Merge pull request #1550 from consideRatio/pr/apt-get-upgrade

Run apt-get upgrade to patch known vulnerabilities faster

Author: mathbunnyru

base-notebook/Dockerfile

@@ -19,9 +19,14 @@ USER root
 
 # Install all OS dependencies for notebook server that starts but lacks all
 # features (e.g., download as all possible file formats)
-# Install tini: init for containers
+# - tini is installed as a helpful container entrypoint that reaps zombie
+#   processes and such of the actual executable we want to start, see
+#   https://github.com/krallin/tini#why-tini for details.
+# - apt-get upgrade is run to patch known vulnerabilities in apt-get packages as
+#   the ubuntu base image is rebuilt too seldom sometimes (less than once a month)
 ENV DEBIAN_FRONTEND noninteractive
 RUN apt-get update --yes && \
+    apt-get upgrade --yes && \
     apt-get install --yes --no-install-recommends \
     tini \
     wget \