Base image used by operator is a dev-preview image and has 2 security vulnerabilities (1 high, 1 medium), as detected by the quay.io image security scan.

This is the base image in the Dockerfile used for image builds that is added by the operator-sdk when a new project is scaffolded with `operator-sdk new <operator-name>`. This is due to be updated to a non-dev-preview image in a future version of the operator-sdk as documented in the CHANGELOG here, but is not yet in the latest published release.