Do we want to hardcode the version? (Is that what the new Node depends on instead of just '3'?)

And is it intentional that we aren't auto removing python3(.13) any more?

There are multiple Python versions installed. I kept python3.13-minimal, which works correctly. Autoremoving python3 triggers removal of Node.js dependencies, which causes failures in the production stage when yarn install runs

If we aren't auto-removing Python, then IMO we don't really need to mark anything manual.

But I think it'd be better to mark the real dependencies as dependencies. This isn't just a size concern; having extraneous dependencies can allow attackers "chain" attacks (i.e. if they can execute limited code, but it includes Python code, and there's a further CVE in Python, they can use that) so it is a security best-practice to only include what we need.

If we keep python3.13-minimal and auto remove python3, what other dependencies does Node need? If it's just a few, we might be able to figure out something out.

If you like, I can toy around with this on my computer after I finish my work with AP-270.

Sure, Node runtime does not need Python, only the yarn installation needs Python. Let me take a look again too.

Does yarn need Python anymore if it's being installed with corepack?

Yes, the yarn install in production stage still need it.

When python3 is removed, node.js becomes unavailable.

For Node.js v24.13.0 (NodeSource/Debian slim), Python3 is a required dependency, which is why removing Python3 also remove Node.js. This differs from Node.js 16, where Python3 was not required. Considering the security concern raised by Anna, we should keep Python 3 installed here, so I removes the code to set 'python3.13-minimal' as manual one.

Also I would suggest to make a follow-up decision on how we want to manage those dependencies in long term:
Option A: switch to the official Node.js binary installation to avoid apt related dependencies like Python.
Option B: moving Node.js/Yarn installation from base stage to development or a build stage and copy related libraries into production stage. My testing show Node.js and Yarn still existed in production image even when yarn install is removed from production stage, we may revisit the need of yarn install in the production stage.