fix node install security issue

Author: oscarlevin

.devcontainer/devcontainer.json

@@ -0,0 +1,27 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/docker-in-docker
+{
+	"name": "Docker in Docker",
+	// Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
+	"image": "mcr.microsoft.com/devcontainers/base:bullseye",
+
+	"features": {
+		"ghcr.io/devcontainers/features/docker-in-docker:2": {
+			"version": "latest",
+			"enableNonRootDocker": "true",
+			"moby": "true"
+		}
+	}
+
+	// Use 'forwardPorts' to make a list of ports inside the container available locally.
+	// "forwardPorts": [],
+
+	// Use 'postCreateCommand' to run commands after the container is created.
+	// "postCreateCommand": "docker --version",
+
+	// Configure tool-specific properties.
+	// "customizations": {},
+
+	// Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
+	// "remoteUser": "root"
+}

.github/dependabot.yml

@@ -0,0 +1,12 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for more information:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+# https://containers.dev/guide/dependabot
+
+version: 2
+updates:
+ - package-ecosystem: "devcontainers"
+   directory: "/"
+   schedule:
+     interval: weekly

CHANGELOG.md

@@ -9,6 +9,12 @@ Instructions: Add a subsection under `[Unreleased]` for additions, fixes, change
 
 ## [Unreleased]
 
+## [1.9] - 2026-02-04
+
+### Fixed
+
+- Node install caused the apt-get update to fail due to missing gpg key.  Fixed by adding key manually.
+
 ## [1.8] - 2026-01-19
 
 ### Fixed

base/Dockerfile

@@ -39,7 +39,16 @@ RUN apt-get update \
                     ghostscript \
                     gcc \
                     build-essential \
-&& curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \
+                    ca-certificates \
+                    gnupg \
+&& NODE_MAJOR=22 \
+# Create a directory for the new repository's keyring, if it doesn't exist
+&& mkdir -p /etc/apt/keyrings \
+# Download the new repository's GPG key and save it in the keyring directory
+&& curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg \
+# Add the new repository's source list with its GPG key for package verification
+&& echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_${NODE_MAJOR}.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list \
+&& apt-get update \
 && apt-get install -y --no-install-recommends nodejs \
 && node -v \
 && pip install pip --upgrade --no-cache-dir \

version.txt

@@ -1 +1 @@
-1.8
+1.9