The CVE comes from an curl version older that 8.12.
With the following patch this can be fixed in the "dockerfile"
Dockerfile | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/Dockerfile b/Dockerfile
index 749c776..ec91b7e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.21-alpine AS builder
+FROM golang:1.22-alpine3.21 AS builder
RUN apk add git bash
@@ -12,10 +12,11 @@ WORKDIR /src
RUN GOGC=off go build -mod=vendor -v -o /sql_exporter .
multistage
-FROM alpine:3.21.0
+FROM alpine:3.21.2
RUN apk --update upgrade && \
- apk add curl ca-certificates && \
- apk add "curl>8.12" && \
- apk add ca-certificates &&
apk add tzdata &&
update-ca-certificates &&
rm -rf /var/cache/apk/*
The CVE comes from an curl version older that 8.12.
With the following patch this can be fixed in the "dockerfile"
Dockerfile | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/Dockerfile b/Dockerfile
index 749c776..ec91b7e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.21-alpine AS builder
+FROM golang:1.22-alpine3.21 AS builder
RUN apk add git bash
@@ -12,10 +12,11 @@ WORKDIR /src
RUN GOGC=off go build -mod=vendor -v -o /sql_exporter .
multistage
-FROM alpine:3.21.0
+FROM alpine:3.21.2
RUN apk --update upgrade && \
apk add tzdata &&
update-ca-certificates &&
rm -rf /var/cache/apk/*