fix: upgrade pip, uv and zlib versions in Dockerfile.api. (hopefully fixing CVE-2026-32767, CVE-2026-22184, CVE-2026-27171, CVE-2026-32778 and CVE-2026-32777)

Zalfsten · Zalfsten · commit 29a5982db545 · 2026-03-30T14:26:26.000Z
diff --git a/docker/Dockerfile.api b/docker/Dockerfile.api
@@ -15,7 +15,7 @@ COPY pyproject.toml uv.lock ./
 COPY middleware ./middleware
 
 # Upgrade pip and install uv
-RUN pip install --no-cache-dir --upgrade pip==25.3 uv==0.9.27
+RUN pip install --no-cache-dir --upgrade pip==26.0.1 uv==0.11.2
 
 # Build wheels
 RUN uv build --package shared --wheel && \
@@ -31,12 +31,12 @@ RUN apk add --no-cache \
     python3-dev=3.12.12-r0 \
     libffi-dev=3.5.2-r0 \
     openssl-dev=3.5.5-r0 \
-    cargo=1.91.1-r0
+    cargo=1.91.1-r1
 
 WORKDIR /build
 
 # Install uv and PyInstaller
-RUN pip install --no-cache-dir --upgrade pip==25.3 uv==0.9.27
+RUN pip install --no-cache-dir --upgrade pip==26.0.1 uv==0.11.2
 
 # Copy built wheel from package-builder stage
 COPY --from=package-builder /build/dist/*.whl /tmp/wheels/
@@ -97,7 +97,11 @@ ENV UVICORN_PORT=8000
 ENV UVICORN_LOG_LEVEL=info
 
 # Create non-root user and group and fix permissions
-RUN apk add --no-cache curl=8.17.0-r1 git=2.52.0-r0 tzdata && \
+RUN apk add --no-cache --upgrade \
+        curl=8.17.0-r1 \
+        git=2.52.0-r0 \
+        zlib=1.3.2-r0 \
+        tzdata && \
     addgroup -S middleware && \
     adduser -S -H -G middleware middleware && \
     chown middleware:middleware /api
