chore(deps): update python docker tag to v3.14 #46

renovate · 2025-04-30T13:43:58Z

This PR contains the following updates:

Package	Update	Change
python	minor	`3.12` -> `3.14`

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

This change is

Summary by Bito

This pull request updates the Python version from 3.12 to 3.14, enhancing performance and security. No other files or changes are affected in this update.

trunk-io · 2025-04-30T13:44:02Z

Merging to main in this repository is managed by Trunk.

To merge this pull request, check the box to the left or comment /trunk merge below.

korbit-ai · 2025-04-30T13:44:02Z

By default, I don't review pull requests opened by bots. If you would like me to review this pull request anyway, you can request a review via the /korbit-review command in a comment.

evolua-app · 2025-04-30T13:44:03Z

Welcome @renovate[bot]! 🎉

Great PR! I've analyzed your code changes for:

🔒 Security vulnerabilities
✨ Code quality improvements
🎯 Best practices alignment

Ready to see the full review?
Head over to https://evolua.io to:

Create your free account
Get detailed insights
Unlock automated PR reviews
Ensure high-quality code

Let's make your code even better together! 🚀

sourcery-ai · 2025-04-30T13:44:03Z

Reviewer's Guide

This pull request updates the Python version from 3.12 to 3.13 across the project configuration files.

File-Level Changes

Change	Details	Files
Updated Python version from 3.12 to 3.13.	Changed the base Docker image from `python:3.12-bookworm` to `python:3.13-bookworm`. Updated the `requires-python` constraint in `pyproject.toml` from `==3.12.` to `==3.13.`. Updated the Python version specified in `.python-version`. Updated the `uv.lock` file to reflect the new Python version and dependencies.	`Dockerfile` `pyproject.toml` `.python-version` `uv.lock`

Tips and commands

Interacting with Sourcery

Trigger a new review: Comment @sourcery-ai review on the pull request.
Continue discussions: Reply directly to Sourcery's review comments.
Generate a GitHub issue from a review comment: Ask Sourcery to create an
issue from a review comment by replying to it. You can also reply to a
review comment with @sourcery-ai issue to create an issue from it.
Generate a pull request title: Write @sourcery-ai anywhere in the pull
request title to generate a title at any time. You can also comment
@sourcery-ai title on the pull request to (re-)generate the title at any time.
Generate a pull request summary: Write @sourcery-ai summary anywhere in
the pull request body to generate a PR summary at any time exactly where you
want it. You can also comment @sourcery-ai summary on the pull request to
(re-)generate the summary at any time.
Generate reviewer's guide: Comment @sourcery-ai guide on the pull
request to (re-)generate the reviewer's guide at any time.
Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
pull request to resolve all Sourcery comments. Useful if you've already
addressed all the comments and don't want to see them anymore.
Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
request to dismiss all existing Sourcery reviews. Especially useful if you
want to start fresh with a new review - don't forget to comment
@sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

Enable or disable review features such as the Sourcery-generated pull request
summary, the reviewer's guide, and others.
Change the review language.
Add, remove or edit custom review instructions.
Adjust other review settings.

Getting Help

Contact our support team for questions or feedback.
Visit our documentation for detailed guides and information.
Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

coderabbitai · 2025-04-30T13:44:06Z

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

greptile-apps

PR Summary

Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here: https://app.greptile.com/review/github.

_{3 file(s) reviewed, no comment(s)}
_{Edit PR Review Bot Settings | Greptile}

deepsource-io · 2025-04-30T13:44:13Z

Here's the code health analysis summary for commits 1ac3e92..8c1f8e7. View details on DeepSource ↗.

Analysis Summary

Analyzer	Status	Summary	Link
Python	✅ Success		View Check ↗

💡 If you’re a repository administrator, you can configure the quality gates from the settings.

snyk-io · 2025-04-30T13:44:21Z

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

semgrep-code-nextgencontributions · 2025-04-30T13:46:42Z

Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.12-bookworm
+FROM python:3.13-bookworm


Semgrep identified a blocking 🔴 issue in your code:
To ensure reproducible builds, pin Dockerfile FROM commands to a specific hash. You can find the hash by running docker pull python and then specify it with python:3.13-bookworm@sha256:<hash goes here>

To resolve this comment:

✨ Commit Assistant fix suggestion

Suggested change

FROM python:3.13-bookworm

FROM python:3.13-bookworm@sha256:ea6ec900d7de61fbf6eea6b5d15d9f00a162ff2da6e400a7042c3ac875f6cf13

ENV PYTHONDONTWRITEBYTECODE=1

ENV PYTHONUNBUFFERED=1

ENV POETRY_VIRTUALENVS_CREATE=0

RUN apt-get update && apt-get install -y --no-install-recommends \

watchman \

&& rm -rf /var/lib/apt/lists/*

RUN pip install --no-cache-dir -U pip setuptools wheel

RUN pip install --no-cache-dir uv

# Copy from the cache instead of linking since it's a mounted volume

ENV UV_LINK_MODE=copy

ENV UV_SYSTEM_PYTHON=true

ENV UV_BREAK_SYSTEM_PACKAGES=true

ENV UV_PROJECT_ENVIRONMENT=/usr/local

# Install the project's dependencies using the lockfile and settings

RUN --mount=type=cache,target=/root/.cache/uv \

--mount=type=bind,source=uv.lock,target=uv.lock \

--mount=type=bind,source=pyproject.toml,target=pyproject.toml \

uv sync --frozen --no-install-project

View step-by-step instructions

Run $ docker pull python:3.13-bookworm to ensure you have the latest image locally.

Run $ docker inspect --format='{{index .RepoDigests 0}}' python:3.13-bookworm to find the image's digest (it will look like python@sha256:<hash>).

Replace FROM python:3.13-bookworm with FROM python:3.13-bookworm@sha256:<hash> using the hash you found in the previous step.
Specifying a digest ensures that the build will always use the exact same version of the image, making builds reproducible.

💬 Ignore this finding

Reply with Semgrep commands to ignore this finding.

/fp <comment> for false positive

/ar <comment> for acceptable risk

/other <comment> for all other reasons

Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by dockerfile-source-not-pinned.

_{You can view more details about this finding in the Semgrep AppSec Platform.}

sonarqubecloud · 2025-05-01T13:31:09Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

trunk-io · 2025-05-01T14:31:24Z

_{View Full Report ↗︎ ⋅ Docs}

codecov · 2025-07-10T11:40:07Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.15%. Comparing base (cbf6878) to head (1949b44).
⚠️ Report is 6 commits behind head on main.

⚠️ Current head 1949b44 differs from pull request most recent head 8c1f8e7

Please upload reports for the commit 8c1f8e7 to get more accurate results.
✅ All tests successful. No failed tests found.

@@           Coverage Diff           @@
##             main      #46   +/-   ##
=======================================
  Coverage   94.15%   94.15%           
=======================================
  Files          31       31           
  Lines        1368     1368           
  Branches       25       25           
=======================================
  Hits         1288     1288           
  Misses         79       79           
  Partials        1        1

sonarqubecloud · 2025-07-10T11:40:28Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

greptile-apps bot reviewed Apr 30, 2025

View reviewed changes

semgrep-code-nextgencontributions bot reviewed Apr 30, 2025

View reviewed changes

renovate bot force-pushed the renovate/python-3.x branch from 8862740 to 3885214 Compare May 1, 2025 13:30

renovate bot force-pushed the renovate/python-3.x branch 2 times, most recently from 46f6fe4 to f23524b Compare May 8, 2025 05:36

renovate bot changed the title ~~chore(deps): update python docker tag~~ chore(deps): update python docker tag to v3.13 Jul 10, 2025

renovate bot force-pushed the renovate/python-3.x branch from f23524b to 460911c Compare July 10, 2025 11:31

renovate bot force-pushed the renovate/python-3.x branch from 460911c to 2848aba Compare September 25, 2025 20:45

renovate bot force-pushed the renovate/python-3.x branch 6 times, most recently from cd576c0 to 1949b44 Compare October 7, 2025 11:51

renovate bot changed the title ~~chore(deps): update python docker tag to v3.13~~ chore(deps): update python docker tag to v3.14 Oct 8, 2025

renovate bot force-pushed the renovate/python-3.x branch 4 times, most recently from 22f19cc to 76d8a45 Compare October 8, 2025 11:17

renovate bot force-pushed the renovate/python-3.x branch 8 times, most recently from 04c19bb to ffc9b4a Compare October 14, 2025 13:18

renovate bot force-pushed the renovate/python-3.x branch 4 times, most recently from 399293b to 0a40c24 Compare October 20, 2025 08:43

chore(deps): update python docker tag to v3.14

8c1f8e7

renovate bot force-pushed the renovate/python-3.x branch from 0a40c24 to 8c1f8e7 Compare October 20, 2025 08:44

		@@ -1,4 +1,4 @@
		FROM python:3.12-bookworm
		FROM python:3.13-bookworm

-FROM python:3.13-bookworm
+FROM python:3.13-bookworm@sha256:ea6ec900d7de61fbf6eea6b5d15d9f00a162ff2da6e400a7042c3ac875f6cf13
+ENV PYTHONDONTWRITEBYTECODE=1
+ENV PYTHONUNBUFFERED=1
+ENV POETRY_VIRTUALENVS_CREATE=0
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    watchman \
+    && rm -rf /var/lib/apt/lists/*
+RUN pip install --no-cache-dir -U pip setuptools wheel
+RUN pip install --no-cache-dir uv
+# Copy from the cache instead of linking since it's a mounted volume
+ENV UV_LINK_MODE=copy
+ENV UV_SYSTEM_PYTHON=true
+ENV UV_BREAK_SYSTEM_PACKAGES=true
+ENV UV_PROJECT_ENVIRONMENT=/usr/local
+# Install the project's dependencies using the lockfile and settings
+RUN --mount=type=cache,target=/root/.cache/uv \
+    --mount=type=bind,source=uv.lock,target=uv.lock \
+    --mount=type=bind,source=pyproject.toml,target=pyproject.toml \
+    uv sync --frozen --no-install-project

Uh oh!

chore(deps): update python docker tag to v3.14 #46

Are you sure you want to change the base?

chore(deps): update python docker tag to v3.14 #46

Uh oh!

Conversation

renovate bot commented Apr 30, 2025 • edited by bito-code-review bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Configuration

Summary by Bito

Uh oh!

trunk-io bot commented Apr 30, 2025

Uh oh!

korbit-ai bot commented Apr 30, 2025

Uh oh!

evolua-app bot commented Apr 30, 2025

Welcome @renovate[bot]! 🎉

Uh oh!

sourcery-ai bot commented Apr 30, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Reviewer's Guide

File-Level Changes

Interacting with Sourcery

Customizing Your Experience

Getting Help

Uh oh!

coderabbitai bot commented Apr 30, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Review skipped

Uh oh!

greptile-apps bot left a comment

Choose a reason for hiding this comment

PR Summary

Uh oh!

deepsource-io bot commented Apr 30, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Analysis Summary

Uh oh!

snyk-io bot commented Apr 30, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

✅ Snyk checks have passed. No issues have been found so far.

Uh oh!

semgrep-code-nextgencontributions bot Apr 30, 2025

Choose a reason for hiding this comment

Uh oh!

sonarqubecloud bot commented May 1, 2025

Quality Gate passed

Uh oh!

trunk-io bot commented May 1, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

codecov bot commented Jul 10, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

sonarqubecloud bot commented Jul 10, 2025

Quality Gate passed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

renovate bot commented Apr 30, 2025 •

edited by bito-code-review bot

Loading

sourcery-ai bot commented Apr 30, 2025 •

edited

Loading

coderabbitai bot commented Apr 30, 2025 •

edited

Loading

deepsource-io bot commented Apr 30, 2025 •

edited

Loading

snyk-io bot commented Apr 30, 2025 •

edited

Loading

trunk-io bot commented May 1, 2025 •

edited

Loading

codecov bot commented Jul 10, 2025 •

edited

Loading