Problem
The project currently pins postgres:11.1 in docker-compose.dev.yaml. PostgreSQL 11 reached end of life in November 2023 and no longer receives security patches. Running an EOL database in any environment — including development — means known CVEs go unaddressed and the setup diverges further from what a production deployment would use.
Proposed change
Bump the image to postgres:16 (or postgres:17), which are both actively maintained. The migration should also pin to a minor version tag (e.g. postgres:16.3) for reproducibility rather than using a floating major-version tag.
Steps to verify
- Update the image tag in docker-compose.dev.yaml
- Run make local and confirm the API engine connects successfully
- Run existing tests with make check-api and confirm no regressions
Problem
The project currently pins postgres:11.1 in docker-compose.dev.yaml. PostgreSQL 11 reached end of life in November 2023 and no longer receives security patches. Running an EOL database in any environment — including development — means known CVEs go unaddressed and the setup diverges further from what a production deployment would use.
Proposed change
Bump the image to postgres:16 (or postgres:17), which are both actively maintained. The migration should also pin to a minor version tag (e.g. postgres:16.3) for reproducibility rather than using a floating major-version tag.
Steps to verify