Update docker environment and python packages

[JokeWaumans]

Use latest version and remove neomodel since django-neomodel has it as dependency and can automatically select the correct version.

Summary by CodeRabbit

• Chores
  • Upgraded Python runtime to version 3.12 for improved performance and latest security patches
  • Updated Neo4j database from 5.15.0 to 5.26 for enhanced features and stability
  • Refreshed core framework and supporting library dependencies to latest compatible versions

[coderabbitai]

Warning

Rate limit exceeded

@JokeWaumans has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 44 minutes and 49 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 49fb3000-2dc2-4ee5-bbc1-70378596f62a

📥 Commits

Reviewing files that changed from the base of the PR and between 6b13ad4 and dc72abf.

📒 Files selected for processing (1)

• Dockerfile

📝 Walkthrough

Walkthrough

This pull request upgrades the application runtime, database service, and Python dependencies. Python base image advances from 3.11 to 3.12, Neo4j from 5.15.0 to 5.26, and Django from 4.x-ranged to pinned 6.0.5. NeoModel query API usage is adapted from match to match_q to align with updated libraries.

Changes

Dependency and Runtime Upgrade

Layer / File(s)	Summary
Environment versions Dockerfile, docker-compose.yml	Docker base image updated to python:3.12-slim and neo4j_db service image updated to neo4j:5.26.
Python package updates py-requirements.txt	Dependencies updated to newer versions: django==6.0.5 (pinned), django-neomodel==0.2.0, djangorestframework==3.17.1, django-extensions==4.1, ruamel.yaml==0.19.1, and whitenoise==6.12.0; neomodel==5.1.2 removed.
NeoModel API migration to match_q traceabilityViewer/app/views.py	NeoModel query imports and traversal definitions in filter_group and search_nodes_recursively migrated from match to match_q API.

🎯 2 (Simple) | ⏱️ ~8 minutes

🐰 With whiskers twitched and nose held high,
I hopped through deps to upgrade the sky!
Python twelve and Neo4j rise,
match_q migrations—what a prize! 🚀
Old versions fade as new ones take flight.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: Docker environment updates (base image, Neo4j version) and Python package upgrades across multiple dependencies.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch update-packages

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

Dockerfile (1)

1-19: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Add non-root USER directive for security hardening.

The container runs as root by default, which increases the attack surface. As per static analysis findings, specify a non-root user to improve security posture.

🔒 Proposed fix to add non-root user

 FROM python:3.12-slim

 ARG CONFIG_FILE
 ARG JSON_EXPORT

 ENV PYTHONBUFFERED 1

 COPY py-requirements.txt /tmp/py-requirements.txt
 COPY /traceabilityViewer /traceabilityViewer
 COPY ${CONFIG_FILE} /traceabilityViewer/config.yml
 COPY ${JSON_EXPORT} /traceabilityViewer/

 WORKDIR /traceabilityViewer

 RUN python -m venv /py && \
     /py/bin/pip3 install --upgrade pip && \
     /py/bin/pip3 install -r /tmp/py-requirements.txt && \
-    rm -rf /tmp
+    rm -rf /tmp && \
+    useradd -m -u 1000 appuser && \
+    chown -R appuser:appuser /traceabilityViewer /py
+
+USER appuser

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfile` around lines 1 - 19, The Dockerfile currently runs as root; add a
non-root user and switch to it by creating a user/group (e.g., traceuser) and
home, ensure ownership of the app files and venv are changed to that user (chown
/traceabilityViewer and /py), and then add a USER traceuser line before the
final image runtime steps; update any RUN steps that need root (installing
packages) to occur before creating/switching the user and keep ENV/WORKDIR as-is
so the process runs as the non-root user.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@Dockerfile`:
- Around line 1-19: The Dockerfile currently runs as root; add a non-root user
and switch to it by creating a user/group (e.g., traceuser) and home, ensure
ownership of the app files and venv are changed to that user (chown
/traceabilityViewer and /py), and then add a USER traceuser line before the
final image runtime steps; update any RUN steps that need root (installing
packages) to occur before creating/switching the user and keep ENV/WORKDIR as-is
so the process runs as the non-root user.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f9fc8567-07bf-4101-a436-7ab9ebb5c4a9

📥 Commits

Reviewing files that changed from the base of the PR and between d3b32c4 and 6b13ad4.

📒 Files selected for processing (4)

• Dockerfile
• docker-compose.yml
• py-requirements.txt
• traceabilityViewer/app/views.py