Skip to content

security: update alpine base image to 3.20#21729

Merged
zalimeni merged 3 commits into
mainfrom
zalimeni/update-alpine-3.20
Sep 13, 2024
Merged

security: update alpine base image to 3.20#21729
zalimeni merged 3 commits into
mainfrom
zalimeni/update-alpine-3.20

Conversation

@zalimeni
Copy link
Copy Markdown
Member

@zalimeni zalimeni commented Sep 13, 2024
edited
Loading

Description

Fixes several CVEs by upgrading dependencies via base image upgrade.

Also drops all current triage exceptions for Docker containers, since this update knocks out the only active ones, and several more are already resolved.

Testing & Reproduction steps

Tested locally from one-off Docker CI build:

❯ scan container ./consul_default_linux_arm64_1.19.3-dev_c5ca319b156ce0bbb67d79eaa1bbc80113ae3557.docker.tar
✓ Scanned file:{path:"/Users/michael.zalimeni/workspace/security-scanner/consul_default_linux_arm64_1.19.3-dev_c5ca319b156ce0bbb67d79eaa1bbc80113ae3557.docker.tar"} in 59.8s - no results found

PR Checklist

  • updated test coverage
  • external facing docs updated
  • appropriate backport labels added
  • not a security concern

@zalimeni zalimeni added the backport/all Apply backports for all active releases per .release/versions.hcl label Sep 13, 2024
@zalimeni zalimeni force-pushed the zalimeni/update-alpine-3.20 branch from c5ca319 to ab0a16c Compare September 13, 2024 18:45
@zalimeni zalimeni marked this pull request as ready for review September 13, 2024 18:47
@zalimeni zalimeni requested a review from a team as a code owner September 13, 2024 18:47
dduzgun-security
dduzgun-security approved these changes Sep 13, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@dduzgun-security dduzgun-security left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome! 🎉 Thanks a lot, LGTM!

@zalimeni zalimeni enabled auto-merge (squash) September 13, 2024 18:51
@zalimeni zalimeni merged commit c40eecf into main Sep 13, 2024
@zalimeni zalimeni deleted the zalimeni/update-alpine-3.20 branch September 13, 2024 19:02
@hc-github-team-consul-core hc-github-team-consul-core added backport/1.19 backport/ent/1.18 Changes are backported to 1.18 ent labels Sep 13, 2024
@hc-github-team-consul-core hc-github-team-consul-core mentioned this pull request Sep 13, 2024
Merged
4 tasks
@zalimeni zalimeni mentioned this pull request Sep 16, 2024
Merged
4 tasks
@hc-github-team-consul-core hc-github-team-consul-core mentioned this pull request Sep 19, 2024
Merged
4 tasks
This was referenced Sep 24, 2024
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sarahalsmiller sarahalsmiller Awaiting requested review from sarahalsmiller

1 more reviewer

@dduzgun-security dduzgun-security dduzgun-security approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backport/all Apply backports for all active releases per .release/versions.hcl backport/ent/1.18 Changes are backported to 1.18 ent

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@zalimeni @dduzgun-security @hc-github-team-consul-core @sarahalsmiller