[Snyk] Security upgrade python from 3.9-slim to 3.14.3-slim#61
[Snyk] Security upgrade python from 3.9-slim to 3.14.3-slim#61pratham-aggr wants to merge 1 commit intomainfrom
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN13-OPENSSL-15123186 - https://snyk.io/vuln/SNYK-DEBIAN13-OPENSSL-15123178 - https://snyk.io/vuln/SNYK-DEBIAN13-OPENSSL-15123183 - https://snyk.io/vuln/SNYK-DEBIAN13-OPENSSL-15123187 - https://snyk.io/vuln/SNYK-DEBIAN13-OPENSSL-15123204
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
This is the final PR Bugbot will review for you during this billing cycle
Your free Bugbot reviews will reset on March 17
Details
You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
| @@ -1,5 +1,5 @@ | |||
| # Python backend Dockerfile | |||
| FROM python:3.9-slim | |||
| FROM python:3.14.3-slim | |||
There was a problem hiding this comment.
Python 3.14 upgrade breaks pinned dependency compatibility
High Severity
The base image upgrade from python:3.9-slim to python:3.14.3-slim creates an incompatibility with the pinned dependencies in requirements.txt. Packages like numpy==1.24.3 (supports Python 3.8-3.11 only), scipy==1.11.1, pandas==2.1.1, and scikit-learn==1.3.0 were released before Python 3.14 existed and do not support it. The Docker build will fail during pip install -r requirements.txt because these exact versions have no compatible wheels for Python 3.14, and source builds will also fail due to unsupported Python version constraints.
2 participants
Snyk has created this PR to fix 5 vulnerabilities in the dockerfile dependencies of this project.
Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.
Snyk changed the following file(s):
backend-api/DockerfileWe recommend upgrading to
python:3.14.3-slim, as this image has only 26 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.Vulnerabilities that will be fixed with an upgrade:
SNYK-DEBIAN13-OPENSSL-15123186
SNYK-DEBIAN13-OPENSSL-15123178
SNYK-DEBIAN13-OPENSSL-15123183
SNYK-DEBIAN13-OPENSSL-15123187
SNYK-DEBIAN13-OPENSSL-15123204
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
Note
Medium Risk
Base image upgrade changes the Python runtime/OS packages and may surface dependency or compatibility issues at build or runtime despite being a small diff.
Overview
Updates the
backend-apicontainer base image frompython:3.9-slimtopython:3.14.3-slimto pick up upstream security fixes (per Snyk) with no other Docker build/runtime changes.Written by Cursor Bugbot for commit 2c6fd41. This will update automatically on new commits. Configure here.