From 3e60a2a0560924c67a98244983de7bc349284d6c Mon Sep 17 00:00:00 2001
From: Deivid Soto <hello@torrentclaw.com>
Date: Tue, 31 Mar 2026 10:20:30 +0200
Subject: [PATCH] fix(docker): upgrade alpine packages to patch CVE-2025-60876
 and CVE-2026-27171

---
 Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index ff5cdea..900572d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -18,7 +18,8 @@ RUN CGO_ENABLED=0 go build -ldflags="-s -w -X github.com/torrentclaw/unarr/inter
 # ---- Runtime stage ----
 FROM alpine:3.21
 
-RUN apk add --no-cache ca-certificates tzdata
+RUN apk upgrade --no-cache && \
+    apk add --no-cache ca-certificates tzdata
 
 # Non-root user (UID 1000 matches typical host user for volume permissions)
 RUN addgroup -g 1000 unarr && adduser -u 1000 -G unarr -D -h /home/unarr unarr