[Snyk] Security upgrade python from 3.13.2-slim to 3.14.0rc2-slim

[GuyKh]

Snyk has created this PR to fix 3 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

• Dockerfile

We recommend upgrading to python:3.14.0rc2-slim, as this image has only 22 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Heap-based Buffer Overflow SNYK-DEBIAN12-GNUTLS28-10690985	614
	CVE-2023-4039 SNYK-DEBIAN12-GCC12-5901316	514
	CVE-2023-4039 SNYK-DEBIAN12-GCC12-5901316	514
	CVE-2023-4039 SNYK-DEBIAN12-GCC12-5901316	514
	Double Free SNYK-DEBIAN12-GNUTLS28-10690987	514

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Double Free

[qodo-merge-pro]

CI Feedback 🧐

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: Run Tests and Lint

Failed stage: Installing the project [❌]

Failed test name: ""

Failure summary: The Docker build failed while running RUN pip install poetry (Dockerfile:7) because building the dependency cffi from source failed: - cffi wheel build error: error: command 'gcc' failed: No such file or directory - Root cause: no C compiler/toolchain available in the build image to compile native extensions required by cffi during Poetry's dependency installation. - Error surfaced as: ERROR: Failed building wheel for cffi → failed-wheel-build-for-install → pip subprocess failed → Docker step exited with code 1.

Relevant error logs: 1: ##[group]Runner Image Provisioner 2: Hosted Compute Agent ... 234: #11 8.547 Downloading SecretStorage-3.3.3-py3-none-any.whl.metadata (4.0 kB) 235: #11 8.560 Collecting jeepney>=0.4.2 (from keyring<26.0.0,>=25.1.0->poetry) 236: #11 8.563 Downloading jeepney-0.9.0-py3-none-any.whl.metadata (1.2 kB) 237: #11 8.575 Collecting jaraco.classes (from keyring<26.0.0,>=25.1.0->poetry) 238: #11 8.579 Downloading jaraco.classes-3.4.0-py3-none-any.whl.metadata (2.6 kB) 239: #11 8.597 Collecting jaraco.functools (from keyring<26.0.0,>=25.1.0->poetry) 240: #11 8.600 Downloading jaraco_functools-4.2.1-py3-none-any.whl.metadata (2.9 kB) 241: #11 8.614 Collecting jaraco.context (from keyring<26.0.0,>=25.1.0->poetry) 242: #11 8.618 Downloading jaraco.context-6.0.1-py3-none-any.whl.metadata (4.1 kB) 243: #11 8.642 Collecting httpx<1,>=0.27.0 (from pbs-installer[download,install]<2026.0.0,>=2025.1.6->poetry) 244: #11 8.645 Downloading httpx-0.28.1-py3-none-any.whl.metadata (7.1 kB) 245: #11 8.705 Collecting zstandard>=0.21.0 (from pbs-installer[download,install]<2026.0.0,>=2025.1.6->poetry) 246: #11 8.714 Downloading zstandard-0.23.0.tar.gz (681 kB) 247: #11 8.733 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 681.7/681.7 kB 41.3 MB/s 0:00:00 248: #11 8.780 Installing build dependencies: started 249: #11 10.93 Installing build dependencies: finished with status 'error' 250: #11 10.94 error: subprocess-exited-with-error 251: #11 10.94 ... 258: #11 10.94 Installing build dependencies: started 259: #11 10.94 Installing build dependencies: finished with status 'done' 260: #11 10.94 Getting requirements to build wheel: started 261: #11 10.94 Getting requirements to build wheel: finished with status 'done' 262: #11 10.94 Preparing metadata (pyproject.toml): started 263: #11 10.94 Preparing metadata (pyproject.toml): finished with status 'done' 264: #11 10.94 Collecting setuptools<69.0.0 265: #11 10.94 Downloading setuptools-68.2.2-py3-none-any.whl.metadata (6.3 kB) 266: #11 10.94 Collecting pycparser (from cffi==1.17.0rc1) 267: #11 10.94 Downloading pycparser-2.22-py3-none-any.whl.metadata (943 bytes) 268: #11 10.94 Downloading setuptools-68.2.2-py3-none-any.whl (807 kB) 269: #11 10.94 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 807.9/807.9 kB 88.9 MB/s 0:00:00 270: #11 10.94 Downloading pycparser-2.22-py3-none-any.whl (117 kB) 271: #11 10.94 Building wheels for collected packages: cffi 272: #11 10.94 Building wheel for cffi (pyproject.toml): started 273: #11 10.94 Building wheel for cffi (pyproject.toml): finished with status 'error' 274: #11 10.94 error: subprocess-exited-with-error 275: #11 10.94 276: #11 10.94 × Building wheel for cffi (pyproject.toml) did not run successfully. 277: #11 10.94 │ exit code: 1 278: #11 10.94 ╰─> [57 lines of output] 279: #11 10.94 280: #11 10.94 No working compiler found, or bogus compiler options passed to 281: #11 10.94 the compiler from Python's standard "distutils" module. See 282: #11 10.94 the error messages above. Likely, the problem is not related 283: #11 10.94 to CFFI but generic to the setup.py of any Python package that 284: #11 10.94 tries to compile C code. (Hints: on OS/X 10.8, for errors about 285: #11 10.94 -mno-fused-madd see http://stackoverflow.com/questions/22313407/ ... 296: #11 10.94 Please consider removing the following classifiers in favor of a SPDX license expression: 297: #11 10.94 298: #11 10.94 License :: OSI Approved :: MIT License 299: #11 10.94 300: #11 10.94 See https://packaging.python.org/en/latest/guides/writing-pyproject-toml/#license for details. 301: #11 10.94 ******************************************************************************** 302: #11 10.94 303: #11 10.94 !! 304: #11 10.94 self._finalize_license_expression() 305: #11 10.94 running bdist_wheel 306: #11 10.94 running build 307: #11 10.94 running build_py 308: #11 10.94 creating build/lib.linux-x86_64-cpython-314/cffi 309: #11 10.94 copying src/cffi/api.py -> build/lib.linux-x86_64-cpython-314/cffi 310: #11 10.94 copying src/cffi/verifier.py -> build/lib.linux-x86_64-cpython-314/cffi 311: #11 10.94 copying src/cffi/error.py -> build/lib.linux-x86_64-cpython-314/cffi 312: #11 10.94 copying src/cffi/cffi_opcode.py -> build/lib.linux-x86_64-cpython-314/cffi ... 315: #11 10.94 copying src/cffi/recompiler.py -> build/lib.linux-x86_64-cpython-314/cffi 316: #11 10.94 copying src/cffi/ffiplatform.py -> build/lib.linux-x86_64-cpython-314/cffi 317: #11 10.94 copying src/cffi/setuptools_ext.py -> build/lib.linux-x86_64-cpython-314/cffi 318: #11 10.94 copying src/cffi/backend_ctypes.py -> build/lib.linux-x86_64-cpython-314/cffi 319: #11 10.94 copying src/cffi/_imp_emulation.py -> build/lib.linux-x86_64-cpython-314/cffi 320: #11 10.94 copying src/cffi/_shimmed_dist_utils.py -> build/lib.linux-x86_64-cpython-314/cffi 321: #11 10.94 copying src/cffi/vengine_gen.py -> build/lib.linux-x86_64-cpython-314/cffi 322: #11 10.94 copying src/cffi/pkgconfig.py -> build/lib.linux-x86_64-cpython-314/cffi 323: #11 10.94 copying src/cffi/lock.py -> build/lib.linux-x86_64-cpython-314/cffi 324: #11 10.94 copying src/cffi/commontypes.py -> build/lib.linux-x86_64-cpython-314/cffi 325: #11 10.94 copying src/cffi/__init__.py -> build/lib.linux-x86_64-cpython-314/cffi 326: #11 10.94 copying src/cffi/vengine_cpy.py -> build/lib.linux-x86_64-cpython-314/cffi 327: #11 10.94 copying src/cffi/_cffi_include.h -> build/lib.linux-x86_64-cpython-314/cffi 328: #11 10.94 copying src/cffi/parse_c_type.h -> build/lib.linux-x86_64-cpython-314/cffi 329: #11 10.94 copying src/cffi/_embedding.h -> build/lib.linux-x86_64-cpython-314/cffi 330: #11 10.94 copying src/cffi/_cffi_errors.h -> build/lib.linux-x86_64-cpython-314/cffi 331: #11 10.94 running build_ext 332: #11 10.94 building '_cffi_backend' extension 333: #11 10.94 creating build/temp.linux-x86_64-cpython-314/src/c 334: #11 10.94 gcc -fno-strict-overflow -Wsign-compare -DNDEBUG -g -O3 -Wall -fPIC -DFFI_BUILDING=1 -I/usr/include/ffi -I/usr/include/libffi -I/usr/local/include/python3.14 -c src/c/_cffi_backend.c -o build/temp.linux-x86_64-cpython-314/src/c/_cffi_backend.o 335: #11 10.94 error: command 'gcc' failed: No such file or directory 336: #11 10.94 [end of output] 337: #11 10.94 338: #11 10.94 note: This error originates from a subprocess, and is likely not a problem with pip. 339: #11 10.94 ERROR: Failed building wheel for cffi 340: #11 10.94 Failed to build cffi 341: #11 10.94 error: failed-wheel-build-for-install 342: #11 10.94 343: #11 10.94 × Failed to build installable wheels for some pyproject.toml based projects 344: #11 10.94 ╰─> cffi 345: #11 10.94 [end of output] 346: #11 10.94 347: #11 10.94 note: This error originates from a subprocess, and is likely not a problem with pip. 348: #11 11.00 error: subprocess-exited-with-error 349: #11 11.00 350: #11 11.00 × pip subprocess to install build dependencies did not run successfully. 351: #11 11.00 │ exit code: 1 352: #11 11.00 ╰─> See above for output. 353: #11 11.00 354: #11 11.00 note: This error originates from a subprocess, and is likely not a problem with pip. 355: #11 ERROR: process "/bin/sh -c pip install poetry" did not complete successfully: exit code: 1 356: ------ 357: > [base 5/5] RUN pip install poetry: 358: 10.94 [end of output] 359: 10.94 360: 10.94 note: This error originates from a subprocess, and is likely not a problem with pip. 361: 11.00 error: subprocess-exited-with-error 362: 11.00 363: 11.00 × pip subprocess to install build dependencies did not run successfully. 364: 11.00 │ exit code: 1 365: 11.00 ╰─> See above for output. 366: 11.00 367: 11.00 note: This error originates from a subprocess, and is likely not a problem with pip. 368: ------ 369: Dockerfile:7 370: -------------------- 371: 5 | COPY pyproject.toml README.md . 372: 6 | COPY iec_api ./iec_api 373: 7 | >>> RUN pip install poetry 374: 8 | 375: 9 | FROM base AS dependencies 376: -------------------- 377: failed to solve: process "/bin/sh -c pip install poetry" did not complete successfully: exit code: 1 378: make: *** [Makefile:29: docker/install] Error 1 379: ##[error]Process completed with exit code 2. 380: Post job cleanup.