RHOAIENG-30927, RHOAIENG-10057: add dnf upgrade to rstudio images to mitigate fixable vulnerabilities (#1488) (#1545)

Cherry-picked from a49c372

Author: jiridanek

rstudio/c9s-python-3.11/Dockerfile.cpu

@@ -11,6 +11,10 @@ RUN pip install --no-cache-dir -U "micropipenv[toml]"
 # OS Packages needs to be installed as root
 USER root
 
+# upgrade first to avoid fixable vulnerabilities
+RUN dnf -y upgrade --refresh --best --nodocs --noplugins --setopt=install_weak_deps=0 --setopt=keepcache=0 \
+    && dnf clean all -y
+
 # Install useful OS packages
 RUN dnf install -y mesa-libGL skopeo && dnf clean all && rm -rf /var/cache/yum
 

rstudio/c9s-python-3.11/Dockerfile.cuda

@@ -11,6 +11,10 @@ RUN pip install --no-cache-dir -U "micropipenv[toml]"
 # OS Packages needs to be installed as root
 USER root
 
+# upgrade first to avoid fixable vulnerabilities
+RUN dnf -y upgrade --refresh --best --nodocs --noplugins --setopt=install_weak_deps=0 --setopt=keepcache=0 \
+    && dnf clean all -y
+
 # Install useful OS packages
 RUN dnf install -y mesa-libGL skopeo && dnf clean all && rm -rf /var/cache/yum
 

rstudio/rhel9-python-3.11/Dockerfile.cpu

@@ -11,6 +11,10 @@ RUN pip install --no-cache-dir -U "micropipenv[toml]"
 # OS Packages needs to be installed as root
 USER root
 
+# upgrade first to avoid fixable vulnerabilities
+RUN dnf -y upgrade --refresh --best --nodocs --noplugins --setopt=install_weak_deps=0 --setopt=keepcache=0 \
+    && dnf clean all -y
+
 # Install useful OS packages
 RUN dnf install -y mesa-libGL skopeo && dnf clean all && rm -rf /var/cache/yum
 

rstudio/rhel9-python-3.11/Dockerfile.cuda

@@ -11,6 +11,10 @@ RUN pip install --no-cache-dir -U "micropipenv[toml]"
 # OS Packages needs to be installed as root
 USER root
 
+# upgrade first to avoid fixable vulnerabilities
+RUN dnf -y upgrade --refresh --best --nodocs --noplugins --setopt=install_weak_deps=0 --setopt=keepcache=0 \
+    && dnf clean all -y
+
 # Install useful OS packages
 RUN dnf install -y mesa-libGL skopeo && dnf clean all && rm -rf /var/cache/yum