fix: upgrade nginx to 1.29-alpine for security patches

jensens · jensens · commit 92d05cf0a490 · 2026-02-04T21:48:50.000+01:00
nginx:1.27-alpine still had 60 CVEs due to outdated Alpine 3.21.3 base. nginx:1.29-alpine uses Alpine 3.23 with current security patches. Related to #127
diff --git a/charts/kup6s-pages/Chart.yaml b/charts/kup6s-pages/Chart.yaml
@@ -28,7 +28,7 @@ annotations:
     - name: syncer
       image: ghcr.io/kup6s/pages-syncer
     - name: nginx
-      image: docker.io/library/nginx:1.27-alpine
+      image: docker.io/library/nginx:1.29-alpine
   artifacthub.io/links: |
     - name: Documentation
       url: https://pages-docs.kup6s.com
diff --git a/charts/kup6s-pages/tests/deployment-nginx_test.yaml b/charts/kup6s-pages/tests/deployment-nginx_test.yaml
@@ -14,7 +14,7 @@ tests:
     asserts:
       - equal:
           path: spec.template.spec.containers[0].image
-          value: docker.io/library/nginx:1.27-alpine
+          value: docker.io/library/nginx:1.29-alpine
 
   - it: should mount PVC as read-only
     asserts:
diff --git a/charts/kup6s-pages/values.yaml b/charts/kup6s-pages/values.yaml
@@ -223,7 +223,7 @@ nginx:
     # -- nginx image repository
     repository: library/nginx
     # -- nginx image tag
-    tag: "1.27-alpine"
+    tag: "1.29-alpine"
     # -- Image pull policy
     pullPolicy: IfNotPresent
 
