Update veracode dependencies #62
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jlegarreta
commented
Jul 31, 2023
Comment on lines
-81
to
-90
| ARG RUBYVER=2.7.2 | ||
| ARG RUBYSHA=3f50b100fb52cdf315fa17f41ae2e2538bb0c45abd9a6c569fd70ac851d61b2a | ||
| SHELL ["/bin/bash", "-o", "pipefail", "-c"] | ||
|
|
||
| RUN mkdir -p /ruby && \ | ||
| echo "$RUBYSHA /ruby/ruby.tar.bz" > /ruby_checksum.txt && \ | ||
| curl https://rvm_io.global.ssl.fastly.net/binaries/debian/10/x86_64/ruby-$RUBYVER.tar.bz2 -L -o /ruby/ruby.tar.bz && \ | ||
| sha256sum -c /ruby_checksum.txt && \ | ||
| tar -xjvf /ruby/ruby.tar.bz -C /ruby && \ | ||
| mv /ruby/ruby-$RUBYVER /ruby/ruby && \ | ||
| rm /ruby/ruby.tar.bz |
There was a problem hiding this comment.
Had to install ruby with apt-get instead, because the official website does not have binaries for Debian bookworm yet.
jlegarreta
commented
Jul 31, 2023
Comment on lines
+99
to
+107
| ARG JAVAVER=17.0.8 | ||
| ARG JAVASHA=74b528a33bb2dfa02b4d74a0d66c9aff52e4f52924ce23a62d7f9eb1a6744657 | ||
|
|
||
| RUN mkdir -p /java && \ | ||
| echo "$JAVASHA java.tar.gz" >java_checksum.txt && \ | ||
| JAVAMAJOR=$(echo "${JAVAVER}" | cut -d . -f 1) && \ | ||
| curl "https://download.oracle.com/java/${JAVAMAJOR}/archive/jdk-${JAVAVER}_linux-x64_bin.tar.gz" -L -o java.tar.gz && \ | ||
| sha256sum -c java_checksum.txt && \ | ||
| tar -xzvf java.tar.gz --strip-components 1 -C /java |
There was a problem hiding this comment.
Had to install java from Oracle as opposed to apt. There seems to be a bug in the post-installation script of the deb package which causes installation to fail.
8 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Updated the following components:
Debian Bullseye (11) -> Bookworm (12)
Ant 1.10.12 -> 1.10.13
Golang 1.16.3 -> 1.20.6
Gradle 7.0 -> 8.2.1
Maven 3.8.8 -> 3.9.3
Node 14.16.1 -> 18.17.0
OpenJDK 11.x -> 17.0.8
PHP 7.4.22 -> 8.2.8
Ruby 2.7.2 -> 3.1
govendor package removed. Depreciated in favor of go modules since 2019.
Pinned docker images to hashes, pinned apt packages to versions.
Motivation and Context
Several components have not been updated in a long time. This also fixes a bug that was present in the old version NPM that was causing certain scans to fail (see npm/npm#15376).
How Has This Been Tested?
Tested locally and ran a scan in a development environment.
Types of changes
Checklist