chore: update pom dependency, base image to jenkins 2.442

Mitigate critical severity vuln
https://app.snyk.io/vuln/SNYK-JAVA-ORGJENKINSCIMAIN-6190606
by updating the pom dependency and base image to Jenkins 2.442.

In this new base image, system-wide pip installs aren't allowed so the Debian
packages are updated to satisfy the virtualenv requirement.

Installing Debian packages with --no-install-recommends because the default was
pulling in x11 and a bunch of extra junk a Jenkins server shouldn't need.

Drive-by: fix docker command-line flag in run script, noticed this when testing
the image locally.

.github/Dockerfile

@@ -12,11 +12,11 @@ RUN ./mvnw verify -q -s .mvn/settings.xml --fail-never
 COPY . .
 RUN ./mvnw clean verify -s .mvn/settings.xml
 
-FROM jenkins/jenkins:2.401.1-jdk11
+FROM jenkins/jenkins:2.442-jdk11
 
 USER root
-RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -qq git python3 python3-pip sudo
-RUN pip3 install virtualenv
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive \
+    apt-get install -qq --no-install-recommends git python3 python3-pip python3-virtualenv sudo
 
 USER jenkins
 

.github/run.sh

@@ -8,5 +8,5 @@ echo "Please connect to IP address $HOST"
 # to persist data:
   # create a volume using docker `volume create <VOLUME_NAME>`
   # mount the volume via docker run command using `-v <VOLUME_NAME>:/var/jenkins_home`
-docker run -rm --platform linux/amd64 -p 8080:8080 -p 50000:50000 --name=jenkins-snyk jenkins-snyk
+docker run --rm --platform linux/amd64 -p 8080:8080 -p 50000:50000 --name=jenkins-snyk jenkins-snyk
 popd || exit

pom.xml

@@ -9,7 +9,7 @@
   </parent>
 
   <properties>
-    <jenkins.version>2.401.1</jenkins.version>
+    <jenkins.version>2.442</jenkins.version>
     <!-- java11 required since 2.357:
           https://www.jenkins.io/blog/2022/06/28/require-java-11/ -->
     <java.version>11</java.version>