From 1a37573c67905788ff05022b68eb34176daf7c24 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 9 Dec 2024 14:01:58 +0000
Subject: [PATCH 1/2] Bump alpine from 3.20.3 to 3.21.0

Bumps alpine from 3.20.3 to 3.21.0.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Dockerfile            | 2 +-
 Dockerfile-cni-plugin | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index c4036d38..def9e728 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -19,7 +19,7 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=$TARGETARCH GO111MODULE=on \
 ## Runtime
 ##
 
-FROM --platform=$TARGETPLATFORM alpine:3.20.3 as runtime
+FROM --platform=$TARGETPLATFORM alpine:3.21.0 as runtime
 RUN apk add iptables-legacy iptables libcap && \
     touch /run/xtables.lock && \
     chmod 0666 /run/xtables.lock
diff --git a/Dockerfile-cni-plugin b/Dockerfile-cni-plugin
index e25fe2eb..18ebadd4 100644
--- a/Dockerfile-cni-plugin
+++ b/Dockerfile-cni-plugin
@@ -34,7 +34,7 @@ RUN --mount=type=cache,target=target \
     just cni-repair-controller arch="$TARGETARCH" profile=release build && \
     mv "target/$target/release/linkerd-cni-repair-controller" .
 
-FROM --platform=$TARGETPLATFORM alpine:3.20.3 as runtime
+FROM --platform=$TARGETPLATFORM alpine:3.21.0 as runtime
 WORKDIR /linkerd
 RUN apk add \
     # For inotifywait

From 21389fa8071a78df3368f2dbf48a18253709e226 Mon Sep 17 00:00:00 2001
From: Alejandro Pedraza <alejandro@buoyant.io>
Date: Mon, 9 Dec 2024 10:24:21 -0500
Subject: [PATCH 2/2] Update location of xtables files

See https://gitlab.alpinelinux.org/alpine/aports/-/commit/c49f2fa7aeab3487da65ca4398477af73fde51cb
---
 Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index def9e728..420173a9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -27,8 +27,8 @@ RUN apk add iptables-legacy iptables libcap && \
 COPY --link --from=go /out/linkerd2-proxy-init /usr/local/bin/proxy-init
 
 # Set sys caps for iptables utilities and proxy-init
-RUN setcap cap_net_raw,cap_net_admin+eip /sbin/xtables-legacy-multi && \
-    setcap cap_net_raw,cap_net_admin+eip /sbin/xtables-nft-multi && \
+RUN setcap cap_net_raw,cap_net_admin+eip /usr/sbin/xtables-legacy-multi && \
+    setcap cap_net_raw,cap_net_admin+eip /usr/sbin/xtables-nft-multi && \
     setcap cap_net_raw,cap_net_admin+eip /usr/local/bin/proxy-init
 
 USER 65534