[None][fix] Fix vulnerability urllib3 and nbconvert#10551
[None][fix] Fix vulnerability urllib3 and nbconvert#10551yiqingy0 merged 7 commits intoNVIDIA:mainfrom
Conversation
|
/bot run --stage-list "Build-Docker-Images" |
|
PR_Github #31077 [ run ] triggered by Bot. Commit: |
|
PR_Github #31077 [ run ] completed with state |
352b9e3 to
e93de22
Compare
|
/bot run --stage-list "Build-Docker-Images" |
|
PR_Github #31460 [ run ] triggered by Bot. Commit: |
|
PR_Github #31460 [ run ] completed with state |
e93de22 to
b5d0b48
Compare
|
/bot run --stage-list "Build-Docker-Images" |
|
PR_Github #32116 [ run ] triggered by Bot. Commit: |
|
PR_Github #32116 [ run ] completed with state
|
|
/bot run --stage-list "Build-Docker-Images" |
|
PR_Github #32245 [ run ] triggered by Bot. Commit: |
|
PR_Github #32245 [ run ] completed with state
|
Signed-off-by: Yiqing Yan <yiqingy@nvidia.com>
Signed-off-by: Yiqing Yan <yiqingy@nvidia.com>
Signed-off-by: Yiqing Yan <yiqingy@nvidia.com>
Signed-off-by: Yiqing Yan <yiqingy@nvidia.com>
8ef1175 to
f3b69e1
Compare
|
/bot run --disable-fail-fast --post-merge |
|
PR_Github #32509 [ run ] triggered by Bot. Commit: |
|
PR_Github #32509 [ run ] completed with state
|
|
/bot run --disable-fail-fast |
|
PR_Github #32641 [ run ] triggered by Bot. Commit: |
|
PR_Github #32641 [ run ] completed with state |
This reverts commit b5d0b48. Signed-off-by: Yiqing Yan <yiqingy@nvidia.com>
Signed-off-by: Yiqing Yan <yiqingy@nvidia.com>
f3b69e1 to
5c04f67
Compare
📝 WalkthroughWalkthroughThis update addresses security concerns by bumping the urllib3 dependency floor version, removes a vulnerable package from Docker images via a post-installation step, and updates Docker image tag references to newer builds. Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~5 minutes 🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In `@constraints.txt`:
- Line 5: Update the urllib3 version constraint in constraints.txt from
"urllib3>=2.6.3" to "urllib3>=2.6.0" (or, if 2.6.3 was intentionally required,
add a brief comment next to the "urllib3" entry explaining why 2.6.3 is
preferred) so that the constraint reflects the minimal patched version that
addresses GHSA-gm62-xv2j-4w53 and GHSA-2xpw-w6gg-jr37; locate the "urllib3"
entry in constraints.txt and either relax the version bound to >=2.6.0 or
annotate why 2.6.3 must be enforced.
|
/bot skip --comment "The tests are passed in /LLM/main/L0_MergeRequest_PR pipeline #25270" |
|
PR_Github #32670 [ skip ] triggered by Bot. Commit: |
Signed-off-by: Yiqing Yan <yiqingy@nvidia.com>
|
/bot skip --comment "The tests are passed in /LLM/main/L0_MergeRequest_PR pipeline #25270" |
|
PR_Github #32673 [ skip ] triggered by Bot. Commit: |
|
PR_Github #32670 [ skip ] completed with state |
|
PR_Github #32673 [ skip ] completed with state |
Summary by CodeRabbit
Security Updates
Chores
✏️ Tip: You can customize this high-level summary in your review settings.
Description
Test Coverage
PR Checklist
Please review the following before submitting your PR:
PR description clearly explains what and why. If using CodeRabbit's summary, please make sure it makes sense.
PR Follows TRT-LLM CODING GUIDELINES to the best of your knowledge.
Test cases are provided for new code paths (see test instructions)
Any new dependencies have been scanned for license and vulnerabilities
CODEOWNERS updated if ownership changes
Documentation updated as needed
Update tava architecture diagram if there is a significant design change in PR.
The reviewers assigned automatically/manually are appropriate for the PR.
Please check this after reviewing the above items as appropriate for this PR.
GitHub Bot Help
/bot [-h] ['run', 'kill', 'skip', 'reuse-pipeline'] ...Provide a user friendly way for developers to interact with a Jenkins server.
Run
/bot [-h|--help]to print this help message.See details below for each supported subcommand.
Details
run [--reuse-test (optional)pipeline-id --disable-fail-fast --skip-test --stage-list "A10-PyTorch-1, xxx" --gpu-type "A30, H100_PCIe" --test-backend "pytorch, cpp" --add-multi-gpu-test --only-multi-gpu-test --disable-multi-gpu-test --post-merge --extra-stage "H100_PCIe-TensorRT-Post-Merge-1, xxx" --detailed-log --debug(experimental)]Launch build/test pipelines. All previously running jobs will be killed.
--reuse-test (optional)pipeline-id(OPTIONAL) : Allow the new pipeline to reuse build artifacts and skip successful test stages from a specified pipeline or the last pipeline if no pipeline-id is indicated. If the Git commit ID has changed, this option will be always ignored. The DEFAULT behavior of the bot is to reuse build artifacts and successful test results from the last pipeline.--disable-reuse-test(OPTIONAL) : Explicitly prevent the pipeline from reusing build artifacts and skipping successful test stages from a previous pipeline. Ensure that all builds and tests are run regardless of previous successes.--disable-fail-fast(OPTIONAL) : Disable fail fast on build/tests/infra failures.--skip-test(OPTIONAL) : Skip all test stages, but still run build stages, package stages and sanity check stages. Note: Does NOT update GitHub check status.--stage-list "A10-PyTorch-1, xxx"(OPTIONAL) : Only run the specified test stages. Examples: "A10-PyTorch-1, xxx". Note: Does NOT update GitHub check status.--gpu-type "A30, H100_PCIe"(OPTIONAL) : Only run the test stages on the specified GPU types. Examples: "A30, H100_PCIe". Note: Does NOT update GitHub check status.--test-backend "pytorch, cpp"(OPTIONAL) : Skip test stages which don't match the specified backends. Only support [pytorch, cpp, tensorrt, triton]. Examples: "pytorch, cpp" (does not run test stages with tensorrt or triton backend). Note: Does NOT update GitHub pipeline status.--only-multi-gpu-test(OPTIONAL) : Only run the multi-GPU tests. Note: Does NOT update GitHub check status.--disable-multi-gpu-test(OPTIONAL) : Disable the multi-GPU tests. Note: Does NOT update GitHub check status.--add-multi-gpu-test(OPTIONAL) : Force run the multi-GPU tests in addition to running L0 pre-merge pipeline.--post-merge(OPTIONAL) : Run the L0 post-merge pipeline instead of the ordinary L0 pre-merge pipeline.--extra-stage "H100_PCIe-TensorRT-Post-Merge-1, xxx"(OPTIONAL) : Run the ordinary L0 pre-merge pipeline and specified test stages. Examples: --extra-stage "H100_PCIe-TensorRT-Post-Merge-1, xxx".--detailed-log(OPTIONAL) : Enable flushing out all logs to the Jenkins console. This will significantly increase the log volume and may slow down the job.--debug(OPTIONAL) : Experimental feature. Enable access to the CI container for debugging purpose. Note: Specify exactly one stage in thestage-listparameter to access the appropriate container environment. Note: Does NOT update GitHub check status.For guidance on mapping tests to stage names, see
docs/source/reference/ci-overview.mdand the
scripts/test_to_stage_mapping.pyhelper.kill
killKill all running builds associated with pull request.
skip
skip --comment COMMENTSkip testing for latest commit on pull request.
--comment "Reason for skipping build/test"is required. IMPORTANT NOTE: This is dangerous since lack of user care and validation can cause top of tree to break.reuse-pipeline
reuse-pipelineReuse a previous pipeline to validate current commit. This action will also kill all currently running builds associated with the pull request. IMPORTANT NOTE: This is dangerous since lack of user care and validation can cause top of tree to break.