[Draft] Add AutoGluon v1.1.1 (#4029)

* inital commit * initial commit * removing debug prints * fix vulnerabilities * revert * fix vulnerability * adding fix message * fix * Addressing comments * revert toml --------- Co-authored-by: Ubuntu <[email protected]> Co-authored-by: Ubuntu <[email protected]>
aws · Jul 1, 2024 · 103424d · 103424d
1 parent 3c58cd7
commit 103424d
Show file tree

Hide file tree

Showing 21 changed files with 548 additions and 1,157 deletions.
diff --git a/autogluon/inference/buildspec.yml b/autogluon/inference/buildspec.yml
@@ -1,7 +1,7 @@
 account_id: &ACCOUNT_ID <set-$ACCOUNT_ID-in-environment>
 region: &REGION <set-$REGION-in-environment>
 framework: &FRAMEWORK autogluon
-version: &VERSION 1.1.0
+version: &VERSION 1.1.1
 short_version: &SHORT_VERSION 1.1
 arch_type: x86
 
@@ -31,7 +31,7 @@ images:
     image_size_baseline: 6399
     device_type: &DEVICE_TYPE cpu
     python_version: &DOCKER_PYTHON_VERSION py3
-    tag_python_version: &TAG_PYTHON_VERSION py310
+    tag_python_version: &TAG_PYTHON_VERSION py311
     os_version: &OS_VERSION ubuntu20.04
     tag: !join [ *VERSION, "-", *DEVICE_TYPE, "-", *TAG_PYTHON_VERSION, "-", *OS_VERSION ]
     docker_file: !join [ docker/, *SHORT_VERSION, /, *DOCKER_PYTHON_VERSION, /Dockerfile., *DEVICE_TYPE ]
@@ -44,8 +44,8 @@ images:
     image_size_baseline: 19456
     device_type: &DEVICE_TYPE gpu
     python_version: &DOCKER_PYTHON_VERSION py3
-    tag_python_version: &TAG_PYTHON_VERSION py310
-    cuda_version: &CUDA_VERSION cu118
+    tag_python_version: &TAG_PYTHON_VERSION py311
+    cuda_version: &CUDA_VERSION cu121
     os_version: &OS_VERSION ubuntu20.04
     tag: !join [ *VERSION, "-", *DEVICE_TYPE, "-", *TAG_PYTHON_VERSION, "-", *CUDA_VERSION, "-", *OS_VERSION ]
     docker_file: !join [ docker/, *SHORT_VERSION, /, *DOCKER_PYTHON_VERSION, /, *CUDA_VERSION, /Dockerfile., *DEVICE_TYPE ]

diff --git a/autogluon/inference/docker/1.1/py3/Dockerfile.cpu b/autogluon/inference/docker/1.1/py3/Dockerfile.cpu
@@ -1,6 +1,6 @@
-ARG PYTHON_VERSION=3.10.8
+ARG PYTHON_VERSION=3.11.9
 
-FROM 763104351884.dkr.ecr.us-west-2.amazonaws.com/pytorch-inference:2.1.0-cpu-py310-ubuntu20.04-sagemaker
+FROM 763104351884.dkr.ecr.us-west-2.amazonaws.com/pytorch-inference:2.3.0-cpu-py311-ubuntu20.04-sagemaker
 
 # Specify accept-bind-to-port LABEL for inference pipelines to use SAGEMAKER_BIND_TO_PORT
 # https://docs.aws.amazon.com/sagemaker/latest/dg/inference-pipeline-real-time.html
@@ -19,7 +19,7 @@ RUN apt-get update \
  && apt-get clean \
  && rm -rf /var/lib/apt/lists/*
 
-ARG AUTOGLUON_VERSION=1.1.0
+ARG AUTOGLUON_VERSION=1.1.1
 
 # Upgrading pip and installing/updating Python dependencies
 # Comments are added to explain the reason behind each update
@@ -34,8 +34,8 @@ RUN pip install --no-cache-dir -U --trusted-host pypi.org --trusted-host files.p
  && mim install -q mmcv==2.1.0 --timeout 600 \
  && pip install --no-cache-dir -U mmdet>=3.0.0 \
  && pip install --no-cache-dir -U "mmengine" \
-# Update transformers to secure versions that fixes CVE-2023-7018
- && pip install --no-cache-dir -U setuptools>=65.5.1 \  
+# Capping setuptools to 69.5.1 to fix AutoMM tests
+ && pip install --no-cache-dir setuptools==69.5.1 \  
  # Update pillow to a secure version that fixes CVE-2023-50447
  && pip install --no-cache-dir -U pillow>=10.2.0 \
  # Update Jinja2 to a secure version that fixes vulnerability id 64227
@@ -47,7 +47,9 @@ RUN pip install --no-cache-dir -U --trusted-host pypi.org --trusted-host files.p
  && pip install --no-cache-dir -U scipy==1.12.0 \
  && pip install --no-cache-dir -U joblib==1.4.2 \
  # update tqdm to a secure version that fixes CVE-2024-34062
- && pip install --no-cache-dir -U tqdm>=4.66.3
+ && pip install --no-cache-dir -U tqdm>=4.66.3 \
+ # update urllib3 to fix vulnerability id 71608
+ && pip install --no-cache-dir -U urllib3
 
 
 

diff --git a/autogluon/inference/docker/1.1/py3/Dockerfile.cpu.os_scan_allowlist.json b/autogluon/inference/docker/1.1/py3/Dockerfile.cpu.os_scan_allowlist.json
diff --git a/autogluon/inference/docker/1.1/py3/Dockerfile.cpu.py_scan_allowlist.json b/autogluon/inference/docker/1.1/py3/Dockerfile.cpu.py_scan_allowlist.json
@@ -1,9 +1,9 @@
 {
-    "50916": "Pydantic 1.10.2 prevents long strings as int inputs to fix CVE-2020-10735 - upstream dependencies are still not patched",
-    "51358": "Safety 2.2.0 updates its dependency 'dparse' to include a security fix. - not packaged with container, result of security scanning process",
     "65213": "PyOpenSSL doesn't have this fix yet - the issue only applicable to PowerPC architecture and not applicable to this container",
-    "67599": "pip - No fix for this yet",
     "70612": "jinja2 3.1.4 - The maintainer and multiple third parties believe that this vulnerability isn't valid.",
     "65189": "Ray - autogluon uses ray < 2.11",
-    "70485": "Ray - autogluon uses ray < 2.11"
+    "70485": "Ray - autogluon uses ray < 2.11",
+    "71805": "onnx - this package is required by autogluon multimodal",
+    "71596": "scikit-learn - this package is required by autogluon",
+    "71670": "torch 2.3 is used in the base image and is required by autogluon"
 }
diff --git a/autogluon/inference/docker/1.1/py3/cu118/Dockerfile.gpu.os_scan_allowlist.json b/autogluon/inference/docker/1.1/py3/cu118/Dockerfile.gpu.os_scan_allowlist.json
diff --git a/autogluon/inference/docker/1.1/py3/cu118/Dockerfile.gpu.py_scan_allowlist.json b/autogluon/inference/docker/1.1/py3/cu118/Dockerfile.gpu.py_scan_allowlist.json