[TRTLLM-9811][infra] Update urllib3 version >= 2.6.0 to fix high vulnerability issue (#9823)

ZhanruiSunCh · web-flow · commit 49fe089470a6 · 2025-12-10T00:18:11.000-08:00
Signed-off-by: ZhanruiSunCh &lt;184402041+ZhanruiSunCh@users.noreply.github.com&gt;
Signed-off-by: Zhanrui Sun &lt;184402041+ZhanruiSunCh@users.noreply.github.com&gt;
diff --git a/constraints.txt b/constraints.txt
@@ -1,2 +1,5 @@
 # These vulnerabilities were inherited from the base image (pytorch:25.10-py3) and should be removed when the base image
 # is updated.
+# WAR against https://github.com/advisories/GHSA-gm62-xv2j-4w53
+# WAR against https://github.com/advisories/GHSA-2xpw-w6gg-jr37
+urllib3>=2.6.0
diff --git a/docker/Dockerfile.multi b/docker/Dockerfile.multi
@@ -71,6 +71,10 @@ RUN GITHUB_MIRROR=${GITHUB_MIRROR} \
     rm install_pytorch.sh && \
     rm install.sh
 
+# Copy and install dependencies from constraints.txt
+COPY constraints.txt /tmp/constraints.txt
+RUN pip3 install --no-cache-dir -r /tmp/constraints.txt && rm /tmp/constraints.txt
+
 # Install UCX, NIXL, etcd
 # TODO: Combine these into the main install.sh script
 RUN GITHUB_MIRROR=${GITHUB_MIRROR} bash ./install_ucx.sh && \
diff --git a/docker/common/install_base.sh b/docker/common/install_base.sh
@@ -119,7 +119,7 @@ install_python_rockylinux() {
 }
 
 install_pyp_rockylinux() {
-  bash -c "pip3 install 'urllib3<2.0' pytest"
+  bash -c "pip3 install pytest"
 }
 
 install_gcctoolset_rockylinux() {
diff --git a/jenkins/current_image_tags.properties b/jenkins/current_image_tags.properties
@@ -13,7 +13,7 @@
 #     images are adopted from PostMerge pipelines, the abbreviated commit hash is used instead.
 IMAGE_NAME=urm.nvidia.com/sw-tensorrt-docker/tensorrt-llm
 
-LLM_DOCKER_IMAGE=urm.nvidia.com/sw-tensorrt-docker/tensorrt-llm:pytorch-25.10-py3-x86_64-ubuntu24.04-trt10.13.3.9-skip-tritondevel-202512081220-9584
-LLM_SBSA_DOCKER_IMAGE=urm.nvidia.com/sw-tensorrt-docker/tensorrt-llm:pytorch-25.10-py3-aarch64-ubuntu24.04-trt10.13.3.9-skip-tritondevel-202512081220-9584
-LLM_ROCKYLINUX8_PY310_DOCKER_IMAGE=urm.nvidia.com/sw-tensorrt-docker/tensorrt-llm:cuda-13.0.2-devel-rocky8-x86_64-rocky8-py310-trt10.13.3.9-skip-tritondevel-202512081220-9584
-LLM_ROCKYLINUX8_PY312_DOCKER_IMAGE=urm.nvidia.com/sw-tensorrt-docker/tensorrt-llm:cuda-13.0.2-devel-rocky8-x86_64-rocky8-py312-trt10.13.3.9-skip-tritondevel-202512081220-9584
+LLM_DOCKER_IMAGE=urm.nvidia.com/sw-tensorrt-docker/tensorrt-llm:pytorch-25.10-py3-x86_64-ubuntu24.04-trt10.13.3.9-skip-tritondevel-202512091705-9823
+LLM_SBSA_DOCKER_IMAGE=urm.nvidia.com/sw-tensorrt-docker/tensorrt-llm:pytorch-25.10-py3-aarch64-ubuntu24.04-trt10.13.3.9-skip-tritondevel-202512091705-9823
+LLM_ROCKYLINUX8_PY310_DOCKER_IMAGE=urm.nvidia.com/sw-tensorrt-docker/tensorrt-llm:cuda-13.0.2-devel-rocky8-x86_64-rocky8-py310-trt10.13.3.9-skip-tritondevel-202512091705-9823
+LLM_ROCKYLINUX8_PY312_DOCKER_IMAGE=urm.nvidia.com/sw-tensorrt-docker/tensorrt-llm:cuda-13.0.2-devel-rocky8-x86_64-rocky8-py312-trt10.13.3.9-skip-tritondevel-202512091705-9823

Original file line number	Diff line number	Diff line change
`@@ -119,7 +119,7 @@ install_python_rockylinux() {`
`119`	`119`	`}`
`120`	`120`
`121`	`121`	`install_pyp_rockylinux() {`
`122`		`- bash -c "pip3 install 'urllib3<2.0' pytest"`
	`122`	`+ bash -c "pip3 install pytest"`
`123`	`123`	`}`
`124`	`124`
`125`	`125`	`install_gcctoolset_rockylinux() {`