fix(cve): Upgrade the docker container versions

We encountered a flaky mvn build error. Upgrading from the outdated Java 18 version to 21 hopefully fixes it. Additionally, this gives an update to the runtime image to Java 21.0.4 and alpine 3.20. The current 21.0.3 Java with Alpine 3.19 shows some CVEs. Scanning with grype the new image shows 0 vulnerabilities. Nice!
GIScience · Aug 14, 2024 · bdcef37 · bdcef37
1 parent 1579727
commit bdcef37
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
 # Image is reused in the workflow builds for master and the latest version
-FROM docker.io/maven:3.8.7-openjdk-18-slim AS build
+FROM docker.io/maven:3.9.8-eclipse-temurin-21-alpine AS build
 ARG DEBIAN_FRONTEND=noninteractive
 
 # hadolint ignore=DL3002
@@ -23,7 +23,7 @@ RUN sed -i "/ors.engine.source_file=.*/s/.*/ors.engine.source_file=\/home\/ors\/
         sed -i "/    source_file:.*/s/.*/    source_file: \/home\/ors\/files\/example-heidelberg.osm.gz/" "/tmp/ors/example-ors-config.yml"
 
 # build final image, just copying stuff inside
-FROM docker.io/amazoncorretto:21.0.3-alpine3.19 AS publish
+FROM docker.io/amazoncorretto:21.0.4-alpine3.20 AS publish
 
 # Build ARGS
 ARG UID=1000