[Snyk] Security upgrade python from 3.11-slim to 3.13.2-slim

[rubenfiszel]

Snyk has created this PR to fix 5 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

• lsp/Dockerfile

We recommend upgrading to python:3.13.2-slim, as this image has only 38 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	CVE-2024-12133 SNYK-DEBIAN12-LIBTASN16-8689970	586
	Integer Overflow or Wraparound SNYK-DEBIAN12-ZLIB-6008963	500
	CVE-2025-24528 SNYK-DEBIAN12-KRB5-8679228	221
	CVE-2025-0395 SNYK-DEBIAN12-GLIBC-8658672	150
	CVE-2024-13176 SNYK-DEBIAN12-OPENSSL-8648323	150

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

---

Important

Upgrade lsp/Dockerfile base image to python:3.13.2-slim to fix 5 vulnerabilities.

• Dockerfile Update:
  • Upgrade base image from python:3.11-slim to python:3.13.2-slim in lsp/Dockerfile to address 5 vulnerabilities.
  • New base image reduces known vulnerabilities to 38.

^{This description was created by for 2675bdd. It will automatically update as commits are pushed.}

[cloudflare-workers-and-pages]

Deploying windmill with    Cloudflare Pages

Latest commit:	2675bdd
Status:	✅  Deploy successful!
Preview URL:	https://bed2f1b2.windmill.pages.dev
Branch Preview URL:	https://snyk-fix-1ffd5b2411f759a44b0.windmill.pages.dev

View logs

[ellipsis-dev]

👍 Looks good to me! Reviewed everything up to 2675bdd in 28 seconds

More details

• Looked at 10 lines of code in 1 files
• Skipped 0 files when reviewing.
• Skipped posting 2 drafted comments based on config settings.

1. lsp/Dockerfile:1

• Draft comment:
  Ensure that moving to python:3.13.2-slim doesn't break compatibility with installed packages (e.g. pipenv, tornado) and any Python-related scripts. It's advisable to run integration tests after this upgrade.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50%
  This comment is asking the PR author to ensure compatibility and run tests after upgrading a Python version. It doesn't provide a specific suggestion or point out a specific issue with the code. It violates the rule against asking the author to ensure behavior or test changes.

2. lsp/Dockerfile:1

• Draft comment:
  Updated base image to python:3.13.2-slim. Ensure that all app dependencies and tools are fully compatible with Python 3.13 to avoid any runtime issues.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50%
  None

Workflow ID: wflow_qbf5hcAQWNlOZCp7

---

You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.