From 7e52d43c8b2e345ef43f375c7c931f99f3065ffc Mon Sep 17 00:00:00 2001 From: hc-github-team-consul-core Date: Tue, 17 Dec 2024 16:10:28 -0500 Subject: [PATCH] Backport of Bump alpine image into release/1.20.x (#22010) backport of commit 9e07bb2120443cf41baa99c7da483b9b4c651f51 Co-authored-by: Sarah Alsmiller --- .release/security-scan.hcl | 7 ------- Dockerfile | 4 ++-- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl index f690cbe906bd..c807d606c00b 100644 --- a/.release/security-scan.hcl +++ b/.release/security-scan.hcl @@ -37,13 +37,6 @@ container { triage { suppress { vulnerabilities = [ - "CVE-2024-8096", # curl@8.9.1-r2, - "CVE-2024-9143", # openssl@3.3.2-r0, - "CVE-2024-3596", # openssl@3.3.2-r0, - "CVE-2024-2236", # openssl@3.3.2-r0, - "CVE-2024-26458", # openssl@3.3.2-r0, - "CVE-2024-2511", # openssl@3.3.2-r0, - #the above can be resolved when they're resolved in the alpine image ] paths = [ "internal/tools/proto-gen-rpc-glue/e2e/consul/*", diff --git a/Dockerfile b/Dockerfile index dc617c5e0492..e520db57ad58 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,7 +16,7 @@ # Official docker image that includes binaries from releases.hashicorp.com. This # downloads the release from releases.hashicorp.com and therefore requires that # the release is published before building the Docker image. -FROM docker.mirror.hashicorp.services/alpine:3.20 as official +FROM docker.mirror.hashicorp.services/alpine:3.21 as official # This is the release of Consul to pull in. ARG VERSION @@ -112,7 +112,7 @@ CMD ["agent", "-dev", "-client", "0.0.0.0"] # Production docker image that uses CI built binaries. # Remember, this image cannot be built locally. -FROM docker.mirror.hashicorp.services/alpine:3.20 as default +FROM docker.mirror.hashicorp.services/alpine:3.21 as default ARG PRODUCT_VERSION ARG BIN_NAME