chore: Update package dependencies

Author: banshee86vr

.github/workflows/security.yml

@@ -77,7 +77,7 @@ jobs:
           severity: CRITICAL,HIGH
           exit-code: "1"
           scanners: vuln
-          ignore-unfixed: true
+          ignore-unfixed: false
 
       - name: Upload Trivy filesystem scan results
         if: success()
@@ -106,6 +106,7 @@ jobs:
           severity: CRITICAL,HIGH
           exit-code: "1"
           scanners: vuln
+          ignore-unfixed: false
 
       - name: Upload Trivy backend image scan results
         if: success()
@@ -133,8 +134,8 @@ jobs:
           output: trivy-frontend-image.sarif
           severity: CRITICAL,HIGH
           exit-code: "1"
-          ignore-unfixed: true
           scanners: vuln
+          ignore-unfixed: false
 
       - name: Upload Trivy frontend image scan results
         if: success()

docker/Dockerfile.backend

@@ -31,8 +31,8 @@ FROM node:25-alpine
 
 WORKDIR /workspace
 
-# Install runtime dependencies
-RUN apk add --no-cache openssl wget && \
+# Apply latest security patches, then runtime dependencies
+RUN apk upgrade --no-cache && apk add --no-cache openssl wget && \
     npm install -g npm@latest pnpm@10
 
 # Copy workspace configuration

docker/Dockerfile.frontend

@@ -24,6 +24,10 @@ RUN cd frontend && pnpm run build
 # Production stage - using minimal nginx
 FROM nginx:1.29.8-alpine
 
+# Apply latest security patches from Alpine repos (Trivy: e.g. libpng/zlib)
+USER root
+RUN apk upgrade --no-cache
+
 # Create non-root user for nginx (or use existing nginx user)
 # nginx:alpine already has nginx user/group, so we'll just use it
 # The default nginx user has UID 101 and GID 101

package.json

@@ -27,7 +27,10 @@
   "pnpm": {
     "overrides": {
       "defu": ">=6.1.5",
-      "picomatch": ">=4.0.4"
+      "picomatch": ">=4.0.4",
+      "hono": ">=4.12.14",
+      "@hono/node-server": ">=1.19.13",
+      "postcss": ">=8.5.10"
     },
     "onlyBuiltDependencies": [
       "@prisma/client",