Merge pull request #34 from lenny-intel/cve

fix: Address CVE in Alpine base image
edgexfoundry · Nov 14, 2023 · dec02cb · dec02cb
2 parents 1a01da4 + e54188e
commit dec02cb
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -46,6 +46,8 @@ LABEL license='SPDX-License-Identifier: Apache-2.0' \
 
 # dumb-init needed for injected secure bootstrapping entry point script when run in secure mode.
 RUN apk add --update --no-cache dumb-init
+# Ensure using latest versions of all installed packages to avoid any recent CVEs
+RUN apk --no-cache upgrade
 
 WORKDIR /
 COPY --from=builder /device-uart/Attribution.txt /