From 00fe67465a4e4b87cde364ea5b1013e7949858a9 Mon Sep 17 00:00:00 2001
From: Andy Chosak <andy.chosak@cfpb.gov>
Date: Tue, 14 Apr 2026 11:22:58 -0400
Subject: [PATCH 1/2] chore: rebuild docker image for upstream CVE fixes


From 1b26ad12e1efd4463875613628f7f0f110fb24c9 Mon Sep 17 00:00:00 2001
From: Andy Chosak <andy.chosak@cfpb.gov>
Date: Tue, 14 Apr 2026 12:13:46 -0400
Subject: [PATCH 2/2] Always APK update/upgrade when building image

---
 Dockerfile | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index b5d4b60..06df1a5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,7 +4,8 @@ WORKDIR /build
 
 COPY pyproject.toml .
 
-RUN pip install --no-cache-dir --prefix=/install .
+RUN apk update --no-cache && apk upgrade --no-cache && \
+    pip install --no-cache-dir --prefix=/install .
 
 COPY app.py .
 
@@ -18,6 +19,8 @@ COPY --from=builder /install /usr/local
 WORKDIR /app
 COPY app.py .
 
+RUN apk update --no-cache && apk upgrade --no-cache
+
 USER appuser
 
 ENTRYPOINT ["python", "app.py"]