Backport of Bump alpine image into release/1.20.x (#22010)

backport of commit 9e07bb2120 Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
2024-12-17 16:10:28 -05:00 · 2024-12-17 16:10:28 -05:00 · 7e52d43c8b
parent 9dc0b2c18c
commit 7e52d43c8b
2 changed files with 2 additions and 9 deletions
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@ -37,13 +37,6 @@ container {
 	triage {
 		suppress {
 			vulnerabilities = [
-				"CVE-2024-8096", # curl@8.9.1-r2,
-				"CVE-2024-9143", # openssl@3.3.2-r0,
-				"CVE-2024-3596", # openssl@3.3.2-r0,
-				"CVE-2024-2236", # openssl@3.3.2-r0,
-				"CVE-2024-26458", # openssl@3.3.2-r0,
-				"CVE-2024-2511", # openssl@3.3.2-r0,
-				#the above can be resolved when they're resolved in the alpine image
 			]
 			paths = [
 				"internal/tools/proto-gen-rpc-glue/e2e/consul/*",
--- a/4
+++ b/4
@ -16,7 +16,7 @@
 # Official docker image that includes binaries from releases.hashicorp.com. This
 # downloads the release from releases.hashicorp.com and therefore requires that
 # the release is published before building the Docker image.
-FROM docker.mirror.hashicorp.services/alpine:3.20 as official
+FROM docker.mirror.hashicorp.services/alpine:3.21 as official

 # This is the release of Consul to pull in.
 ARG VERSION
@ -112,7 +112,7 @@ CMD ["agent", "-dev", "-client", "0.0.0.0"]

 # Production docker image that uses CI built binaries.
 # Remember, this image cannot be built locally.
-FROM docker.mirror.hashicorp.services/alpine:3.20 as default
+FROM docker.mirror.hashicorp.services/alpine:3.21 as default

 ARG PRODUCT_VERSION
 ARG BIN_NAME