From 66507f2451ff78fe7f8908ef49dfac54cab1ef1c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ina=20Od=C3=A9n=20=C3=96sterbo?=
 <i-oden@users.noreply.github.com>
Date: Tue, 16 Dec 2025 08:21:22 +0100
Subject: [PATCH 1/4] bump codeql

---
 .github/workflows/trivy-scheduled.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/trivy-scheduled.yaml b/.github/workflows/trivy-scheduled.yaml
index 3727eaec..8b0fe62c 100644
--- a/.github/workflows/trivy-scheduled.yaml
+++ b/.github/workflows/trivy-scheduled.yaml
@@ -40,7 +40,7 @@ jobs:
           severity: 'CRITICAL,HIGH'
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: 'trivy-results.sarif'
           category: trivy-cron

From 8c68405f94b1358524c7243f641b9598ba0633a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ina=20Od=C3=A9n=20=C3=96sterbo?=
 <i-oden@users.noreply.github.com>
Date: Tue, 16 Dec 2025 08:59:17 +0100
Subject: [PATCH 2/4] libpng bump explicitely

---
 Dockerfiles/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfiles/Dockerfile b/Dockerfiles/Dockerfile
index f9543042..cf3ef05a 100644
--- a/Dockerfiles/Dockerfile
+++ b/Dockerfiles/Dockerfile
@@ -1,6 +1,6 @@
 # Use alpine Linux, download desired version of HUGO and build html files
 FROM alpine:3.21 AS build
-RUN apk add --no-cache wget
+RUN apk add --no-cache wget "libpng>=1.6.53-r0"
 ARG HUGO_VERSION="0.147.3"
 ARG HUGO_ENV_ARG
 WORKDIR /src

From b508f080f8f5323e562fbad9c33be8a53960bc82 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ina=20Od=C3=A9n=20=C3=96sterbo?=
 <i-oden@users.noreply.github.com>
Date: Tue, 16 Dec 2025 09:06:13 +0100
Subject: [PATCH 3/4] update and upgrade

---
 Dockerfiles/Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Dockerfiles/Dockerfile b/Dockerfiles/Dockerfile
index cf3ef05a..bfd2e848 100644
--- a/Dockerfiles/Dockerfile
+++ b/Dockerfiles/Dockerfile
@@ -1,6 +1,7 @@
 # Use alpine Linux, download desired version of HUGO and build html files
 FROM alpine:3.21 AS build
-RUN apk add --no-cache wget "libpng>=1.6.53-r0"
+RUN apk update && apk upgrade --no-cache
+RUN apk add --no-cache wget
 ARG HUGO_VERSION="0.147.3"
 ARG HUGO_ENV_ARG
 WORKDIR /src

From c98e7cde7eba3f45efe25492cfb22ac4eb636617 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ina=20Od=C3=A9n=20=C3=96sterbo?=
 <i-oden@users.noreply.github.com>
Date: Tue, 16 Dec 2025 09:06:56 +0100
Subject: [PATCH 4/4] skip no cache

---
 Dockerfiles/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfiles/Dockerfile b/Dockerfiles/Dockerfile
index bfd2e848..cdb85d4f 100644
--- a/Dockerfiles/Dockerfile
+++ b/Dockerfiles/Dockerfile
@@ -1,6 +1,6 @@
 # Use alpine Linux, download desired version of HUGO and build html files
 FROM alpine:3.21 AS build
-RUN apk update && apk upgrade --no-cache
+RUN apk update && apk upgrade
 RUN apk add --no-cache wget
 ARG HUGO_VERSION="0.147.3"
 ARG HUGO_ENV_ARG