chore(deps): update dependency python to 3.14 #29

Merged
renovate[bot] merged 5 commits from renovate/python-3.x into master 2026-02-26 21:18:05 +00:00
renovate[bot] commented 2026-02-26 20:00:29 +00:00 (Migrated from github.com)

This PR contains the following updates:

Package Type Update Change
python uses-with minor 3.133.14
python final minor 3.123.14

Release Notes

actions/python-versions (python)

v3.14.3: 3.14.3

Compare Source

Python 3.14.3

v3.14.2: 3.14.2

Compare Source

Python 3.14.2

v3.14.1: 3.14.1

Compare Source

Python 3.14.1

v3.14.0: 3.14.0

Compare Source

Python 3.14.0


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [python](https://redirect.github.com/actions/python-versions) | uses-with | minor | `3.13` → `3.14` | | python | final | minor | `3.12` → `3.14` | --- ### Release Notes <details> <summary>actions/python-versions (python)</summary> ### [`v3.14.3`](https://redirect.github.com/actions/python-versions/releases/tag/3.14.3-21673711214): 3.14.3 [Compare Source](https://redirect.github.com/actions/python-versions/compare/3.14.2-20014991423...3.14.3-21673711214) Python 3.14.3 ### [`v3.14.2`](https://redirect.github.com/actions/python-versions/releases/tag/3.14.2-20014991423): 3.14.2 [Compare Source](https://redirect.github.com/actions/python-versions/compare/3.14.1-19879739908...3.14.2-20014991423) Python 3.14.2 ### [`v3.14.1`](https://redirect.github.com/actions/python-versions/releases/tag/3.14.1-19879739908): 3.14.1 [Compare Source](https://redirect.github.com/actions/python-versions/compare/3.14.0-18313368925...3.14.1-19879739908) Python 3.14.1 ### [`v3.14.0`](https://redirect.github.com/actions/python-versions/releases/tag/3.14.0-18313368925): 3.14.0 [Compare Source](https://redirect.github.com/actions/python-versions/compare/3.13.12-21673645133...3.14.0-18313368925) Python 3.14.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/yippee0903/Upload-Assistant). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4zNi4yIiwidXBkYXRlZEluVmVyIjoiNDMuMzYuMiIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6W119-->
coderabbitai[bot] commented 2026-02-26 20:32:43 +00:00 (Migrated from github.com)

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch renovate/python-3.x

Comment @coderabbitai help to get the list of available commands and usage tips.

<!-- This is an auto-generated comment: summarize by coderabbit.ai --> <!-- This is an auto-generated comment: skip review by coderabbit.ai --> > [!IMPORTANT] > ## Review skipped > > Bot user detected. > > To trigger a single review, invoke the `@coderabbitai review` command. > > You can disable this status message by setting the `reviews.review_status` to `false` in the CodeRabbit configuration file. > > Use the checkbox below for a quick retry: > - [ ] <!-- {"checkboxId": "e9bb8d72-00e8-4f67-9cb2-caf3b22574fe"} --> 🔍 Trigger review <!-- end of auto-generated comment: skip review by coderabbit.ai --> <!-- finishing_touch_checkbox_start --> <details> <summary>✨ Finishing Touches</summary> <details> <summary>🧪 Generate unit tests (beta)</summary> - [ ] <!-- {"checkboxId": "f47ac10b-58cc-4372-a567-0e02b2c3d479", "radioGroupId": "utg-output-choice-group-unknown_comment_id"} --> Create PR with unit tests - [ ] <!-- {"checkboxId": "07f1e7d6-8a8e-4e23-9900-8731c2c87f58", "radioGroupId": "utg-output-choice-group-unknown_comment_id"} --> Post copyable unit tests in a comment - [ ] <!-- {"checkboxId": "6ba7b810-9dad-11d1-80b4-00c04fd430c8", "radioGroupId": "utg-output-choice-group-unknown_comment_id"} --> Commit unit tests in branch `renovate/python-3.x` </details> </details> <!-- finishing_touch_checkbox_end --> <!-- tips_start --> --- <sub>Comment `@coderabbitai help` to get the list of available commands and usage tips.</sub> <!-- tips_end -->
coderabbitai[bot] (Migrated from github.com) requested changes 2026-02-26 20:42:41 +00:00
coderabbitai[bot] (Migrated from github.com) left a comment

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/ci.yml:
- Around line 25-29: Update the GitHub Actions step label so it matches the
configured Python version: change the step name "Set up Python 3.13" to indicate
Python 3.14 (the configured python-version value) in the workflow that uses
actions/setup-python@v5 so the step label and the python-version "3.14" are
consistent.

In `@Dockerfile`:
- Line 1: The Dockerfile uses a floating base tag "python:3.14" which should be
pinned for reproducible builds; update the FROM line to a specific patch version
and digest (e.g., change to "python:3.14.x@sha256:..." where x is the patch
release) by pulling the desired image for your target platform (docker pull
--platform=linux/amd64 python:3.14.3) and copying the sha256 digest into the
FROM instruction so the base image is tied to an immutable tag and digest.

ℹ️ Review info

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 749f2c6667 and 8e7655f94c.

📒 Files selected for processing (2)
  • .github/workflows/ci.yml
  • Dockerfile
**Actionable comments posted: 2** <details> <summary>🤖 Prompt for all review comments with AI agents</summary> ``` Verify each finding against the current code and only fix it if needed. Inline comments: In @.github/workflows/ci.yml: - Around line 25-29: Update the GitHub Actions step label so it matches the configured Python version: change the step name "Set up Python 3.13" to indicate Python 3.14 (the configured python-version value) in the workflow that uses actions/setup-python@v5 so the step label and the python-version "3.14" are consistent. In `@Dockerfile`: - Line 1: The Dockerfile uses a floating base tag "python:3.14" which should be pinned for reproducible builds; update the FROM line to a specific patch version and digest (e.g., change to "python:3.14.x@sha256:..." where x is the patch release) by pulling the desired image for your target platform (docker pull --platform=linux/amd64 python:3.14.3) and copying the sha256 digest into the FROM instruction so the base image is tied to an immutable tag and digest. ``` </details> --- <details> <summary>ℹ️ Review info</summary> **Configuration used**: Path: .coderabbit.yaml **Review profile**: ASSERTIVE **Plan**: Pro <details> <summary>📥 Commits</summary> Reviewing files that changed from the base of the PR and between 749f2c666764d93ed8d4bc6ce65e83d6cec1e9d8 and 8e7655f94c767fd079f911ece443343beb7a3e81. </details> <details> <summary>📒 Files selected for processing (2)</summary> * `.github/workflows/ci.yml` * `Dockerfile` </details> </details> <!-- This is an auto-generated comment by CodeRabbit for review status -->
@ -23,3 +23,3 @@
uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v6.0.2
- name: Set up Python 3.13
- name: Set up Python 3.14
coderabbitai[bot] (Migrated from github.com) commented 2026-02-26 20:42:40 +00:00

⚠️ Potential issue | 🟡 Minor

Fix stale step name to match configured Python version.

At Line 25, the step label says 3.13, but Line 28 sets 3.14. This can confuse CI triage.

Suggested change
-      - name: Set up Python 3.13
+      - name: Set up Python 3.14
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

      - name: Set up Python 3.14
        uses: actions/setup-python@v5
        with:
          python-version: "3.14"
          cache: pip
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/ci.yml around lines 25 - 29, Update the GitHub Actions
step label so it matches the configured Python version: change the step name
"Set up Python 3.13" to indicate Python 3.14 (the configured python-version
value) in the workflow that uses actions/setup-python@v5 so the step label and
the python-version "3.14" are consistent.
_⚠️ Potential issue_ | _🟡 Minor_ **Fix stale step name to match configured Python version.** At Line 25, the step label says `3.13`, but Line 28 sets `3.14`. This can confuse CI triage. <details> <summary>Suggested change</summary> ```diff - - name: Set up Python 3.13 + - name: Set up Python 3.14 ``` </details> <!-- suggestion_start --> <details> <summary>📝 Committable suggestion</summary> > ‼️ **IMPORTANT** > Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements. ```suggestion - name: Set up Python 3.14 uses: actions/setup-python@v5 with: python-version: "3.14" cache: pip ``` </details> <!-- suggestion_end --> <details> <summary>🤖 Prompt for AI Agents</summary> ``` Verify each finding against the current code and only fix it if needed. In @.github/workflows/ci.yml around lines 25 - 29, Update the GitHub Actions step label so it matches the configured Python version: change the step name "Set up Python 3.13" to indicate Python 3.14 (the configured python-version value) in the workflow that uses actions/setup-python@v5 so the step label and the python-version "3.14" are consistent. ``` </details> <!-- fingerprinting:phantom:poseidon:hawk --> <!-- This is an auto-generated comment by CodeRabbit -->
@ -1,4 +1,4 @@
FROM python:3.12
FROM python:3.14@sha256:61346539f7b26521a230e72c11da5ebd872924745074b19736e7d65ba748c366
coderabbitai[bot] (Migrated from github.com) commented 2026-02-26 20:42:40 +00:00

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

python:3.14.3 Docker Hub official image digest linux/amd64

💡 Result:

I couldn’t find a publicly accessible (non–JavaScript-gated) Docker Hub page or repo-info entry that exposes the linux/amd64 manifest digest for python:3.14.3, so I can’t reliably provide the exact sha256:... value here. Docker Hub does confirm the 3.14.3 tag exists for the official python image. [1]

To get the exact linux/amd64 digest (the one you’d pin with @sha256:...), run:

docker pull --platform=linux/amd64 python:3.14.3
# look for: Digest: sha256:...

# or:
docker buildx imagetools inspect python:3.14.3 --format '{{json .Manifest.Digest}}'

Source(s):
[1] Docker Hub — python official image tags include 3.14.3 https://hub.docker.com/_/python/


Pin the base image to an immutable version.

At Line 1, python:3.14 is a moving tag, so builds can change unexpectedly over time. Pin to a patch tag and digest for reproducible and safer builds.

Suggested change
-FROM python:3.14
+FROM python:3.14.3@sha256:<image-digest>

To obtain the exact digest for your target platform, run:

docker pull --platform=linux/amd64 python:3.14.3

Then replace <image-digest> with the sha256:... value from the output.

🧰 Tools
🪛 Checkov (3.2.334)

[low] 1-101: Ensure that a user for the container has been created

(CKV_DOCKER_3)

🪛 Trivy (0.69.1)

[error] 1-1: Image user should not be 'root'

Specify at least 1 USER command in Dockerfile with non-root user as argument

Rule: DS-0002

Learn more

(IaC/Dockerfile)

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@Dockerfile` at line 1, The Dockerfile uses a floating base tag "python:3.14"
which should be pinned for reproducible builds; update the FROM line to a
specific patch version and digest (e.g., change to "python:3.14.x@sha256:..."
where x is the patch release) by pulling the desired image for your target
platform (docker pull --platform=linux/amd64 python:3.14.3) and copying the
sha256 digest into the FROM instruction so the base image is tied to an
immutable tag and digest.
_⚠️ Potential issue_ | _🟠 Major_ <details> <summary>🧩 Analysis chain</summary> 🌐 Web query: `python:3.14.3 Docker Hub official image digest linux/amd64` 💡 Result: I couldn’t find a publicly accessible (non–JavaScript-gated) Docker Hub page or `repo-info` entry that exposes the **linux/amd64 manifest digest** for `python:3.14.3`, so I can’t reliably provide the exact `sha256:...` value here. Docker Hub does confirm the `3.14.3` tag exists for the official `python` image. [1] To get the **exact linux/amd64 digest** (the one you’d pin with `@sha256:...`), run: ```bash docker pull --platform=linux/amd64 python:3.14.3 # look for: Digest: sha256:... # or: docker buildx imagetools inspect python:3.14.3 --format '{{json .Manifest.Digest}}' ``` **Source(s):** [1] Docker Hub — python official image tags include `3.14.3` https://hub.docker.com/_/python/ --- </details> **Pin the base image to an immutable version.** At Line 1, `python:3.14` is a moving tag, so builds can change unexpectedly over time. Pin to a patch tag and digest for reproducible and safer builds. <details> <summary>Suggested change</summary> ```diff -FROM python:3.14 +FROM python:3.14.3@sha256:<image-digest> ``` To obtain the exact digest for your target platform, run: ``` docker pull --platform=linux/amd64 python:3.14.3 ``` Then replace `<image-digest>` with the `sha256:...` value from the output. </details> <details> <summary>🧰 Tools</summary> <details> <summary>🪛 Checkov (3.2.334)</summary> [low] 1-101: Ensure that a user for the container has been created (CKV_DOCKER_3) </details> <details> <summary>🪛 Trivy (0.69.1)</summary> [error] 1-1: **Image user should not be 'root'** Specify at least 1 USER command in Dockerfile with non-root user as argument Rule: DS-0002 [Learn more](https://avd.aquasec.com/misconfig/ds-0002) (IaC/Dockerfile) </details> </details> <details> <summary>🤖 Prompt for AI Agents</summary> ``` Verify each finding against the current code and only fix it if needed. In `@Dockerfile` at line 1, The Dockerfile uses a floating base tag "python:3.14" which should be pinned for reproducible builds; update the FROM line to a specific patch version and digest (e.g., change to "python:3.14.x@sha256:..." where x is the patch release) by pulling the desired image for your target platform (docker pull --platform=linux/amd64 python:3.14.3) and copying the sha256 digest into the FROM instruction so the base image is tied to an immutable tag and digest. ``` </details> <!-- fingerprinting:phantom:poseidon:hawk --> <!-- This is an auto-generated comment by CodeRabbit -->
renovate[bot] commented 2026-02-26 20:56:51 +00:00 (Migrated from github.com)

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

### Edited/Blocked Notification Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. ⚠️ **Warning**: custom changes will be lost.
coderabbitai[bot] (Migrated from github.com) reviewed 2026-02-26 21:04:35 +00:00
Sign in to join this conversation.
No description provided.