mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

fix(#181): Update Alpine packages to patch Go stdlib vulnerabilities in postgres image

Browse Source 
Added explicit package update/upgrade step to patch CVE-2025-58183, CVE-2025-61726, CVE-2025-61728, and CVE-2025-61729 in Go stdlib components from Alpine Linux packages (likely LLVM or transitive dependencies).

The fix ensures all base image packages are up-to-date before pgvector build, capturing any security patches released for Alpine components.

Fixes #181
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Jason Woltje
2026-02-01 20:54:57 -06:00
parent 79ea041754
commit 7c2df59499
2 changed files with 199 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docker/postgres/Dockerfile
View File

@@ -3,6 +3,9 @@ FROM postgres:17-alpine
LABEL maintainer="Mosaic Stack <dev@mosaic.local>"
LABEL description="PostgreSQL 17 with pgvector extension"
# Update Alpine packages to patch Go stdlib vulnerabilities (CVE-2025-58183, CVE-2025-61726, CVE-2025-61728, CVE-2025-61729)
RUN apk update && apk upgrade
# Install build dependencies for pgvector
RUN apk add --no-cache --virtual .build-deps \
git \