Changes
PR #2091 by jimscard and ksylvan: Update Dockerfile for best practices and critical CVE fixes
- Pins Alpine 3.21 and Go 1.25.9 explicitly for reproducible, auditable builds.
- Installs the Go toolchain directly in the builder stage, removing the dependency on an unavailable upstream
golangtag. - Upgrades
setuptoolsto remediate the critical vulnerability CVE-2025-47273. - Refreshes the
yt-dlpinstallation path to align with current packaging conventions. - Configures the final image to run as a non-root user, reducing the container's attack surface.