From a73e72019b619d643ca1952ec260550f65ba4cad Mon Sep 17 00:00:00 2001
From: GO-MOO <olivier.monod@gmail.com>
Date: Mon, 13 Apr 2026 13:52:41 +0200
Subject: [PATCH 1/3] patch AWS image

---
 Dockerfile.lambda | 9 +++++++++
 pyproject.toml    | 2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/Dockerfile.lambda b/Dockerfile.lambda
index b50936d..6b0a68c 100644
--- a/Dockerfile.lambda
+++ b/Dockerfile.lambda
@@ -28,6 +28,15 @@ RUN --mount=from=uv,source=/uv,target=/bin/uv \
 
 FROM public.ecr.aws/lambda/python:3.14
 
+# Patch OS-level vulnerabilities (openssl, aws-lambda-rie).
+RUN dnf upgrade -y openssl-libs openssl-fips-provider-latest && \
+    dnf clean all && \
+    rm -rf /var/cache/dnf
+
+# Update aws-lambda-rie to latest release to fix CVE-2026-2673.
+ADD https://github.com/aws/aws-lambda-runtime-interface-emulator/releases/latest/download/aws-lambda-rie-x86_64 /usr/local/bin/aws-lambda-rie
+RUN chmod 755 /usr/local/bin/aws-lambda-rie
+
 # Copy the runtime dependencies from the builder stage.
 COPY --from=builder ${LAMBDA_TASK_ROOT} ${LAMBDA_TASK_ROOT}
 
diff --git a/pyproject.toml b/pyproject.toml
index 0d1e9fc..7ee2d74 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "drillapi"
-version = "0.1.2"
+version = "0.1.12"
 description = "drillapi"
 authors = [{name = "SFOE", email = "geoinformation@bfe.admin.ch"}]
 readme = "README.md"

From 50cc565e70731d6e31906f38d14dec195afbbf8c Mon Sep 17 00:00:00 2001
From: monodo <olivier.monod@gmail.com>
Date: Mon, 13 Apr 2026 15:45:25 +0200
Subject: [PATCH 2/3] Apply suggestion from @domilulu

Co-authored-by: domilulu <162573224+domilulu@users.noreply.github.com>
---
 Dockerfile.lambda | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Dockerfile.lambda b/Dockerfile.lambda
index 6b0a68c..6fb496d 100644
--- a/Dockerfile.lambda
+++ b/Dockerfile.lambda
@@ -29,6 +29,7 @@ RUN --mount=from=uv,source=/uv,target=/bin/uv \
 FROM public.ecr.aws/lambda/python:3.14
 
 # Patch OS-level vulnerabilities (openssl, aws-lambda-rie).
+# fix CVE-2026-2673.
 RUN dnf upgrade -y openssl-libs openssl-fips-provider-latest && \
     dnf clean all && \
     rm -rf /var/cache/dnf

From 87f6e2a4bd7e0c9d64fd322a700a8dd89a0292e6 Mon Sep 17 00:00:00 2001
From: monodo <olivier.monod@gmail.com>
Date: Mon, 13 Apr 2026 15:45:32 +0200
Subject: [PATCH 3/3] Apply suggestion from @domilulu

Co-authored-by: domilulu <162573224+domilulu@users.noreply.github.com>
---
 Dockerfile.lambda | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile.lambda b/Dockerfile.lambda
index 6fb496d..370ccf6 100644
--- a/Dockerfile.lambda
+++ b/Dockerfile.lambda
@@ -34,7 +34,7 @@ RUN dnf upgrade -y openssl-libs openssl-fips-provider-latest && \
     dnf clean all && \
     rm -rf /var/cache/dnf
 
-# Update aws-lambda-rie to latest release to fix CVE-2026-2673.
+# Update aws-lambda-rie to latest release to fix CVE-2026-32280.
 ADD https://github.com/aws/aws-lambda-runtime-interface-emulator/releases/latest/download/aws-lambda-rie-x86_64 /usr/local/bin/aws-lambda-rie
 RUN chmod 755 /usr/local/bin/aws-lambda-rie