Proposal: Upgrade Docker Image Build to Python 3.12 (Version 18.0) - Resolves Dependency Vulnerabilities

[MarcelSForgeFlow]

Hello,

I identified several dependency vulnerabilities within the requirements.txt file when building with python 3.10. For example, pillow@9.0.1 has known security issues that are addressed in later versions, which are compatible with Python 3.12.

To address these vulnerabilities and improve the project's security posture, I conducted a test build using Python 3.12. My testing indicates that the project builds successfully without any apparent compatibility issues in the 18.0.Dockerfile.

Proposed Change:
If there is no compatibility problem, I propose upgrading the Docker image build process for version 18.0 to utilize Python 3.12.

[pedrobaeza]

Having certain vulnerabilities in Python libraries that are used in Odoo doesn't mean that they are exploitable on Odoo itself. Odoo only uses a subset of the features from the libraries. On contrary, updating the library versions may cause unnoticed problems that can be even more harmful.

Doodba's philosophy has been to stick to the versions declared in Odoo and use also the same Python version that is used in the Odoo's CI suite, so we have a reproducible environment for any possible discovered bug.

Do you have any clue that any of the reported vulnerabilities affect directly Odoo? Sometimes Odoo monkey-patches the libraries if that's the case for sticking with the same version, but mitigating the vulnerability (NOTE: other times is just for convenience or cross-compatibility). See for example https://github.com/odoo/odoo/tree/18.0/odoo/_monkeypatches. You can handle it with them in https://www.odoo.com/es_ES/security-report.