@@ -35,7 +35,7 @@ FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.9.0@sha256:c64defb9ed5a91eacb37f9
3535# CVEs fixed: CVE-2023-24531, CVE-2023-24540, CVE-2023-29402, CVE-2023-29404,
3636# CVE-2023-29405, CVE-2024-24790, CVE-2025-22871, and 15 more
3737# renovate: datasource=docker depName=golang
38- FROM --platform=$BUILDPLATFORM golang:1.25 -trixie@sha256:dfdd969010ba978942302cee078235da13aef030d22841e873545001d68a61a7 AS gosu-builder
38+ FROM --platform=$BUILDPLATFORM golang:1.26 -trixie@sha256:889885d7cc1275935e3f9920aabadc5fadbe873f633d92a746f1bc401dd40f69 AS gosu-builder
3939COPY --from=xx / /
4040
4141WORKDIR /tmp/gosu
@@ -65,7 +65,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
6565# ---- Frontend Builder ----
6666# Build the frontend using the BUILDPLATFORM to avoid arm64 musl Rollup native issues
6767# renovate: datasource=docker depName=node
68- FROM --platform=$BUILDPLATFORM node:24.13.0 -slim@sha256:4660b1ca8b28d6d1906fd644abe34b2ed81d15434d26d845ef0aced307cf4b6f AS frontend-builder
68+ FROM --platform=$BUILDPLATFORM node:24.13.1 -slim@sha256:a81a03dd965b4052269a57fac857004022b522a4bf06e7a739e25e18bce45af2 AS frontend-builder
6969WORKDIR /app/frontend
7070
7171# Copy frontend package files
@@ -89,7 +89,7 @@ RUN --mount=type=cache,target=/app/frontend/node_modules/.cache \
8989
9090# ---- Backend Builder ----
9191# renovate: datasource=docker depName=golang
92- FROM --platform=$BUILDPLATFORM golang:1.25 -trixie@sha256:dfdd969010ba978942302cee078235da13aef030d22841e873545001d68a61a7 AS backend-builder
92+ FROM --platform=$BUILDPLATFORM golang:1.26 -trixie@sha256:889885d7cc1275935e3f9920aabadc5fadbe873f633d92a746f1bc401dd40f69 AS backend-builder
9393# Copy xx helpers for cross-compilation
9494COPY --from=xx / /
9595
@@ -162,7 +162,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
162162# Build Caddy from source to ensure we use the latest Go version and dependencies
163163# This fixes vulnerabilities found in the pre-built Caddy images (e.g. CVE-2025-59530, stdlib issues)
164164# renovate: datasource=docker depName=golang
165- FROM --platform=$BUILDPLATFORM golang:1.25 -trixie@sha256:dfdd969010ba978942302cee078235da13aef030d22841e873545001d68a61a7 AS caddy-builder
165+ FROM --platform=$BUILDPLATFORM golang:1.26 -trixie@sha256:889885d7cc1275935e3f9920aabadc5fadbe873f633d92a746f1bc401dd40f69 AS caddy-builder
166166ARG TARGETOS
167167ARG TARGETARCH
168168ARG CADDY_VERSION
@@ -227,7 +227,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
227227# Build CrowdSec from source to ensure we use Go 1.25.5+ and avoid stdlib vulnerabilities
228228# (CVE-2025-58183, CVE-2025-58186, CVE-2025-58187, CVE-2025-61729)
229229# renovate: datasource=docker depName=golang versioning=docker
230- FROM --platform=$BUILDPLATFORM golang:1.25.6 -trixie@sha256:0032c99f1682c40dca54932e2fe0156dc575ed12c6a4fdec94df9db7a0c17ab0 AS crowdsec-builder
230+ FROM --platform=$BUILDPLATFORM golang:1.26.0 -trixie@sha256:889885d7cc1275935e3f9920aabadc5fadbe873f633d92a746f1bc401dd40f69 AS crowdsec-builder
231231COPY --from=xx / /
232232
233233WORKDIR /tmp/crowdsec
0 commit comments