Improve reproduciblity of image (#7120)

* hard-pin doc requirements

* update docs and commands

* hard pin container requirements

* check hashes in image build

* remove seperate uv install (is in base_requirements)

* containers already ships 3.11 - adjust packaging

* move build deps to general ci requirements

* install yarn using native tools

Closes https://github.com/inventree/InvenTree/security/code-scanning/95
Closes https://github.com/inventree/InvenTree/security/code-scanning/96

* merge install steps

* adapt install command args to be similar

* adapt docs to suggest safer install arg

* fix install path

* update dependabot settings

contrib/container/Dockerfile

@@ -97,14 +97,14 @@ FROM inventree_base AS prebuild
 
 ENV PATH=/root/.local/bin:$PATH
 RUN ./install_build_packages.sh --no-cache --virtual .build-deps && \
-    pip install --user -r base_requirements.txt --no-cache && \
+    pip install --user --require-hashes -r base_requirements.txt --no-cache && \
     pip install --user --require-hashes -r requirements.txt --no-cache && \
     apk --purge del .build-deps
 
 # Frontend builder image:
 FROM prebuild AS frontend
 
-RUN apk add --no-cache --update nodejs npm && npm install -g yarn@v1.22.22 --ignore-scripts
+RUN apk add --no-cache --update nodejs npm yarn
 RUN yarn config set network-timeout 600000 -g
 COPY src ${INVENTREE_HOME}/src
 COPY tasks.py ${INVENTREE_HOME}/tasks.py
@@ -141,11 +141,11 @@ EXPOSE 5173
 # Install packages required for building python packages
 RUN ./install_build_packages.sh
 
-RUN pip install uv==0.1.26 --no-cache-dir && pip install -r base_requirements.txt --no-cache
+RUN pip install --require-hashes -r base_requirements.txt --no-cache
 
 # Install nodejs / npm / yarn
 
-RUN apk add --no-cache --update nodejs npm && npm install -g yarn@v1.22.22 --ignore-scripts
+RUN apk add --no-cache --update nodejs npm yarn
 RUN yarn config set network-timeout 600000 -g
 
 # The development image requires the source code to be mounted to /home/inventree/