From 709a810775aa9c0583b15a71933fa0950e8816ed Mon Sep 17 00:00:00 2001
From: kitos <kitos@aegis.local>
Date: Fri, 12 Jun 2026 12:48:15 +0200
Subject: [PATCH] fix(docker): apply OS security patches via apt-get upgrade in
 backend image

Picks up Debian security fixes for systemd (257.13), sqlite3 (3.46.1-7+deb13u1),
sed (4.9-2+deb13u1) and other packages flagged by Snyk. All Docker image CVEs
were Low severity; Snyk CI threshold is set to high so none blocked builds.
---
 backend/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/Dockerfile b/backend/Dockerfile
index b0b9a44..44e2e2e 100644
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -3,7 +3,7 @@ FROM python:3.11-slim
 WORKDIR /app
 
 # Install system dependencies
-RUN apt-get update && apt-get install -y \
+RUN apt-get update && apt-get upgrade -y && apt-get install -y \
     gcc \
     libpq-dev \
     curl \