diff --git a/.trivyignore b/.trivyignore
new file mode 100644
index 00000000..949631ce
--- /dev/null
+++ b/.trivyignore
@@ -0,0 +1,17 @@
+# go stdlib
+# pebble
+CVE-2024-34156
+# usr/bin/statsd_exporter
+CVE-2024-24790
+CVE-2023-39325
+CVE-2023-29403
+CVE-2023-45283
+CVE-2023-45287
+CVE-2023-45288
+# python packages
+# Authlib
+CVE-2024-37568
+# Flask-Cors
+CVE-2024-6221
+# Werkzeug
+CVE-2024-34069
diff --git a/nginx_rock/rockcraft.yaml b/nginx_rock/rockcraft.yaml
index b9e43f26..2062446d 100644
--- a/nginx_rock/rockcraft.yaml
+++ b/nginx_rock/rockcraft.yaml
@@ -1,16 +1,12 @@
 # Copyright 2024 Canonical Ltd.
 # See LICENSE file for licensing details.
-package-repositories:
-  - type: apt
-    ppa: deadsnakes/ppa
-    priority: always
 
 name: indico-nginx
 summary: Indico nginx rock
 description: Nginx OCI image for the Indico charm
 version: "1.0"
-base: ubuntu@22.04
-build-base: ubuntu@22.04
+base: ubuntu@24.04
+build-base: ubuntu@24.04
 license: Apache-2.0
 platforms:
   amd64:
@@ -27,11 +23,16 @@ parts:
     organize:
       nginx.conf: etc/nginx/nginx.conf
       common_headers.conf: etc/nginx/common_headers.conf
+  nginx-prometheus-exporter:
+    plugin: go
+    build-snaps:
+      - go
+    source: https://github.com/nginxinc/nginx-prometheus-exporter
+    source-tag: v1.3.0
+    source-type: git
   nginx:
     stage-packages:
       - nginx
-    stage-snaps:
-      - gtrkiller-nginx-prometheus-exporter/latest/edge
     plugin: nil
     override-build: |
       craftctl default
@@ -40,8 +41,6 @@ parts:
       craftctl default
       mkdir run
   indico-files:
-    build-environment:
-      - PARTS_PYTHON_INTERPRETER: python3.12
     python-packages:
       - indico==3.3.1
     build-packages:
diff --git a/tox.ini b/tox.ini
index ace691cf..5493f06e 100644
--- a/tox.ini
+++ b/tox.ini
@@ -102,6 +102,8 @@ deps =
     requests
     types-PyYAML
     types-requests
+    ; 2024/11/19 - there is an incompatibility issue with latest websockets lib release and pylib juju
+    websockets<14.0 # https://github.com/juju/python-libjuju/issues/1184
     -r{toxinidir}/requirements.txt
 commands =
     codespell {[vars]plugins_path} --skip {toxinidir}/.git --skip {toxinidir}/.tox \
@@ -154,6 +156,7 @@ deps =
     pytest
     pytest-asyncio
     pytest-operator
+    websockets<14.0 # https://github.com/juju/python-libjuju/issues/1184
     -r{toxinidir}/requirements.txt
 commands =
     pytest -v --tb native --ignore={[vars]tst_path}unit --log-cli-level=INFO -s {posargs}