From 36b410abdb16ff0396d42e34fe627a5a3b3eee1f Mon Sep 17 00:00:00 2001
From: shortstacked <declan@n8n.io>
Date: Thu, 10 Jul 2025 13:31:29 +0100
Subject: [PATCH] ci: Update base image packages (#17185)

---
 docker/images/n8n-base/Dockerfile | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/docker/images/n8n-base/Dockerfile b/docker/images/n8n-base/Dockerfile
index 35fccf3938..7162cf9c90 100644
--- a/docker/images/n8n-base/Dockerfile
+++ b/docker/images/n8n-base/Dockerfile
@@ -13,8 +13,20 @@ RUN \
   apk del .build-deps-fonts && \
   find /usr/share/fonts/truetype/msttcorefonts/ -type l -exec unlink {} \;
 
-# Install essential OS dependencies
-RUN apk add --no-cache git openssh graphicsmagick tini tzdata ca-certificates libc6-compat jq
+# Install essential OS dependencies with pinned versions
+RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories && \
+    apk update && \
+    apk upgrade && \
+    apk add --no-cache \
+        git=2.50.1-r0 \
+        openssh=10.0_p1-r7 \
+        openssl=3.5.1-r0 \
+        graphicsmagick=1.3.45-r0 \
+        tini=0.19.0-r3 \
+        tzdata=2025b-r0 \
+        ca-certificates=20241121-r2 \
+        libc6-compat=1.1.0-r4 \
+        jq=1.8.0-r0
 
 # Update npm, install full-icu and npm@11.4.2 to fix brace-expansion vulnerability
 # Remove npm update after vulnerability is fixed in in node image