[Snyk] Security upgrade python from 3.8-slim to 3.14.1-slim

[bozza-man]

Snyk has created this PR to fix 5 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

• Dockerfile

We recommend upgrading to python:3.14.1-slim, as this image has only 22 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	CVE-2025-6965 SNYK-DEBIAN12-SQLITE3-10753055	263
	Integer Overflow or Wraparound SNYK-DEBIAN12-ZLIB-6008963	241
	Improper Certificate Validation SNYK-DEBIAN12-PERL-5489190	211
	Heap-based Buffer Overflow SNYK-DEBIAN12-GNUTLS28-10690985	190
	Double Free SNYK-DEBIAN12-GNUTLS28-10690987	190

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Heap-based Buffer Overflow
🦉 Double Free

---

Note

Updates Dockerfile base image from python:3.8-slim to python:3.14.1-slim.

^{Written by Cursor Bugbot for commit a7901c0. This will update automatically on new commits. Configure here.}

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch snyk-fix-81757369eeeb91dde8a143d240615da9

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cursor]

Bug: Python 3.14.1 upgrade breaks compatibility with dependencies

The upgrade from python:3.8-slim to python:3.14.1-slim is problematic. Python 3.14 is currently in alpha/beta stage and not yet stable. The project's pyproject.toml classifiers only list Python 3.8, 3.9, and 3.10 as supported. Critical dependencies like TensorFlow (installed via pip install -e /tmp/.[tf]) likely don't support Python 3.14 yet. This will cause the Docker build to fail when pip attempts to install incompatible packages.