From 4c6276f656efdc15708e09e5795832658abfe6c4 Mon Sep 17 00:00:00 2001
From: Nick Larsen <nick.larsen@stackable.tech>
Date: Fri, 21 Nov 2025 11:25:04 +0100
Subject: [PATCH 1/5] feat(ubi-rust-builder): replace ubi9 with ubi10

---
 .github/ISSUE_TEMPLATE/update-base-ubi-rust-builders.md | 4 ++--
 .github/workflows/ubi-rust-builder.yml                  | 5 ++---
 {ubi9-rust-builder => ubi10-rust-builder}/Dockerfile    | 9 +++++----
 {ubi9-rust-builder => ubi10-rust-builder}/README.md     | 6 +++---
 4 files changed, 12 insertions(+), 12 deletions(-)
 rename {ubi9-rust-builder => ubi10-rust-builder}/Dockerfile (91%)
 rename {ubi9-rust-builder => ubi10-rust-builder}/README.md (86%)

diff --git a/.github/ISSUE_TEMPLATE/update-base-ubi-rust-builders.md b/.github/ISSUE_TEMPLATE/update-base-ubi-rust-builders.md
index cb552e447..ad112752f 100644
--- a/.github/ISSUE_TEMPLATE/update-base-ubi-rust-builders.md
+++ b/.github/ISSUE_TEMPLATE/update-base-ubi-rust-builders.md
@@ -51,7 +51,7 @@ Add/Change/Remove anything that isn't applicable anymore
 > This list should be completed by the assignee(s), once respective PRs have been merged. Once all items have been
 > checked, the issue can be moved into _Development: Done_.
 
-- [ ] Done for [ubi9-rust-builder/Dockerfile](https://github.com/stackabletech/docker-images/blob/main/ubi9-rust-builder/Dockerfile)
+- [ ] Done for [ubi10-rust-builder/Dockerfile](https://github.com/stackabletech/docker-images/blob/main/ubi10-rust-builder/Dockerfile)
 - [ ] Can build the image locally
 - [ ] Can build an operator image
 
@@ -59,7 +59,7 @@ Add/Change/Remove anything that isn't applicable anymore
 <summary>Testing instructions</summary>
 
 ```shell
-docker build -t oci.stackable.tech/sdp/ubi9-rust-builder . -f ubi9-rust-builder/Dockerfile
+docker build -t oci.stackable.tech/sdp/ubi10-rust-builder . -f ubi10-rust-builder/Dockerfile
 
 # Change directory into the an operator repository and ensure the image can build
 docker build . -f docker/Dockerfile
diff --git a/.github/workflows/ubi-rust-builder.yml b/.github/workflows/ubi-rust-builder.yml
index 7f8f580f5..5afef7bba 100644
--- a/.github/workflows/ubi-rust-builder.yml
+++ b/.github/workflows/ubi-rust-builder.yml
@@ -8,7 +8,6 @@ on:
     branches:
       - main
     paths:
-      - ubi9-rust-builder/**
       - ubi10-rust-builder/**
       - .github/actions/**
       - .github/workflows/ubi-rust-builder.yml
@@ -25,7 +24,7 @@ jobs:
       fail-fast: false
       matrix:
         runner: ["ubuntu-latest", "ubicloud-standard-8-arm-ubuntu-2404"]
-        ubi-version: ["ubi9"]
+        ubi-version: ["ubi10"]
     runs-on: ${{ matrix.runner }}
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
@@ -65,7 +64,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        ubi-version: ["ubi9"]
+        ubi-version: ["ubi10"]
     runs-on: ubuntu-latest
     needs: ["build"]
     steps:
diff --git a/ubi9-rust-builder/Dockerfile b/ubi10-rust-builder/Dockerfile
similarity index 91%
rename from ubi9-rust-builder/Dockerfile
rename to ubi10-rust-builder/Dockerfile
index 8a8548efb..2d0b2a976 100644
--- a/ubi9-rust-builder/Dockerfile
+++ b/ubi10-rust-builder/Dockerfile
@@ -1,10 +1,11 @@
 # syntax=docker/dockerfile:1.16.0@sha256:e2dd261f92e4b763d789984f6eab84be66ab4f5f08052316d8eb8f173593acf7
 # check=error=true
 
-# Find the latest version at https://catalog.redhat.com/software/containers/ubi9/ubi-minimal/615bd9b4075b022acc111bf5?container-tabs=gti
-# IMPORTANT: Be sure to use the Manifest List Digest for multi-arch support
-FROM registry.access.redhat.com/ubi9/ubi-minimal@sha256:2f06ae0e6d3d9c4f610d32c480338eef474867f435d8d28625f2985e8acde6e8 AS builder
-
+# Find the latest version at https://catalog.redhat.com/en/software/containers/ubi10/ubi-minimal/66f1504a379b9c2cf23e145c#get-the-image
+# IMPORTANT: Make sure to use the "Manifest List Digest" that references the images for multiple architectures
+# rather than just the "Image Digest" that references the image for the selected architecture.
+FROM registry.access.redhat.com/ubi10/ubi-minimal@sha256:28ec2f4662bdc4b0d4893ef0d8aebf36a5165dfb1d1dc9f46319bd8a03ed3365 AS builder
+# todo
 LABEL maintainer="Stackable GmbH"
 
 # Pin the rustup version to avoid unexpected breaking changes.
diff --git a/ubi9-rust-builder/README.md b/ubi10-rust-builder/README.md
similarity index 86%
rename from ubi9-rust-builder/README.md
rename to ubi10-rust-builder/README.md
index 946c1d407..87413a567 100644
--- a/ubi9-rust-builder/README.md
+++ b/ubi10-rust-builder/README.md
@@ -1,4 +1,4 @@
-# ubi9-rust-builder
+# ubi10-rust-builder
 
 These images are meant to be used in multi-stage builds as a base image for projects building Rust projects.
 They are automatically rebuilt and pushed every night and also on every push to the main branch, in addition a build can be triggered using GitHub Actions.
@@ -10,9 +10,9 @@ This will bake in the current stable Rust version at the time this image was bui
 ## Example usage
 
 ```dockerfile
-FROM oci.stackable.tech/ubi9-rust-builder AS builder
+FROM oci.stackable.tech/sdp/ubi10-rust-builder AS builder
 
-FROM registry.access.redhat.com/ubi9/ubi-minimal AS operator
+FROM registry.access.redhat.com/ubi10/ubi-minimal AS operator
 LABEL maintainer="Stackable GmbH"
 
 # Update image

From 5de8a0ba0d1c1f16debddc798c4e2231e4c3aaf3 Mon Sep 17 00:00:00 2001
From: Nick Larsen <nick.larsen@stackable.tech>
Date: Fri, 21 Nov 2025 11:32:06 +0100
Subject: [PATCH 2/5] feat: Use ubi10 in base images

Note: This required an adjustment to the opa daemonset patch, otherwise compilation fails due to gcc-15 requirements.
Along the road to fixing this, we found some relevant links which might be useful in future:
- [Github Repo](https://github.com/daemontools/daemontools) (shows daemontools 0.76 is 12 years old)
- [daemontools Homepage](https://cr.yp.to/daemontools.html)
- [Debian bug report](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066623)
  - [Debian patches)(https://salsa.debian.org/debian/daemontools/-/tree/debian/latest/debian/patches?ref_type=heads)
  - [Reverted patch and GCC-15 fix](https://salsa.debian.org/debian/daemontools/-/commit/3e20831dfabe9dac4c5b6de3ae3945491280c80b#8756c63497c8dc39f7773438edf53b220c773f67)
---
 druid/Dockerfile                 | 2 +-
 hbase/Dockerfile                 | 2 +-
 hive/Dockerfile                  | 2 +-
 opa/daemontools/conf-cc.patch    | 2 +-
 opensearch-dashboards/Dockerfile | 2 +-
 stackable-base/Dockerfile        | 6 +++---
 stackable-devel/Dockerfile       | 4 ++--
 testing-tools/README.md          | 2 +-
 8 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/druid/Dockerfile b/druid/Dockerfile
index 3231d11ae..452db35b0 100644
--- a/druid/Dockerfile
+++ b/druid/Dockerfile
@@ -131,7 +131,7 @@ LABEL org.opencontainers.image.description="${DESCRIPTION}"
 
 # https://docs.openshift.com/container-platform/4.16/openshift_images/create-images.html#defining-image-metadata
 # https://github.com/projectatomic/ContainerApplicationGenericLabels/blob/master/vendor/redhat/labels.md
-LABEL io.openshift.tags="ubi9,stackable,druid,sdp"
+LABEL io.openshift.tags="ubi10,stackable,druid,sdp"
 LABEL io.k8s.description="${DESCRIPTION}"
 LABEL io.k8s.display-name="${NAME}"
 
diff --git a/hbase/Dockerfile b/hbase/Dockerfile
index f954a7304..94dd6495f 100644
--- a/hbase/Dockerfile
+++ b/hbase/Dockerfile
@@ -92,7 +92,7 @@ LABEL org.opencontainers.image.description="${DESCRIPTION}"
 
 # https://docs.openshift.com/container-platform/4.16/openshift_images/create-images.html#defining-image-metadata
 # https://github.com/projectatomic/ContainerApplicationGenericLabels/blob/master/vendor/redhat/labels.md
-LABEL io.openshift.tags="ubi9,stackable,hbase,sdp,nosql"
+LABEL io.openshift.tags="ubi10,stackable,hbase,sdp,nosql"
 LABEL io.k8s.description="${DESCRIPTION}"
 LABEL io.k8s.display-name="${NAME}"
 
diff --git a/hive/Dockerfile b/hive/Dockerfile
index 037bb0321..e50c6aad1 100644
--- a/hive/Dockerfile
+++ b/hive/Dockerfile
@@ -178,7 +178,7 @@ LABEL org.opencontainers.image.description="${DESCRIPTION}"
 
 # https://docs.openshift.com/container-platform/4.16/openshift_images/create-images.html#defining-image-metadata
 # https://github.com/projectatomic/ContainerApplicationGenericLabels/blob/master/vendor/redhat/labels.md
-LABEL io.openshift.tags="ubi9,stackable,hive,sdp"
+LABEL io.openshift.tags="ubi10,stackable,hive,sdp"
 LABEL io.k8s.description="${DESCRIPTION}"
 LABEL io.k8s.display-name="${NAME}"
 
diff --git a/opa/daemontools/conf-cc.patch b/opa/daemontools/conf-cc.patch
index 9c678e801..80dd1cced 100644
--- a/opa/daemontools/conf-cc.patch
+++ b/opa/daemontools/conf-cc.patch
@@ -2,6 +2,6 @@
 +++ conf-cc	2014-07-14 12:07:14.837994394 +0000
 @@ -1,3 +1,3 @@
 -gcc -O2 -Wimplicit -Wunused -Wcomment -Wchar-subscripts -Wuninitialized -Wshadow -Wcast-qual -Wcast-align -Wwrite-strings
-+gcc -O2 -Wimplicit -Wunused -Wcomment -Wchar-subscripts -Wuninitialized -Wshadow -Wcast-qual -Wcast-align -Wwrite-strings -include /usr/include/errno.h
++gcc -O2 -Wimplicit -Wunused -Wcomment -Wchar-subscripts -Wuninitialized -Wshadow -Wcast-qual -Wcast-align -Wwrite-strings -include /usr/include/errno.h -include /usr/include/unistd.h -std=gnu11 -Wno-incompatible-pointer-types -Wno-implicit-int -Wno-implicit-function-declaration
 
  This will be used to compile .c files.
diff --git a/opensearch-dashboards/Dockerfile b/opensearch-dashboards/Dockerfile
index 0f6ab2636..42c8cab61 100644
--- a/opensearch-dashboards/Dockerfile
+++ b/opensearch-dashboards/Dockerfile
@@ -218,7 +218,7 @@ LABEL org.opencontainers.image.title="${NAME}"
 LABEL org.opencontainers.image.description="${DESCRIPTION}"
 # https://docs.openshift.com/container-platform/4.16/openshift_images/create-images.html#defining-image-metadata
 # https://github.com/projectatomic/ContainerApplicationGenericLabels/blob/master/vendor/redhat/labels.md
-LABEL io.openshift.tags="ubi9,stackable,opensearch-dashboards,opensearch"
+LABEL io.openshift.tags="ubi10,stackable,opensearch-dashboards,opensearch"
 LABEL io.k8s.description="${DESCRIPTION}"
 LABEL io.k8s.display-name="${NAME}"
 
diff --git a/stackable-base/Dockerfile b/stackable-base/Dockerfile
index daf6ab567..66b2ca2d8 100644
--- a/stackable-base/Dockerfile
+++ b/stackable-base/Dockerfile
@@ -36,10 +36,10 @@ cd /secret-operator
 cargo auditable --quiet build --release --package cert-tools && cargo cyclonedx --all --spec-version 1.5 --describe binaries
 EOF
 
-# Find the latest version at https://catalog.redhat.com/software/containers/ubi9/ubi-minimal/615bd9b4075b022acc111bf5?container-tabs=gti
+# Find the latest version at https://catalog.redhat.com/en/software/containers/ubi10/ubi-minimal/66f1504a379b9c2cf23e145c#get-the-image
 # IMPORTANT: Make sure to use the "Manifest List Digest" that references the images for multiple architectures
 # rather than just the "Image Digest" that references the image for the selected architecture.
-FROM registry.access.redhat.com/ubi9/ubi-minimal@sha256:2f06ae0e6d3d9c4f610d32c480338eef474867f435d8d28625f2985e8acde6e8 AS final
+FROM registry.access.redhat.com/ubi10/ubi-minimal@sha256:28ec2f4662bdc4b0d4893ef0d8aebf36a5165dfb1d1dc9f46319bd8a03ed3365 AS final
 
 # intentionally unused
 ARG PRODUCT_VERSION
@@ -156,7 +156,7 @@ chown ${STACKABLE_USER_UID}:0 /stackable/.curlrc
 # CVE-2023-37920: Remove "e-Tugra" root certificates
 # e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems
 # Until they are removed by default from ca-certificates, we should remove them manually
-EXPECTED_CERTS_PACKAGE="ca-certificates-2025.2.80_v9.0.305-91.el9.noarch"
+EXPECTED_CERTS_PACKAGE="ca-certificates-2025.2.80_v9.0.305-102.el10_1.noarch"
 ACTUAL_CERTS_PACKAGE="$(rpm -qa ca-certificates)"
 if [ "$ACTUAL_CERTS_PACKAGE" != "$EXPECTED_CERTS_PACKAGE" ]; then
   echo "The ca-certificates package was updated to $ACTUAL_CERTS_PACKAGE. Please check if the e-Tugra root certificates are present. \
diff --git a/stackable-devel/Dockerfile b/stackable-devel/Dockerfile
index 6f1e7b4d8..48894d940 100644
--- a/stackable-devel/Dockerfile
+++ b/stackable-devel/Dockerfile
@@ -8,10 +8,10 @@
 # Use `stackable-base` as a base for the final image stage instead
 #
 
-# Find the latest version at https://catalog.redhat.com/software/containers/ubi9/ubi-minimal/615bd9b4075b022acc111bf5?container-tabs=gti
+# Find the latest version at https://catalog.redhat.com/en/software/containers/ubi10/ubi-minimal/66f1504a379b9c2cf23e145c#get-the-image
 # IMPORTANT: Make sure to use the "Manifest List Digest" that references the images for multiple architectures
 # rather than just the "Image Digest" that references the image for the selected architecture.
-FROM registry.access.redhat.com/ubi9/ubi-minimal@sha256:2f06ae0e6d3d9c4f610d32c480338eef474867f435d8d28625f2985e8acde6e8
+FROM registry.access.redhat.com/ubi10/ubi-minimal@sha256:28ec2f4662bdc4b0d4893ef0d8aebf36a5165dfb1d1dc9f46319bd8a03ed3365
 
 # intentionally unused
 ARG PRODUCT_VERSION
diff --git a/testing-tools/README.md b/testing-tools/README.md
index 166b64f55..26fd3e2aa 100644
--- a/testing-tools/README.md
+++ b/testing-tools/README.md
@@ -1,4 +1,4 @@
 # Stackable testing tools image
 
-* Based on debian/python 3.12 unlike `tools` which is based on UBI9 with python 3.9.
+* Based on debian/python 3.12 unlike `tools` which is based on UBI10 with python 3.9.
 * Comes with Python packages needed by the kuttl tests.

From 538b3baf0e3d6933ed278885dc24d37db2c74b9f Mon Sep 17 00:00:00 2001
From: Nick Larsen <nick.larsen@stackable.tech>
Date: Fri, 21 Nov 2025 20:47:04 +0100
Subject: [PATCH 3/5] feat(airflow/wip): use a newer uv version, and install
 the correct python version using it

WIP: Still need to fix the build layers, but this appears to work fine (tested the oldest and newest versions via the getting_started guide)
---
 airflow/Dockerfile       | 42 ++++++++++++++++++++++++++--------------
 airflow/boil-config.toml | 24 +++++++++++++----------
 2 files changed, 41 insertions(+), 25 deletions(-)

diff --git a/airflow/Dockerfile b/airflow/Dockerfile
index f518903fc..e585b4948 100644
--- a/airflow/Dockerfile
+++ b/airflow/Dockerfile
@@ -23,10 +23,10 @@ WORKDIR /tmp/opa-auth-manager
 
 RUN <<EOF
 microdnf update
-microdnf install python${PYTHON_VERSION}-pip
+microdnf install python3-pip
 microdnf clean all
 
-pip${PYTHON_VERSION} install --no-cache-dir uv==${UV_VERSION}
+pip install --no-cache-dir uv==${UV_VERSION}
 
 # This folder is required by the tests to set up an sqlite database
 mkdir /root/airflow
@@ -62,8 +62,7 @@ ARG AIRFLOW_EXTRAS_EXTERNAL_SERVICES=""
 ARG AIRFLOW_EXTRAS_LOCALLY_INSTALLED_SOFTWARE=""
 ARG AIRFLOW_EXTRAS_OTHER=""
 
-RUN microdnf module enable -y nodejs:${NODEJS_VERSION} && \
-    microdnf update && \
+RUN microdnf update && \
     microdnf install \
         cyrus-sasl-devel \
         # Needed for kerberos
@@ -78,10 +77,10 @@ RUN microdnf module enable -y nodejs:${NODEJS_VERSION} && \
         libpq-devel \
         openldap-devel \
         openssl-devel \
-        python${PYTHON_VERSION} \
-        python${PYTHON_VERSION}-devel \
-        python${PYTHON_VERSION}-pip \
-        python${PYTHON_VERSION}-wheel \
+        python3 \
+        python3-devel \
+        python3-pip \
+        # python${PYTHON_VERSION}-wheel \
         # The airflow odbc provider can compile without the development files (headers and libraries) (see https://github.com/stackabletech/docker-images/pull/683)
         unixODBC \
         # Needed for Airflow UI assets
@@ -111,14 +110,16 @@ AIRFLOW_EXTRAS="$AIRFLOW_EXTRAS_CORE,$AIRFLOW_EXTRAS_META,$AIRFLOW_EXTRAS_PROVID
 # Removing duplicates
 AIRFLOW_EXTRAS=$(echo "$AIRFLOW_EXTRAS" | tr ',' '\n' | awk 'NF > 0 {if (!seen[$0]++) print $0}' | tr '\n' ',' | sed 's/,$//')
 
-python${PYTHON_VERSION} -m venv --system-site-packages /stackable/app
-
-source /stackable/app/bin/activate
-
+# TODO: Use uv ${UV_VERSION} from Nexus instead of pip
 # Upgrade pip to the latest version
-# Also install uv to get support for build constraints
+# Also install uv to get support for build constraints and venv for a given python version
 pip install --no-cache-dir --upgrade pip
 pip install --no-cache-dir uv==${UV_VERSION}
+
+uv venv --python "${PYTHON_VERSION}" --system-site-packages /stackable/app
+source /stackable/app/bin/activate
+
+# Another project manager
 uv tool install hatch
 
 cd "$(/stackable/patchable --images-repo-root=src checkout airflow ${PRODUCT_VERSION})"
@@ -200,6 +201,7 @@ ARG TINI_VERSION
 ARG TARGETARCH
 ARG SHARED_STATSD_EXPORTER_VERSION
 ARG STACKABLE_USER_UID
+ARG UV_VERSION
 
 LABEL name="Apache Airflow" \
     maintainer="info@stackable.tech" \
@@ -225,6 +227,9 @@ COPY --from=gitsync-image --chown=${STACKABLE_USER_UID}:0 /git-sync ${HOME}/git-
 
 COPY airflow/licenses /licenses
 
+# TODO (@NickLarsenNZ): Get the image into our registry
+COPY --from=ghcr.io/astral-sh/uv:0.9.10 --chown=${STACKABLE_USER_UID}:0 /uv /uvx /bin/
+
 # Update image and install needed packages
 RUN <<EOF
 microdnf update
@@ -242,8 +247,6 @@ microdnf install \
   openldap-clients \
   openssh-clients \
   openssl-libs \
-  openssl-pkcs11 \
-  python${PYTHON_VERSION} \
   socat \
   unixODBC
 microdnf clean all
@@ -253,6 +256,15 @@ rm -rf /var/cache/yum
 # It is used as an init alternative in the entrypoint
 curl -o /usr/bin/tini "https://repo.stackable.tech/repository/packages/tini/tini-${TINI_VERSION}-${TARGETARCH}"
 
+# There is currently no way to tell `uv` where to write to, and it assumes `$HOME` for the XDG paths.
+export XDG_DATA_HOME=/usr/local/share
+export XDG_CACHE_HOME=/var/cache
+uv venv --python "${PYTHON_VERSION}" --system-site-packages /stackable/app
+chown -R "${STACKABLE_USER_UID}:0" /stackable/app/bin
+source /stackable/app/bin/activate
+# uv python install "${PYTHON_VERSION}" --no-cache -v
+# uv python pin "${PYTHON_VERSION}" --no-cache -v
+
 # fix missing permissions
 chmod a+x /entrypoint.sh
 chmod a+x /run-airflow.sh
diff --git a/airflow/boil-config.toml b/airflow/boil-config.toml
index 324abdffe..8b27b9d8b 100644
--- a/airflow/boil-config.toml
+++ b/airflow/boil-config.toml
@@ -9,10 +9,11 @@ git-sync-version = "v4.4.1"
 s3fs-version = "2024.9.0"
 cyclonedx-bom-version = "6.0.0"
 tini-version = "0.19.0"
-uv-version = "0.7.8"
+uv-version = "0.9.10"
 airflow-extras-other = "async,amazon,celery,cncf.kubernetes,docker,dask,elasticsearch,ftp,grpc,hashicorp,http,ldap,google,google_auth,microsoft.azure,odbc,pandas,postgres,redis,sendgrid,sftp,slack,ssh,statsd,virtualenv,trino"
 opa-auth-manager = "airflow-2"
 nodejs-version = "20"
+nvm-version = "0.40.3"
 
 [versions."2.10.5".local-images]
 "shared/statsd-exporter" = "0.28.0"
@@ -25,10 +26,11 @@ git-sync-version = "v4.4.1"
 s3fs-version = "2024.9.0"
 cyclonedx-bom-version = "6.0.0"
 tini-version = "0.19.0"
-uv-version = "0.7.8"
+uv-version = "0.9.10"
 airflow-extras-other = "async,amazon,celery,cncf.kubernetes,docker,dask,elasticsearch,ftp,grpc,hashicorp,http,ldap,google,google_auth,microsoft.azure,odbc,pandas,postgres,redis,sendgrid,sftp,slack,ssh,statsd,virtualenv,trino"
 opa-auth-manager = "airflow-2"
 nodejs-version = "20"
+nvm-version = "0.40.3"
 
 [versions."3.0.1".local-images]
 "shared/statsd-exporter" = "0.28.0"
@@ -41,10 +43,11 @@ git-sync-version = "v4.4.1"
 s3fs-version = "2024.9.0"
 cyclonedx-bom-version = "6.0.0"
 tini-version = "0.19.0"
-uv-version = "0.7.8"
+uv-version = "0.9.10"
 airflow-extras-other = "async,amazon,celery,cncf-kubernetes,docker,elasticsearch,fab,ftp,grpc,hashicorp,http,ldap,google,microsoft-azure,odbc,pandas,postgres,redis,sendgrid,sftp,slack,ssh,statsd,trino"
 opa-auth-manager = "airflow-3"
 nodejs-version = "20"
+nvm-version = "0.40.3"
 
 [versions."3.0.6".local-images]
 "shared/statsd-exporter" = "0.28.0"
@@ -57,26 +60,27 @@ git-sync-version = "v4.4.1"
 s3fs-version = "2024.9.0"
 cyclonedx-bom-version = "6.0.0"
 tini-version = "0.19.0"
-uv-version = "0.7.8"
+uv-version = "0.9.10"
 
 # Airflow extras are defined in separate lists to make them easier to check against the links below. The lists will be concatenated and duplicates removed in the dockerfile.
 # See https://airflow.apache.org/docs/apache-airflow/3.0.6/extra-packages-ref.html#core-airflow-extras
-airflow-extras-core="async,graphviz,kerberos,otel,sentry,standard,statsd"
+airflow-extras-core = "async,graphviz,kerberos,otel,sentry,standard,statsd"
 
 # See https://airflow.apache.org/docs/apache-airflow/3.0.6/extra-packages-ref.html#meta-airflow-package-extras
-airflow-extras-meta="aiobotocore,cloudpickle,github-enterprise,google-auth,graphviz,ldap,leveldb,pandas,polars,rabbitmq,s3fs,saml,uv"
+airflow-extras-meta = "aiobotocore,cloudpickle,github-enterprise,google-auth,graphviz,ldap,leveldb,pandas,polars,rabbitmq,s3fs,saml,uv"
 
 # See https://airflow.apache.org/docs/apache-airflow/3.0.6/extra-packages-ref.html#apache-software-extras
-airflow-extras-provider-apache="apache-beam,apache-cassandra,apache-drill,apache-druid,apache-flink,apache-hdfs,apache-hive,apache-iceberg,apache-impala,apache-kafka,apache-kylin,apache-livy,apache-pig,apache-pinot"
+airflow-extras-provider-apache = "apache-beam,apache-cassandra,apache-drill,apache-druid,apache-flink,apache-hdfs,apache-hive,apache-iceberg,apache-impala,apache-kafka,apache-kylin,apache-livy,apache-pig,apache-pinot"
 
 # See https://airflow.apache.org/docs/apache-airflow/3.0.6/extra-packages-ref.html#external-services-extras
-airflow-extras-external-services="airbyte,alibaba,apprise,amazon,asana,atlassian-jira,microsoft-azure,cloudant,cohere,databricks,datadog,dbt-cloud,dingding,discord,facebook,github,google,hashicorp,openai,opsgenie,pagerduty,pgvector,pinecone,qdrant,salesforce,sendgrid,segment,slack,snowflake,tableau,tabular,telegram,vertica,weaviate,yandex,ydb,zendesk"
+airflow-extras-external-services = "airbyte,alibaba,apprise,amazon,asana,atlassian-jira,microsoft-azure,cloudant,cohere,databricks,datadog,dbt-cloud,dingding,discord,facebook,github,google,hashicorp,openai,opsgenie,pagerduty,pgvector,pinecone,qdrant,salesforce,sendgrid,segment,slack,snowflake,tableau,tabular,telegram,vertica,weaviate,yandex,ydb,zendesk"
 
 # See https://airflow.apache.org/docs/apache-airflow/3.0.6/extra-packages-ref.html#locally-installed-software-extras
-airflow-extras-locally-installed-software="arangodb,celery,cncf-kubernetes,docker,edge3,elasticsearch,exasol,fab,git,github,influxdb,jenkins,mongo,microsoft-mssql,neo4j,odbc,openfaas,oracle,postgres,presto,redis,samba,singularity,teradata,trino"
+airflow-extras-locally-installed-software = "arangodb,celery,cncf-kubernetes,docker,edge3,elasticsearch,exasol,fab,git,github,influxdb,jenkins,mongo,microsoft-mssql,neo4j,odbc,openfaas,oracle,postgres,presto,redis,samba,singularity,teradata,trino"
 
 # See https://airflow.apache.org/docs/apache-airflow/3.0.6/extra-packages-ref.html#other-extras
-airflow-extras-other="common-compat,common-io,common-messaging,common-sql,ftp,grpc,http,imap,jdbc,microsoft-psrp,microsoft-winrm,openlineage,opensearch,papermill,sftp,smtp,sqlite,ssh"
+airflow-extras-other = "common-compat,common-io,common-messaging,common-sql,ftp,grpc,http,imap,jdbc,microsoft-psrp,microsoft-winrm,openlineage,opensearch,papermill,sftp,smtp,sqlite,ssh"
 
 opa-auth-manager = "airflow-3"
 nodejs-version = "20"
+nvm-version = "0.40.3"

From b3a8f7db81ea93c614872e4362e525a094ab183d Mon Sep 17 00:00:00 2001
From: Nick Larsen <nick.larsen@stackable.tech>
Date: Fri, 21 Nov 2025 20:47:22 +0100
Subject: [PATCH 4/5] chore: fix typo in upload script

---
 .scripts/upload_new_maven_version.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.scripts/upload_new_maven_version.sh b/.scripts/upload_new_maven_version.sh
index 9b8e21ec3..fbd25d350 100755
--- a/.scripts/upload_new_maven_version.sh
+++ b/.scripts/upload_new_maven_version.sh
@@ -71,4 +71,4 @@ curl --fail -o /dev/null --progress-bar -u "$NEXUS_USER:$NEXUS_PASSWORD" --uploa
 
 echo "Successfully uploaded Maven $VERSION to Nexus"
 echo "https://repo.stackable.tech/service/rest/repository/browse/packages/maven/"
-echo "https://github.com/prometheus/maven/releases/tag/$VERSION"
+echo "https://github.com/apache/maven/releases/tag/maven-$VERSION"

From 01d1d593eea462e1c7f9dff634699c6841592772 Mon Sep 17 00:00:00 2001
From: Nick Larsen <nick.larsen@stackable.tech>
Date: Fri, 21 Nov 2025 20:48:37 +0100
Subject: [PATCH 5/5] chore(wip): Upload script for nvm

WIP: We might not need this, but I made it and it works.
---
 .scripts/upload_new_nvm_version.sh | 50 ++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100755 .scripts/upload_new_nvm_version.sh

diff --git a/.scripts/upload_new_nvm_version.sh b/.scripts/upload_new_nvm_version.sh
new file mode 100755
index 000000000..6eddd22fe
--- /dev/null
+++ b/.scripts/upload_new_nvm_version.sh
@@ -0,0 +1,50 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+VERSION=${1:?"Missing version number argument (arg 1)"}
+NEXUS_USER=${2:?"Missing Nexus username argument (arg 2)"}
+
+read -r -s -p "Nexus Password: " NEXUS_PASSWORD
+echo
+
+# https://stackoverflow.com/questions/4632028/how-to-create-a-temporary-directory
+# Find the directory name of the script
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+# the temp directory used, within $DIR
+WORK_DIR=$(mktemp -d -p "$DIR")
+
+# check if tmp dir was created
+if [[ ! "$WORK_DIR" || ! -d "$WORK_DIR" ]]; then
+  echo "Could not create temp dir"
+  exit 1
+fi
+
+# deletes the temp directory
+function cleanup {
+  rm -rf "$WORK_DIR"
+}
+
+# register the cleanup function to be called on the EXIT signal
+trap cleanup EXIT
+
+cd "$WORK_DIR" || exit
+
+# https://github.com/nvm-sh/nvm/archive/refs/tags/v0.40.3.tar.gz
+BASE_URL="https://github.com/nvm-sh/nvm/archive/refs/tags"
+ARCHIVE_FILE="v$VERSION.tar.gz"
+ARCHIVE_URL="$BASE_URL/$ARCHIVE_FILE"
+
+echo "Downloading nvm $VERSION"
+curl --fail -LO --progress-bar "$ARCHIVE_URL"
+
+# nvm maintainers don't produce sum files
+
+echo "Uploading to Nexus"
+
+curl --fail -o /dev/null --progress-bar -u "$NEXUS_USER:$NEXUS_PASSWORD" --upload-file "$ARCHIVE_FILE" 'https://repo.stackable.tech/repository/packages/nvm/'
+
+echo "Successfully uploaded nvm $VERSION to Nexus"
+echo "https://repo.stackable.tech/service/rest/repository/browse/packages/nvm/"
+echo "https://github.com/nvm-sh/nvm/releases/tag/v$VERSION"