fix(enterprise): use apt-get install --only-upgrade for targeted package updates

apt-get upgrade does not accept package arguments - it upgrades all packages. Changed to apt-get install --only-upgrade to correctly target specific packages for security updates (GnuPG CVEs). Co-authored-by: openhands <openhands@all-hands.dev>
2026-03-22 05:37:20 +08:00 · 2026-03-20 21:55:55 -05:00
parent 53821e0a7d
commit 82b2e306d2
1 changed files with 1 additions and 1 deletions
--- a/enterprise/Dockerfile
+++ b/enterprise/Dockerfile
@@ -14,7 +14,7 @@ RUN apt-get update && \
    apt-get install -y nodejs && \
    apt-get install -y jq gettext && \
    # Apply security updates for packages with available fixes
-    apt-get upgrade -y \
+    apt-get install --only-upgrade -y \
        libc-bin \
        libc6 \
        libgnutls30 \