deps(docker): bump python from 3.12-slim to 3.14-slim in the docker-all group across 1 directory

[dependabot]

Bumps the docker-all group with 1 update in the / directory: python.

Updates python from 3.12-slim to 3.14-slim

[greptile-apps]

Greptile Summary

This is a dependabot-generated bump of the base Docker image from python:3.12-slim to python:3.14-slim (pinned to a specific digest). Python 3.14 was released as stable in October 2025.

• The FROM line is the only changed line; the digest pin is correctly updated to the new image.
• The build installs docker-requirements.txt with --require-hashes --no-deps, so wheel compatibility between Python 3.12 and 3.14 needs to be validated before merging.

Confidence Score: 4/5

Safe to merge once the docker-requirements.txt hashes are confirmed or regenerated for Python 3.14 wheels.

The only change is the base image version bump from 3.12 to 3.14. Python 3.14 is a stable release. The Dockerfile installs dependencies with --require-hashes, so if any wheels recorded in docker-requirements.txt were compiled specifically for cp312 (CPython 3.12), the image build will fail at the pip install step until the requirements file is regenerated against 3.14.

docker-requirements.txt — verify or regenerate hashes against a Python 3.14 environment before merging.

Important Files Changed

Filename	Overview
Dockerfile	Base image bumped from python:3.12-slim to python:3.14-slim with a pinned digest; the only changed line is the FROM directive.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["FROM python:3.14-slim\n(pinned digest)"] --> B["Set ENV vars\nPYTHONDONTWRITEBYTECODE, PYTHONUNBUFFERED\nPIP_NO_CACHE_DIR"]
    B --> C["COPY docker-requirements.txt\n+ LICENSE + README"]
    C --> D["pip install --no-deps --require-hashes\n-r docker-requirements.txt"]
    D -->|"⚠️ wheel hashes must cover cp314"| E["COPY src/"]
    E --> F["Write /usr/local/bin/plugin-scanner\n(inline Python script)"]
    F --> G["Create 'scanner' user & /workspace dir"]
    G --> H["WORKDIR /workspace\nUSER scanner\nENTRYPOINT plugin-scanner"]

Loading

_{Reviews (2): Last reviewed commit: "deps(docker): bump python in the docker-..." | Re-trigger Greptile}

[kilo-code-bot]

Code Review Summary

Status: 1 Issue Found | Recommendation: Address before merge

Overview

Severity	Count
CRITICAL	1

Issue Details (click to expand)

CRITICAL

File	Line	Issue
docker-requirements.txt	N/A (not in diff)	Hashed pip dependencies are pinned to Python 3.12 ABI; upgrading to python:3.14-slim will cause installation failures at Docker build time due to wheel hash mismatches.

Other Observations (not in diff)

Issues found in unchanged code that cannot receive inline comments:

File	Issue
docker-requirements.txt	The --require-hashes constraint in docker-requirements.txt will cause pip install to fail during docker build because C-extension wheel hashes (e.g., aiohttp, cryptography) are Python version-specific. The wheel filenames include the CPython version (cp312 for 3.12), but Python 3.14 uses cp314 identifiers.

The docker-requirements.txt hashes must be regenerated against Python 3.14 before this PR can be merged. Use:

uv pip compile pyproject.toml --extra cisco --generate-hashes -o docker-requirements.txt

| .github/workflows/ci.yml | CI tests Python 3.10-3.13 but not 3.14. Consider adding 3.14 to the test matrix to ensure forward compatibility. |

| pyproject.toml | Already specifies requires-python = ">=3.10" which supports Python 3.14. |

Files Reviewed (1 file)

• Dockerfile - 1 issue (docker-requirements.txt compatibility)

---

_{Reviewed by laguna-m.1-20260312:free · 2,796,725 tokens}

[kilo-code-bot]

Kilo Code Review could not run — your account is out of credits.

Add credits or switch to a free model to enable reviews on this change.