Bump python from 3.11.9-slim-bookworm to 3.13.1-slim-bookworm

[dependabot]

Bumps python from 3.11.9-slim-bookworm to 3.13.1-slim-bookworm.

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
python	[>= 3.9.a, < 3.10]

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[dryrunsecurity]

DryRun Security Summary

The code changes focus on updating Docker images for integration tests and Django application deployment, primarily improving security and reliability by updating Python versions, managing dependencies, implementing secure configurations, and enabling monitoring.

Expand for full summary

Summary:

The provided code changes are focused on updating the base Docker images used for the integration tests and the Django application deployment. These changes are primarily aimed at improving the security and reliability of the application by keeping the underlying dependencies up-to-date and implementing best practices for secure configuration and deployment.

The key security-relevant aspects of these changes include:

1. Python Version Updates: The Dockerfiles are being updated to use the latest versions of Python (3.13.1) to ensure the application is running on a secure and supported runtime.
2. Dependency Management: The code changes include updates to the requirements.txt files, which manage the Python dependencies. Regularly reviewing and updating dependencies is crucial to address potential security vulnerabilities in third-party libraries.
3. Secure Configuration: The Dockerfiles include steps to set appropriate file permissions, use non-root users, and configure TLS/SSL for secure communication. These are important security practices to harden the application's deployment.
4. Monitoring and Metrics: The Nginx-based Dockerfiles include options to enable metrics and monitoring, which can be useful for detecting and responding to security-related issues.

Overall, the changes appear to be focused on improving the security and reliability of the application's deployment, which is a positive step. However, it's important to thoroughly review the changes, test the application, and ensure that no new security vulnerabilities are introduced.

Files Changed:

1. Dockerfile.integration-tests-debian:

   • Updated the base image for the "build" stage from Python 3.11.9 to Python 3.13.1.
   • Updated the installation of Google Chrome and ChromeDriver to version 127.0.6533.119.
   • Expanded the list of additional packages to be installed for the integration test environment.

2. Dockerfile.django-debian:

   • Updated the base image from python:3.11.9-slim-bookworm to python:3.13.1-slim-bookworm.
   • Installed additional system-level dependencies, such as gcc, build-essential, libpq-dev, and postgresql-client.
   • Included several entrypoint scripts for Celery and uWSGI.

3. Dockerfile.django-alpine:

   • Updated the base image from python:3.11.9-alpine3.20 to python:3.13.1-alpine3.20.
   • Updated the requirements.txt file to manage Python dependencies.
   • Included steps to manage file and directory permissions for the application.

4. Dockerfile.nginx-alpine:

   • Updated the base image from python:3.11.9-alpine3.20 to python:3.13.1-alpine3.20.
   • Installed Node.js and Yarn for building client-side assets.
   • Included configuration files for NGINX and the UWSGI server.

5. Dockerfile.nginx-debian:

   • Updated the base image from python:3.11.9-slim-bookworm to python:3.13.1-slim-bookworm.
   • Installed additional packages, such as gcc, build-essential, and libpq-dev.
   • Included configuration for TLS/SSL and Nginx metrics.

Code Analysis

We ran 9 analyzers against 5 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.