fix(security): run apk upgrade in development Dockerfile

Add `apk upgrade --no-cache` before installing GnuPG and PostgreSQL repository keys to ensure base Alpine packages are patched.
2026-04-05 18:18:58 +02:00 · 2026-04-05 18:18:58 +02:00 · acd07abcce
commit acd07abcce
parent 7d9a0748bf
1 changed files with 2 additions and 1 deletions
--- a/docker/development/Dockerfile
+++ b/docker/development/Dockerfile
@ -33,7 +33,8 @@ RUN docker-php-serversideup-set-id www-data $USER_ID:$GROUP_ID && \
    docker-php-serversideup-set-file-permissions --owner $USER_ID:$GROUP_ID --service nginx

 # Install PostgreSQL repository and keys
-RUN apk add --no-cache gnupg && \
+RUN apk upgrade --no-cache && \
+    apk add --no-cache gnupg && \
    mkdir -p /usr/share/keyrings && \
    curl -fSsL https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor > /usr/share/keyrings/postgresql.gpg