.yml (the existing "image: mongo-express:1.0.2" entry) to
a patched release that addresses CVE-2023-52555; replace "mongo-express:1.0.2"
with a version >= 1.1.0-rc.1 (recommend "mongo-express:1.1.0-rc.3") and ensure
any deployment/testing manifests referencing the same image tag are updated
consistently.
- Line 22: The service references a vulnerable image tag "image: adminer:4.8.1";
update that tag to "adminer:4.8.2" (or any later stable 4.8.x+) to mitigate
CVE-2025-43960, then pull/redeploy the stack so the new image is used (e.g.,
update the "image: adminer:4.8.1" line to "image: adminer:4.8.2" or higher and
run docker-compose pull && docker-compose up -d).

---

Nitpick comments:
In `@docker-compose.override.yml`:
- Line 54: The redis-insight image is using the :latest tag which breaks
reproducibility; update the image entry "redis/redisinsight:latest" to an
explicit versioned tag (matching the same pinning style used for adminer and
mongo-express), e.g. "redis/redisinsight:<desired-version>" so the compose file
consistently pins all dev tool images—choose and replace with the specific
release you want to lock to.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 5173ea8f-379e-4592-9cdc-bbb8994ae62e

📥 Commits

Reviewing files that changed from the base of the PR and between d4f7d51 and 0244011.

📒 Files selected for processing (1)
  • docker-compose.override.yml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Pin adminer and mongo-express image versions in docker-compose.override.yml

1 participant

@dsk-dev-ai