Fix/security docker python314 (#237)

* fix: security alerts, Docker compose failures, and Python 3.14 install guidance

Security:
- Bump cryptography 44.0.1->46.0.5 and Flask 3.0.0->3.1.3 in CTF challenge-06
  (fixes Dependabot alerts #41 HIGH, #42 LOW)
- Add SECURITY.md with vulnerability reporting policy (Scorecard Security-Policy)
- Pin docker/Dockerfile base image with SHA256 digest (Scorecard Pinned-Dependencies)
- Fix version comments in curriculum-check.yml (v4/v5 -> v6)

Docker:
- Remove deprecated 'version: 3.8' key (Compose V2 warning)
- Remove jupyter depends_on elasticsearch (blocked Jupyter if ES failed to start)
- Fix volume mount ../tools -> ../shared (tools/ didn't exist)
- Fix duplicate container_name on ollama services

Python 3.14 / install guidance:
- Add Python 3.14 detection to verify_setup.py with actionable error message
- Add 'resolution-too-deep' troubleshooting section to docs
- Update requirements.txt header with version warning and uv fallback
- Update README with Python version callout and selective install options

Robustness:
- Handle PermissionError in check_ai_model_freshness.py and test_curriculum_integrity.py
- Remove stale notebook and data files

Made-with: Cursor

* fix: restore version discrepancies in CTF challenge-06 baseline for challenge integrity

Made-with: Cursor

* fix: resolve Docker tokenizers conflict and stale verify_setup path

Made-with: Cursor

Author: depalmar

docker/Dockerfile

@@ -39,16 +39,17 @@ COPY requirements.txt /tmp/requirements.txt
 RUN pip install pip==24.3.1 && pip install --no-cache-dir -r /tmp/requirements.txt
 
 # Install additional ML/AI packages (versions pinned for reproducibility)
+# Note: chromadb must be >=1.0.0 to avoid tokenizers conflict with transformers
 RUN pip install --no-cache-dir \
-    torch==2.5.1 \
-    transformers==4.47.1 \
-    sentence-transformers==3.3.1 \
-    langchain==0.3.14 \
-    langchain-community==0.3.14 \
-    openai==1.58.1 \
-    anthropic==0.42.0 \
-    chromadb==0.5.23 \
-    ollama==0.4.5 \
+    torch==2.6.0 \
+    transformers==4.48.3 \
+    sentence-transformers==5.0.0 \
+    langchain==1.0.0 \
+    langchain-community==0.4.1 \
+    openai==1.66.3 \
+    anthropic==0.49.0 \
+    chromadb==1.0.12 \
+    ollama==0.4.7 \
     faiss-cpu==1.9.0.post1
 
 # Install security-specific packages (versions pinned for reproducibility)

docker/requirements.txt

@@ -68,10 +68,10 @@ boto3>=1.28.0
 minio>=7.1.0
 
 # LLM and RAG
-langchain>=0.1.0
-langchain-community>=0.0.10
-chromadb>=0.4.0
-sentence-transformers>=2.2.0
+langchain>=1.0.0
+langchain-community>=0.4.0
+chromadb>=1.0.0
+sentence-transformers>=5.0.0
 openai>=1.0.0
 anthropic>=0.7.0
 tiktoken>=0.5.0

scripts/verify_setup.py

@@ -437,7 +437,7 @@ def print_summary(results):
             console.print(
                 Panel.fit(
                     "[bold green]All checks passed! You're ready to start.[/bold green]\n\n"
-                    "Next step: cd labs/lab01-phishing-classifier",
+                    "Next step: cd labs/lab01-python-security-fundamentals",
                     title="Ready!",
                 )
             )
@@ -457,7 +457,7 @@ def print_summary(results):
 
         if all_passed:
             print("\nAll checks passed! You're ready to start.")
-            print("Next step: cd labs/lab01-phishing-classifier")
+            print("Next step: cd labs/lab01-python-security-fundamentals")
         else:
             print("\nSome checks failed. Review the issues above.")