// Upgrade pinned dependencies (LibRaw, SQLite, Node.js base image) in the Alpine Dockerfile. Use when the user asks to update, bump, or upgrade Dockerfile dependencies in base-tools.
| name | update |
| description | Upgrade pinned dependencies (LibRaw, SQLite, Node.js base image) in the Alpine Dockerfile. Use when the user asks to update, bump, or upgrade Dockerfile dependencies in base-tools. |
| allowed-tools | Bash, Read, Edit, Grep, Glob, WebFetch |
Bump the pinned versions of LibRaw, SQLite, and the Node.js base image in Dockerfile, validate the build, and summarize each change with GitHub links for every new commit.
This is the Alpine sibling of base-tools-debian. It does not build jpegtran/libjpeg-turbo.
grep -nE "FROM node|libraw/tarball|sqlite-autoconf" /home/mrm/src/base-tools/Dockerfilecd /home/mrm/src/base-tools && git status --shortAlways run these before reading versions โ sibling clones may be stale.
cd /home/mrm/src/LibRaw && git fetch --tags --prune && git pull --ff-only
If the pull fails (non-fast-forward, dirty tree, missing clone), stop and report to the user โ do not proceed blindly.
Do not git pull /home/mrm/src/sqlite โ it is a downloaded source tarball, not a git clone. SQLite versions are queried directly from sqlite.org in Step 3.
FROM node: line in Dockerfile.FROM line without approval.FROM line alone./home/mrm/src/LibRaw, run git log -1 --format="%H %s" origin/master to get the HEAD SHA. Compare to the SHA in the Dockerfile tarball URL. If different, that's the new pin./home/mrm/src/sqlite is a downloaded tarball, not a git clone โ ignore it. Query sqlite.org directly: WebFetch https://sqlite.org/chronology.html (or https://sqlite.org/download.html) to find the latest autoconf release. Note both the version (e.g. 3530000) and the year segment (e.g. 2026). Compare to the Dockerfile URL.For LibRaw, always show the user a summary of what changed between the old and new SHA before editing the Dockerfile:
cd /home/mrm/src/LibRaw && git log --oneline <old-sha>..<new-sha>
cd /home/mrm/src/LibRaw && git diff --stat <old-sha>..<new-sha>
For SQLite, read the release notes snippet from https://sqlite.org/releaselog/.html (e.g. 3_53_0.html).
Use Edit to change only the pins. Preserve formatting exactly. Pin LibRaw by SHA (never by tag) โ this is a hard project rule.
Update the # YYYYMMDD: comment above the build block if it's a meaningful bump, using today's date.
Keep this Dockerfile in rough sync with ../base-tools-debian/Dockerfile for the LibRaw/SQLite/Node versions โ bumping one typically means bumping the other.
cd /home/mrm/src/base-tools && make validate
If the build fails, investigate and fix โ do not revert without understanding the cause. Report the failure to the user with the relevant log excerpt.
Present a summary in this shape. Use the GitHub compare URL for LibRaw and a link to the SQLite release notes.
## Dependency updates (Alpine)
- **LibRaw**: `<old-sha-short>` โ `<new-sha-short>` (N commits)
https://github.com/LibRaw/LibRaw/compare/<old-sha>...<new-sha>
- <one-line summary per notable commit>
- **SQLite**: `3.X.Y` โ `3.A.B`
https://sqlite.org/releaselog/<version>.html
- **Node.js**: unchanged at `node:NN-alpine` (current LTS)
`make validate` passed.
Do not git commit โ per the user's global rule, always ask before committing.