bump alpine image

.release/security-scan.hcl

@@ -37,13 +37,6 @@ container {
 	triage {
 		suppress {
 			vulnerabilities = [
-				"CVE-2024-8096", # curl@8.9.1-r2,
-				"CVE-2024-9143", # openssl@3.3.2-r0,
-				"CVE-2024-3596", # openssl@3.3.2-r0,
-				"CVE-2024-2236", # openssl@3.3.2-r0,
-				"CVE-2024-26458", # openssl@3.3.2-r0,
-				"CVE-2024-2511", # openssl@3.3.2-r0,
-				#the above can be resolved when they're resolved in the alpine image
 			]
 			paths = [
 				"internal/tools/proto-gen-rpc-glue/e2e/consul/*",

Dockerfile

@@ -16,7 +16,7 @@
 # Official docker image that includes binaries from releases.hashicorp.com. This
 # downloads the release from releases.hashicorp.com and therefore requires that
 # the release is published before building the Docker image.
-FROM docker.mirror.hashicorp.services/alpine:3.20 as official
+FROM docker.mirror.hashicorp.services/alpine:3.21 as official
 
 # This is the release of Consul to pull in.
 ARG VERSION
@@ -112,7 +112,7 @@ CMD ["agent", "-dev", "-client", "0.0.0.0"]
 
 # Production docker image that uses CI built binaries.
 # Remember, this image cannot be built locally.
-FROM docker.mirror.hashicorp.services/alpine:3.20 as default
+FROM docker.mirror.hashicorp.services/alpine:3.21 as default
 
 ARG PRODUCT_VERSION
 ARG BIN_NAME