From 85a499c4454f7763b639b59986b8676d96ebd831 Mon Sep 17 00:00:00 2001
From: boite <boite@users.noreply.github.com>
Date: Sun, 22 Mar 2026 09:51:21 +0000
Subject: [PATCH 1/2] chore: reduce scheduled build from daily to weekly on
 Thursdays

Thursday chosen to avoid build failures needing attention on the
busiest days of the working week.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .github/workflows/production.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/production.yml b/.github/workflows/production.yml
index 54d866a..4c0fd35 100644
--- a/.github/workflows/production.yml
+++ b/.github/workflows/production.yml
@@ -6,7 +6,7 @@ on:
     branches:
     - master
   schedule:
-  - cron: 00 4 * * *
+  - cron: 00 4 * * 4
 
 jobs:
   build:

From 49a40b799f86f051d5f334f60147c8dfcd549035 Mon Sep 17 00:00:00 2001
From: boite <boite@users.noreply.github.com>
Date: Sun, 22 Mar 2026 09:38:27 +0000
Subject: [PATCH 2/2] fix: update npm to resolve Trivy CVEs in bundled
 dependencies

Upgrades npm to latest after Node.js install to patch vulnerable
transitive dependencies (cross-spawn, glob, minimatch, tar).
Chose to update npm rather than upgrade to Node.js 22 to avoid
potential breaking changes for downstream consumers.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 Dockerfile.php7 | 2 ++
 Dockerfile.php8 | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/Dockerfile.php7 b/Dockerfile.php7
index fbc740d..41840ea 100644
--- a/Dockerfile.php7
+++ b/Dockerfile.php7
@@ -64,6 +64,8 @@ RUN curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg \
   && apt-get clean \
   && rm -rf /var/lib/apt/lists/*
 
+RUN npm install -g npm@latest
+
 RUN docker-php-ext-install bz2 \
   && install-php-extensions apcu gd gmp intl opcache pdo_mysql pdo_pgsql sockets zip imap mailparse soap mysqli bcmath \
   && apt-get autoremove \
diff --git a/Dockerfile.php8 b/Dockerfile.php8
index cefcbc2..d210073 100644
--- a/Dockerfile.php8
+++ b/Dockerfile.php8
@@ -64,6 +64,8 @@ RUN curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg \
   && apt-get clean \
   && rm -rf /var/lib/apt/lists/*
 
+RUN npm install -g npm@latest
+
 RUN docker-php-ext-install bz2 \
   && install-php-extensions apcu gd gmp intl opcache pdo_mysql pdo_pgsql sockets zip imap mailparse soap mysqli bcmath \
   && apt-get autoremove \