fix: update Docker base images to latest Python 3.12 and Debian Trixie to resolve CVEs

[vjgit96]

Summary

Updates all Docker base images to use the latest Debian Trixie and Python 3.12 to resolve CVE vulnerabilities in both builder and runtime stages.

Changes

Runtime Stage (Commit 1)

• Updated from python:3.12.13-slim-trixie to python:3.12-slim-trixie
• Ensures automatic security patches for runtime images

Builder Stage (Commit 2)

• Updated from ghcr.io/astral-sh/uv:python3.12-bookworm-slim to ghcr.io/astral-sh/uv:python3.12-trixie-slim
• Ensures consistency between builder and runtime (both now use Debian Trixie)
• Eliminates CVEs in build environment

Why

• Addresses CVE vulnerabilities in Debian base images (Bookworm → Trixie)
• Using unpinned patch versions follows security best practices
• Ensures automatic security updates without manual intervention
• Maintains consistency between build and runtime environments

Testing

• Nightly builds will validate these changes automatically
• No functional changes expected, only security patches
• All 5 Dockerfiles updated for consistency

Affected Builds

• Nightly: base, main, main-all
• Release: backend, entrypoint

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: cc608505-69ea-4613-953d-b2f978402c43

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/update-docker-base-image-nightly-cves

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 53.86%. Comparing base (10745ac) to head (2686af0).
⚠️ Report is 5 commits behind head on release-1.10.0.

❌ Your project check has failed because the head coverage (50.60%) is below the target coverage (60.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@                Coverage Diff                 @@
##           release-1.10.0   #12990      +/-   ##
==================================================
- Coverage           54.30%   53.86%   -0.45%     
==================================================
  Files                2053     2059       +6     
  Lines              188633   189207     +574     
  Branches            29502    29590      +88     
==================================================
- Hits               102441   101919     -522     
- Misses              85062    86132    +1070     
- Partials             1130     1156      +26     

Flag	Coverage Δ
backend	57.30% <ø> (+0.02%)	⬆️
frontend	53.82% <ø> (-0.78%)	⬇️
lfx	50.60% <ø> (+0.61%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.
see 139 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

Frontend Unit Test Coverage Report

Coverage Summary

Lines	Statements	Branches	Functions
	36.65% (42804/116776)	67.89% (5901/8692)	36.26% (977/2694)

Unit Test Results

Tests	Skipped	Failures	Errors	Time
4141	0 💤	0 ❌	0 🔥	9m 0s ⏱️