derekc
392a48dfb9
- Add server_tokens off to nginx (suppress version leakage) - Add deploy.resources.limits to all containers (db: 512M, api: 256M, nginx: 64M) - Pin image tags: mysql:8.0 → 8.0.45, nginx:alpine → 1.29.6-alpine - Fix CVEs: cryptography 43.0.3 → 46.0.5 (HIGH), python-jose 3.3.0 → 3.4.0 (CRITICAL) - Add .limit(500) to GET /api/flock and GET /api/admin/users Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>