chore(deps): update zerob13/mock-openai-api docker digest to a0ed87e

[renovate]

This PR contains the following updates:

Package	Update	Change
zerob13/mock-openai-api	digest	bebf390 → a0ed87e

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cloudflare-workers-and-pages]

Deploying control-layer with    Cloudflare Pages

Latest commit:	2bdd628
Status:	✅  Deploy successful!
Preview URL:	https://b80d5cf4.control-layer.pages.dev
Branch Preview URL:	https://renovate-zerob13-mock-openai.control-layer.pages.dev

View logs

[doubleword-code]

Summary

This PR updates the pinned Docker image digest for the zerob13/mock-openai-api test server from sha256:bebf390... to sha256:a0ed87e.... This is a routine dependency update for test infrastructure only, affecting docker-compose.test.yml which is used by local tests (just test) and CI (just test docker).

Verdict: Ready to approve - low-risk change following best practices for reproducible test environments.

Research notes

• Fetched Docker Hub tags page for zerob13/mock-openai-api: confirmed the image exists and was updated 7 days ago with new digests
• Verified no other files in the repository reference the old digest or depend on specific mock server behavior tied to this version
• The docker-compose.test.yml comment confirms this is used for both local and CI testing

Suggested next steps

1. Approve and merge - This is a standard Renovate dependency update for test infrastructure. The change is minimal, follows pinning best practices, and poses no risk to production code.

2. Post-merge verification (optional): Run just test docker once after merge to confirm the new mock server image works correctly with the existing test suite, though this would typically be validated by CI before merge.

General findings

None. This is a single-line dependency bump for test infrastructure with no associated code changes or behavioral risks.

[doubleword-code]

Summary

This PR updates the pinned Docker image digest for zerob13/mock-openai-api in docker-compose.test.yml from sha256:bebf390... to sha256:a0ed87e.... This is a routine Renovate dependency update affecting only test infrastructure.

Verdict: Ready to approve pending CI verification.

Research notes

No external documentation lookup was necessary for this change as:

1. This is a test-only dependency (mock LLM server for Hurl tests)
2. The image is correctly pinned by SHA256 digest (security best practice)
3. The mock server implements the OpenAI API contract, which is stable

The mock server is referenced in:

• tests/perms/endpoints.hurl - endpoint CRUD tests
• tests/perms/files-and-batches.hurl - batch processing tests (noted in commit adc7168 as having intermittent flakiness)

Suggested next steps

1. Verify CI passes - The primary validation should be that the e2e-test-docker job passes with the new image digest, particularly the batch permission tests that use the mock server
2. If CI is green, this can be merged without further changes

General findings

No issues identified. The change follows repository conventions:

• ✅ Uses SHA256 digest pinning (supply chain security)
• ✅ Single-purpose change (dependency version only)
• ✅ Test infrastructure scope (no production impact)
• ✅ Consistent with prior Renovate PRs (e.g., #1146, #1140)

[doubleword-code]

Summary

This PR updates the zerob13/mock-openai-api Docker image digest in docker-compose.test.yml from sha256bebf39... to sha256:a0ed87e.... This is a routine Renovate dependency update for the mock LLM server used in integration tests.

Verdict: Ready to approve — this is a standard, low-risk dependency update following best practices.

Research notes

• Fetched Docker Hub tags page: The latest tag was updated 9 days ago with new digests (046b7eb51053 for linux/amd64)
• The mock server is referenced in 5 Hurl test files under tests/perms/ (files-and-batches.hurl, groups.hurl, models.hurl, probes.hurl, endpoints.hurl) at line ~50-330 range, all pointing to http://mock-llm-server:3000
• Pinning to SHA256 digest (rather than latest tag) is the recommended security practice for reproducible builds and supply-chain integrity

Suggested next steps

1. Approve and merge — No code changes, just infrastructure dependency update
2. Optional verification: Run just test docker --build if you want to confirm the new image works with your test suite before merging (though Renovate should have validated this)

General findings

None — this is a straightforward, single-line dependency update with no associated risk beyond any undetected breaking changes in the upstream mock server image (which would surface immediately in CI tests).

[doubleword-code]

Summary

This PR updates the pinned Docker image digest for the mock OpenAI API server (zerob13/mock-openai-api) used in the test environment. The change affects only docker-compose.test.yml, which is used by Hurl integration tests for permissions testing (groups, models, probes, endpoints, files-and-batches).

Verdict: Approve - This is a safe, routine dependency update for a test-only component.

Research notes

• Fetched Docker Hub tags page for zerob13/mock-openai-api: The new digest was pushed 9 days ago, indicating an active maintenance cycle for this image
• The mock server is used exclusively in Hurl tests under tests/perms/ for testing permission-related functionality
• The change is pinning to a newer image digest, which follows the project's convention of using digests instead of tags for reproducibility

Suggested next steps

1. Merge as-is - this is a low-risk dependency update for test infrastructure
2. Ensure Hurl tests pass in CI with the new image version (standard practice for any dependency update)

General findings

No issues found. The change:

• Follows the existing pattern of pinning to SHA256 digests rather than mutable tags
• Only affects test infrastructure, not production code
• Is consistent with how other dependencies are managed in this repository

[doubleword-code]

Summary

This PR updates the mock-llm-server Docker image digest in docker-compose.test.yml from sha256:bebf390... to sha256:a0ed87e.... This is an automated Renovate dependency update for test infrastructure only.

Verdict: Ready to approve - no concerns identified.

Research notes

• Verified the new digest exists on Docker Hub - confirmed as the latest tag updated 9 days ago
• The zerob13/mock-openai-api image is a simple OpenAI API-compatible mock server used exclusively for integration tests
• Pinning by SHA256 digest is the correct approach for reproducible CI/CD

Suggested next steps

1. Approve and merge - This is a low-risk test infrastructure update. If there are any compatibility issues with the new mock server image, the integration tests will catch them immediately.

General findings

None - this is a straightforward, single-line dependency update following best practices:

• Test-only scope (no production impact)
• Immutable digest pinning (reproducible builds)
• Automated via Renovate (consistent update process)

[doubleword-code]

Summary

This PR updates the Docker image digest for the zerob13/mock-openai-api container used in test environments. The change is minimal and isolated to test infrastructure only (docker-compose.test.yml).

Verdict: Ready to approve - this is a routine dependency update with no production impact.

Research notes

• Fetched Docker Hub page for zerob13/mock-openai-api: The latest tag was updated 9 days ago, confirming this is pulling a recent version
• The mock server is used exclusively by Hurl integration tests in tests/perms/ directory (5 test files reference mock-llm-server:3000)
• SHA256 pinning ensures reproducible builds across environments

Suggested next steps

1. Approve and merge - Standard dependency maintenance with no blocking concerns
2. Monitor CI - Verify the updated image doesn't cause test failures (standard practice for any dependency update)

General findings

No issues identified. This is a low-risk, routine update that follows best practices:

• Uses content-addressable image pinning (SHA256 digest)
• Affects only test infrastructure
• Automated via Renovate bot with proper commit messaging convention

[doubleword-code]

Summary

This PR updates the Docker image digest for zerob13/mock-openai-api used in the test infrastructure. The change is a routine dependency update from Renovate, updating the pinned SHA256 digest from bebf390... to a0ed87e... (pushed ~10 days ago per Docker Hub).

Verdict: Ready to merge — no blockers identified.

Research notes

• Fetched Docker Hub tags page: confirmed the new digest exists and was pushed 10 days ago
• Grep search found 17 references to mock-llm-server across Hurl test files (tests/perms/*.hurl) — this image is used for integration testing only
• No production code depends on this image; it's purely test infrastructure

Suggested next steps

1. Merge as-is (standard Renovate dependency update)
2. Optional: Consider adding a trailing newline to the file to remove the "No newline at end of file" git warning (minor hygiene)

General findings

No issues found. The change follows security best practices:

• Image remains pinned by SHA256 digest (not floating tag)
• Single-purpose test dependency with no production impact
• Consistent with the project's dependency update workflow

[doubleword-code]

Summary

This PR updates the mock-llm-server Docker image in docker-compose.test.yml from digest bebf390... to a0ed87e.... This is a routine Renovate dependency update for the test infrastructure's mock OpenAI API server (zerob13/mock-openai-api).

Verdict: Ready to approve — low-risk change limited to test infrastructure.

Research notes

• Fetched Docker Hub tags page for zerob13/mock-openai-api: The image was updated 10 days ago with the latest and master tags pointing to digest 046b7eb.... The new digest a0ed87e... in this PR is a recent commit-based tag.
• The old digest (bebf390...) was from ~12 months ago (based on the 1.0.5 tag pushed 12 months ago).
• This is a test-only dependency used by the just test docker CI workflow and local test setups.

Suggested next steps

1. Approve and merge — This is a routine test infrastructure update with no production impact.
2. Verify CI passes — Ensure the new mock server image is compatible with existing tests (standard CI should catch any breaking changes in the mock API behavior).

General findings

No issues identified. The change:

• Only affects docker-compose.test.yml (test infrastructure)
• Uses SHA256 digest pinning (best practice for reproducibility)
• Is part of the normal Renovate dependency update workflow
• Has no impact on production code or runtime behavior

[doubleword-code]

Summary

This PR updates the pinned Docker image digest for zerob13/mock-openai-api in the test configuration from sha256:bebf390... to sha256:a0ed87e.... This is a routine dependency update for test infrastructure only.

Verdict: Ready to approve - no issues found.

Research notes

Verified the new digest against Docker Hub API:

• The digest sha256:a0ed87e53cd5df9acfef6cc5fdf61733ef22041d401d694a5bb95da5c89da3a3 corresponds to the latest and master tags
• Last pushed: 2026-06-09
• Recently pulled: 2026-06-19 (active usage)
• Image is maintained by zerob13

Suggested next steps

1. Merge this PR to keep test dependencies up to date
2. Ensure CI tests pass with the new image version (standard practice for any dependency update)

General findings

None - this is a straightforward, low-risk dependency update for test infrastructure. The change only affects docker-compose.test.yml which is used for local and CI testing, not production deployments.

[doubleword-code]

Summary

This PR updates the pinned Docker image digest for zerob13/mock-openai-api in the test docker-compose file from sha256:bebf390... to sha256:a0ed87e.... This is an automated dependency update from Renovate for test infrastructure only.

Verdict: Ready to approve - routine test infrastructure update with no production impact.

Research notes

• The docker-compose.test.yml file is used exclusively for testing (per file comments: "Used by both local tests (just test) and CI (just test docker)")
• The mock LLM server serves as a test double simulating OpenAI API responses during integration tests
• Pinning by SHA256 digest is a security best practice ensuring reproducible builds and preventing upstream image tampering
• The renovate.json configuration uses group:allNonMajor for grouping non-breaking dependency updates

Suggested next steps

1. Approve and merge - Standard dependency maintenance with no code changes required

General findings

No issues identified. This is a low-risk, routine update:

• Scope: Test infrastructure only (no production code affected)
• Change type: Docker image digest pin update (follows security best practices)
• Risk level: Minimal - any issues with the new image would only affect integration tests, not production systems

[doubleword-code]

Summary

This PR updates the Docker image digest for the zerob13/mock-openai-api container used in test environments. The change is limited to docker-compose.test.yml and affects only test infrastructure - no production code is modified. The use of SHA256 digest pinning follows security best practices for container dependencies.

Verdict: Ready to approve - no changes required.

Research notes

• The mock server is referenced in Hurl test files under tests/perms/ (endpoints, models, groups, files-and-batches, probes) as the test endpoint http://mock-llm-server:3000
• Digest pinning prevents supply chain attacks where an attacker could replace a tagged image
• This is a routine automated update from Renovate bot

Suggested next steps

1. Merge this PR after verifying tests pass with the new image version
2. Consider enabling auto-merge for similar low-risk dependency updates if not already configured

General findings

None - this is a straightforward dependency update with no associated risks or issues.