[Snyk] Security upgrade python from 3.9.10 to 3.14.1

[bozza-man]

Snyk has created this PR to fix 2 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

• streamlit_fargat/Dockerfile

We recommend upgrading to python:3.14.1, as this image has only 184 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	CVE-2025-27363 SNYK-DEBIAN11-FREETYPE-9402510	884
	CVE-2025-27363 SNYK-DEBIAN11-FREETYPE-9402510	884
	CVE-2025-27363 SNYK-DEBIAN11-FREETYPE-9402510	884
	Out-of-bounds Write SNYK-DEBIAN11-LIBWEBP-5893094	852
	Out-of-bounds Write SNYK-DEBIAN11-LIBWEBP-5893094	852

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

---

Note

Upgrade Docker base image in streamlit_fargat/Dockerfile from python:3.9.10 to 3.14.1.

^{Written by Cursor Bugbot for commit b523987. This will update automatically on new commits. Configure here.}

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch snyk-fix-db2e3b130a4ff3163131fc34a17d5cad

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cursor]

Bug: Python 3.14.1 unreleased, breaks PyTorch and Transformers compatibility

The upgrade from python:3.9.10 to python:3.14.1 is problematic because Python 3.14 is not yet a stable release (expected October 2025 for first stable). More critically, the application's dependencies (torch, transformers, streamlit in requirements.txt) do not support Python 3.14 - PyTorch currently supports up to Python 3.12/3.13. This 5-major-version jump will cause pip install to fail when building the Docker image as these packages have no compatible wheels for Python 3.14.