v1.0.6-beta.010 - Surgically remove CVEs from final Docker image
- Pulled busybox directly from the Alpine Edge repository during the OS update step to apply the unreleased patch for CVE-2025-60876.
- Maintained build stability by restoring package-lock.json and
pm ci in the dependency stage. - Implemented a surgical strike in the Dockerfile builder stage to physically delete all deeply nested, vulnerable copies of picomatch and brace-expansion from the Next.js standalone output.
- Forcefully installed secure versions (picomatch@4.0.4, brace-expansion@5.0.5) at the root of the standalone folder to guarantee zero vulnerabilities in the final production image.