From 98752b5f7bea9f5bb37d985c4e83b6872fd6f492 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 25 Aug 2025 03:35:36 +0000 Subject: [PATCH 1/2] chore(deps): update python docker tag to v3.13.7 --- .mise.toml | 2 +- .python-version | 2 +- Dockerfile | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.mise.toml b/.mise.toml index 0d8cdf4e2..944b373a2 100644 --- a/.mise.toml +++ b/.mise.toml @@ -1,2 +1,2 @@ [tools] -python = "3.13.5" +python = "3.13.7" diff --git a/.python-version b/.python-version index 86f8c02eb..976544ccb 100644 --- a/.python-version +++ b/.python-version @@ -1 +1 @@ -3.13.5 +3.13.7 diff --git a/Dockerfile b/Dockerfile index 8f33a9aa0..732277b50 100644 --- a/Dockerfile +++ b/Dockerfile @@ -43,7 +43,7 @@ # Size Impact: ~150MB (Python slim + runtime deps) # ============================================================================== -FROM python:3.13.5-slim@sha256:4c2cf9917bd1cbacc5e9b07320025bdb7cdf2df7b0ceaccb55e9dd7e30987419 AS base +FROM python:3.13.7-slim@sha256:27f90d79cc85e9b7b2560063ef44fa0e9eaae7a7c3f5a9f74563065c5477cc24 AS base # OCI Labels for container metadata and registry compliance # These labels provide important metadata for container registries and tools @@ -285,7 +285,7 @@ CMD ["sh", "-c", "poetry run prisma generate && exec poetry run tux --dev start" # Size Impact: ~440MB (73% reduction from development image) # ============================================================================== -FROM python:3.13.5-slim@sha256:4c2cf9917bd1cbacc5e9b07320025bdb7cdf2df7b0ceaccb55e9dd7e30987419 AS production +FROM python:3.13.7-slim@sha256:27f90d79cc85e9b7b2560063ef44fa0e9eaae7a7c3f5a9f74563065c5477cc24 AS production # Duplicate OCI labels for production image metadata # COMPLIANCE: Ensures production images have proper metadata for registries From 2b49faf64c3ff9e9ba475dfe64d5d3aeb401d443 Mon Sep 17 00:00:00 2001 From: electron271 <66094410+electron271@users.noreply.github.com> Date: Sun, 24 Aug 2025 23:09:29 -0500 Subject: [PATCH 2/2] chore(Dockerfile): update package versions to match debian trixie repos --- Dockerfile | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/Dockerfile b/Dockerfile index 732277b50..9f268da9b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -81,13 +81,12 @@ RUN echo 'path-exclude /usr/share/doc/*' > /etc/dpkg/dpkg.cfg.d/01_nodoc && \ RUN apt-get update && \ apt-get upgrade -y && \ apt-get install -y --no-install-recommends --no-install-suggests \ - ffmpeg=7:5.1.6-0+deb12u1 \ - git=1:2.39.5-0+deb12u2 \ - libcairo2=1.16.0-7 \ - libgdk-pixbuf2.0-0=2.40.2-2 \ - libpango1.0-0=1.50.12+ds-1 \ - libpangocairo-1.0-0=1.50.12+ds-1 \ - shared-mime-info=2.2-1 \ + git=1:2.47.2-0.2 \ + libcairo2=1.18.4-1+b1 \ + libgdk-pixbuf-2.0-0=2.42.12+dfsg-4 \ + libpango-1.0-0=1.56.3-1 \ + libpangocairo-1.0-0=1.56.3-1 \ + shared-mime-info=2.4-5+b2 \ # Cleanup package manager caches to reduce layer size && apt-get clean \ && rm -rf /var/lib/apt/lists/* @@ -122,13 +121,13 @@ RUN apt-get update && \ apt-get upgrade -y && \ apt-get install -y --no-install-recommends \ # GCC compiler and build essentials for native extensions - build-essential=12.9 \ + build-essential=12.12 \ # Additional utilities required by some Python packages - findutils=4.9.0-4 \ + findutils=4.10.0-3 \ # Development headers for graphics libraries - libcairo2-dev=1.16.0-7 \ + libcairo2-dev=1.18.4-1+b1 \ # Foreign Function Interface library for Python extensions - libffi-dev=3.4.4-1 \ + libffi8=3.4.8-2 \ # Cleanup to reduce intermediate layer size && apt-get clean \ && rm -rf /var/lib/apt/lists/* @@ -321,9 +320,9 @@ RUN echo 'path-exclude /usr/share/doc/*' > /etc/dpkg/dpkg.cfg.d/01_nodoc && \ RUN apt-get update && \ apt-get upgrade -y && \ apt-get install -y --no-install-recommends --no-install-suggests \ - libcairo2=1.16.0-7 \ - libffi8=3.4.4-1 \ - coreutils=9.1-1 \ + libcairo2=1.18.4-1+b1 \ + libffi8=3.4.8-2 \ + coreutils=9.7-3 \ # Aggressive cleanup to minimize image size && apt-get clean \ && rm -rf /var/lib/apt/lists/* \