Patch cves

Author: moshemorad

Dockerfile

@@ -6,7 +6,9 @@ ENV PYTHONUNBUFFERED=1
 ENV PATH="/app/venv/bin:$PATH"
 
 # Install system dependencies required for Poetry
+# Patching CVE-2025-68121 (Go crypto/tls improper certificate validation, requires Go >= 1.26.0)
 RUN apt-get update && \
+    apt-get upgrade -y && \
     dpkg --add-architecture arm64
 
 # Set the working directory

enforcer/Dockerfile

@@ -6,7 +6,8 @@ ENV PATH="/app/venv/bin:$PATH"
 
 # Patching CVE-2025-6965 (requires sqlite >= 3.50.2)
 # Alpine's current version (3.51.1-r0) already includes the fix
-RUN apk update && apk add --no-cache --upgrade \
+# Patching CVE-2025-68121 (Go crypto/tls improper certificate validation, requires Go >= 1.26.0)
+RUN apk update && apk upgrade --no-cache && apk add --no-cache --upgrade \
     sqlite-libs sqlite
 
 # Set the working directory