Skip to content

docker-selenium/4.39.0.20251202-r0: cve remediation #76097

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Ankush-Pathak merged 2 commits into from
Dec 18, 2025
Merged

docker-selenium/4.39.0.20251202-r0: cve remediation #76097

Ankush-Pathak merged 2 commits into from
Dec 18, 2025

Conversation

@octo-sts
Copy link
Contributor

@octo-sts octo-sts bot commented Dec 16, 2025

@octo-sts octo-sts bot added automated pr request-cve-remediation maven/pombump GHSA-84h7-rjj3-6jx4 p:docker-selenium P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. labels Dec 16, 2025
@octo-sts
Copy link
Contributor Author

octo-sts bot commented Dec 16, 2025
edited
Loading

📦 Build Failed: Missing Dependency

failed to parse the pom file: open pom.xml: no such file or directory

Build Details

Category Details
Build System melange (Wolfi package builder)
Failure Point maven/pombump step attempting to process pom.xml file

Root Cause Analysis 🔍

The pombump tool is trying to process a Maven pom.xml file that doesn't exist in the checked out docker-selenium repository. The git checkout completed successfully but the repository structure doesn't contain a pom.xml file at the root level, indicating this may not be a Maven-based project or the pom.xml file is located in a subdirectory.

Was this comment helpful? Please use 👍 or 👎 reactions on this comment.

@octo-sts octo-sts bot added the ai/skip-comment Stop AI from commenting on PR label Dec 16, 2025
@Ankush-Pathak
fix(docker-selenium): Bump NETTY_VERSION in Dockerfile instead of usi…
6bd5b14 
…ng pombump

Signed-off-by: Ankush Pathak <ankush.pathak@chainguard.dev>
@octo-sts octo-sts bot added bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. approver-bot/manual-review-needed manual/review-needed staging-approver-bot/manual-review-needed labels Dec 18, 2025
@Ankush-Pathak Ankush-Pathak requested a review from a team December 18, 2025 06:36
@Ankush-Pathak Ankush-Pathak enabled auto-merge (squash) December 18, 2025 06:36
aborrero
aborrero approved these changes Dec 18, 2025
View reviewed changes
Copy link
Member

@aborrero aborrero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@Ankush-Pathak Ankush-Pathak merged commit e52e4a9 into main Dec 18, 2025
23 checks passed
@Ankush-Pathak Ankush-Pathak deleted the cve-docker-selenium-4.39.0.20251202-r0-b48c67401e10b5372a47a6746e7b6f9c branch December 18, 2025 11:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aborrero aborrero aborrero approved these changes

Assignees

No one assigned

Labels

ai/skip-comment Stop AI from commenting on PR approver-bot/manual-review-needed automated pr bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. GHSA-84h7-rjj3-6jx4 manual/review-needed maven/pombump p:docker-selenium P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. request-cve-remediation staging-approver-bot/manual-review-needed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aborrero @Ankush-Pathak