The goal of patching docker images is to fix any known vulnerabilities. You want to keep your images patched so the systems and data in them are safe from cyber attack.
There are a few ways to do this whats right for you will depend on your situation.
When building images you usually build off of another image using FROM eg, your file might start with.
FROM ubuntu:18:04
To get the updates from upstream you might be able to change the version tag, for example to ubuntu:20:02.
Some upgrades might take a bit longer, they might have unexpected complications.
If your not ready to update the base image version, or there isnt one available you can update the base os. For an ubuntu based image you would use apt-get upgrade
FROM ubuntu:18:04
RUN apt-get update && apt-get upgrade
Keep in mind adding this makes consecutive builds inconsistent and can be bad for build stability.