Switch to Ubuntu Noble base image with Python 3.13

- Use ubuntu:noble-20260113 base image instead of python:3.12-slim
- Install Python 3.13 from deadsnakes PPA
- Run container as non-root user for security
- Remove CVE-specific patches (no longer needed with new base)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: shahidhk

Dockerfile

@@ -1,24 +1,26 @@
-FROM python:3.12-slim
+FROM ubuntu:noble-20260113
 
-RUN python -m pip install --no-cache-dir --upgrade "pip>=25.3"
-
-# Install curl for healthcheck
-RUN apt-get update && \
-    apt-get install -y curl git && \
-    rm -rf /var/lib/apt/lists/*
-
-# Security updates for CVE-2024-56406 (Perl), CVE-2025-7709 (SQLite)
-# Upgrade vulnerable system packages to their fixed versions
+# Install dependencies and add deadsnakes PPA for latest Python
 RUN apt-get update && \
-    apt-get upgrade -y \
-      libperl5.40 \
-      perl \
-      perl-modules-5.40 \
-      perl-base \
-      libsqlite3-0 && \
+    apt-get install -y --no-install-recommends \
+      software-properties-common \
+      gpg-agent && \
+    add-apt-repository -y ppa:deadsnakes/ppa && \
+    apt-get update && \
+    apt-get install -y --no-install-recommends \
+      python3.13 \
+      python3.13-venv \
+      curl \
+      git && \
+    apt-get purge -y software-properties-common gpg-agent && \
+    apt-get autoremove -y && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 
+# Create python symlinks for compatibility
+RUN ln -sf /usr/bin/python3.13 /usr/bin/python && \
+    ln -sf /usr/bin/python3.13 /usr/bin/python3
+
 COPY /docker /scripts
 COPY /functions /functions
 
@@ -28,6 +30,12 @@ RUN chmod +x /scripts/package-restore.sh /scripts/start.sh
 # Run the package-restore script
 RUN /scripts/package-restore.sh
 
+# Create non-root user
+RUN useradd -m python && \
+    chown -R python:python /scripts /functions
+
+USER python
+
 EXPOSE 8080
 
 HEALTHCHECK --interval=5s --timeout=10s --start-period=1s --retries=3 \