[Snyk] Security upgrade python from 3.10.4 to 3.14.3#433
[Snyk] Security upgrade python from 3.10.4 to 3.14.3#433
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133 - https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133 - https://snyk.io/vuln/SNYK-DEBIAN11-LIBWEBP-5893094 - https://snyk.io/vuln/SNYK-DEBIAN11-LIBWEBP-5893094 - https://snyk.io/vuln/SNYK-DEBIAN11-LIBWEBP-5893094
ashmuck
requested review from
Sung96kim,
arsandhu,
goatrocks,
jacobmanderson,
nicholas-lockhart and
sihrc
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
| @@ -1,4 +1,4 @@ | |||
| FROM python:3.10.4 | |||
| FROM python:3.14.3 | |||
There was a problem hiding this comment.
Major Python version jump skips untested versions
Medium Severity
The base image jumps from python:3.10.4 to python:3.14.3, skipping four minor versions. The project's pyproject.toml classifiers only declare support through Python 3.13, indicating 3.14 hasn't been validated. Key dependencies like jsons==1.6.3 (which depends on typish==1.9.3 from 2021) and msgpack-numpy==0.4.4.3 (from 2019) rely heavily on Python typing internals that frequently break across major versions. Runtime failures may not surface until the container starts.
2 participants
Snyk has created this PR to fix 2 vulnerabilities in the dockerfile dependencies of this project.
Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.
Snyk changed the following file(s):
DockerfileWe recommend upgrading to
python:3.14.3, as this image has only 219 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.Vulnerabilities that will be fixed with an upgrade:
SNYK-DEBIAN11-GLIBC-5927133
SNYK-DEBIAN11-GLIBC-5927133
SNYK-DEBIAN11-LIBWEBP-5893094
SNYK-DEBIAN11-LIBWEBP-5893094
SNYK-DEBIAN11-LIBWEBP-5893094
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Out-of-bounds Write
Note
Medium Risk
Base image upgrades can change Python/OS-level behavior and dependency compatibility, so the main risk is build/runtime regressions despite the diff being small.
Overview
Updates the Docker base image from
python:3.10.4topython:3.14.3to pick up newer OS/Python security fixes in the build environment.Written by Cursor Bugbot for commit 123e282. This will update automatically on new commits. Configure here.