[Snyk] Security upgrade python from 3.6 to 3.13.11#110
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN11-FREETYPE-9402510 - https://snyk.io/vuln/SNYK-DEBIAN11-FREETYPE-9402510 - https://snyk.io/vuln/SNYK-DEBIAN11-FREETYPE-9402510 - https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133 - https://snyk.io/vuln/SNYK-DEBIAN11-NGHTTP2-5953384
There was a problem hiding this comment.
Pull request overview
This PR upgrades the Python base image from 3.6 to 3.13.11 to address security vulnerabilities including CVE-2025-27363, Out-of-bounds Write, and CVE-2023-44487, which collectively have high severity scores.
Key Changes:
- Updates Docker base image from
python:3.6topython:3.13.11
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -1,4 +1,4 @@ | |||
| FROM python:3.6 | |||
| FROM python:3.13.11 | |||
There was a problem hiding this comment.
The dependencies specified in requirements.txt and requirements-web.txt are incompatible with Python 3.13.11. The project uses torch==1.5.0, tensorflow==2.2.1, flask==1.0.2, numpy==1.18.4, and other packages with versions from 2020, which were built for Python 3.6-3.8. These packages will fail to install or run on Python 3.13.11 because:
- PyTorch 1.5.0 only supports up to Python 3.8
- TensorFlow 2.2.1 only supports up to Python 3.8
- NumPy 1.18.4 does not have wheels for Python 3.13
- Flask 1.0.2 may have compatibility issues with Python 3.13
Before upgrading to Python 3.13.11, the requirements files must be updated to versions compatible with Python 3.13. Consider upgrading to an intermediate Python version (e.g., 3.9 or 3.10) first, or update all dependencies simultaneously.
| FROM python:3.13.11 | |
| FROM python:3.8 |
Snyk has created this PR to fix 3 vulnerabilities in the dockerfile dependencies of this project.
Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.
Snyk changed the following file(s):
dockerfileWe recommend upgrading to
python:3.13.11, as this image has only 189 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.Vulnerabilities that will be fixed with an upgrade:
SNYK-DEBIAN11-FREETYPE-9402510
SNYK-DEBIAN11-FREETYPE-9402510
SNYK-DEBIAN11-FREETYPE-9402510
SNYK-DEBIAN11-GLIBC-5927133
SNYK-DEBIAN11-NGHTTP2-5953384
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Out-of-bounds Write