chore: Update source-declarative-manifest to use python-connector-base 4.0.1-rc.1 (do not merge)

[devin-ai-integration]

chore: Update source-declarative-manifest to use python-connector-base 4.0.1-rc.1 (do not merge)

Summary

Updates the source-declarative-manifest Dockerfile to use the new python-connector-base:4.0.1-rc.1 image that includes Python 3.11.13 security patches (upgrading from Python 3.11.11). This change targets the new base image created in airbytehq/airbyte#62864.

⚠️ Important: This PR is marked as draft because the target base image is not yet published to DockerHub.

Review & Testing Checklist for Human

Risk Level: 🟡 Yellow (2-3 items to verify)

• Verify base image is published: Confirm that docker.io/airbyte/python-connector-base:4.0.1-rc.1 is available on DockerHub before merging
• Add SHA256 hash: Once the base image is published, add the SHA256 hash back to the FROM line for security/reproducibility (following the pattern from the original Dockerfile)
• Test source-declarative-manifest build: Verify that the source-declarative-manifest image builds successfully with the new base image
• Test manifest-only connectors: Verify that at least one manifest-only connector still works correctly with the updated base image

Recommended Test Plan:

1. Wait for base image publication
2. Update Dockerfile with SHA256 hash
3. Build source-declarative-manifest image locally
4. Test with a simple manifest-only connector (e.g., source-hardcoded-records)

---

Diagram

%%{ init : { "theme" : "default" }}%%
graph TD
    A["airbyte/python-connector-base:4.0.0<br/>(Python 3.11.11)"]:::context
    B["airbyte/python-connector-base:4.0.1-rc.1<br/>(Python 3.11.13)"]:::context
    C["airbyte-python-cdk/Dockerfile"]:::major-edit
    D["airbyte/source-declarative-manifest"]:::context
    E["Manifest-only connectors<br/>(e.g., source-dockerhub)"]:::context
    
    A -->|"FROM (old)"| C
    B -->|"FROM (new)"| C
    C -->|"builds"| D
    D -->|"used by"| E
    
    subgraph Legend
        L1[Major Edit]:::major-edit
        L2[Minor Edit]:::minor-edit
        L3[Context/No Edit]:::context
    end
    
    classDef major-edit fill:#90EE90
    classDef minor-edit fill:#ADD8E6
    classDef context fill:#FFFFFF

Loading

Notes

• This change is part of a security update to address vulnerabilities in Python 3.11.11
• The original Dockerfile included a SHA256 hash for the base image, which should be restored once the new image is published
• The source-declarative-manifest image is used by many manifest-only connectors, so this change has broad impact
• CI checks may fail until the base image is published

Session requested by: David Gold (@dbgold17)
Link to Devin run: https://app.devin.ai/sessions/3bb24fb2e36948db948c39ecc75faba5

[devin-ai-integration]

Original prompt from David Gold:

Hi Devin. Can you do some research for me in the airbyte and airbyte-cdk repositories? I'm working on patching some security vulnerabilities in python 3.11.11 in the base Docker images used for connectors. As part of that change, I plan to create a new python connector base image. 

Now I want to create a new source declarative manifest base image that will use the patched python base image. The Dockerfile of which appears to be defined in the cdk repository, though please verify this. It also appears that that image is referenced in the airbyte repository in order to build connectors. Can you verify all of this information and figure out everything that must be done for this change? Come up with a plan and share it with me - don't open a PR yet

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[github-actions]

👋 Greetings, Airbyte Team Member!

Here are some helpful tips and reminders for your convenience.

Testing This CDK Version

You can test this version of the CDK using the following:

# Run the CLI from this branch:
uvx 'git+https://github.com/airbytehq/airbyte-python-cdk.git@devin/1752078577-update-source-declarative-manifest-base#egg=airbyte-python-cdk[dev]' --help

# Update a connector to use the CDK from this branch ref:
cd airbyte-integrations/connectors/source-example
poe use-cdk-branch devin/1752078577-update-source-declarative-manifest-base

Helpful Resources

• CDK API Reference

PR Slash Commands

Airbyte Maintainers can execute the following slash commands on your PR:

• /autofix - Fixes most formatting and linting issues
• /poetry-lock - Updates poetry.lock file
• /test - Runs connector tests with the updated CDK
• /poe <command> - Runs any poe command in the CDK environment

📝 Edit this welcome message.

[github-actions]

PyTest Results (Fast)

3 693 tests  ±0   3 682 ✅ ±0   6m 19s ⏱️ -6s
    1 suites ±0      11 💤 ±0 
    1 files   ±0       0 ❌ ±0 

Results for commit cdc61be. ± Comparison against base commit 88f8256.

[devin-ai-integration]

Closing due to inactivity for more than 7 days. Configure here.