v1.0.6-beta.009 - Resolve NPM vulnerabilities and secure Docker production stage
- Added strict overrides in package.json for picomatch (4.0.4) and brace-expansion (5.0.5) to resolve CVE-2026-33671, CVE-2026-33672, and CVE-2026-33750.
- Regenerated a clean package-lock.json to ensure a flat, secure dependency tree.
- Updated Dockerfile to copy Prisma directly from the builder stage instead of running
pm install in the final runner stage. This prevents NPM from bypassing the lockfile and re-injecting vulnerable dependencies into the production image. - Note: Retained standard Alpine base image for build stability; busybox CVE-2025-60876 will naturally resolve when Alpine updates their stable repository.