Upgrade through apt-get

.github/workflows/_docker-build-deploy.yml

@@ -89,17 +89,17 @@ jobs:
         push: true
         tags: ${{ env.IMAGE_ID }}:latest
         provenance: false
-    # - name: Scan for vulnerabilities
-    #   if: inputs.publish
-    #   id: scan
-    #   uses: crazy-max/ghaction-container-scan@v2
-    #   with:
-    #     image: ${{ env.IMAGE_ID }}:${{ env.TAG }}
-    #     dockerfile: ${{ inputs.docker-context }}/${{ inputs.dockerfile }}
-    #     severity_threshold: CRITICAL
-    #     annotations: true
-    # - name: Upload SARIF file
-    #   if: steps.scan.outputs.sarif != '' && inputs.publish
-    #   uses: github/codeql-action/upload-sarif@v2
-    #   with:
-    #     sarif_file: ${{ steps.scan.outputs.sarif }}
+    - name: Scan for vulnerabilities
+      if: inputs.publish
+      id: scan
+      uses: crazy-max/ghaction-container-scan@v2
+      with:
+        image: ${{ env.IMAGE_ID }}:${{ env.TAG }}
+        dockerfile: ${{ inputs.docker-context }}/${{ inputs.dockerfile }}
+        severity_threshold: CRITICAL
+        annotations: true
+    - name: Upload SARIF file
+      if: steps.scan.outputs.sarif != '' && inputs.publish
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+        sarif_file: ${{ steps.scan.outputs.sarif }}

docker/tna-python/Dockerfile

@@ -102,6 +102,7 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 RUN set -eux; \
     \
     apt-get update; \
+    apt-get -y upgrade; \
     apt-get install -y --no-install-recommends curl=7.88.1-10+deb12u4 build-essential=12.9 libmagic-dev=1:5.44-3; \
     apt-get clean; \
     apt-get autoremove -y --purge; \