I noted that we were using nginx:mainline-alpine, which seems to currently lack a fix for the curl vuln - however, mainline-alpine-slim doesn't even have curl, plus it is a lot smaller, so we might be able to just switch to it anyway? Win win?
Testing
Test that you can build the image (docker build -t securedrop-docs:imageupdate -f deploy/Dockerfile .)
Test that you can run the image (docker run -p 127.0.0.1:5080:5080 securedrop-docs:imageupdate)
Status
Ready for review
Description of Changes
Works towards: https://github.com/freedomofpress/infrastructure/issues/4407
I noted that we were using nginx:mainline-alpine, which seems to currently lack a fix for the curl vuln - however, mainline-alpine-slim doesn't even have curl, plus it is a lot smaller, so we might be able to just switch to it anyway? Win win?
Testing
docker build -t securedrop-docs:imageupdate -f deploy/Dockerfile .)docker run -p 127.0.0.1:5080:5080 securedrop-docs:imageupdate)