p2pool-starter-stack · VijitSingh97 · Jun 18, 2026 · Jun 18, 2026
@@ -4,7 +4,7 @@
 # uv's own CVEs into image scans, #282). uv lives only in the build/test stages.
 # ==========================================================================
 # Pinned by digest (#135) so the python:3.11-slim tag can't be silently re-pointed.
-FROM python:3.11-slim@sha256:a3ab0b966bc4e91546a033e22093cb840908979487a9fc0e6e38295747e49ac0 AS base
+FROM python:3.11-slim@sha256:ae52c5bef62a6bdd42cd1e8dffef86b9cd284bde9427da79839de7a4b983e7ca AS base
 
 # Run from a project venv on PATH (so entrypoint.sh's `python3` resolves to it); use the
 # digest-pinned base interpreter (never let uv download a different Python); compile bytecode and

@@ -1,6 +1,6 @@
 # Pinned by digest (#135). NOTE: still the floating `latest` tag — a follow-up could move this to a
 # specific alpine version; the digest already makes the build reproducible regardless.
-FROM alpine:latest@sha256:5b10f432ef3da1b8d4c7eb6c487f2f5a8f096bc91145e68878dd4a5019afde11
+FROM alpine:latest@sha256:28bd5fe8b56d1bd048e5babf5b10710ebe0bae67db86916198a6eec434943f8b
 
 # Install Tor plus the tools the bootstrap healthcheck needs: netcat (talk to the
 # control port) and xxd (hex-encode the auth cookie). --no-cache keeps the image small.