Upgrade to Alpine Linux ver 3.17

[jorander]

Pre issue-raising checklist

I have already (please mark the applicable with an x):

• [x] Confirmed this is the right place to raise the issue - only issues related to the Dockerization of the Pact Broker should be raised here. Issues related to the Pact Broker application itself should be raised in the Pact Broker project.
• [x] Upgraded to the latest Pact Broker Docker image OR
• [x] Checked the CHANGELOG to see if the issue I am about to raise has been fixed
• [x] Read the Troubleshooting page

Software versions

• pact-broker gem version: 2.106.0
• pact-broker docker version: 2.106.0.0

Expected behaviour

Use Alpine Linux 3.17 to avoid security issues related to version 3.16.

Actual behaviour

Alpine Linux 3.16 contains several packages (mariadb-deb, sqlite, libxml2) with reported CVE:s with severity level Critical and High.

Steps to reproduce

Scan the docker image with Jfrog Xray.

Relevent log files

N/A

[jorander]

Upgrade to Alpine Linux 3.17 requires Pact-Broker to be upgraded to at least Ruby 3.1.3. This is since there is no official Ruby image based on Alpine 3.17 before Ruby 3.1.3.

[mefellows]

Note: the Ruby 3 upgrade is progressing well over in PactFlow land. We test out many new features/changes on that platform before introducing into the OSS code base.

Stay tuned for further updates in relation to this, I'd expect within ~1 month or so for us to be able to provide a clearer line of sight as to when we can move forward with the change here.

[github-actions[bot]]

👋 Hi! The 'smartbear-supported' label has just been added to this issue, which will create an internal tracking ticket in PactFlow's Jira (PACT-962). We will use this to prioritise and assign a team member to this task. All activity will be public on this ticket. For now, sit tight and we'll update this ticket once we have more information on the next steps.

See our documentation for more information.

[bethesque]

The image is out with ruby:3.2.1-alpine3.17 base.