Docker: Update deps version for fixed CVE

[VietND96]

User description

Thanks for contributing to the Docker-Selenium project!
A PR well described will help maintainers to quickly review and merge it

Before submitting your PR, please check our contributing guidelines, applied for this repository.
Avoid large PRs, help reviewers by making them as simple and short as possible.

Description

Motivation and Context

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist

• I have read the contributing document.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have added tests to cover my changes.
• All new and existing tests passed.

---

PR Type

Enhancement, Bug fix

---

Description

• Updated dependencies to address CVE vulnerabilities.

• Added new NETTY_VERSION argument for better dependency management.

• Upgraded setuptools and virtualenv in Python installation.

• Adjusted envsubst binary source URL for reliability.

---

Changes walkthrough 📝

	Relevant files
Enhancement	Dockerfile Update dependencies and improve Dockerfile configurations Base/Dockerfile Added NETTY_VERSION argument for dependency management. Updated versions for ENVSUBST_VERSION and other dependencies. Upgraded Python setuptools and virtualenv during installation. Modified envsubst binary source URL for reliability. +7/-2

---

Need help?

Type /help how to ... in the comments thread for any questions about Qodo Merge usage.

Check out the documentation for more information.

[qodo-code-review]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Version Compatibility The new Netty version (4.2.0.Final) seems unusual as the current stable Netty versions are in the 4.1.x range. Verify this is the correct version number and compatible with the GRPC version. ARG NETTY_VERSION=4.2.0.Final ARG CS_VERSION=2.1.18

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Fix invalid Netty version The specified Netty version 4.2.0.Final appears to be incorrect. The latest Netty 4.x series is 4.1.x (not 4.2.x). Version 4.2.0.Final doesn't exist in official repositories and would cause build failures. Base/Dockerfile [13] -ARG NETTY_VERSION=4.2.0.Final +ARG NETTY_VERSION=4.1.107.Final Apply this suggestion Suggestion importance[1-10]: 9 __ Why: The suggestion correctly identifies that Netty 4.2.0.Final is an invalid version that doesn't exist in official repositories. Using a non-existent dependency version would cause build failures, making this a critical fix.	High
Security	Use official repository source The source URL for envsubst has been changed from the official repository (a8m/envsubst) to a fork (ndviet/envsubst). This could introduce security risks if the fork is not properly maintained or verified. Consider using the official repository unless there's a specific reason for the change. Base/Dockerfile [187] -&& curl -fsSL https://github.com/ndviet/envsubst/releases/download/v${ENVSUBST_VERSION}/envsubst-$(uname -s)-${ARCH} -o envsubst \ +&& curl -fsSL https://github.com/a8m/envsubst/releases/download/v${ENVSUBST_VERSION}/envsubst-$(uname -s)-${ARCH} -o envsubst \ Apply this suggestion Suggestion importance[1-10]: 7 __ Why: The suggestion identifies a potential security risk in switching from the official envsubst repository to a fork. Using unofficial sources could introduce security vulnerabilities or maintenance issues, making this a significant concern.	Medium
More

[qodo-code-review]

CI Feedback 🧐

(Feedback updated until commit 4b904a7)

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: Rerun workflow when failure

Failed stage: Authenticate GitHub CLI for PR [❌]

Failure summary: The action failed because the GitHub CLI authentication token (GH_CLI_TOKEN_PR) is missing the required read:org scope. When the workflow attempted to authenticate with GitHub using gh auth login --with-token, it failed with the error: "error validating token: missing required scope 'read:org'" (line 169).

Relevant error logs: 1: ##[group]Operating System 2: Ubuntu ... 22: Issues: write 23: Metadata: read 24: Models: read 25: Packages: write 26: Pages: write 27: PullRequests: write 28: RepositoryProjects: write 29: SecurityEvents: write 30: Statuses: write 31: ##[endgroup] 32: Secret source: Actions 33: Prepare workflow directory 34: Prepare all required actions 35: Getting action download info 36: Download action repository 'actions/checkout@main' (SHA:85e6279cec87321a52edac9c87bce653a07cf6c2) 37: Complete job name: Rerun workflow when failure 38: ##[group]Run actions/checkout@main ... 42: ssh-strict: true 43: ssh-user: git 44: persist-credentials: true 45: clean: true 46: sparse-checkout-cone-mode: true 47: fetch-depth: 1 48: fetch-tags: false 49: show-progress: true 50: lfs: false 51: submodules: false 52: set-safe-directory: true 53: env: 54: GH_CLI_TOKEN: *** 55: GH_CLI_TOKEN_PR: *** 56: RUN_ID: 14389553908 57: RERUN_FAILED_ONLY: true 58: RUN_ATTEMPT: 1 ... 113: Or undo this operation with: 114: git switch - 115: Turn off this advice by setting config variable advice.detachedHead to false 116: HEAD is now at 595b880 Merge 4b904a7e1732cfbccf9d351ff33187883df54f77 into 35b2d0e14e714568c607165cfc73fd4d849cdf4f 117: ##[endgroup] 118: [command]/usr/bin/git log -1 --format=%H 119: 595b880e233b929d8e758b7760849a5b003ea031 120: ##[group]Run sudo apt update 121: �[36;1msudo apt update�[0m 122: �[36;1msudo apt install gh�[0m 123: shell: /usr/bin/bash -e {0} 124: env: 125: GH_CLI_TOKEN: *** 126: GH_CLI_TOKEN_PR: *** 127: RUN_ID: 14389553908 128: RERUN_FAILED_ONLY: true 129: RUN_ATTEMPT: 1 ... 151: Reading state information... 152: 93 packages can be upgraded. Run 'apt list --upgradable' to see them. 153: WARNING: apt does not have a stable CLI interface. Use with caution in scripts. 154: Reading package lists... 155: Building dependency tree... 156: Reading state information... 157: gh is already the newest version (2.69.0). 158: 0 upgraded, 0 newly installed, 0 to remove and 93 not upgraded. 159: ##[group]Run echo "$GH_CLI_TOKEN_PR" | gh auth login --with-token 160: �[36;1mecho "$GH_CLI_TOKEN_PR" | gh auth login --with-token�[0m 161: shell: /usr/bin/bash -e {0} 162: env: 163: GH_CLI_TOKEN: *** 164: GH_CLI_TOKEN_PR: *** 165: RUN_ID: 14389553908 166: RERUN_FAILED_ONLY: true 167: RUN_ATTEMPT: 1 168: ##[endgroup] 169: error validating token: missing required scope 'read:org' 170: ##[error]Process completed with exit code 1. 171: Post job cleanup.