Workaround for CVE-2023-5363 (#1908)

Signed-off-by: Dave Henderson <dhenderson@gmail.com>
author: Dave Henderson <dhenderson@gmail.com> 2023-11-11 19:40:23 -0500
committer: GitHub <noreply@github.com> 2023-11-12 00:40:23 +0000
commit: e5d9ea926850213152a8f70e47dbfa915d443d6e (patch)
tree: 293cb54d8968dd7d0e3d252cd464787ff8e42ab0
parent: d9c2eef7df73c6b9ce7b5aca4a65a24220ff4b94 (diff)
2 files changed, 5 insertions, 2 deletions
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 2b192cae..1b469acf 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -28,7 +28,7 @@ jobs:
       id: buildx
       uses: docker/setup-buildx-action@v3.0.0
       with:
-        version: v0.10.4
+        version: v0.11.2
         driver-opts: |
           image=moby/buildkit:buildx-stable-1
           network=host
diff --git a/Dockerfile b/Dockerfile
index d4f3d474..cf66976d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-# syntax=docker/dockerfile:1.4.3-labs
+# syntax=docker/dockerfile:1.6-labs
 FROM --platform=linux/amd64 golang:1.21-alpine AS build
 
 ARG TARGETOS
@@ -48,6 +48,9 @@ ARG TARGETVARIANT
 LABEL org.opencontainers.image.revision=$VCS_REF \
 	org.opencontainers.image.source="https://github.com/hairyhenderson/gomplate"
 
+# tmp patch for CVE-2023-5363
+RUN apk upgrade --no-cache libcrypto3 libssl3
+
 COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY --from=build /bin/gomplate_${TARGETOS}-${TARGETARCH}${TARGETVARIANT} /bin/gomplate
author	Dave Henderson <dhenderson@gmail.com>	2023-11-11 19:40:23 -0500
committer	GitHub <noreply@github.com>	2023-11-12 00:40:23 +0000
commit	e5d9ea926850213152a8f70e47dbfa915d443d6e (patch)
tree	293cb54d8968dd7d0e3d252cd464787ff8e42ab0
parent	d9c2eef7df73c6b9ce7b5aca4a65a24220ff4b94 (diff)