馃敡 Unpin container image patch versions for automatic security updates

Issue Summary

This project has container base images pinned to specific patch versions, which prevents automatic security updates.

Current Images

  • Python Image: python:3.11.9-slim-bookworm@sha256:8c1036ec919826052306dfb5286e4753ffd9d5f6c24fbc352a5399c3b405b57e
  • Nginx Image: nginx:1.27.3-alpine@sha256:814a8e88df978ade80e584cc5b333144b9372a8e3c98872d07137dbf3b44d0e4
  • Issues:
    • Pinned to specific patch versions
    • Missing automatic security patch updates
    • Requires manual updates for each patch release

Recommended Updates

  • New Python Image: python:3.11-slim-bookworm (remove patch version and SHA pin)
  • New Nginx Image: nginx:1.27-alpine (remove patch version and SHA pin)
  • Benefits:
    • Automatic security patch updates
    • Reduced maintenance overhead
    • Still maintains major.minor version stability

Priority

馃敡 MEDIUM - Security maintenance improvement

Acceptance Criteria

  • Update Dockerfile to use unpinned patch versions
  • Remove SHA256 pins to allow automatic updates
  • Test application compatibility with updated approach
  • Verify container builds successfully
  • Document the change in version pinning strategy
  • Update CI/CD to handle automatic base image updates