diff --git a/DevDockerfile b/DevDockerfile index 0736d452..22ad85d3 100644 --- a/DevDockerfile +++ b/DevDockerfile @@ -10,10 +10,10 @@ ENV CRAWLER_BUILD_NUMBER=$BUILD_NUMBER # Ruby and Python Dependencies RUN apt-get update && apt-get install -y --no-install-recommends --no-install-suggests curl bzip2 build-essential libssl-dev libreadline-dev zlib1g-dev cmake python3 python3-dev python3-pip xz-utils libxml2-dev libxslt1-dev libpopt0 && \ rm -rf /var/lib/apt/lists/* && \ - curl -L https://github.com/rbenv/ruby-build/archive/v20180822.tar.gz | tar -zxvf - -C /tmp/ && \ + curl -L https://github.com/rbenv/ruby-build/archive/refs/tags/v20231012.tar.gz | tar -zxvf - -C /tmp/ && \ cd /tmp/ruby-build-* && ./install.sh && cd / && \ - ruby-build -v 2.5.1 /usr/local && rm -rfv /tmp/ruby-build-* && \ - gem install bundler -v 2.3.26 --no-document + ruby-build -v 3.2.2 /usr/local && rm -rfv /tmp/ruby-build-* && \ + gem install bundler -v 2.5.4 --no-document # Scancode ARG SCANCODE_VERSION="30.1.0" @@ -27,14 +27,13 @@ RUN pip3 install --upgrade pip setuptools wheel && \ ENV SCANCODE_HOME=/usr/local/bin # Licensee -# The latest version of nokogiri (1.13.1) and faraday (2.3.0) requires RubyGem 2.6.0 while -# the current RubyGem is 2.5.1. However, after upgrading RubyGem to 3.1.2, licensee:9.12.0 starts -# to have hard time to find license in LICENSE file, like component npm/npmjs/-/caniuse-lite/1.0.30001344. -# So we pin to the previous version of nokogiri and faraday. -RUN gem install nokogiri:1.12.5 --no-document && \ - gem install faraday:1.10.0 --no-document && \ - gem install public_suffix:4.0.7 --no-document && \ - gem install licensee:9.12.0 --no-document +# Licensee and its dependencies pinned to its latest version which helped to update the ruby to its recent version, +# Component npm/npmjs/-/caniuse-lite/1.0.30001344 is getting identified by its correct license but the matcher is dice. +# The match is not an exact match and hence not adopted by CD licensee summarizer. +RUN gem install nokogiri:1.16.0 --no-document && \ + gem install faraday:2.9.0 --no-document && \ + gem install public_suffix:5.0.4 --no-document && \ + gem install licensee:9.16.1 --no-document # REUSE RUN pip3 install setuptools diff --git a/Dockerfile b/Dockerfile index 24cdb839..03c11638 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,10 +16,10 @@ ENV CRAWLER_BUILD_NUMBER=$BUILD_NUMBER # Ruby and Python Dependencies RUN apt-get update && apt-get install -y --no-install-recommends --no-install-suggests curl bzip2 build-essential libssl-dev libreadline-dev zlib1g-dev cmake python3 python3-dev python3-pip xz-utils libxml2-dev libxslt1-dev libpopt0 && \ rm -rf /var/lib/apt/lists/* && \ - curl -L https://github.com/rbenv/ruby-build/archive/v20180822.tar.gz | tar -zxvf - -C /tmp/ && \ + curl -L https://github.com/rbenv/ruby-build/archive/refs/tags/v20231012.tar.gz | tar -zxvf - -C /tmp/ && \ cd /tmp/ruby-build-* && ./install.sh && cd / && \ - ruby-build -v 2.5.1 /usr/local && rm -rfv /tmp/ruby-build-* && \ - gem install bundler -v 2.3.26 --no-document + ruby-build -v 3.2.2 /usr/local && rm -rfv /tmp/ruby-build-* && \ + gem install bundler -v 2.5.4 --no-document # Scancode ARG SCANCODE_VERSION="30.1.0" @@ -33,14 +33,13 @@ RUN pip3 install --upgrade pip setuptools wheel && \ ENV SCANCODE_HOME=/usr/local/bin # Licensee -# The latest version of nokogiri (1.13.1) and faraday (2.3.0) requires RubyGem 2.6.0 while -# the current RubyGem is 2.5.1. However, after upgrading RubyGem to 3.1.2, licensee:9.12.0 starts -# to have hard time to find license in LICENSE file, like component npm/npmjs/-/caniuse-lite/1.0.30001344. -# So we pin to the previous version of nokogiri and faraday. -RUN gem install nokogiri:1.12.5 --no-document && \ - gem install faraday:1.10.0 --no-document && \ - gem install public_suffix:4.0.7 --no-document && \ - gem install licensee:9.12.0 --no-document +# Licensee and its dependencies pinned to its latest version which helped to update the ruby to its recent version, +# Component npm/npmjs/-/caniuse-lite/1.0.30001344 is getting identified by its correct license but the matcher is dice. +# The match is not an exact match and hence not adopted by CD licensee summarizer. +RUN gem install nokogiri:1.16.0 --no-document && \ + gem install faraday:2.9.0 --no-document && \ + gem install public_suffix:5.0.4 --no-document && \ + gem install licensee:9.16.1 --no-document # REUSE RUN pip3 install setuptools