Package installation in Alpine should be configured to upgrade #4776
Description
In the Alpine Dockerfiles, if a newer package is available than what is already installed in the container, the installation command being used will not cause that package to be upgraded. This differs from the default behavior of Debian, Ubuntu, and Mariner.
Let's take the example of the zlib package. That package exists in the base Alpine image. That package is also listed for installation in the Dockerfile. Let's say a newer version of zlib is available from the package feed than is contained in the base image and the newer version has a security fix. When the Dockerfile gets built, it should be installing the latest version. But apk is configured that way by default. It requires a -u, --upgrade option to cause existing packages to be upgraded. This option should be added to the Dockerfiles to ensure the latest version is installed.