Find the image that has CVE package fixes

I have a handful of Google Container images featuring Musl Vulns.

Example:
gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.13

https://console.cloud.google.com/gcr/images/google-containers/GLOBAL/k8s-dns-kube-dns-amd64?gcrImageListsize=30 lists all available image versions.

How do I try to find out which image the update contains? Since it's open source I checked it out at https://github.com/kubernetes/dns. specifically:

  • https://github.com/kubernetes/dns/blob/master/Dockerfile.kube-dns. Seems to show no basic picture
  • https://github.com/kubernetes/dns/blob/master/Makefile Shows "BUILD_IMAGE? = golang: 1.11-alpine", but this image is quite old and is not even listed in https://github.com/docker Library / Golang / Tree / Master, with the latest version being 1.13