build(deps): pin redis Dockerfile to latest stable Redis release

[Copilot]

The pinned digest for redis:8.6.3 in redis/Dockerfile-redis was stale — it referenced an older manifest that had since been superseded by a security-fix rebuild (pushed 2026-05-09).

Change

• redis/Dockerfile-redis: Update pinned digest for redis:8.6.3 to the current manifest list digest from Docker Hub.

# Before
FROM redis:8.6.3@sha256:25dbb04fc4d6d190eda327dab551631500b0f9ac8f9808e8e63b7fda1ddff196

# After
FROM redis:8.6.3@sha256:0c341492924cad6f5483f9133e43bd6c51ecdecbcadfac5b51657393b6a7936c

redis:8.6.3 is the current stable release on Docker Hub (latest, 8, 8.6 all resolve here); 8.8-m03 is the only pre-release currently listed. Supersedes #1163.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• redis.io
  • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node /home/REDACTED/work/_temp/ghcca-node/node/bin/node --enable-source-maps /home/REDACTED/work/_temp/copilot-developer-action-main/dist/index.js (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

Background

The redis/Dockerfile-redis is currently pinned to a non-stable / rolling Redis Docker image tag. Dependabot keeps bumping it (see PR #1163 which bumped the digest while keeping tag redis:8.6.3). Redis 8.6.x is not a stable release line — the latest stable Redis as published on https://redis.io/downloads/ and on Docker Hub https://hub.docker.com/_/redis is on a different (lower) major.minor that is marked stable. We should not be tracking the 8.6.x line.

File to update

redis/Dockerfile-redis

Current contents (line 1):

FROM redis:8.6.3@sha256:25dbb04fc4d6d190eda327dab551631500b0f9ac8f9808e8e63b7fda1ddff196

Task

1. Identify the latest stable Redis release. Check:
   • https://redis.io/downloads/ (look for the version marked "Stable")
   • https://hub.docker.com/_/redis (look at the official tags; avoid any tag described as RC, milestone, preview, or development)
   • https://github.com/redis/redis/releases (look for the latest release not marked pre-release)
2. Update redis/Dockerfile-redis to use the latest stable redis:<version> tag, pinned by digest in the same tag@sha256:... style. Look up the actual current digest for that specific tag on Docker Hub (use the linux/amd64 manifest list digest as shown on Docker Hub) and use it.
3. Do not modify any other file. In particular, do not change .github/dependabot.yml — dependabot should keep watching /redis. By pinning to a stable <version> tag, future bumps will stay within the stable line.

PR details

• Title: build(deps): pin redis Dockerfile to latest stable Redis release
• In the PR description:
  • Explain that the previous tag (8.6.3) was tracking a non-stable Redis line.
  • State which stable version + digest you pinned to and link to your sources (https://redis.io/downloads/ and https://hub.docker.com/_/redis).
  • Mention that this supersedes build(deps): bump redis from 25dbb04 to 0c34149 in /redis #1163.

The following is the prior conversation context from the user's chat exploration (may be truncated):

User: this dependency is on rolling releases - it shouldnt be - please open a pr to set it to latest stable

Assistant: I'll delegate this to the coding agent to investigate and fix.

Assistant: Waiting for your confirmation on the dialog before I dispatch the coding agent to open the PR.

User: @copilot Accepted Confirmation: Confirm agent session

Assistant: I've dispatched the coding agent to open a PR that pins shared/golang/Dockerfile to the latest stable Go release (replacing the rolling 1.26.3-bookworm tag) with a proper tag@sha256:... digest pin. It will supersede #1165.

data:
    - title: '[WIP] Pin shared/golang Dockerfile to latest stable Go release (stop tracking rolling tags)'
      repository: envoyproxy/examples
      url: https://github.com/copilot/tasks/pull/PR_kwDOMcnUVc7auAR8?session_id=ccde29aa-d58d-4842-ac80-f07b0f18882a
      state: queued

User: same with this one @envoyproxy/examples/pull/1163

This pull request was created from Copilot chat.