Update docker libraries

[aleksejs1]

By the simple scanning of docker image with trivy docker run -v /var/run/docker.sock:/var/run/docker.sock -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy:0.63.0 image brufdev/many-notes:latest you can see that there are a lot of vulnerabilities in current docker image.

brufdev/many-notes:latest (debian 12.10)
========================================
Total: 1039 (UNKNOWN: 11, LOW: 405, MEDIUM: 494, HIGH: 128, CRITICAL: 1)

Additionally to it you can't use custom OS user with restricted access ( #48 ).

When the user care about the privacy and want to use self-hosted note app, it shouldn't has any vulnerabilities.

[brufdev]

The base image is this, based on the latest version of Debian (bookworm). All dependencies are installed on top of this base image, which may introduce vulnerabilities. To mitigate this, I make sure everything is updated with each release and serve the image using an unprivileged user to minimize security risks.

Additionally to it you can't use custom OS user with restricted access ( #48 ).

On the contrary, what you can't do is run the image with unrestricted access (root).

When the user care about the privacy and want to use self-hosted note app, it shouldn't has any vulnerabilities.

It's impossible to create software with absolutely zero vulnerabilities, and a package with no vulnerabilities found doesn't mean it has no vulnerabilities. What we can do is keep everything updated and follow the Least Privilege Principle to minimize risks and mitigate the impact of vulnerabilities.

That being said, if there's anything specific I can do to improve security, I'm always open to do better.