build: fix security vulnerabilities (#54)

masontikhonov · web-flow · commit ce9270451d09 · 2024-03-24T09:19:05.000+04:00
This upgrades base images with fixes to security vulnerabilities.
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,7 @@
-ARG DOCKER_VERSION=24.0.6
+ARG DOCKER_VERSION=25.0.4
 
 # dind-cleaner
-FROM golang:1.21-alpine3.18 AS cleaner
+FROM golang:1.22-alpine3.19 AS cleaner
 
 COPY cleaner/dind-cleaner/* /go/src/github.com/codefresh-io/dind-cleaner/
 WORKDIR /go/src/github.com/codefresh-io/dind-cleaner/
@@ -15,16 +15,16 @@ RUN CGO_ENABLED=0 go build -o /usr/local/bin/dind-cleaner ./cmd && \
   rm -rf /go/*
 
 # bbolt
-FROM golang:1.21-alpine3.18 AS bbolt
+FROM golang:1.22-alpine3.19 AS bbolt
 RUN go install go.etcd.io/bbolt/cmd/bbolt@latest
 
 # node-exporter
-FROM quay.io/prometheus/node-exporter:v1.6.1 AS node-exporter
+FROM quay.io/prometheus/node-exporter:v1.7.0 AS node-exporter
 
 # Main
 FROM docker:${DOCKER_VERSION}-dind
 
-RUN echo 'http://dl-cdn.alpinelinux.org/alpine/v3.11/main' >> /etc/apk/repositories \
+RUN echo 'http://dl-cdn.alpinelinux.org/alpine/v3.19/main' >> /etc/apk/repositories \
   && apk upgrade \
   # Add fuse-overlayfs for comaptibility with rootless. Volumes created with rootless might use fuse-overlay formatted volumes. If those volumes are later used by dind that runs with root it'll require fuse-overlay to be able to read the volume
   && apk add bash fuse-overlayfs jq --no-cache \
diff --git a/service.yaml b/service.yaml
@@ -1 +1 @@
-version: 1.28.3
+version: 1.28.4
