fix: remediate CVEs in app image dependencies (#1896)

## Summary

Remediates the actionable CVEs from a recent trivy + grype scan of the
`app` image built from `main`.

- Bumps vulnerable transitive Python deps via `uv`
constraint-dependencies in `python/pyproject.toml`:
  - aiohttp 3.13.3 → 3.13.5 (CVE-2026-22815, -34515, -34516, -34525)
  - cryptography 46.0.5 → 48.0.0 (CVE-2026-39892)
  - mako 1.3.10 → 1.3.12 (CVE-2026-44307, -41205)
  - python-dotenv 1.1.1 → 1.2.2 (CVE-2026-28684)
  - requests 2.32.5 → 2.34.2 (CVE-2026-25645)
  - sqlparse 0.5.3 → 0.5.5 (GHSA-27jp-wm6q-gp25)
- Installs `uv` from upstream `ghcr.io/astral-sh/uv:0.11.15` via
multi-stage COPY in `python/Dockerfile` instead of the Wolfi `apk`
package, so the uv binary (and its Rust deps like `rkyv`) is pinned and
bumpable independent of the Wolfi release cadence.
- Overrides `brace-expansion` to 5.0.6 in the sandbox-runtime npm tree
(CVE-2026-45149), mirroring the existing lodash-es override.

CVEs left unaddressed are not actionable here: CPython CVEs marked `n/a`
(no upstream fix yet), pip CVE-2026-3219 (`not-fixed`), Alpine
`busybox`/`git` findings in `skills-init` (no upstream patch).

## Test plan

- [x] `uv lock --check` passes
- [x] `docker build -f python/Dockerfile ./python` succeeds
- [x] Built image: `uv --version` reports 0.11.15
- [x] Built image: aiohttp 3.13.5, cryptography 48.0.0, mako 1.3.12,
python-dotenv 1.2.2, requests 2.34.2, sqlparse 0.5.5 installed
- [x] Built image:
`/opt/sandbox-runtime/node_modules/brace-expansion/package.json` reports
5.0.6
- [ ] Re-run trivy + grype on the `app` image built from this branch to
confirm CVE counts drop

---

_PR opened by Claude on behalf of @EItanya._

---------

Signed-off-by: Eitan Yarmush <eitan.yarmush@solo.io>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

Author: EItanya

python/Dockerfile

@@ -1,5 +1,7 @@
 ### STAGE 1: base image
 ARG BASE_IMAGE_REGISTRY=cgr.dev
+ARG UV_VERSION=0.11.15
+FROM ghcr.io/astral-sh/uv:${UV_VERSION} AS uv-bin
 FROM $BASE_IMAGE_REGISTRY/chainguard/wolfi-base:latest AS base-os
 
 # Build arg to control SSL verification (set DISABLE_SSL_VERIFY=1 to skip SSL checks)
@@ -14,12 +16,16 @@ RUN --mount=type=cache,target=/var/cache/apk,rw \
     if [ "$DISABLE_SSL_VERIFY" = "1" ]; then \
         echo "WARNING: Disabling SSL verification for apk (development only)"; \
         apk update --no-check-certificate && apk add --no-check-certificate \
-            curl openssl bash git ca-certificates uv libstdc++; \
+            curl openssl bash git ca-certificates libstdc++; \
     else \
         apk update && apk add \
-            curl openssl bash git ca-certificates uv libstdc++; \
+            curl openssl bash git ca-certificates libstdc++; \
     fi
 
+# Install uv from upstream so we control the version and pick up rkyv fixes
+# independently of the Wolfi apk release cadence.
+COPY --from=uv-bin /uv /uvx /usr/local/bin/
+
 ### STAGE 2: python
 FROM base-os AS python-os
 ARG TOOLS_PYTHON_VERSION=3.13
@@ -74,6 +80,7 @@ RUN --mount=type=cache,target=/root/.npm \
     git clone --depth 1 --revision=ef4afdef4d711ba21a507d7f7369e305f7d3dbfa https://github.com/anthropic-experimental/sandbox-runtime.git && \
     cd sandbox-runtime && \
     npm install --save-exact lodash-es@4.18.1 @types/lodash-es@4.17.12 && \
+    npm install --save-exact brace-expansion@5.0.6 && \
     npm run build && \
     # CVE-2026-26996: all minimatch instances (3.1.2, 9.0.5) are transitive dev
     # deps (eslint, typescript-eslint). Prune dev deps after build to remove them.

python/pyproject.toml

@@ -11,10 +11,15 @@ dev = [
 
 [tool.uv]
 constraint-dependencies = [
-    "cryptography>=46.0.5",
+    "aiohttp>=3.13.5",
+    "cryptography>=48.0.0",
     "jaraco-context>=6.1.0",
+    "mako>=1.3.12",
     "pyasn1>=0.6.3",
     "pyopenssl>=26.0.0",
+    "python-dotenv>=1.2.2",
+    "requests>=2.34.2",
+    "sqlparse>=0.5.5",
     "wheel>=0.46.2",
 ]