Skip to content

fix: update for auditor, nss and fine tuning cves#617

Open
mckornfield wants to merge 1 commit into
mainfrom
cves-0708-containers/mck
Open

fix: update for auditor, nss and fine tuning cves#617
mckornfield wants to merge 1 commit into
mainfrom
cves-0708-containers/mck

Conversation

@mckornfield

@mckornfield mckornfield commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Summary by CodeRabbit

  • Security

    • Updated runtime components with newer security-patched versions and refreshed system packages.
    • Added safeguards to prevent vulnerable package downgrades during installation.
  • Compatibility

    • Updated Safe Synthesizer support to version 0.1.7.
    • Improved CUDA 12.9 runtime setup using the appropriate package index.
  • Performance

    • Refreshed Hugging Face tooling versions for unsloth training environments.

@mckornfield mckornfield requested review from a team as code owners July 8, 2026 23:14
@github-actions github-actions Bot added the fix label Jul 8, 2026
@mckornfield mckornfield force-pushed the cves-0708-containers/mck branch from 8aa80e6 to 352f6d2 Compare July 8, 2026 23:14
/usr/local/lib/python3.12/dist-packages/tornado-*.dist-info \
/usr/local/lib/python3.12/dist-packages/onnx \
/usr/local/lib/python3.12/dist-packages/onnx-*.dist-info \
/usr/local/lib/python3.12/dist-packages/flash_attn \

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmmm feel like these are required, so this might be bad lol

@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

Updates auditor-tasks image bases and build inputs, Safe Synthesizer and CU129 dependency resolution, related constraints and package versions, and unsloth Hugging Face version pins.

Changes

Docker image and dependency changes

Layer / File(s) Summary
Auditor-tasks image base and build configuration
docker-bake.hcl, docker/Dockerfile.auditor-tasks
Auditor-tasks uses new BuildKit contexts and AUDITOR_PYTHON_IMAGE, installs build tooling, configures uv, updates remediation constraints, and upgrades and cleans apt packages.
Safe-synthesizer runtime dependency flow
docker/Dockerfile.safe-synthesizer-tasks, plugins/nemo-safe-synthesizer/constraints.txt, plugins/nemo-safe-synthesizer/pyproject.toml, plugins/nemo-safe-synthesizer/src/..., plugins/nemo-safe-synthesizer/tests/unit/test_runtime.py, packages/nemo_platform/pyproject.toml
Bumps Safe Synthesizer to 0.1.7, updates dependency constraints, resolves CU129 vLLM through an extra index, preserves patched runtime packages during sync, and updates runtime tests.
Unsloth dependency pins
docker/Dockerfile.nmp-unsloth-training
Updates the documented and configured transformers and huggingface-hub versions to 5.3.0 and 1.3.0.

Sequence Diagram(s)

sequenceDiagram
  participant SafeSynthesizerConfig
  participant runtime_package_index_options
  participant uv
  SafeSynthesizerConfig->>runtime_package_index_options: select cu129 runtime
  runtime_package_index_options->>uv: provide VLLM_CU129_INDEX_URL
  uv->>uv: install Safe Synthesizer and vLLM dependencies
Loading

Suggested reviewers: crookedstorm, a2bondar, tylersbray

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title matches the main change set: CVE-related updates across auditor, Nemo Safe Synthesizer, and fine-tuning containers.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch cves-0708-containers/mck

Comment @coderabbitai help to get the list of available commands.

ARG FLASHINFER_CU129_INDEX_URL="https://flashinfer.ai/whl/cu129"
ARG PYTORCH_CU129_INDEX_URL="https://download.pytorch.org/whl/cu129"
ARG VLLM_CU129_WHEEL="vllm @ https://github.com/vllm-project/vllm/releases/download/v0.20.0/vllm-0.20.0%2Bcu129-cp38-abi3-manylinux_2_31_x86_64.whl"
ARG VLLM_CU129_WHEEL="vllm @ https://github.com/vllm-project/vllm/releases/download/v0.22.0/vllm-0.22.0%2Bcu129-cp38-abi3-manylinux_2_28_x86_64.whl"

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have a PR to bump to 0.24.0 in nss, but it's in limbo. This is probably fine for now though, since I'll have to come back and update this

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
docker/Dockerfile.safe-synthesizer-tasks (1)

151-151: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Stale comment. This step now --excludes vLLM, so "currently dominated by vLLM" is misleading. Update it.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docker/Dockerfile.safe-synthesizer-tasks` at line 151, The comment on the
runtime dependencies install step is stale because this stage now excludes vLLM,
so the note about being “currently dominated by vLLM” is misleading. Update the
inline Dockerfile comment near the remaining runtime dependencies install step
to reflect the current behavior, keeping it aligned with the actual dependency
set and the surrounding build logic.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@docker/Dockerfile.safe-synthesizer-tasks`:
- Line 151: The comment on the runtime dependencies install step is stale
because this stage now excludes vLLM, so the note about being “currently
dominated by vLLM” is misleading. Update the inline Dockerfile comment near the
remaining runtime dependencies install step to reflect the current behavior,
keeping it aligned with the actual dependency set and the surrounding build
logic.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 39d5a9b2-681c-4f52-97c5-27b87155512f

📥 Commits

Reviewing files that changed from the base of the PR and between 66fda15 and 352f6d2.

📒 Files selected for processing (5)
  • docker-bake.hcl
  • docker/Dockerfile.auditor-tasks
  • docker/Dockerfile.nmp-unsloth-training
  • docker/Dockerfile.safe-synthesizer-tasks
  • docker/automodel/Dockerfile.nmp-automodel-base
💤 Files with no reviewable changes (1)
  • docker-bake.hcl

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor
Suite Lines Covered Line Rate Branch Rate
Unit Tests 23701/30822 76.9% 61.7%
Integration Tests 13763/29471 46.7% 19.7%

UV_CACHE_DIR=/root/.cache/uv uv sync --package nemo-safe-synthesizer-plugin --no-dev --no-editable --inexact \
--no-install-package nemo-platform

RUN --mount=type=cache,target=/root/.cache/uv \

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we just do this once?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

think it might be right to move to the constraints anyhow

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done in 866c30d. The Safe Synthesizer Dockerfile now installs the patched cryptography/pyarrow versions once in the runtime dependency layer, then skips those packages during the later plugin uv sync so the workspace lock cannot downgrade them. I also backed vLLM back to the Safe Synthesizer 0.1.2 default and removed the separate vLLM install split; we can pick up the vLLM bump with the next NSS release.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
docker/Dockerfile.safe-synthesizer-tasks (1)

151-160: 🚀 Performance & Scalability | 🔵 Trivial | ⚡ Quick win

Remove the duplicate install step in docker/Dockerfile.safe-synthesizer-tasks:151-160; it repeats the same uv pip install as 141-149, so it just re-runs the expensive resolution. The line 151 comment is stale.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docker/Dockerfile.safe-synthesizer-tasks` around lines 151 - 160, The RUN
step in docker/Dockerfile.safe-synthesizer-tasks is a duplicate of the earlier
uv pip install block and should be removed or replaced with the intended
distinct action. Update the Dockerfile around the repeated runtime-install
section so only one vLLM/runtime dependency installation via uv pip install
remains, and ensure the stale comment near the duplicated block is deleted or
rewritten to match the actual behavior.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@docker/Dockerfile.safe-synthesizer-tasks`:
- Around line 151-160: The RUN step in docker/Dockerfile.safe-synthesizer-tasks
is a duplicate of the earlier uv pip install block and should be removed or
replaced with the intended distinct action. Update the Dockerfile around the
repeated runtime-install section so only one vLLM/runtime dependency
installation via uv pip install remains, and ensure the stale comment near the
duplicated block is deleted or rewritten to match the actual behavior.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 83370ce1-50a2-46ea-8c77-0e4316aaae9f

📥 Commits

Reviewing files that changed from the base of the PR and between 352f6d2 and c6018e6.

📒 Files selected for processing (2)
  • docker/Dockerfile.auditor-tasks
  • docker/Dockerfile.safe-synthesizer-tasks
🚧 Files skipped from review as they are similar to previous changes (1)
  • docker/Dockerfile.auditor-tasks

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (2)
docker/Dockerfile.safe-synthesizer-tasks (2)

115-116: 🎯 Functional Correctness | 🔵 Trivial | ⚡ Quick win

Use constraints instead of absolute overrides for these security floors.

This file is passed via --overrides to every uv pip install; uv 0.9.30 documents overrides as replacing package requirements even for invalid resolutions, whereas constraints preserve dependency compatibility. Split the existing wandb override from the cryptography/pyarrow bounds and pass the latter with --constraints. (raw.githubusercontent.com)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docker/Dockerfile.safe-synthesizer-tasks` around lines 115 - 116, Update the
Dockerfile’s uv installation arguments so the `wandb` requirement remains in the
overrides file, while the `cryptography` and `pyarrow` security bounds are moved
to a separate constraints file and supplied via `--constraints` for every `uv
pip install` invocation.

177-183: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick win

Assert the patched versions in the smoke test.

The current smoke test only checks imports, so it will pass even if a later sync reintroduces older cryptography or pyarrow versions. Add metadata/version assertions for both packages after the final sync.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docker/Dockerfile.safe-synthesizer-tasks` around lines 177 - 183, Add
smoke-test assertions after the final uv sync to verify the installed metadata
versions of cryptography and pyarrow are the expected patched versions, rather
than only checking imports. Update the relevant smoke-test command in
Dockerfile.safe-synthesizer-tasks, using package metadata lookups and failing
when either version is older or unexpected.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docker/Dockerfile.safe-synthesizer-tasks`:
- Line 17: Update the vLLM cu129 dependency from 0.20.0 to at least 0.22.0 in
the Dockerfile’s VLLM_CU129_WHEEL and the corresponding runtime configuration in
nemo_safe_synthesizer_plugin.runtime, ensuring both references use a compatible
released wheel and remain consistent.

---

Nitpick comments:
In `@docker/Dockerfile.safe-synthesizer-tasks`:
- Around line 115-116: Update the Dockerfile’s uv installation arguments so the
`wandb` requirement remains in the overrides file, while the `cryptography` and
`pyarrow` security bounds are moved to a separate constraints file and supplied
via `--constraints` for every `uv pip install` invocation.
- Around line 177-183: Add smoke-test assertions after the final uv sync to
verify the installed metadata versions of cryptography and pyarrow are the
expected patched versions, rather than only checking imports. Update the
relevant smoke-test command in Dockerfile.safe-synthesizer-tasks, using package
metadata lookups and failing when either version is older or unexpected.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 27f950d8-5dcd-4473-aeb4-48cd23843495

📥 Commits

Reviewing files that changed from the base of the PR and between c6018e6 and 866c30d.

📒 Files selected for processing (2)
  • docker/Dockerfile.safe-synthesizer-tasks
  • plugins/nemo-safe-synthesizer/constraints.txt
✅ Files skipped from review due to trivial changes (1)
  • plugins/nemo-safe-synthesizer/constraints.txt

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Inline review comments failed to post. This is likely due to GitHub's internal server error or limits when posting large numbers of comments. If you are seeing this consistently it is likely a permissions issue. Please check "Moderation" -> "Code review limits" under your organization settings.

Actionable comments posted: 1

🧹 Nitpick comments (2)
docker/Dockerfile.safe-synthesizer-tasks (2)

115-116: 🎯 Functional Correctness | 🔵 Trivial | ⚡ Quick win

Use constraints instead of absolute overrides for these security floors.

This file is passed via --overrides to every uv pip install; uv 0.9.30 documents overrides as replacing package requirements even for invalid resolutions, whereas constraints preserve dependency compatibility. Split the existing wandb override from the cryptography/pyarrow bounds and pass the latter with --constraints. (raw.githubusercontent.com)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docker/Dockerfile.safe-synthesizer-tasks` around lines 115 - 116, Update the
Dockerfile’s uv installation arguments so the `wandb` requirement remains in the
overrides file, while the `cryptography` and `pyarrow` security bounds are moved
to a separate constraints file and supplied via `--constraints` for every `uv
pip install` invocation.

177-183: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick win

Assert the patched versions in the smoke test.

The current smoke test only checks imports, so it will pass even if a later sync reintroduces older cryptography or pyarrow versions. Add metadata/version assertions for both packages after the final sync.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docker/Dockerfile.safe-synthesizer-tasks` around lines 177 - 183, Add
smoke-test assertions after the final uv sync to verify the installed metadata
versions of cryptography and pyarrow are the expected patched versions, rather
than only checking imports. Update the relevant smoke-test command in
Dockerfile.safe-synthesizer-tasks, using package metadata lookups and failing
when either version is older or unexpected.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docker/Dockerfile.safe-synthesizer-tasks`:
- Line 17: Update the vLLM cu129 dependency from 0.20.0 to at least 0.22.0 in
the Dockerfile’s VLLM_CU129_WHEEL and the corresponding runtime configuration in
nemo_safe_synthesizer_plugin.runtime, ensuring both references use a compatible
released wheel and remain consistent.

---

Nitpick comments:
In `@docker/Dockerfile.safe-synthesizer-tasks`:
- Around line 115-116: Update the Dockerfile’s uv installation arguments so the
`wandb` requirement remains in the overrides file, while the `cryptography` and
`pyarrow` security bounds are moved to a separate constraints file and supplied
via `--constraints` for every `uv pip install` invocation.
- Around line 177-183: Add smoke-test assertions after the final uv sync to
verify the installed metadata versions of cryptography and pyarrow are the
expected patched versions, rather than only checking imports. Update the
relevant smoke-test command in Dockerfile.safe-synthesizer-tasks, using package
metadata lookups and failing when either version is older or unexpected.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 27f950d8-5dcd-4473-aeb4-48cd23843495

📥 Commits

Reviewing files that changed from the base of the PR and between c6018e6 and 866c30d.

📒 Files selected for processing (2)
  • docker/Dockerfile.safe-synthesizer-tasks
  • plugins/nemo-safe-synthesizer/constraints.txt
✅ Files skipped from review due to trivial changes (1)
  • plugins/nemo-safe-synthesizer/constraints.txt
🛑 Comments failed to post (1)
docker/Dockerfile.safe-synthesizer-tasks (1)

17-17: 🔒 Security & Privacy | 🟠 Major | 🏗️ Heavy lift

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Inspect the target Dockerfile around the referenced lines
nl -ba docker/Dockerfile.safe-synthesizer-tasks | sed -n '1,240p'

# Find related dependency/override files and references
rg -n "vllm|NSS|override|constraints|uv 0.9.30|0.20.0|0.1.2" docker . --glob '!**/.git/**'

Repository: NVIDIA-NeMo/nemo-platform

Length of output: 203


🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Read the Dockerfile with line numbers using POSIX tools
cat -n docker/Dockerfile.safe-synthesizer-tasks | sed -n '1,240p'

# Locate vLLM/NSS/override references in the repo
rg -n "vllm|NSS|override|constraints|uv 0.9.30|0.20.0|0.1.2" docker . --glob '!**/.git/**'

Repository: NVIDIA-NeMo/nemo-platform

Length of output: 50382


🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== Dockerfile slice =="
sed -n '1,220p' docker/Dockerfile.safe-synthesizer-tasks | cat -n

echo "== Files mentioning nemo-safe-synthesizer or vllm =="
rg -n "nemo-safe-synthesizer|vllm|VLLM_CU129_WHEEL|safe-synthesizer" \
  docker packages pyproject.toml .github --glob '!**/.git/**' --glob '!**/dist/**' --glob '!**/build/**'

echo "== Candidate metadata files =="
git ls-files | rg '(^|/)(pyproject\.toml|requirements.*|uv\.lock|constraints.*|override.*|Dockerfile\.safe-synthesizer-tasks)$'

Repository: NVIDIA-NeMo/nemo-platform

Length of output: 22309


🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== plugins/nemo-safe-synthesizer/pyproject.toml =="
sed -n '1,260p' plugins/nemo-safe-synthesizer/pyproject.toml | cat -n

echo "== plugins/nemo-safe-synthesizer/constraints.txt =="
sed -n '1,220p' plugins/nemo-safe-synthesizer/constraints.txt | cat -n

echo "== vllm references in safe-synthesizer plugin =="
rg -n "vllm|nemo-safe-synthesizer|cu129|0.20.0|0.1.2" plugins/nemo-safe-synthesizer sdk/python/overrides/nemo-platform packages/nemo_platform --glob '!**/.git/**'

Repository: NVIDIA-NeMo/nemo-platform

Length of output: 11839


🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== plugins/nemo-safe-synthesizer/src/nemo_safe_synthesizer_plugin/runtime.py =="
sed -n '1,260p' plugins/nemo-safe-synthesizer/src/nemo_safe_synthesizer_plugin/runtime.py | cat -n

echo "== Search for any version constraints tied to vllm =="
rg -n "VLLM_CU129_VERSION|vllm_cu129_wheel|vllm.*0\.20\.0|0\.22\.0|requires.*vllm|compatible.*vllm" plugins/nemo-safe-synthesizer packages/nemo_platform docker --glob '!**/.git/**'

Repository: NVIDIA-NeMo/nemo-platform

Length of output: 9895


🌐 Web query:

vLLM 0.20.0 advisory fixed in 0.22.0 vulnerability release notes

💡 Result:

Multiple security vulnerabilities affecting vLLM versions prior to 0.22.0 were remediated in the 0.22.0 release [1][2]. Specifically, vLLM 0.22.0 introduced fixes for the following security issues: 1. Security Check Bypass via assert Statement (CVE-2026-41523): An assert-based security check in the activation function loading mechanism could be bypassed when vLLM was run in Python optimized mode (using python -O or PYTHONOPTIMIZE=1), potentially allowing arbitrary code execution when loading a malicious HuggingFace model [3][1]. 2. OpenAI API Authentication Bypass (CVE-2026-48746): An authentication bypass existed in the OpenAI API middleware due to inconsistent interpretation of HTTP requests (specifically involving the Host header), which allowed access without providing the required API key [4][2]. 3. Artifact Pin Decay (CVE-2026-47155): vLLM failed to consistently apply revision pinning to all secondary artifacts (such as GGUF files, image processors, or side weights), which could lead to deployments loading unpinned code or weights despite having an explicit revision pin [5]. Additionally, users should note that other vulnerabilities may affect specific version ranges, such as the SSRF vulnerability in download_bytes_from_url (CVE-2026-34753), which was fixed in 0.19.0 [6], and the Remote DoS via Invalid Recovered Token Reinjection (CVE-2026-54234), which was identified in versions up to 0.17.1 and requires later patching [7]. Always verify the specific CVEs and affected versions in the official GitHub security advisories for the most accurate security posture [3][5][6][7][4].

Citations:


Bump the vLLM cu129 pin

docker/Dockerfile.safe-synthesizer-tasks and plugins/nemo-safe-synthesizer/src/nemo_safe_synthesizer_plugin/runtime.py both hardcode vLLM 0.20.0. That’s below the 0.22.0 release that fixes multiple security issues, so this image still ships with the vulnerable line. Upgrade the cu129 wheel or document why those paths are unreachable here.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docker/Dockerfile.safe-synthesizer-tasks` at line 17, Update the vLLM cu129
dependency from 0.20.0 to at least 0.22.0 in the Dockerfile’s VLLM_CU129_WHEEL
and the corresponding runtime configuration in
nemo_safe_synthesizer_plugin.runtime, ensuring both references use a compatible
released wheel and remain consistent.

@mckornfield mckornfield force-pushed the cves-0708-containers/mck branch from 856806b to 4331bf2 Compare July 10, 2026 22:50
Signed-off-by: Matt Kornfield <mkornfield@nvidia.com>
@mckornfield mckornfield force-pushed the cves-0708-containers/mck branch from 4331bf2 to 2343e44 Compare July 10, 2026 22:51
@mckornfield mckornfield requested a review from ironcommit July 10, 2026 22:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants