From 2652f1dd87f0f8d55c030a0a53288c61c79b118d Mon Sep 17 00:00:00 2001
From: Sudo-Ivan <ivan@quad4.io>
Date: Thu, 8 Jan 2026 12:39:31 -0600
Subject: [PATCH] chore(Dockerfile): upgrade pip to version 25.3 due to vuln in
 older version.

---
 Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index c2db657..f7fc59b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -21,7 +21,7 @@ RUN apk add --no-cache gcc musl-dev linux-headers python3-dev libffi-dev openssl
 RUN python -m venv /opt/venv
 ENV PATH="/opt/venv/bin:$PATH"
 COPY pyproject.toml poetry.lock ./
-RUN pip install --no-cache-dir poetry setuptools wheel && \
+RUN pip install --no-cache-dir "pip>=25.3" poetry setuptools wheel && \
     poetry config virtualenvs.create false && \
     poetry install --no-root --only main
 
@@ -41,6 +41,7 @@ WORKDIR /app
 # Install runtime dependencies only
 # We keep py3-setuptools because CFFI/LXST might need it at runtime on Python 3.12+
 RUN apk add --no-cache ffmpeg opusfile libffi su-exec py3-setuptools espeak-ng && \
+    python -m pip install --no-cache-dir --upgrade "pip>=25.3" && \
     addgroup -g 1000 meshchat && adduser -u 1000 -G meshchat -S meshchat && \
     mkdir -p /config && chown meshchat:meshchat /config