Update container image to latest version of alpine

[tzerogithub]

How do we go about getting the image updated for libraries with vulnerabilities?
busybox version 1.25.1-r2 --->fixed in 1.27.2-r11
libressl (used in libressl2.4-libssl, libressl2.4-libcrypto) --fixed in 2.6.5-r0

https://nvd.nist.gov/vuln/detail/CVE-2015-9261
https://nvd.nist.gov/vuln/detail/CVE-2018-12434
https://nvd.nist.gov/vuln/detail/CVE-2018-20679
https://nvd.nist.gov/vuln/detail/CVE-2019-5747

[cmur2]

Hi, piping in here because I just got aware the official gcr.io/cloudsql-docker/gce-proxy:1.14 Docker image is still based on Alpine 3.5 that is end of life since 2018-11-01.

It would be great if you could update and treat this with priority as even the official documentation at https://cloud.google.com/sql/docs/postgres/connect-docker advises to use this image (although the slightly outdated gcr.io/cloudsql-docker/gce-proxy:1.12 release...) and ends with:

Keeping the Proxy Docker image up to date

The Proxy Docker image is based on a specific version of the Cloud SQL Proxy. When a new version of the Cloud SQL Proxy becomes available, you should pull the new version of the Proxy Docker image to keep your environment up to date.

I would like to follow that recomendation.

[kurtisvg]

Steps to resolves:

• Update the repo with the Dockerfile used to
  • Make sure that Dockerfile uses the latest alpine
• Update release script to use Dockerfile from the repo
• Perform next release (v1.15)

[kurtisvg]

We opted to switch to distroless over alpine since it is more secure. However it should still address the problems flagged in this issue all the same.

I plan to do a release sometime next week, but if you need something now you can use the Dockerfile to build a local image.

[kurtisvg]

Closing as this has been released.