chore: update pom dependency and base image to jenkins 2.442 #145
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Mitigate critical severity vuln
https://app.snyk.io/vuln/SNYK-JAVA-ORGJENKINSCIMAIN-6190606 by updating the pom dependency and base image to jenkins 2.442.
In this new base image, system-wide pip installs aren't allowed so the Debian packages are updated to satisfy the virtualenv requirement.
Installing Debian packages with --no-install-recommends because the default was pulling in x11 and a bunch of extra junk a Jenkins server shouldn't need.
Drive-by: fix docker command-line flag in run script, noticed this when testing the image locally.
Testing done
Created a local Docker image with
./.github/build.sh
.Ran it with
./.github/run.sh
.Confirmed Snyk installed and executed.
https://snyksec.atlassian.net/browse/CLI-168
Submitter checklist