From 074a200270341528c73a565629591bc90ff9a95f Mon Sep 17 00:00:00 2001
From: Jaison Paul <paul.jaison@gmail.com>
Date: Thu, 2 Apr 2026 00:32:35 -0400
Subject: [PATCH] fix: upgrade alpine packages in skills-init to resolve
 CVE-2026-22184

Run apk upgrade before installing packages so the base image picks up
patched zlib (1.3.2-r0), fixing CVE-2026-22184 (HIGH).

Signed-off-by: Jaison Paul <paul.jaison@gmail.com>
---
 docker/skills-init/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/skills-init/Dockerfile b/docker/skills-init/Dockerfile
index 9e9732c29..a142dfb4c 100644
--- a/docker/skills-init/Dockerfile
+++ b/docker/skills-init/Dockerfile
@@ -14,5 +14,5 @@ RUN CGO_ENABLED=0 go build -trimpath -ldflags="-s -w" -o /build/krane .
 
 FROM alpine:3.23
 
-RUN apk add --no-cache git
+RUN apk upgrade --no-cache && apk add --no-cache git
 COPY --from=krane-builder /build/krane /usr/local/bin/krane