From fe79c06bffd29ecdd39921b37db4c05fa478f287 Mon Sep 17 00:00:00 2001
From: Lenny Goodell <leonard.goodell@intel.com>
Date: Tue, 14 Nov 2023 14:44:16 -0700
Subject: [PATCH] fix: Address CVE in Alpine base image (#623)

Signed-off-by: Leonard Goodell <leonard.goodell@intel.com>
---
 Dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 931fb7f2..08a97d68 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -41,6 +41,8 @@ LABEL Name=app-service-configurable Version=${VERSION}
 
 # dumb-init is required as security-bootstrapper uses it in the entrypoint script
 RUN apk add --update --no-cache ca-certificates dumb-init
+# Ensure using latest versions of all installed packages to avoid any recent CVEs
+RUN apk --no-cache upgrade
 
 COPY --from=builder /app/Attribution.txt /Attribution.txt
 COPY --from=builder /app/LICENSE /LICENSE