Update base image to 1.29.2.1-0-alpine-fat (#101)

tamsinforbes · web-flow · commit 1747d824dfac · 2026-03-20T14:57:51.000Z
* Update base image to 1.29.2.1-0-alpine-fat

* Temp ignore transient dep, remove expired ignires
diff --git a/.trivyignore b/.trivyignore
@@ -1,11 +1,2 @@
-# As of 03/06/2025 there are no vulnerabilities to skip in docker.io/openresty/openresty:1.27.1.2-1-alpine-fat
-
-# alpine 3.21.3 - sha is set to latest so no fix
-CVE-2025-64720 exp:2026-03-17
-CVE-2025-65018 exp:2026-03-17
-CVE-2025-66293 exp:2026-03-17
-CVE-2025-49794 exp:2026-03-17
-CVE-2025-49796 exp:2026-03-17
-CVE-2025-49795 exp:2026-03-17
-CVE-2025-6021 exp:2026-03-17
-CVE-2026-25646 exp:2026-03-20
+## CVE-2026-32767 (libexpat - alpine 3.22.3)
+CVE-2026-32767 exp:2026-04-06
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,7 @@
 #checkov:skip=CKV_DOCKER_3: Current implementation uses off-the-shelf image from OpenResty which doesn't offer a nonroot variant
 
-# docker.io/openresty/openresty:1.27.1.2-11-alpine-fat
-FROM docker.io/openresty/openresty:1.27.1.2-11-alpine-fat@sha256:4486eb7c26b6e94c7fe144b9293319e855ecaed378b24cb56062d2af2cf81513
+# docker.io/openresty/openresty:1.29.2.1-0-alpine-fat
+FROM docker.io/openresty/openresty:1.29.2.1-0-alpine-fat@sha256:57206e154ef54d01dcf20f2afc05f1a8d7c464f2b3f4bd1a519108cac6d450ab
 
 LABEL org.opencontainers.image.vendor="Ministry of Justice" \
       org.opencontainers.image.authors="Analytical Platform (analytical-platform@digital.justice.gov.uk)" \
diff --git a/test/container-structure-test.yml b/test/container-structure-test.yml
@@ -8,7 +8,7 @@ commandTests:
   - name: "nginx"
     command: "nginx"
     args: ["-v"]
-    expectedError: ["nginx version: openresty/1.27.1.2"]
+    expectedError: ["nginx version: openresty/1.29.2.1"]
 
 fileExistenceTests:
   - name: "/etc/nginx/nginx.conf.template"
