[Snyk] Security upgrade python from 3.10.4 to 3.14.3#447
[Snyk] Security upgrade python from 3.10.4 to 3.14.3#447
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133 - https://snyk.io/vuln/SNYK-DEBIAN11-LIBWEBP-5893094 - https://snyk.io/vuln/SNYK-DEBIAN11-LIBWEBP-5893094 - https://snyk.io/vuln/SNYK-DEBIAN11-LIBWEBP-5893094 - https://snyk.io/vuln/SNYK-DEBIAN11-NGHTTP2-5953384
ashmuck
requested review from
Sung96kim,
arsandhu,
goatrocks,
jacobmanderson,
nicholas-lockhart and
sihrc
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| @@ -1,4 +1,4 @@ | |||
| FROM python:3.10.4 | |||
| FROM python:3.14.3 | |||
There was a problem hiding this comment.
Major Python version jump to untested 3.14 runtime
High Severity
The base image jumps from python:3.10.4 to python:3.14.3, skipping four minor versions. The project's pyproject.toml classifiers only declare support up to Python 3.13, and tox.ini only tests through py313 — meaning Python 3.14 has never been validated in CI. Python 3.14 removed several deprecated APIs (in asyncio, importlib.abc, ast, etc.) that could cause runtime failures. Additionally, the pinned dependency msgpack-numpy==0.4.4.3 (from 2019) was never tested against Python 3.14 and may break at runtime despite installing cleanly as a pure-Python wheel.
2 participants
Snyk has created this PR to fix 3 vulnerabilities in the dockerfile dependencies of this project.
Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.
Snyk changed the following file(s):
DockerfileWe recommend upgrading to
python:3.14.3, as this image has only 293 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.Vulnerabilities that will be fixed with an upgrade:
SNYK-DEBIAN11-GLIBC-5927133
SNYK-DEBIAN11-LIBWEBP-5893094
SNYK-DEBIAN11-LIBWEBP-5893094
SNYK-DEBIAN11-LIBWEBP-5893094
SNYK-DEBIAN11-NGHTTP2-5953384
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Out-of-bounds Write
Note
Medium Risk
Changes the Docker base image Python runtime, which can affect dependency compatibility and runtime behavior despite being a small diff.
Overview
Updates the
Dockerfileto usepython:3.14.3instead ofpython:3.10.4, primarily to pick up upstream security fixes in the base image.Written by Cursor Bugbot for commit 1ab69d8. This will update automatically on new commits. Configure here.