[Snyk] Security upgrade python from 3.9 to 3.14.1 #1
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN13-IMAGEMAGICK-13615061 - https://snyk.io/vuln/SNYK-DEBIAN13-IMAGEMAGICK-13615061 - https://snyk.io/vuln/SNYK-DEBIAN13-IMAGEMAGICK-13615061 - https://snyk.io/vuln/SNYK-DEBIAN13-IMAGEMAGICK-13615061 - https://snyk.io/vuln/SNYK-DEBIAN13-IMAGEMAGICK-13615061
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| @@ -1,5 +1,5 @@ | |||
| # This Dockerfile is only for GitHub Actions | |||
| FROM python:3.9 | |||
| FROM python:3.14.1 | |||
There was a problem hiding this comment.
The Dockerfile now uses FROM python:3.14.1, but the official Python images have not shipped a 3.14 series yet (current tags stop at 3.12/3.13), so any Docker build for the GitHub Action will fail immediately when it cannot pull the base image. Please keep the base image on an available tag (e.g., a released Python version) to avoid breaking the action build.
Useful? React with 👍 / 👎.
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| @@ -1,5 +1,5 @@ | |||
| # This Dockerfile is only for GitHub Actions | |||
| FROM python:3.9 | |||
| FROM python:3.14.1 | |||
There was a problem hiding this comment.
Bug: Invalid Python version upgrade breaks Docker build
The upgrade from python:3.9 to python:3.14.1 references a Python version that doesn't exist - Python 3.14 has not been released. Additionally, the project's setup.py classifiers and CI workflow only declare support for Python 3.6-3.9, and many dependencies have upper version bounds (like invoke>=1.4.1,<2, pytest>=5,<6, twine>=3,<4) that may be incompatible with newer Python versions. This Docker image will fail to build because the python:3.14.1 base image doesn't exist on Docker Hub.
Snyk has created this PR to fix 1 vulnerabilities in the dockerfile dependencies of this project.
Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.
Snyk changed the following file(s):
DockerfileWe recommend upgrading to
python:3.14.1, as this image has only 183 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.Vulnerabilities that will be fixed with an upgrade:
SNYK-DEBIAN13-IMAGEMAGICK-13615061
SNYK-DEBIAN13-IMAGEMAGICK-13615061
SNYK-DEBIAN13-IMAGEMAGICK-13615061
SNYK-DEBIAN13-IMAGEMAGICK-13615061
SNYK-DEBIAN13-IMAGEMAGICK-13615061
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
Note
Update Dockerfile base image from python:3.9 to python:3.14.1.
Written by Cursor Bugbot for commit 3596876. This will update automatically on new commits. Configure here.