We have several stack docker images. Some of those have some predownloaded maven artifacts. E.g. vert.x, WildFly swarm, spring boot.

We have those images with some version of maven artifacts predownloaded to spare/shorten build and deployment time of a project in Che workspace. Problem is, that if some artifact has newer version and the old/current one has a security issue (CVE), then the predownloading is useless because user will be in Editor in workspace warned about this fact and setting a new version for an artifact results into downloading another artifact.

We should have an automated mechanism to somehow decide which versions are still ok, and which are not. Maybe with help of bayesian.