sonarqube-10/10.6.0.92116-r0: cve remediation

[octo-sts]

sonarqube-10/10.6.0.92116-r0: fix GHSA-xfrj-6vvc-3xm2/GHSA-gvpg-vgmx-xg6w/GHSA-8xfc-gm6g-vgpv/GHSA-5jpm-x58v-624v/GHSA-v435-xc8x-wvr9/GHSA-4q22-422g-m4pj/GHSA-493p-pfq6-5258/GHSA-3f7h-mf4q-vrm4/

Advisory data: https://github.com/wolfi-dev/advisories/blob/main/sonarqube-10.advisories.yaml

[octo-sts]

Open AI suggestions to solve the build error:

The error message is: "fatal: detected dubious ownership in repository at '/github/home'
To add an exception for this directory, call:

git config --global --add safe.directory /github/home
ERRO request failed error=\"Get \\\"./packages/apk-configuration\\\": unsupported protocol scheme \\\"\\\"\"
WARN Error: failed to parse the pom file: open pom.xml: no such file or directory
ERRO ERROR: failed to build package. the build environment has been preserved:
INFO workspace dir: /temp/melange-workspace-46469100
INFO guest dir: /temp/melange-guest-1041084014
ERRO failed to build package: unable to run package sonarqube-10 pipeline: unable to run pipeline: unable to run pipeline: exit status 1
make[1]: *** [Makefile:111: packages/aarch64/sonarqube-10-10.6.0.92116-r1.apk] Error 1
make[1]: Leaving directory '/github/home'
make: *** [Makefile:101: package/sonarqube-10] Error 2
##[error]Process completed with exit code 2."

1. Run `git config --global --add safe.directory /github/home`.
2. Check the URL in `./packages/apk-configuration`.
3. Ensure `pom.xml` exists in the correct directory.
4. Verify the build environment and dependencies.
5. Re-run the build process.

[hectorj2f]

This will require some debugging to know which dependencies break the compilation and which don't :/.

[hectorj2f]

That is the result of letting CVEs to pile up :/ until we tackle them.

[octo-sts]

Open AI suggestions to solve the build error:

The error message is: "ERROR: failed to build package. the build environment has been preserved:
INFO   workspace dir: /temp/melange-workspace-3633133673
INFO   guest dir: /temp/melange-guest-865811315
ERRO failed to build package: unable to run package sonarqube-10 pipeline: unable to run pipeline: unable to run pipeline: exit status 1
make[1]: *** [Makefile:111: packages/aarch64/sonarqube-10-10.6.0.92116-r1.apk] Error 1
make[1]: Leaving directory '/github/home'
make: *** [Makefile:101: package/sonarqube-10] Error 2
##[error]Process completed with exit code 2."

1. Verify dependencies for sonarqube-10 are installed.
2. Check the Makefile for correct paths and targets.
3. Ensure the build environment is correctly set up.
4. Review logs in /temp/melange-workspace-3633133673 for more details.
5. Run the build command manually to identify specific issues.

[octo-sts]

Open AI suggestions to solve the build error:

The error log indicates a failure in building the SonarQube package. The build environment has been preserved for further inspection. The specific error is related to the inability to run the SonarQube-10 pipeline, resulting in an exit status 1. The Makefile encountered errors at specific lines, leading to the process completion with exit code 2.

To address this issue, consider the following steps:
1. Review the Makefile for any syntax errors or incorrect paths.
2. Ensure that all necessary dependencies for SonarQube are installed.
3. Verify that the build environment is correctly set up.
4. Examine the build logs for more detailed error messages.
5. Attempt to run the build command manually to identify the exact point of failure.
6. Update any outdated packages or dependencies that might be causing the issue.