[Snyk] Security upgrade python from 3.13.1-alpine to 3.14.2-alpine

[kevin-benton]

Snyk has created this PR to fix 4 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

• docker/umap/Dockerfile

We recommend upgrading to python:3.14.2-alpine, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Integer Overflow or Wraparound SNYK-ALPINE321-SQLITE-12675067	264
	CVE-2025-6965 SNYK-ALPINE321-SQLITE-11191065	263
	Integer Overflow or Wraparound SNYK-ALPINE321-SQLITE-9712340	161
	CVE-2025-26519 SNYK-ALPINE321-MUSL-8720634	139
	CVE-2025-26519 SNYK-ALPINE321-MUSL-8720634	139

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Integer Overflow or Wraparound

[kevin-benton]

This upgrade to Python 3.14 introduces significant new features and a key breaking change.

Breaking Change:

• Code using return, break, or continue to exit a finally block will now raise a SyntaxError due to the implementation of PEP 765. [4, 9]

Major Change:

• Type annotations are now evaluated lazily by default (PEP 649). This may affect advanced frameworks or libraries that perform introspection on type hints and rely on eager evaluation. [1, 2, 10]

Source: What's New in Python 3.14 documentation
Recommendation: Review code for control flow statements (return, break, continue) inside finally blocks. Validate any code that relies on the specific timing of type annotation evaluation.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[adthrasher]

The corresponding package.json needs to have the version updated. All references to the image also need to be bumped to the new version.

[adthrasher]

It looks like the image is failing to build. So this can't merge quite yet.

------
 > [stage-0 3/4] RUN pip install umap-learn==0.5.7 pandas:
222.7   Stored in directory: /root/.cache/pip/wheels/38/5d/34/a5742fbe6152e861b78e9f4327b490a608b859e225b805b570
222.7 Successfully built numba scikit-learn
222.7 Failed to build llvmlite
222.8 
Notice: 222.8 [notice] A new release of pip is available: 25.3 -> 26.0.1
Notice: 222.8 [notice] To update, run: pip install --upgrade pip
222.8 error: failed-wheel-build-for-install
222.8 
222.8 × Failed to build installable wheels for some pyproject.toml based projects
222.8 ╰─> llvmlite
------
Dockerfile:8
--------------------
   6 |         && ln -s /usr/bin/llvm-config-15 /usr/bin/llvm-config
   7 |     
   8 | >>> RUN pip install umap-learn==0.5.7 pandas
   9 |     
  10 |     COPY --from=scripts --chmod=777 methylation/generate_umap.py /scripts/methylation/generate_umap.py
--------------------
ERROR: failed to build: failed to solve: process "/bin/sh -c pip install umap-learn==0.5.7 pandas" did not complete successfully: exit code: 1