fix: bump UI Dockerfile to alpine3.23 and add apk upgrade for CVE-2026-22184

aarthy-dk · claude · aarthy-dk · commit bc0a2c7780d3 · 2026-03-12T18:23:08.000-04:00
Bumps the nginx-unprivileged runtime base from alpine3.22 to alpine3.23
and adds apk upgrade to ensure zlib 1.3.2-r0 is installed, fixing the
critical buffer overflow in the untgz utility.

Ref: OBS-1995

Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/deploy/docker/observability-ui.dockerfile b/deploy/docker/observability-ui.dockerfile
@@ -8,7 +8,11 @@ COPY observability_ui/ /observability_ui
 RUN yarn
 RUN yarn build:ci
 
-FROM ${BASE_IMAGE_URL}nginxinc/nginx-unprivileged:alpine3.22
+FROM ${BASE_IMAGE_URL}nginxinc/nginx-unprivileged:alpine3.23
+
+USER root
+RUN apk upgrade --no-cache
+USER nginx
 
 WORKDIR /observability_ui
 
