Bump everything

I saw a new GStreamer release, and I'm sure Dependabot will yell about
that horrifying React server CVE even though I can practically guarantee
this project will never use server components. I'm comfortable enough
with what I see here.

Author: featherbread

Dockerfile

@@ -1,12 +1,12 @@
-# syntax = docker.io/docker/dockerfile:1.16
+# syntax = docker.io/docker/dockerfile:1.20
 
 # The Alpine and Go base images must use the same release of Alpine.
 ARG ALPINE_BASE=docker.io/library/alpine:3.22
 ARG GOLANG_BASE=docker.io/library/golang:1.25-alpine3.22
 # The Node.js image does not require any particular OS.
 ARG NODEJS_BASE=docker.io/library/node:24-alpine
 # See https://gstreamer.freedesktop.org/news/.
-ARG GSTREAMER_VERSION=1.26.8
+ARG GSTREAMER_VERSION=1.26.9
 
 # Mirror of https://gitlab.freedesktop.org/gstreamer/gstreamer.git.
 # Since this is formally marked as a "public mirror" in the GitHub web UI, my