[Snyk] Security upgrade python from 3.13.2-slim to 3.14.0rc1-slim

[GuyKh]

Snyk has created this PR to fix 3 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

• Dockerfile

We recommend upgrading to python:3.14.0rc1-slim, as this image has only 43 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	CVE-2023-4039 SNYK-DEBIAN12-GCC12-5901316	514
	CVE-2023-4039 SNYK-DEBIAN12-GCC12-5901316	514
	Improper Authentication SNYK-DEBIAN12-SHADOW-5879156	514
	Race Condition SNYK-DEBIAN12-SYSTEMD-10264074	514
	Race Condition SNYK-DEBIAN12-SYSTEMD-10264074	514

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Authentication

[qodo-code-review]

CI Feedback 🧐

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: Run Tests and Lint

Failed stage: Installing the project [❌]

Failure summary: The action failed during Docker build when trying to install Poetry. The failure occurred because: • The cffi package failed to build during Poetry installation • The build failed with "error: command 'gcc' failed: No such file or directory" (line 332) • The Docker image is missing a C compiler (gcc) which is required to build the cffi package • This caused the pip install poetry command to fail with exit code 1 (line 349) • The Docker build process ultimately failed at the RUN pip install poetry step

Relevant error logs: 1: ##[group]Runner Image Provisioner 2: Hosted Compute Agent ... 231: #10 8.126 Downloading SecretStorage-3.3.3-py3-none-any.whl.metadata (4.0 kB) 232: #10 8.145 Collecting jeepney>=0.4.2 (from keyring<26.0.0,>=25.1.0->poetry) 233: #10 8.152 Downloading jeepney-0.9.0-py3-none-any.whl.metadata (1.2 kB) 234: #10 8.170 Collecting jaraco.classes (from keyring<26.0.0,>=25.1.0->poetry) 235: #10 8.177 Downloading jaraco.classes-3.4.0-py3-none-any.whl.metadata (2.6 kB) 236: #10 8.201 Collecting jaraco.functools (from keyring<26.0.0,>=25.1.0->poetry) 237: #10 8.208 Downloading jaraco_functools-4.2.1-py3-none-any.whl.metadata (2.9 kB) 238: #10 8.228 Collecting jaraco.context (from keyring<26.0.0,>=25.1.0->poetry) 239: #10 8.235 Downloading jaraco.context-6.0.1-py3-none-any.whl.metadata (4.1 kB) 240: #10 8.263 Collecting httpx<1,>=0.27.0 (from pbs-installer[download,install]<2026.0.0,>=2025.1.6->poetry) 241: #10 8.270 Downloading httpx-0.28.1-py3-none-any.whl.metadata (7.1 kB) 242: #10 8.339 Collecting zstandard>=0.21.0 (from pbs-installer[download,install]<2026.0.0,>=2025.1.6->poetry) 243: #10 8.349 Downloading zstandard-0.23.0.tar.gz (681 kB) 244: #10 8.357 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 681.7/681.7 kB 90.8 MB/s eta 0:00:00 245: #10 8.404 Installing build dependencies: started 246: #10 10.79 Installing build dependencies: finished with status 'error' 247: #10 10.80 error: subprocess-exited-with-error 248: #10 10.80 ... 255: #10 10.80 Installing build dependencies: started 256: #10 10.80 Installing build dependencies: finished with status 'done' 257: #10 10.80 Getting requirements to build wheel: started 258: #10 10.80 Getting requirements to build wheel: finished with status 'done' 259: #10 10.80 Preparing metadata (pyproject.toml): started 260: #10 10.80 Preparing metadata (pyproject.toml): finished with status 'done' 261: #10 10.80 Collecting setuptools<69.0.0 262: #10 10.80 Downloading setuptools-68.2.2-py3-none-any.whl.metadata (6.3 kB) 263: #10 10.80 Collecting pycparser (from cffi==1.17.0rc1) 264: #10 10.80 Downloading pycparser-2.22-py3-none-any.whl.metadata (943 bytes) 265: #10 10.80 Downloading setuptools-68.2.2-py3-none-any.whl (807 kB) 266: #10 10.80 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 807.9/807.9 kB 22.6 MB/s eta 0:00:00 267: #10 10.80 Downloading pycparser-2.22-py3-none-any.whl (117 kB) 268: #10 10.80 Building wheels for collected packages: cffi 269: #10 10.80 Building wheel for cffi (pyproject.toml): started 270: #10 10.80 Building wheel for cffi (pyproject.toml): finished with status 'error' 271: #10 10.80 error: subprocess-exited-with-error 272: #10 10.80 273: #10 10.80 × Building wheel for cffi (pyproject.toml) did not run successfully. 274: #10 10.80 │ exit code: 1 275: #10 10.80 ╰─> [57 lines of output] 276: #10 10.80 277: #10 10.80 No working compiler found, or bogus compiler options passed to 278: #10 10.80 the compiler from Python's standard "distutils" module. See 279: #10 10.80 the error messages above. Likely, the problem is not related 280: #10 10.80 to CFFI but generic to the setup.py of any Python package that 281: #10 10.80 tries to compile C code. (Hints: on OS/X 10.8, for errors about 282: #10 10.80 -mno-fused-madd see http://stackoverflow.com/questions/22313407/ ... 296: #10 10.80 297: #10 10.80 See https://packaging.python.org/en/latest/guides/writing-pyproject-toml/#license for details. 298: #10 10.80 ******************************************************************************** 299: #10 10.80 300: #10 10.80 !! 301: #10 10.80 self._finalize_license_expression() 302: #10 10.80 running bdist_wheel 303: #10 10.80 running build 304: #10 10.80 running build_py 305: #10 10.80 creating build/lib.linux-x86_64-cpython-314/cffi 306: #10 10.80 copying src/cffi/commontypes.py -> build/lib.linux-x86_64-cpython-314/cffi 307: #10 10.80 copying src/cffi/cparser.py -> build/lib.linux-x86_64-cpython-314/cffi 308: #10 10.80 copying src/cffi/__init__.py -> build/lib.linux-x86_64-cpython-314/cffi 309: #10 10.80 copying src/cffi/_shimmed_dist_utils.py -> build/lib.linux-x86_64-cpython-314/cffi 310: #10 10.80 copying src/cffi/verifier.py -> build/lib.linux-x86_64-cpython-314/cffi 311: #10 10.80 copying src/cffi/error.py -> build/lib.linux-x86_64-cpython-314/cffi 312: #10 10.80 copying src/cffi/ffiplatform.py -> build/lib.linux-x86_64-cpython-314/cffi 313: #10 10.80 copying src/cffi/pkgconfig.py -> build/lib.linux-x86_64-cpython-314/cffi 314: #10 10.80 copying src/cffi/cffi_opcode.py -> build/lib.linux-x86_64-cpython-314/cffi 315: #10 10.80 copying src/cffi/_imp_emulation.py -> build/lib.linux-x86_64-cpython-314/cffi 316: #10 10.80 copying src/cffi/vengine_cpy.py -> build/lib.linux-x86_64-cpython-314/cffi 317: #10 10.80 copying src/cffi/api.py -> build/lib.linux-x86_64-cpython-314/cffi 318: #10 10.80 copying src/cffi/lock.py -> build/lib.linux-x86_64-cpython-314/cffi 319: #10 10.80 copying src/cffi/backend_ctypes.py -> build/lib.linux-x86_64-cpython-314/cffi 320: #10 10.80 copying src/cffi/setuptools_ext.py -> build/lib.linux-x86_64-cpython-314/cffi 321: #10 10.80 copying src/cffi/model.py -> build/lib.linux-x86_64-cpython-314/cffi 322: #10 10.80 copying src/cffi/recompiler.py -> build/lib.linux-x86_64-cpython-314/cffi 323: #10 10.80 copying src/cffi/vengine_gen.py -> build/lib.linux-x86_64-cpython-314/cffi 324: #10 10.80 copying src/cffi/_cffi_include.h -> build/lib.linux-x86_64-cpython-314/cffi 325: #10 10.80 copying src/cffi/parse_c_type.h -> build/lib.linux-x86_64-cpython-314/cffi 326: #10 10.80 copying src/cffi/_embedding.h -> build/lib.linux-x86_64-cpython-314/cffi 327: #10 10.80 copying src/cffi/_cffi_errors.h -> build/lib.linux-x86_64-cpython-314/cffi 328: #10 10.80 running build_ext 329: #10 10.80 building '_cffi_backend' extension 330: #10 10.80 creating build/temp.linux-x86_64-cpython-314/src/c 331: #10 10.80 gcc -fno-strict-overflow -Wsign-compare -DNDEBUG -g -O3 -Wall -fPIC -DFFI_BUILDING=1 -I/usr/include/ffi -I/usr/include/libffi -I/usr/local/include/python3.14 -c src/c/_cffi_backend.c -o build/temp.linux-x86_64-cpython-314/src/c/_cffi_backend.o 332: #10 10.80 error: command 'gcc' failed: No such file or directory 333: #10 10.80 [end of output] 334: #10 10.80 335: #10 10.80 note: This error originates from a subprocess, and is likely not a problem with pip. 336: #10 10.80 ERROR: Failed building wheel for cffi 337: #10 10.80 Failed to build cffi 338: #10 10.80 ERROR: Failed to build installable wheels for some pyproject.toml based projects (cffi) 339: #10 10.80 [end of output] 340: #10 10.80 341: #10 10.80 note: This error originates from a subprocess, and is likely not a problem with pip. 342: #10 10.88 error: subprocess-exited-with-error 343: #10 10.88 344: #10 10.88 × pip subprocess to install build dependencies did not run successfully. 345: #10 10.88 │ exit code: 1 346: #10 10.88 ╰─> See above for output. 347: #10 10.88 348: #10 10.88 note: This error originates from a subprocess, and is likely not a problem with pip. 349: #10 ERROR: process "/bin/sh -c pip install poetry" did not complete successfully: exit code: 1 350: ------ 351: > [iec-api base 5/5] RUN pip install poetry: 352: failed to solve: process "/bin/sh -c pip install poetry" did not complete successfully: exit code: 1 353: 10.80 [end of output] 354: 10.80 355: 10.80 note: This error originates from a subprocess, and is likely not a problem with pip. 356: 10.88 error: subprocess-exited-with-error 357: 10.88 358: 10.88 × pip subprocess to install build dependencies did not run successfully. 359: 10.88 │ exit code: 1 360: 10.88 ╰─> See above for output. 361: 10.88 362: 10.88 note: This error originates from a subprocess, and is likely not a problem with pip. 363: ------ 364: make: *** [Makefile:29: docker/install] Error 1 365: ##[error]Process completed with exit code 2. 366: Post job cleanup.