[yokohummer7]

What I meant by "automatic" was Ubuntu/Debian's unattended upgrade feature. I've used it for years without any problem, and it has relieved much of my maintenance burden.

Maybe I need to enable it in containers too? I have no idea how to use it on (containerized) Alpine Linux though.

Even without unattended upgrades, finding the list of `Dockerfile`s and `docker-compose.xml`s that might be affected by a new vulnerability sounds more complicated to me. Until now it hasn't been that difficult but I'm still a bit nervous if I somehow missed some vulnerable images.