diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index dc046642..63c17f01 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -220,9 +220,10 @@ lint_format_safety_bandit_checks:
 
 
 black:
-  image: python:slim
+  image: debian:bookworm-slim
+  <<: *apt-template
   script:
-    - pip install black
+    - apt-get install black
     - black --check --diff --color
         examples/fdroid_clean_repos.py
         examples/fdroid_extract_repo_pubkey.py
diff --git a/.safety-policy.yml b/.safety-policy.yml
new file mode 100644
index 00000000..7415406d
--- /dev/null
+++ b/.safety-policy.yml
@@ -0,0 +1,7 @@
+---
+
+security:
+  ignore-vulnerabilities:
+    52495:
+      reason: setuptools comes from Debian
+      expires: '2025-01-31'
diff --git a/fdroidserver/__main__.py b/fdroidserver/__main__.py
index e470099c..216e00c4 100755
--- a/fdroidserver/__main__.py
+++ b/fdroidserver/__main__.py
@@ -159,7 +159,6 @@ def main():
                         output = 'git commit ' + subprocess.check_output(['git', 'rev-parse', 'HEAD'],
                                                                          universal_newlines=True)
                 elif os.path.exists('setup.py'):
-                    import re
                     m = re.search(r'''.*[\s,\(]+version\s*=\s*["']([0-9a-z.]+)["'].*''',
                                   open('setup.py').read(), flags=re.MULTILINE)
                     if m:
diff --git a/fdroidserver/deploy.py b/fdroidserver/deploy.py
index 13a8982b..0661bb3a 100644
--- a/fdroidserver/deploy.py
+++ b/fdroidserver/deploy.py
@@ -430,12 +430,12 @@ def update_servergitmirrors(servergitmirrors, repo_section):
         repo.index.commit("fdroidserver git-mirror")
 
         if options.verbose:
-            bar = progress.Bar()
+            progressbar = progress.Bar()
 
             class MyProgressPrinter(git.RemoteProgress):
                 def update(self, op_code, current, maximum=None, message=None):
                     if isinstance(maximum, float):
-                        bar.show(current, maximum)
+                        progressbar.show(current, maximum)
             progress = MyProgressPrinter()
         else:
             progress = None
@@ -497,7 +497,7 @@ def update_servergitmirrors(servergitmirrors, repo_section):
                         logging.debug(remote.url + ': ' + pushinfo.summary)
 
         if progress:
-            bar.done()
+            progressbar.done()
 
 
 def upload_to_android_observatory(repo_section):
diff --git a/fdroidserver/import_subcommand.py b/fdroidserver/import_subcommand.py
index b9fe070a..ab0e0ed7 100644
--- a/fdroidserver/import_subcommand.py
+++ b/fdroidserver/import_subcommand.py
@@ -252,7 +252,7 @@ def main():
     tmp_importer_dir = None
 
     local_metadata_files = common.get_local_metadata_files()
-    if local_metadata_files != []:
+    if local_metadata_files:
         raise FDroidException(_("This repo already has local metadata: %s") % local_metadata_files[0])
 
     build = metadata.Build()
diff --git a/fdroidserver/vmtools.py b/fdroidserver/vmtools.py
index 16f2b605..e489ce4b 100644
--- a/fdroidserver/vmtools.py
+++ b/fdroidserver/vmtools.py
@@ -323,7 +323,7 @@ class FDroidBuildVm:
         boxfile = abspath(boxfile)
         if not isfile(boxfile):
             raise FDroidBuildVmException(
-                'supplied boxfile \'%s\' does not exist', boxfile
+                'supplied boxfile \'%s\' does not exist' % boxfile
             )
         self.vgrnt.box_add(boxname, abspath(boxfile), force=force)
 
diff --git a/pyproject.toml b/pyproject.toml
index 9e7fc078..f4f8c7b5 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -49,7 +49,27 @@ confidence = ["HIGH", "INFERENCE"]
 # --enable=similarities". If you want to run only the classes checker, but have
 # no Warning level messages displayed, use "--disable=all --enable=classes
 # --disable=W".
-disable = ["invalid-name", "missing-module-docstring", "missing-class-docstring", "missing-function-docstring", "no-member"]
+
+# TODO many of these could be fixed if someone wants to spend the time
+disable = [
+  "broad-exception-caught",
+  "broad-exception-raised",
+  "consider-iterating-dictionary",
+  "consider-using-sys-exit",
+  "invalid-name",
+  "missing-class-docstring",
+  "missing-function-docstring",
+  "missing-module-docstring",
+  "no-else-break",
+  "no-else-continue",
+  "no-else-raise",
+  "no-else-return",
+  "no-member",
+  "pointless-exception-statement",
+  "subprocess-run-check",
+  "use-dict-literal",
+]
+
 
 [tool.pylint.miscellaneous]
 # List of note tags to take in consideration, separated by a comma.
diff --git a/tests/update.TestCase b/tests/update.TestCase
index 76b2739f..fe3159ce 100755
--- a/tests/update.TestCase
+++ b/tests/update.TestCase
@@ -1358,7 +1358,7 @@ class UpdateTest(unittest.TestCase):
 
         # pylint: disable=protected-access
         icons_src = fdroidserver.update._get_apk_icons_src('urzip-release.apk', None)
-        assert icons_src == {}
+        assert not icons_src
 
     def test_strip_and_copy_image(self):
         tmptestsdir = tempfile.mkdtemp(