From acd07abcce0f2fa67c472e08265b9027e7e69c07 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com>
Date: Sun, 5 Apr 2026 18:18:58 +0200
Subject: [PATCH] fix(security): run apk upgrade in development Dockerfile

Add `apk upgrade --no-cache` before installing GnuPG and PostgreSQL
repository keys to ensure base Alpine packages are patched.
---
 docker/development/Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docker/development/Dockerfile b/docker/development/Dockerfile
index 98b4d2006..77013e1b9 100644
--- a/docker/development/Dockerfile
+++ b/docker/development/Dockerfile
@@ -33,7 +33,8 @@ RUN docker-php-serversideup-set-id www-data $USER_ID:$GROUP_ID && \
     docker-php-serversideup-set-file-permissions --owner $USER_ID:$GROUP_ID --service nginx
 
 # Install PostgreSQL repository and keys
-RUN apk add --no-cache gnupg && \
+RUN apk upgrade --no-cache && \
+    apk add --no-cache gnupg && \
     mkdir -p /usr/share/keyrings && \
     curl -fSsL https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor > /usr/share/keyrings/postgresql.gpg