ACP-20140 - Update alpine image from 3.19 to 3.20 (UKHomeOffice#82)

* Update alpine image from 3.19 to 3.20

* update the alpine image to 3.20.2

* add line to Dockerfile RUN apk update && apk upgrade --no-cache for Clamav

* add Vulnerability to .trivyignore

* change SUPERCRONIC_URL ENV

* add CVE-2024-24791 to .trivyignore

* add empty line to .trivyignore file

---------

Co-authored-by: humayun-alam <[email protected]>

Author: humayunalamHO

.trivyignore

@@ -1,3 +1,6 @@
 # Fix for these CVEs are in edge tag, will wait until LTS
 CVE-2024-0853
-CVE-2024-25062
+CVE-2024-25062
+CVE-2023-42364
+CVE-2023-42365
+CVE-2024-24791

clamav-http/Dockerfile

@@ -9,7 +9,7 @@ COPY server/  ./server/
 RUN CGO_ENABLED=0 GOOS=linux go install -v \
             github.com/ukhomeoffice/clamav-http/clamav-http
 
-FROM alpine:3.19
+FROM alpine:3.20.2
 RUN apk --no-cache add ca-certificates
 
 RUN addgroup -g 1000 -S app && \

clamav-mirror/Dockerfile

@@ -1,9 +1,9 @@
-FROM python:3.11-alpine3.19
+FROM python:3.11-alpine3.20
 
 ENV CLAM_VERSION=1.2.2-r0
-ENV SUPERCRONIC_URL=https://github.com/aptible/supercronic/releases/download/v0.2.26/supercronic-linux-amd64 \
+ENV SUPERCRONIC_URL=https://github.com/aptible/supercronic/releases/download/v0.2.30/supercronic-linux-amd64 \
     SUPERCRONIC=supercronic-linux-amd64 \
-    SUPERCRONIC_SHA1SUM=7a79496cf8ad899b99a719355d4db27422396735
+    SUPERCRONIC_SHA1SUM=9f27ad28c5c57cd133325b2a66bba69ba2235799
 
 WORKDIR /clam
 

clamav/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.20.2
 
 ENV CLAM_VERSION=1.2.2-r0
 
@@ -7,6 +7,8 @@ WORKDIR /clam
 # Add edge repository
 RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories
 
+RUN apk update && apk upgrade --no-cache
+
 RUN apk add --no-cache bash clamav=$CLAM_VERSION clamav-libunrar=$CLAM_VERSION
 
 RUN apk add --no-cache --upgrade openssl