Fix critical vulnerabilities (#2)

alanbchristie · a.b.christie · web-flow · commit f048016ad6d2 · 2025-12-18T11:11:46.000Z
* build: Update Python and lock

* ci: Update action versions

---------

Co-authored-by: a.b.christie &lt;alan.christie@matildapeak.com&gt;
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -32,13 +32,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v6
     - name: Lint Dockerfile
-      uses: hadolint/hadolint-action@v3.1.0
+      uses: hadolint/hadolint-action@v3.3.0
       with:
         dockerfile: Dockerfile
     - name: Set up Python
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v6
       with:
         python-version: '3.13'
     - name: Run pre-commit (all files)
@@ -53,7 +53,7 @@ jobs:
     - name: Inject slug/short variables
       uses: rlespinasse/github-slug-action@v5
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v6
     - name: Set up QEMU
       uses: docker/setup-qemu-action@v3
     - name: Set up Docker Buildx
diff --git a/.github/workflows/tag.yaml b/.github/workflows/tag.yaml
@@ -28,7 +28,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v6
     - name: Set up QEMU
       uses: docker/setup-qemu-action@v3
     - name: Set up Docker Buildx
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
 # The default base image
-ARG from_image=python:3.13.6-alpine3.22
+ARG from_image=python:3.13.11-alpine3.23
 FROM ${from_image} AS python-base
 
 # Labels
diff --git a/poetry.lock b/poetry.lock
