security: Dependency Updates

- **Security**: Bump `flask` to `3.1.3` (fixes CVE-2026-27205)
- **Security**: Bump `requests` to `2.33.0` (fixes CVE-2026-25645)
- **Security**: Upgrade `pip` during Docker build to `>=26.1` (addresses pip CVEs affecting older versions)

**Files changed**
- `requirements.txt`
- `Dockerfile`

Author: MMagTech

CHANGELOG.md

@@ -4,6 +4,14 @@ All notable changes to Nudgarr are documented here.
 
 ---
 
+## Unreleased
+
+- **Security:** Bump `flask` to 3.1.3 (fixes CVE-2026-27205).
+- **Security:** Bump `requests` to 2.33.0 (fixes CVE-2026-25645).
+- **Security:** Upgrade `pip` during Docker build to >= 26.1 (addresses multiple pip CVEs affecting older versions).
+
+---
+
 ## v5.0.1
 
 **Library, CF Score, and config follow-ups**

Dockerfile

@@ -5,7 +5,8 @@ RUN apk upgrade --no-cache
 
 # Install dependencies including su-exec for privilege dropping
 COPY requirements.txt /app/requirements.txt
-RUN pip install --no-cache-dir --no-compile -r /app/requirements.txt \
+RUN python -m pip install --no-cache-dir --upgrade "pip>=26.1" \
+    && pip install --no-cache-dir --no-compile -r /app/requirements.txt \
     && apk add --no-cache su-exec
 
 WORKDIR /app

requirements.txt

@@ -1,5 +1,5 @@
-flask==3.1.2
-requests==2.32.5
+flask==3.1.3
+requests==2.33.0
 apprise==1.9.8
 croniter==6.2.2
 waitress==3.0.2