The goal of patching docker images is to fix any known vulnerabilities. You want to keep your images patched so the systems and data in them are safe from cyber attack.
There are a few ways to do this whats right for you will depend on your situation.
When building images you usually build off of another image using
FROM eg, your file might start with.
To get the updates from upstream you might be able to change the version tag, for example to
Some upgrades might take a bit longer, they might have unexpected complications.
If your not ready to update the base image version, or there isnt one available you can update the base os. For an ubuntu based image you would use
FROM ubuntu:18:04 RUN apt-get update && apt-get upgrade
Keep in mind adding this makes consecutive builds inconsistent and can be bad for build stability.