From e864fb49c819b6cb3556b388308442ba5fded837 Mon Sep 17 00:00:00 2001
From: Gonzalo Diaz <devel@gon.cl>
Date: Tue, 19 Nov 2024 11:12:48 -0300
Subject: [PATCH] [SECURITY] try to remove CVE-2024-9143 vulnerability in
 openssl

---
 Dockerfile | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 545df92..9ccdb86 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,7 +4,8 @@ FROM mcr.microsoft.com/dotnet/sdk:8.0.402-alpine3.19-amd64 AS init
 ENV WORKDIR=/app
 WORKDIR ${WORKDIR}
 
-RUN apk add --update --no-cache make
+RUN   apk add --update --no-cache make \
+  &&  apk upgrade --no-cache # Avoid some CVE reports updating basic packages.
 
 ###############################################################################
 FROM init AS base
@@ -105,7 +106,8 @@ CMD ["make", "test"]
 ##
 FROM mcr.microsoft.com/dotnet/runtime:8.0.8-alpine3.19-amd64 AS production
 
-RUN apk add --update --no-cache make
+RUN   apk add --update --no-cache make \
+  &&  apk upgrade --no-cache # Avoid some CVE reports updating basic packages.
 
 ENV LOG_LEVEL=info
 ENV BRUTEFORCE=false