upgrade alpine from 3.17 to 3.18 (!6) · Merge requests · OSDU Software / OSDU Data Platform / Deployment and Operations / base-containers-azure / alpine-zulu17 · GitLab

Li Song requested to merge upgrade-alpine into main Sep 24, 2024

Upgraded base image from alpine 3.17 to 3.18 to address the vulnerability of curl, libcurl and libexpat that captured in container scans

Verified that alpine:3.18 has curl, libcurl, and libexpat versions that fixed the vulnerability: https://pkgs.alpinelinux.org/packages?name=curl&branch=v3.18&repo=&arch=&maintainer= https://pkgs.alpinelinux.org/packages?name=libexpat&branch=v3.18&repo=&arch=&maintainer=

Before: https://community.opengroup.org/osdu/platform/system/partition/-/jobs/3123366

After upgrade:

Indicators that services are not affected by the change:

Edited Sep 26, 2024 by Li Song