-
Notifications
You must be signed in to change notification settings - Fork 123
Update dependencies to make scanners happy #779
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
Reviewer's GuideThis PR updates the Docker build process to use UBI10 images and a new JDK release naming approach, refactors package installation in the Dockerfile with an overlay stage, and bumps key Maven dependencies to satisfy security scanners. Flow diagram for new JDK release name handling in build.sh and Dockerfileflowchart TD
A["Read .java-version"] --> B["Set JDK_RELEASE_NAME variable"]
B --> C["Pass JDK_RELEASE_NAME to Docker build args"]
C --> D["Dockerfile uses JDK_RELEASE_NAME for JAVA_HOME and JDK download URL"]
File-Level Changes
Possibly linked issues
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey there - I've reviewed your changes - here's some feedback:
- The build.sh usage/help text still refers to JDK_VERSION—please update it to mention JDK_RELEASE_NAME so the flags and logs stay consistent.
- The temurin_jdk_link function signature and body no longer match (it no longer queries the API)—consider simplifying its parameters or renaming the function to avoid confusion.
- In the jdk-download stage you’ve switched to dnf, but UBI10 micro supports microdnf; consider using microdnf there to keep the image lean.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- The build.sh usage/help text still refers to JDK_VERSION—please update it to mention JDK_RELEASE_NAME so the flags and logs stay consistent.
- The temurin_jdk_link function signature and body no longer match (it no longer queries the API)—consider simplifying its parameters or renaming the function to avoid confusion.
- In the jdk-download stage you’ve switched to dnf, but UBI10 micro supports microdnf; consider using microdnf there to keep the image lean.Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
|
@mosabua ptal :) |
|
Look like the scanners don't like |
|
@oneonestar the copy is the way you add packages to micro which lacks package manager |
Description
This doesn't address any exploitable CVE but makes scanners happy :)
Before:
After:
Additional context and related issues
Release notes
(x) This is not user-visible or is docs only, and no release notes are required.
(X) Release notes are required, with the following suggested text:
* Use UBI10 micro as base Docker imageSummary by Sourcery
Upgrade Docker build environment to use UBI10 images and refactor JDK handling, and update key Maven dependencies to satisfy vulnerability scanners.
Enhancements: