You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Thanks for contributing to the Docker-Selenium project! A PR well described will help maintainers to quickly review and merge it
Before submitting your PR, please check our contributing guidelines, applied for this repository.
Avoid large PRs, help reviewers by making them as simple and short as possible.
Here are some key observations to aid the review process:
⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪
🧪 No relevant tests
🔒 Security concerns
Dependency version control: Removing the explicit version pin of lettuce-core (previously 6.5.1.RELEASE) could potentially introduce security vulnerabilities if an older or vulnerable version gets pulled in. The comment on line 130 mentions this was specifically for CVE patches.
Removal of specific lettuce-core version may reintroduce CVE vulnerabilities that were previously patched. Need to verify if the default version is secure.
# Patch specific version for CVEs in the dependencies
> /external_jars/.classpath_session_map.txt \
org.seleniumhq.selenium:selenium-session-map-redis:${MVN_SELENIUM_VERSION} \
# Patch specific version for CVEs in the dependencies
+io.lettuce:lettuce-core:6.5.1.RELEASE \
> /external_jars/.classpath_session_map.txt \
Apply this suggestion
Suggestion importance[1-10]: 9
Why: The suggestion correctly identifies that removing the explicit version of lettuce-core could expose the system to security vulnerabilities. Pinning dependency versions is crucial for security and stability.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User description
Thanks for contributing to the Docker-Selenium project!
A PR well described will help maintainers to quickly review and merge it
Before submitting your PR, please check our contributing guidelines, applied for this repository.
Avoid large PRs, help reviewers by making them as simple and short as possible.
Description
Supply for the change SeleniumHQ/selenium@2357514 gets effective for containers.
This change might help with SeleniumHQ/selenium#13718
It also might help #2169
Motivation and Context
Types of changes
Checklist
PR Type
Enhancement
Description
Updated the base Dockerfile to use JDK 21.
Removed a specific dependency version for
io.lettuce:lettuce-core.Changes walkthrough 📝
Dockerfile
Update JDK version and clean dependenciesBase/Dockerfile
JRE_VERSIONfrom 17 to 21.io.lettuce:lettuce-core.