From 9be257ceeebdb2eb3e253ead2144b0a9a3a054d5 Mon Sep 17 00:00:00 2001 From: cybermaggedon Date: Thu, 30 Apr 2026 20:02:53 +0100 Subject: [PATCH] Update packages with vulns in container builds (#861) * Fix vulns-flagged imports * Fix archaic pulls in the "trustgraph" package * Add unstructured to meta package --- containers/Containerfile.base | 3 ++- containers/Containerfile.bedrock | 3 ++- containers/Containerfile.flow | 11 ++++++----- containers/Containerfile.hf | 15 ++++++++------- containers/Containerfile.mcp | 1 + containers/Containerfile.ocr | 3 ++- containers/Containerfile.unstructured | 3 ++- containers/Containerfile.vertexai | 3 ++- trustgraph/pyproject.toml | 13 +++++++------ 9 files changed, 32 insertions(+), 23 deletions(-) diff --git a/containers/Containerfile.base b/containers/Containerfile.base index fa5d653c..20184cbf 100644 --- a/containers/Containerfile.base +++ b/containers/Containerfile.base @@ -11,8 +11,9 @@ ENV PIP_BREAK_SYSTEM_PACKAGES=1 RUN dnf install -y python3.13 && \ alternatives --install /usr/bin/python python /usr/bin/python3.13 1 && \ python -m ensurepip --upgrade && \ + pip3 install --no-cache-dir --upgrade 'pip>=26.0' 'setuptools>=78.1.1' && \ pip3 install --no-cache-dir build wheel aiohttp && \ - pip3 install --no-cache-dir pulsar-client==3.7.0 && \ + pip3 install --no-cache-dir pulsar-client==3.11.0 && \ dnf clean all # ---------------------------------------------------------------------------- diff --git a/containers/Containerfile.bedrock b/containers/Containerfile.bedrock index b9ab99ac..5c6fb953 100644 --- a/containers/Containerfile.bedrock +++ b/containers/Containerfile.bedrock @@ -11,8 +11,9 @@ ENV PIP_BREAK_SYSTEM_PACKAGES=1 RUN dnf install -y python3.13 && \ alternatives --install /usr/bin/python python /usr/bin/python3.13 1 && \ python -m ensurepip --upgrade && \ + pip3 install --no-cache-dir --upgrade 'pip>=26.0' 'setuptools>=78.1.1' && \ pip3 install --no-cache-dir build wheel aiohttp && \ - pip3 install --no-cache-dir pulsar-client==3.7.0 && \ + pip3 install --no-cache-dir pulsar-client==3.11.0 && \ dnf clean all # ---------------------------------------------------------------------------- diff --git a/containers/Containerfile.flow b/containers/Containerfile.flow index c6bc7e50..7ff4867f 100644 --- a/containers/Containerfile.flow +++ b/containers/Containerfile.flow @@ -11,18 +11,19 @@ ENV PIP_BREAK_SYSTEM_PACKAGES=1 RUN dnf install -y python3.13 && \ alternatives --install /usr/bin/python python /usr/bin/python3.13 1 && \ python -m ensurepip --upgrade && \ + pip3 install --no-cache-dir --upgrade 'pip>=26.0' 'setuptools>=78.1.1' && \ pip3 install --no-cache-dir build wheel aiohttp rdflib && \ - pip3 install --no-cache-dir pulsar-client==3.7.0 && \ + pip3 install --no-cache-dir pulsar-client==3.11.0 && \ dnf clean all RUN pip3 install --no-cache-dir \ anthropic cohere mistralai openai \ ollama \ - langchain==0.3.25 langchain-core==0.3.60 \ - langchain-text-splitters==0.3.8 \ - langchain-community==0.3.24 \ + langchain==1.2.16 langchain-core==1.3.2 \ + langchain-text-splitters==1.1.2 \ + langchain-community==0.4.1 \ pymilvus \ - pulsar-client==3.7.0 scylla-driver pyyaml \ + pulsar-client==3.11.0 scylla-driver pyyaml \ neo4j tiktoken falkordb && \ pip3 cache purge diff --git a/containers/Containerfile.hf b/containers/Containerfile.hf index a1ec5346..93768b54 100644 --- a/containers/Containerfile.hf +++ b/containers/Containerfile.hf @@ -8,8 +8,9 @@ ENV PIP_BREAK_SYSTEM_PACKAGES=1 RUN dnf install -y python3.12 && \ alternatives --install /usr/bin/python python /usr/bin/python3.12 1 && \ python -m ensurepip --upgrade && \ + pip3 install --no-cache-dir --upgrade 'pip>=26.0' 'setuptools>=78.1.1' && \ pip3 install --no-cache-dir build wheel aiohttp && \ - pip3 install --no-cache-dir pulsar-client==3.7.0 && \ + pip3 install --no-cache-dir pulsar-client==3.11.0 && \ dnf clean all # This won't work on ARM @@ -19,15 +20,15 @@ RUN dnf install -y python3.12 && \ RUN pip3 install torch RUN pip3 install --no-cache-dir \ - langchain==0.3.25 langchain-core==0.3.60 langchain-huggingface==0.2.0 \ - langchain-community==0.3.24 \ - sentence-transformers==4.1.0 transformers==4.51.3 \ - huggingface-hub==0.31.2 \ - pulsar-client==3.7.0 + langchain==1.2.16 langchain-core==1.3.2 langchain-huggingface==1.2.2 \ + langchain-community==0.4.1 \ + sentence-transformers==5.4.1 transformers==5.7.0 \ + huggingface-hub==1.13.0 \ + pulsar-client==3.11.0 # Most commonly used embeddings model, just build it into the container # image -RUN huggingface-cli download sentence-transformers/all-MiniLM-L6-v2 +RUN hf download sentence-transformers/all-MiniLM-L6-v2 # ---------------------------------------------------------------------------- # Build a container which contains the built Python packages. The build diff --git a/containers/Containerfile.mcp b/containers/Containerfile.mcp index 389b919e..36a7da17 100644 --- a/containers/Containerfile.mcp +++ b/containers/Containerfile.mcp @@ -11,6 +11,7 @@ ENV PIP_BREAK_SYSTEM_PACKAGES=1 RUN dnf install -y python3.13 && \ alternatives --install /usr/bin/python python /usr/bin/python3.13 1 && \ python -m ensurepip --upgrade && \ + pip3 install --no-cache-dir --upgrade 'pip>=26.0' 'setuptools>=78.1.1' && \ pip3 install --no-cache-dir mcp websockets && \ dnf clean all diff --git a/containers/Containerfile.ocr b/containers/Containerfile.ocr index 41655e42..c8554f1a 100644 --- a/containers/Containerfile.ocr +++ b/containers/Containerfile.ocr @@ -12,8 +12,9 @@ RUN dnf install -y python3.13 && \ dnf install -y tesseract poppler-utils && \ alternatives --install /usr/bin/python python /usr/bin/python3.13 1 && \ python -m ensurepip --upgrade && \ + pip3 install --no-cache-dir --upgrade 'pip>=26.0' 'setuptools>=78.1.1' && \ pip3 install --no-cache-dir build wheel aiohttp && \ - pip3 install --no-cache-dir pulsar-client==3.7.0 && \ + pip3 install --no-cache-dir pulsar-client==3.11.0 && \ dnf clean all # ---------------------------------------------------------------------------- diff --git a/containers/Containerfile.unstructured b/containers/Containerfile.unstructured index 7284901e..6de8a800 100644 --- a/containers/Containerfile.unstructured +++ b/containers/Containerfile.unstructured @@ -10,8 +10,9 @@ ENV PIP_BREAK_SYSTEM_PACKAGES=1 RUN dnf install -y python3.13 libxcb mesa-libGL && \ alternatives --install /usr/bin/python python /usr/bin/python3.13 1 && \ python -m ensurepip --upgrade && \ + pip3 install --no-cache-dir --upgrade 'pip>=26.0' 'setuptools>=78.1.1' && \ pip3 install --no-cache-dir build wheel aiohttp && \ - pip3 install --no-cache-dir pulsar-client==3.7.0 && \ + pip3 install --no-cache-dir pulsar-client==3.11.0 && \ dnf clean all # ---------------------------------------------------------------------------- diff --git a/containers/Containerfile.vertexai b/containers/Containerfile.vertexai index bf0e55da..54a26572 100644 --- a/containers/Containerfile.vertexai +++ b/containers/Containerfile.vertexai @@ -11,8 +11,9 @@ ENV PIP_BREAK_SYSTEM_PACKAGES=1 RUN dnf install -y python3.13 && \ alternatives --install /usr/bin/python python /usr/bin/python3.13 1 && \ python -m ensurepip --upgrade && \ + pip3 install --no-cache-dir --upgrade 'pip>=26.0' 'setuptools>=78.1.1' && \ pip3 install --no-cache-dir build wheel aiohttp && \ - pip3 install --no-cache-dir pulsar-client==3.7.0 && \ + pip3 install --no-cache-dir pulsar-client==3.11.0 && \ pip3 install --no-cache-dir google-cloud-aiplatform && \ dnf clean all diff --git a/trustgraph/pyproject.toml b/trustgraph/pyproject.toml index 4ddbf562..dc896700 100644 --- a/trustgraph/pyproject.toml +++ b/trustgraph/pyproject.toml @@ -10,12 +10,13 @@ description = "TrustGraph provides a means to run a pipeline of flexible AI proc readme = "README.md" requires-python = ">=3.8" dependencies = [ - "trustgraph-base>=1.8,<1.9", - "trustgraph-bedrock>=1.8,<1.9", - "trustgraph-cli>=1.8,<1.9", - "trustgraph-embeddings-hf>=1.8,<1.9", - "trustgraph-flow>=1.8,<1.9", - "trustgraph-vertexai>=1.8,<1.9", + "trustgraph-base>=2.4,<2.5", + "trustgraph-bedrock>=2.4,<2.5", + "trustgraph-cli>=2.4,<2.5", + "trustgraph-embeddings-hf>=2.4,<2.5", + "trustgraph-flow>=2.4,<2.5", + "trustgraph-unstructured>=2.4,<2.5", + "trustgraph-vertexai>=2.4,<2.5", ] classifiers = [ "Programming Language :: Python :: 3",