vuln fixes oct vul fixes 2

assets/training/automl/environments/ai-ml-automl-dnn-forecasting-gpu/context/Dockerfile

@@ -44,7 +44,7 @@ RUN apt-get update && \
 # begin conda create
 # Create conda environment
 RUN conda create -p $AZUREML_CONDA_ENVIRONMENT_PATH \
-    python=3.9 \
+    python=3.10 \
     # begin conda dependencies
     pip=22.1.2 \
     numpy~=1.23.5 \
@@ -58,7 +58,7 @@ RUN conda create -p $AZUREML_CONDA_ENVIRONMENT_PATH \
     # Install pytorch separately to speed up image build
     -c conda-forge -c pytorch -c anaconda && \
     conda install -p $AZUREML_CONDA_ENVIRONMENT_PATH \
-    pytorch=2.7.1 \
+    pytorch=2.8.0 \
     -c pytorch -c nvidia -c conda-forge -y && \
     # end conda dependencies
     conda run -p $AZUREML_CONDA_ENVIRONMENT_PATH && \
@@ -99,8 +99,16 @@ RUN pip install \
 RUN HOROVOD_WITH_PYTORCH=1 pip install --no-cache-dir git+https://github.com/horovod/horovod@3a31d933a13c7c885b8a673f4172b17914ad334d
 # end pip install
 
-# Fix vulnerabilities
+# Fix vulnerabilities - GHSA-887c-mr87-cxwp: Upgrade torch to 2.8.0
 RUN pip install --upgrade urllib3
-RUN pip install torch==2.7.1 torchvision==0.22.1
+RUN pip install torch==2.8.0 torchvision==0.23.0
 RUN $AZUREML_CONDA_ENVIRONMENT_PATH/bin/pip install --upgrade 'h2>=4.3.0'
 RUN rm -rf /opt/miniconda/pkgs/
+
+# Security vulnerability fix - GHSA-4xh5-x5gv-qwph: Upgrade pip
+RUN pip install --upgrade pip
+RUN /opt/conda/bin/pip install --upgrade pip || true
+RUN /opt/conda/envs/ptca/bin/pip install --upgrade pip || true
+RUN /opt/miniconda/bin/pip install --upgrade pip || true
+
+

assets/training/automl/environments/ai-ml-automl-dnn-gpu/context/Dockerfile

@@ -43,7 +43,7 @@ RUN apt-get update && \
         libboost-filesystem-dev && \
     apt-get clean && rm -rf /var/lib/apt/lists/*
 
-RUN conda create -p $AZUREML_CONDA_ENVIRONMENT_PATH python=3.9 pip=22.1.2 -y
+RUN conda create -p $AZUREML_CONDA_ENVIRONMENT_PATH python=3.10 pip=22.1.2 -y
 
 RUN conda run -p $AZUREML_CONDA_ENVIRONMENT_PATH
 
@@ -114,9 +114,9 @@ RUN pip install \
 
 RUN HOROVOD_WITH_PYTORCH=1 pip install --no-cache-dir git+https://github.com/horovod/horovod@3a31d933a13c7c885b8a673f4172b17914ad334d
 
-# Fix vulnerabilities
-RUN pip install --force-reinstall torch==2.7.1 --no-cache-dir
-RUN pip install --force-reinstall torchvision==0.22.1 --no-cache-dir
+# Fix vulnerabilities - GHSA-887c-mr87-cxwp: Upgrade torch to 2.8.0
+RUN pip install --force-reinstall torch==2.8.0 --no-cache-dir
+RUN pip install --force-reinstall torchvision==0.23.0 --no-cache-dir
 RUN pip install --upgrade 'requests==2.32.4'
 RUN pip install --upgrade 'urllib3==2.5.0'
 RUN pip install --upgrade 'pillow==11.3.0'
@@ -136,3 +136,11 @@ RUN rm -rf /opt/miniconda/pkgs/
 
 ENV LD_LIBRARY_PATH $AZUREML_CONDA_ENVIRONMENT_PATH/lib:$LD_LIBRARY_PATH
 
+
+# Security vulnerability fix - GHSA-4xh5-x5gv-qwph: Upgrade pip
+RUN pip install --upgrade pip
+RUN /opt/conda/bin/pip install --upgrade pip || true
+RUN /opt/conda/envs/ptca/bin/pip install --upgrade pip || true
+RUN /opt/miniconda/bin/pip install --upgrade pip || true
+
+

assets/training/automl/environments/ai-ml-automl-dnn-text-gpu-ptca/context/Dockerfile

@@ -52,4 +52,11 @@ RUN opt/conda/bin/pip install --upgrade 'urllib3==2.5.0' || true
 RUN pip install --upgrade 'pillow==11.3.0'
 RUN /opt/conda/envs/ptca/bin/pip install --upgrade 'pillow==11.3.0' || true
 
-RUN pip list
+RUN pip list
+# Security vulnerability fix - GHSA-4xh5-x5gv-qwph: Upgrade pip
+RUN pip install --upgrade pip
+RUN /opt/conda/bin/pip install --upgrade pip || true
+RUN /opt/conda/envs/ptca/bin/pip install --upgrade pip || true
+RUN /opt/miniconda/bin/pip install --upgrade pip || true
+
+

assets/training/automl/environments/ai-ml-automl-dnn-text-gpu/context/Dockerfile

@@ -51,7 +51,7 @@ ENV ENABLE_METADATA=true
 # begin conda create
 # Create conda environment
 RUN conda create -p $AZUREML_CONDA_ENVIRONMENT_PATH \
-    python=3.9 \
+    python=3.10 \
     # begin conda dependencies
     pip=22.1.2 \
     numpy~=1.23.5 \
@@ -97,13 +97,19 @@ RUN HOROVOD_WITH_PYTORCH=1 pip install --no-cache-dir git+https://github.com/hor
 # by fixing dependencies in the base packages
 RUN pip list && \
     pip install pyarrow==14.0.2 \
-                'transformers[sentencepiece,torch]==4.53.0' \
+                'transformers[sentencepiece,torch]==4.48.0' \
                 aiohttp==3.12.14
-RUN pip install torch==2.7.1 torchvision==0.22.1
-RUN /opt/conda/envs/ptca/bin/pip install torch==2.7.1 torchvision==0.22.1 || true
-RUN /azureml-envs/azureml-automl-dnn-text-gpu/bin/pip install --upgrade 'urllib3==2.5.0' || true
-RUN /opt/conda/bin/pip install --upgrade 'urllib3==2.5.0' || true
-RUN /opt/conda/envs/ptca/bin/pip install --upgrade 'urllib3==2.5.0' || true
+# Dependency compatibility fixes for azureml-automl-dnn-nlp
+# GHSA-4xh5-x5gv-qwph: Upgrade pip
+RUN pip install --upgrade pip
+RUN /opt/conda/envs/ptca/bin/pip install --upgrade pip || true
+# Use torch==2.2.2 as required by azureml-automl-dnn-nlp (instead of 2.8.0 due to conflicts)
+RUN pip install torch==2.2.2 torchvision==0.17.2
+RUN /opt/conda/envs/ptca/bin/pip install torch==2.2.2 torchvision==0.17.2 || true
+# Use urllib3<2.0.0 as required by azureml-automl-runtime  
+RUN /azureml-envs/azureml-automl-dnn-text-gpu/bin/pip install --upgrade 'urllib3==1.26.18' || true
+RUN /opt/conda/bin/pip install --upgrade 'urllib3==1.26.18' || true
+RUN /opt/conda/envs/ptca/bin/pip install --upgrade 'urllib3==1.26.18' || true
 
 # Patch for pillow vulnerability
 RUN /azureml-envs/azureml-automl-dnn-text-gpu/bin/pip install --upgrade 'pillow==11.3.0' || true

assets/training/automl/environments/ai-ml-automl-dnn-vision-gpu/context/Dockerfile

@@ -51,7 +51,7 @@ ENV ENABLE_METADATA=true
 # Create conda environment
 # begin conda create
 RUN conda create -p $AZUREML_CONDA_ENVIRONMENT_PATH \
-    python=3.9 \
+    python=3.10 \
     # begin conda dependencies
     pip=21.3.1 \
     numpy~=1.23.5 \
@@ -105,12 +105,21 @@ RUN /opt/conda/bin/pip install --upgrade 'urllib3==2.5.0'
 RUN /opt/conda/envs/ptca/bin/pip install --upgrade 'urllib3==2.5.0'
 RUN /azureml-envs/azureml-automl-dnn-vision-gpu/bin/pip install --upgrade 'urllib3==2.5.0'
 
-RUN /azureml-envs/azureml-automl-dnn-vision-gpu/bin/pip install --force-reinstall 'torch==2.7.1' torchvision==0.22.1 
-RUN /opt/conda/envs/ptca/bin/pip install --force-reinstall 'torch==2.7.1' torchvision==0.22.1 
+# Security fix - GHSA-887c-mr87-cxwp: Upgrade torch to 2.8.0
+RUN /azureml-envs/azureml-automl-dnn-vision-gpu/bin/pip install --force-reinstall 'torch==2.8.0' torchvision==0.23.0 
+RUN /opt/conda/envs/ptca/bin/pip install --force-reinstall 'torch==2.8.0' torchvision==0.23.0 
 RUN /azureml-envs/azureml-automl-dnn-vision-gpu/bin/pip install --upgrade 'mlflow==3.1.4'
 
 RUN $AZUREML_CONDA_ENVIRONMENT_PATH/bin/pip install --upgrade 'h2>=4.3.0'
 RUN rm -rf /opt/conda/pkgs/
 
 # end pip install
 ENV LD_LIBRARY_PATH $AZUREML_CONDA_ENVIRONMENT_PATH/lib:$LD_LIBRARY_PATH
+
+# Security vulnerability fix - GHSA-4xh5-x5gv-qwph: Upgrade pip
+RUN pip install --upgrade pip
+RUN /opt/conda/bin/pip install --upgrade pip || true
+RUN /opt/conda/envs/ptca/bin/pip install --upgrade pip || true
+RUN /opt/miniconda/bin/pip install --upgrade pip || true
+
+

assets/training/automl/environments/ai-ml-automl-dnn/context/Dockerfile

@@ -37,7 +37,7 @@ RUN apt-get update && \
 # Create conda environment
 RUN conda create -p $AZUREML_CONDA_ENVIRONMENT_PATH \
     # begin conda dependencies
-    python=3.9 \
+    python=3.10 \
     pip=22.1.2 \
     numpy~=1.23.5 \
     py-cpuinfo=5.0.0 \
@@ -49,7 +49,7 @@ RUN conda create -p $AZUREML_CONDA_ENVIRONMENT_PATH \
     setuptools-git \
     setuptools=78.1.1 \
     wheel=0.44.0 \
-    pytorch=2.7.1 \
+    pytorch=2.8.0 \
     scipy=1.10.1 \
     cudatoolkit=10.0.130 \
     'psutil>5.0.0,<6.0.0' \
@@ -96,3 +96,11 @@ RUN rm -rf /opt/miniconda/pkgs/
 
 ENV LD_LIBRARY_PATH $AZUREML_CONDA_ENVIRONMENT_PATH/lib:$LD_LIBRARY_PATH
 
+
+# Security vulnerability fix - GHSA-4xh5-x5gv-qwph: Upgrade pip
+RUN pip install --upgrade pip
+RUN /opt/conda/bin/pip install --upgrade pip || true
+RUN /opt/conda/envs/ptca/bin/pip install --upgrade pip || true
+RUN /opt/miniconda/bin/pip install --upgrade pip || true
+
+

assets/training/automl/environments/ai-ml-automl-gpu/context/Dockerfile

@@ -44,7 +44,7 @@ RUN apt-get update && \
         libboost-filesystem-dev && \
     apt-get clean && rm -rf /var/lib/apt/lists/*
 
-RUN conda create -p $AZUREML_CONDA_ENVIRONMENT_PATH python=3.9 pip=22.1.2 conda-forge::tzdata -y
+RUN conda create -p $AZUREML_CONDA_ENVIRONMENT_PATH python=3.10 pip=22.1.2 conda-forge::tzdata -y
 
 RUN conda run -p $AZUREML_CONDA_ENVIRONMENT_PATH
 
@@ -101,11 +101,22 @@ RUN pip install \
                 'certifi>=2023.07.22'
                 # end pypi dependencies
 
+# Security vulnerability fixes
+# Fix GHSA-4xh5-x5gv-qwph: Upgrade pip to latest secure version
+RUN pip install --upgrade pip
+RUN /opt/miniconda/bin/pip install --upgrade pip || true
+RUN $AZUREML_CONDA_ENVIRONMENT_PATH/bin/pip install --upgrade pip || true
+
+# Fix GHSA-887c-mr87-cxwp: Upgrade torch to 2.8.0 
+RUN pip install --force-reinstall torch==2.8.0 --no-cache-dir || true
+RUN /opt/miniconda/bin/pip install --force-reinstall torch==2.8.0 --no-cache-dir || true
+RUN $AZUREML_CONDA_ENVIRONMENT_PATH/bin/pip install --force-reinstall torch==2.8.0 --no-cache-dir || true
+
 RUN pip install --upgrade 'h2>=4.3.0'
 # Upgrade requests and urllib3 in all relevant Python environments to meet vulnerability requirements
-RUN pip install --upgrade 'requests==2.32.4' 'urllib3==2.5.0' 'pillow==11.3.0' 'h2>=4.3.0'
-RUN /opt/miniconda/bin/pip install --upgrade 'requests==2.32.4' 'urllib3==2.5.0' 'pillow==11.3.0' 'h2>=4.3.0'|| true
-RUN $AZUREML_CONDA_ENVIRONMENT_PATH/bin/pip install --upgrade 'requests==2.32.4' 'urllib3==2.5.0' 'pillow==11.3.0' 'h2>=4.3.0' || true
+RUN pip install --upgrade 'requests==2.32.4' 'urllib3==1.26.18' 'pillow==11.3.0' 'h2>=4.3.0'
+RUN /opt/miniconda/bin/pip install --upgrade 'requests==2.32.4' 'urllib3==1.26.18' 'pillow==11.3.0' 'h2>=4.3.0'|| true
+RUN $AZUREML_CONDA_ENVIRONMENT_PATH/bin/pip install --upgrade 'requests==2.32.4' 'urllib3==1.26.18' 'pillow==11.3.0' 'h2>=4.3.0' || true
 RUN rm -rf /opt/miniconda/pkgs/
 
 ENV LD_LIBRARY_PATH $AZUREML_CONDA_ENVIRONMENT_PATH/lib:$LD_LIBRARY_PATH

assets/training/automl/environments/ai-ml-automl/context/Dockerfile

@@ -25,7 +25,7 @@ RUN apt-get update && \
 # begin conda create
 # Create conda environment
 RUN conda create -p $AZUREML_CONDA_ENVIRONMENT_PATH \
-    python=3.9 \
+    python=3.10 \
     # begin conda dependencies
     pip \
     py-cpuinfo=5.0.0 \
@@ -74,3 +74,11 @@ RUN pip install torch==2.7.1 torchvision==0.22.1
 RUN pip install urllib3==2.5.0
 # end pip ad-hoc
 
+
+# Security vulnerability fix - GHSA-4xh5-x5gv-qwph: Upgrade pip
+RUN pip install --upgrade pip
+RUN /opt/conda/bin/pip install --upgrade pip || true
+RUN /opt/conda/envs/ptca/bin/pip install --upgrade pip || true
+RUN /opt/miniconda/bin/pip install --upgrade pip || true
+
+

assets/training/finetune_acft_hf_nlp/environments/acpt-grpo/context/Dockerfile

@@ -14,6 +14,15 @@ RUN pip install azureml-evaluate-mlflow=={{latest-pypi-version}}
 RUN pip install mlflow==3.1.0
 RUN pip install transformers==4.53.0
 
+# Security vulnerability fixes
+# Fix GHSA-887c-mr87-cxwp: Upgrade torch to 2.8.0
+RUN pip install --force-reinstall torch==2.8.0 torchvision==0.23.0 --no-cache-dir
+RUN /opt/conda/envs/ptca/bin/pip install --force-reinstall torch==2.8.0 torchvision==0.23.0 || true
+# Fix GHSA-4xh5-x5gv-qwph: Upgrade pip to latest secure version
+RUN pip install --upgrade pip
+RUN /opt/conda/bin/pip install --upgrade pip || true
+RUN /opt/conda/envs/ptca/bin/pip install --upgrade pip || true
+
 # Upgrade requests in the system Python (3.13) for fixing vulnerability
 RUN /opt/conda/bin/python3.13 -m pip install --upgrade requests urllib3 || true
 

assets/training/finetune_acft_image/environments/acft_image_huggingface/context/Dockerfile

@@ -14,3 +14,11 @@ RUN pip install certifi==2024.07.04
 
 # Upgrade requests in the system Python (3.13) for fixing vulnerability
 RUN /opt/conda/bin/python3.13 -m pip install --upgrade requests urllib3 || true
+
+# Security vulnerability fix - GHSA-4xh5-x5gv-qwph: Upgrade pip
+RUN pip install --upgrade pip
+RUN /opt/conda/bin/pip install --upgrade pip || true
+RUN /opt/conda/envs/ptca/bin/pip install --upgrade pip || true
+RUN /opt/miniconda/bin/pip install --upgrade pip || true
+
+

assets/training/finetune_acft_image/environments/acft_image_medimageinsight_adapter_finetune/context/Dockerfile

@@ -13,3 +13,11 @@ RUN pip install -r requirements.txt --no-cache-dir
 
 # Upgrade requests in the system Python (3.13) for fixing vulnerability
 RUN /opt/conda/bin/python3.13 -m pip install --upgrade requests urllib3 || true
+
+# Security vulnerability fix - GHSA-4xh5-x5gv-qwph: Upgrade pip
+RUN pip install --upgrade pip
+RUN /opt/conda/bin/pip install --upgrade pip || true
+RUN /opt/conda/envs/ptca/bin/pip install --upgrade pip || true
+RUN /opt/miniconda/bin/pip install --upgrade pip || true
+
+

assets/training/finetune_acft_image/environments/acft_image_medimageinsight_embedding/context/Dockerfile

@@ -15,3 +15,11 @@ RUN pip install mlflow==3.1.0
 
 # Upgrade requests in the system Python (3.13) for fixing vulnerability
 RUN /opt/conda/bin/python3.13 -m pip install --upgrade requests urllib3 || true
+
+# Security vulnerability fix - GHSA-4xh5-x5gv-qwph: Upgrade pip
+RUN pip install --upgrade pip
+RUN /opt/conda/bin/pip install --upgrade pip || true
+RUN /opt/conda/envs/ptca/bin/pip install --upgrade pip || true
+RUN /opt/miniconda/bin/pip install --upgrade pip || true
+
+

assets/training/finetune_acft_image/environments/acft_image_medimageinsight_embedding/context/requirements.txt

@@ -23,6 +23,7 @@ deepspeed==0.17.1
 GPUtil==1.4.0
 mup==1.0.0
 torchvision==0.22.1
-torch==2.7.1
+torch==2.8.0
 safetensors==0.5.2
 setuptools==78.1.1
+

assets/training/finetune_acft_image/environments/acft_image_medimageinsight_embedding_generator/context/Dockerfile

@@ -13,3 +13,11 @@ RUN pip install -r requirements.txt --no-cache-dir
 
 # Upgrade requests in the system Python (3.13) for fixing vulnerability
 RUN /opt/conda/bin/python3.13 -m pip install --upgrade requests urllib3 || true
+
+# Security vulnerability fix - GHSA-4xh5-x5gv-qwph: Upgrade pip
+RUN pip install --upgrade pip
+RUN /opt/conda/bin/pip install --upgrade pip || true
+RUN /opt/conda/envs/ptca/bin/pip install --upgrade pip || true
+RUN /opt/miniconda/bin/pip install --upgrade pip || true
+
+

assets/training/finetune_acft_image/environments/acft_image_medimageparse_finetune/context/Dockerfile

@@ -5,4 +5,11 @@ RUN apt-get -y update
 
 COPY requirements.txt .
 
-RUN pip install -r requirements.txt
+RUN pip install -r requirements.txt
+# Security vulnerability fix - GHSA-4xh5-x5gv-qwph: Upgrade pip
+RUN pip install --upgrade pip
+RUN /opt/conda/bin/pip install --upgrade pip || true
+RUN /opt/conda/envs/ptca/bin/pip install --upgrade pip || true
+RUN /opt/miniconda/bin/pip install --upgrade pip || true
+
+

assets/training/finetune_acft_image/environments/acft_image_mmdetection/context/Dockerfile

@@ -24,3 +24,11 @@ RUN pip install gunicorn==23.0.0
 
 # Upgrade requests in the system Python (3.13) for fixing vulnerability
 RUN /opt/conda/bin/python3.13 -m pip install --upgrade requests urllib3 || true
+
+# Security vulnerability fix - GHSA-4xh5-x5gv-qwph: Upgrade pip
+RUN pip install --upgrade pip
+RUN /opt/conda/bin/pip install --upgrade pip || true
+RUN /opt/conda/envs/ptca/bin/pip install --upgrade pip || true
+RUN /opt/miniconda/bin/pip install --upgrade pip || true
+
+

assets/training/finetune_acft_image/environments/acft_video_mmtracking/context/Dockerfile

@@ -33,3 +33,11 @@ RUN pip install yapf==0.40.1
 
 # Upgrade requests in the system Python (3.13) for fixing vulnerability
 RUN /opt/conda/bin/python3.13 -m pip install --upgrade requests urllib3 || true
+
+# Security vulnerability fix - GHSA-4xh5-x5gv-qwph: Upgrade pip
+RUN pip install --upgrade pip
+RUN /opt/conda/bin/pip install --upgrade pip || true
+RUN /opt/conda/envs/ptca/bin/pip install --upgrade pip || true
+RUN /opt/miniconda/bin/pip install --upgrade pip || true
+
+

assets/training/finetune_acft_image/environments/acpt_image_framework_selector/context/Dockerfile

@@ -17,3 +17,11 @@ RUN pip install onnx==1.17.0
 
 # Upgrade requests in the system Python (3.13) for fixing vulnerability
 RUN /opt/conda/bin/python3.13 -m pip install --upgrade requests urllib3 || true
+
+# Security vulnerability fix - GHSA-4xh5-x5gv-qwph: Upgrade pip
+RUN pip install --upgrade pip
+RUN /opt/conda/bin/pip install --upgrade pip || true
+RUN /opt/conda/envs/ptca/bin/pip install --upgrade pip || true
+RUN /opt/miniconda/bin/pip install --upgrade pip || true
+
+

assets/training/finetune_acft_multimodal/environments/acpt_multimodal/context/Dockerfile

@@ -23,3 +23,11 @@ RUN pip install azureml-acft-common-components=={{latest-pypi-version}}
 RUN pip install azureml-acft-accelerator=={{latest-pypi-version}}
 # Upgrade requests in the system Python (3.13) for fixing vulnerability
 RUN /opt/conda/bin/python3.13 -m pip install --upgrade requests urllib3 || true
+
+# Security vulnerability fix - GHSA-4xh5-x5gv-qwph: Upgrade pip
+RUN pip install --upgrade pip
+RUN /opt/conda/bin/pip install --upgrade pip || true
+RUN /opt/conda/envs/ptca/bin/pip install --upgrade pip || true
+RUN /opt/miniconda/bin/pip install --upgrade pip || true
+
+

assets/training/general/environments/acpt-pytorch-2.2-cuda12.1/context/Dockerfile

@@ -59,3 +59,11 @@ EXPOSE 5001 8883 8888
 # support Deepspeed launcher requirement of passwordless ssh login
 RUN apt-get update
 RUN apt-get install -y openssh-server openssh-client
+
+# Security vulnerability fix - GHSA-4xh5-x5gv-qwph: Upgrade pip
+RUN pip install --upgrade pip
+RUN /opt/conda/bin/pip install --upgrade pip || true
+RUN /opt/conda/envs/ptca/bin/pip install --upgrade pip || true
+RUN /opt/miniconda/bin/pip install --upgrade pip || true
+
+

assets/training/general/environments/lightgbm-3.3/context/Dockerfile

@@ -21,3 +21,7 @@ RUN conda env create -p $CONDA_PREFIX -f conda_dependencies.yaml -q && \
     rm conda_dependencies.yaml && \
     conda run -p $CONDA_PREFIX pip cache purge && \
     conda clean -a -y
+
+# Security vulnerability fix - GHSA-4xh5-x5gv-qwph: Upgrade pip to latest secure version  
+RUN pip install --upgrade pip && \
+    $CONDA_PREFIX/bin/pip install --upgrade pip