diff --git a/build-docker.sh b/build-docker.sh
index d20ad8252..ed6da5ea5 100755
--- a/build-docker.sh
+++ b/build-docker.sh
@@ -21,10 +21,10 @@ fi
 if [ -z "$ALPINE_CHECKSUM" ]; then
   case "$ALPINE_ARCH" in
     aarch64)
-      ALPINE_CHECKSUM="bc541e148463b3dde10fdbb1af8eac4e34706eae8883c6d126263db07a9a9c42"
+      ALPINE_CHECKSUM="a5de8f89f3851d929704feafda9ff0d7402ae138176bba8b3f6a25ecbb0b8f46"
       ;;
     x86_64)
-      ALPINE_CHECKSUM="bcdf5a4e58637b9228f8e474547a3de9ea02a05a5fa68a2495b0657ada7e65f6"
+      ALPINE_CHECKSUM="4591f811a5515b13d60ab76f78bb8fd1cb9d9857a98cf7e2e5b200e89701e62c"
       ;;
     *)
       exit
@@ -35,9 +35,9 @@ if [ -z "$ALPINE_CHECKSUM" ]; then
 CONTAINER_NAME=${CONTAINER_NAME:-trezor-firmware-env.nix}
 ALPINE_CDN=${ALPINE_CDN:-https://dl-cdn.alpinelinux.org/alpine}
 ALPINE_RELEASE=${ALPINE_RELEASE:-3.14}
-ALPINE_VERSION=${ALPINE_VERSION:-3.14.0}
+ALPINE_VERSION=${ALPINE_VERSION:-3.14.2}
 ALPINE_TARBALL=${ALPINE_FILE:-alpine-minirootfs-$ALPINE_VERSION-$ALPINE_ARCH.tar.gz}
-NIX_VERSION=${NIX_VERSION:-2.3.14}
+NIX_VERSION=${NIX_VERSION:-2.3.15}
 CONTAINER_FS_URL=${CONTAINER_FS_URL:-"$ALPINE_CDN/v$ALPINE_RELEASE/releases/$ALPINE_ARCH/$ALPINE_TARBALL"}
 
 VARIANTS_core=(0 1)
diff --git a/ci/Dockerfile b/ci/Dockerfile
index eb829f65f..3b61914e2 100644
--- a/ci/Dockerfile
+++ b/ci/Dockerfile
@@ -1,7 +1,7 @@
 # install the latest Alpine linux from scratch
 
 FROM scratch
-ARG ALPINE_VERSION=3.14.0
+ARG ALPINE_VERSION=3.14.2
 ARG ALPINE_ARCH=x86_64
 ADD alpine-minirootfs-${ALPINE_VERSION}-${ALPINE_ARCH}.tar.gz /
 
@@ -12,7 +12,7 @@ RUN apk add --no-cache --update openssl \
   && echo hosts: files dns > /etc/nsswitch.conf
 
 # Download Nix and install it into the system.
-ARG NIX_VERSION=2.3.14
+ARG NIX_VERSION=2.3.15
 RUN wget https://nixos.org/releases/nix/nix-${NIX_VERSION}/nix-${NIX_VERSION}-${ALPINE_ARCH}-linux.tar.xz \
   && tar xf nix-${NIX_VERSION}-${ALPINE_ARCH}-linux.tar.xz \
   && addgroup -g 30000 -S nixbld \
diff --git a/ci/environment.yml b/ci/environment.yml
index 47d533e4c..bbd1d4247 100644
--- a/ci/environment.yml
+++ b/ci/environment.yml
@@ -7,16 +7,16 @@ environment:
     CONTAINER_NAME: "$CI_REGISTRY/satoshilabs/trezor/trezor-firmware/trezor-firmware-env.nix"
     ALPINE_RELEASE: "3.14"
     ALPINE_ARCH: "x86_64"
-    ALPINE_VERSION: "3.14.0"
-    ALPINE_CHECKSUM: "bcdf5a4e58637b9228f8e474547a3de9ea02a05a5fa68a2495b0657aaa7e65f6"
-    NIX_VERSION: "2.3.14"
+    ALPINE_VERSION: "3.14.2"
+    ALPINE_CHECKSUM: "4591f811a5515b13d60ab76f78bb8fd1cb9d9857a98cf7e2e5b200e89701e62c"
+    NIX_VERSION: "2.3.15"
   services:
     - docker:dind
   before_script:
     - docker login $CI_REGISTRY -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD
   script:
     - wget -nc -P ci/ https://dl-cdn.alpinelinux.org/alpine/v$ALPINE_RELEASE/releases/$ALPINE_ARCH/alpine-minirootfs-$ALPINE_VERSION-$ALPINE_ARCH.tar.gz
-    - echo "${ALPINE_CHECKSUM} ci/alpine-minirootfs-$ALPINE_VERSION-$ALPINE_ARCH.tar.gz" | sha256sum -c
+    - echo "${ALPINE_CHECKSUM}  ci/alpine-minirootfs-$ALPINE_VERSION-$ALPINE_ARCH.tar.gz" | sha256sum -c
     - docker build --tag $CONTAINER_NAME:$CI_COMMIT_SHA --tag $CONTAINER_NAME:latest --build-arg ALPINE_VERSION="$ALPINE_VERSION" --build-arg ALPINE_ARCH="$ALPINE_ARCH" --build-arg NIX_VERSION="$NIX_VERSION" --build-arg FULLDEPS_TESTING=1 ci/
     - docker push $CONTAINER_NAME:$CI_COMMIT_SHA
     - docker push $CONTAINER_NAME:latest