chore(deps): bump python from 3.11-slim to 3.14-slim in /docker in the minor-and-patch group

[dependabot]

Bumps the minor-and-patch group in /docker with 1 update: python.

Updates python from 3.11-slim to 3.14-slim

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Summary by CodeRabbit

• Chores
  • Updated the Python runtime version from 3.11 to 3.14 in the production environment.

[coderabbitai]

📝 Walkthrough

Walkthrough

The Docker production runtime stage base image is updated from Python 3.11 to Python 3.14, advancing the Python version for all downstream runtime installation steps including system packages, dependency management, artifact copying, and container configuration.

Changes

Docker Runtime Upgrade

Layer / File(s)	Summary
Production runtime Python version docker/Dockerfile	Base Docker image for the production runtime stage updated from python:3.11-slim to python:3.14-slim.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

A hopping leap from 3.11 to 3.14,
Where Python now runs faster than before,
The slim container whispers with delight,
Our image optimized and burning bright! 🐇✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: upgrading Python from 3.11-slim to 3.14-slim in the Docker image, matching the raw summary and PR objectives.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/docker/docker/minor-and-patch-6dafb4a59b

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docker/Dockerfile`:
- Line 35: Update the Docker base image to python:3.14-slim in docker/Dockerfile
(the FROM python:3.14-slim line) and then run a full docker build followed by
the project's smoke and health check tests to validate install and runtime
behavior; specifically verify all pinned dependencies and lockfile installs
complete, confirm compatibility of Pydantic (v1 vs v2) and other core libs
(FastAPI, Uvicorn, HTTPX, Semgrep), and if any installation or runtime failures
occur revert the FROM line to the previously used Python tag or adjust
dependency pins accordingly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 31356d8e-2c1d-4b04-871a-d39c82d42e64

📥 Commits

Reviewing files that changed from the base of the PR and between 404837d and 159ad73.

📒 Files selected for processing (1)

• docker/Dockerfile

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Verify python:3.14-slim exists on Docker Hub

# Check if the image exists and can be pulled
docker pull python:3.14-slim --dry-run 2>&1 || docker manifest inspect python:3.14-slim 2>&1

# If docker commands aren't available in sandbox, fall back to Docker Hub API
curl -fsSL "https://hub.docker.com/v2/repositories/library/python/tags/3.14-slim" 2>&1 | jq -r '.name // "NOT FOUND"'

Repository: cliff-security/cliff

Length of output: 164

---

🌐 Web query:

Is Python 3.14 released and stable as of May 2026? What is the release date?

💡 Result:

Yes. Python 3.14 was released and is stable as of May 2026; the latest stable maintenance release in May 2026 is Python 3.14.5, released on 2026-05-10 [1][2]. Python 3.14’s initial stable (major) release date was 2025-10-07 [3].

Citations:

• 1: https://www.python.org/downloads/release/python-3145/
• 2: https://docs.python.org/3/whatsnew/changelog.html
• 3: https://docs.python.org/3/whatsnew/3.14.html

---

🌐 Web query:

Do fastapi uvicorn httpx pydantic semgrep support Python 3.14?

💡 Result:

Yes, FastAPI, Uvicorn, HTTPX, Pydantic, and Semgrep all support Python 3.14 as of May 2026. Python 3.14 was officially released on October 7, 2025 [1][2]. Below is the status of support for each tool: FastAPI: Full support for Python 3.14 was added in October 2025 [3]. Recent updates have also added support for free-threaded Python 3.14t (a version of Python 3.14 without the Global Interpreter Lock) [4][5][6]. Uvicorn: Support for Python 3.14 was officially added in version 0.38.0, released in October 2025 [7]. HTTPX: The library supports Python 3.14. It has included Python 3.14 in its testing matrix since late 2025 [8]. Pydantic: Pydantic v2 includes support for Python 3.14 [9]. Note that Pydantic v1 is not supported on Python 3.14 and above [10][11]. Users relying on legacy Pydantic v1 code must migrate to Pydantic v2 to use it on this Python version [10]. Semgrep: Semgrep supports Python 3.14. While earlier versions encountered issues due to dependency pinning, these were resolved, and recent releases (such as 1.140.0 and later) include CI testing and official support for the Python 3.14 environment [12][13][14].

Citations:

• 1: https://docs.python.org/3/whatsnew/3.14.html
• 2: https://www.python.org/downloads/release/python-3140/
• 3: ⬆️ Add support for Python 3.14 fastapi/fastapi#14165
• 4: https://github.com/fastapi/fastapi/pull/15149/changes
• 5: https://github.com/fastapi/fastapi/releases
• 6: https://fastapi.tiangolo.com/release-notes/
• 7: https://uvicorn.dev/release-notes/
• 8: GitHub Actions: Add Python 3.14 to test matrix encode/httpx#3645
• 9: Add initial support for Python 3.14 pydantic/pydantic#11991
• 10: https://fastapi.tiangolo.com/how-to/migrate-from-pydantic-v1-to-pydantic-v2/
• 11: Add initial support for Python 3.14 pydantic/pydantic#11613
• 12: Does Not Support 3.14.0 Due To Pinned Dependency semgrep/semgrep#11250
• 13: https://pypi.org/project/semgrep/1.140.0/
• 14: https://pypi.org/project/semgrep/1.144.0/

---

Downgrade concern for Python 3.14 base: python:3.14-slim exists and core dependencies support 3.14 (still run Docker build/tests).

• docker/Dockerfile line 35 (python:3.14-slim) tag is present on Docker Hub.
• Python 3.14 is released/stable as of May 2026, and FastAPI, Uvicorn, HTTPX, Pydantic (v2), and Semgrep support Python 3.14.
• Remaining risk is project-specific pinned dependencies/lockfiles (and Pydantic v1 vs v2); run docker build + the existing smoke/health checks against the 3.14 image to ensure install and runtime behavior are OK.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docker/Dockerfile` at line 35, Update the Docker base image to
python:3.14-slim in docker/Dockerfile (the FROM python:3.14-slim line) and then
run a full docker build followed by the project's smoke and health check tests
to validate install and runtime behavior; specifically verify all pinned
dependencies and lockfile installs complete, confirm compatibility of Pydantic
(v1 vs v2) and other core libs (FastAPI, Uvicorn, HTTPX, Semgrep), and if any
installation or runtime failures occur revert the FROM line to the previously
used Python tag or adjust dependency pins accordingly.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml