Remove reference to hardcoded branch
We identified crs-catalog service is still vulnerable for CVEs that are expected to be fixed in alpine-zulu v0.0.5.
====Filtered Report File HIGH 1 or higher====
HIGH CVE-2024-12797 libcrypto3 libcrypto3@3.3.2-r1 3.3.2-r1 3.3.3-r0
HIGH CVE-2024-12797 libssl3 libssl3@3.3.2-r1 3.3.2-r1 3.3.3-r0
HIGH CVE-2024-38819 org.springframework:spring-webmvc app.jar 6.1.6 6.1.14
HIGH CVE-2024-57699 net.minidev:json-smart app.jar 2.5.0 2.5.2
HIGH CVE-2024-57699 net.minidev:json-smart opt/agents/applicationinsights-agent.jar 2.5.0 2.5.2
HIGH CVE-2024-8176 libexpat libexpat@2.6.3-r0 2.6.3-r0 2.7.0-r0
HIGH CVE-2025-22228 org.springframework.security:spring-security-crypto app.jar 6.2.4 6.3.8, 6.4.4, 6.2.10, 6.1.14, 6.0.16, 5.8.18, 5.7.16
HIGH CVE-2025-24970 io.netty:netty-handler app.jar 4.1.109.Final 4.1.118.Final
HIGH CVE-2025-24970 io.netty:netty-handler opt/agents/applicationinsights-agent.jar 4.1.109.Final 4.1.118.FinalI noticed that service is using a reference to hardcoded branch jdk-17 in the service-base-image repository which is outdated and using alpine-zulu v0.0.4 when other services don't have this branch hardcoded so are using main branch with alpine-zulu v0.0.5 by default
This MR is removing hardcoded reference to old branch so service can use latest base zulu image with latest security updates
Edited by Vasyl Leskiv [SLB]