Update PostgreSQL version to 17.4 and disable auto minor version upgrades

[barne856]

• Update PostgreSQL engine version from 17.2 to 17.4 to match AWS RDS auto-updated version
• Disable auto minor version upgrades to prevent future automatic updates
• Update documentation comments to reflect version change

AWS RDS automatically updated the PostgreSQL instance to version 17.4, but the IaC was still configured for 17.2, creating a configuration drift that needed to be resolved.

[github-actions]

🔍 SonarQube Analysis Results

Summary:

• 🐛 Bugs: 0
• 🔒 Vulnerabilities: 0
• 🧹 Code Smells: 31
• 📊 Total Issues: 31

📋 Detailed Reports Available

📥 Download Full Report - Click "Artifacts" section

The detailed report includes:

• Complete breakdown by severity and type
• Specific file locations and line numbers
• Rule descriptions and fix suggestions
• CSV format for spreadsheet analysis
• Raw JSON data for custom processing

💡 Review the workflow summary for metrics and download the artifact for complete details.

[github-actions]

🔍 Vulnerabilities of ghcr.io/fema-ffrd/stormlit:latest

📦 Image Reference ghcr.io/fema-ffrd/stormlit:latest

digest	sha256:d387e45ca7fd88bbcc462258bcae3747dc0faff7f40d85dba10d7cd47eab4f14
vulnerabilities
platform	linux/amd64
size	909 MB
packages	400

📦 Base Image debian:12-slim

also known as	12.9-slim bookworm-20250203-slim bookworm-slim
digest	sha256:44bccdd61bf09a081b1db8c61cf49bfabf30ac7afcc970010137c0ab587b209c
vulnerabilities

pam 1.5.2-6+deb12u1 (deb) pkg:deb/debian/pam@1.5.2-6%2Bdeb12u1?os_distro=bookworm&os_name=debian&os_version=12 # Dockerfile (3:3) WORKDIR /app Affected range >=1.5.2-6+deb12u1 Fixed version Not Fixed Description A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. pam (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107919) https://www.openwall.com/lists/oss-security/2025/06/17/1 GHSA-f9p8-gjr4-j9gx Fixed by: linux-pam/linux-pam@475bd60 (v1.7.1) Fixed by: linux-pam/linux-pam@592d84e (v1.7.1) Fixed by: linux-pam/linux-pam@976c200 (v1.7.1)

glibc 2.36-9+deb12u9 (deb) pkg:deb/debian/glibc@2.36-9%2Bdeb12u9?os_distro=bookworm&os_name=debian&os_version=12 # Dockerfile (3:3) WORKDIR /app Affected range <2.36-9+deb12u10 Fixed version 2.36-9+deb12u10 EPSS Score 0.219% EPSS Percentile 45th percentile Description When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size. glibc 2.40-6 [bookworm] - glibc 2.36-9+deb12u10 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://www.openwall.com/lists/oss-security/2025/01/22/4 Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7d4b6bcae91f29d7b4daf15bab06b66cf1d2217c (2.40-branch) Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7971add7ee4171fdd8dfd17e7c04c4ed77a18845 (2.36-branch) https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2025-0001 https://sourceware.org/pipermail/libc-announce/2025/000044.html