update subprocess cmd

[nithinraok]

Important

The Update branch button must only be pressed in very rare occassions.
An outdated branch is never blocking the merge of a PR.
Please reach out to the automation team before pressing that button.

What does this PR do ?

This change converts command strings to argument lists, which is the recommended secure approach for subprocess execution.

Collection: [ASR]

Changelog

• Refactored run_chunked_inference() in tools/asr_evaluator/utils.py to use shell=False by converting the command string to a list of arguments.
• Refactored run_offline_inference() in tools/asr_evaluator/utils.py to use shell=False by converting the command string to a list of arguments.

Usage

No changes to usage. The ASR evaluator functions wors as before:

from tools.asr_evaluator.utils import run_asr_inference
from omegaconf import DictConfig

cfg = DictConfig({
    "model_path": "/path/to/model.nemo",
    "pretrained_name": None,
    "inference": {"mode": "offline", "decoder_type": "ctc"},
    "test_ds": {
        "manifest_filepath": "/path/to/manifest.json",
        "batch_size": 32,
        "num_workers": 4
    },
    "random_seed": 42,
    # ... other config options
})

result_cfg = run_asr_inference(cfg)

GitHub Actions CI

The Jenkins CI system has been replaced by GitHub Actions self-hosted runners.

The GitHub Actions CI will run automatically when the "Run CICD" label is added to the PR.
To re-run CI remove and add the label again.
To run CI on an untrusted fork, a NeMo user with write access must first click "Approve and run".

Before your PR is "Ready for review"

Pre checks:

• Make sure you read and followed Contributor guidelines
• Did you write any new necessary tests?
• Did you add or update any necessary documentation?
• Does the PR affect components that are optional to install? (Ex: Numba, Pynini, Apex etc)
  • Reviewer: Does the PR have correct import guards for all optional libraries?

PR Type:

• New Feature
• Bugfix
• Documentation

If you haven't finished some of the above items you can still open "Draft" PR.

Who can review?

Anyone in the community is free to review the PR once the checks have passed.
Contributor guidelines contains specific people who can review PRs to various areas.

Additional Information

• Related to # (issue)

To fix this, we should make the concatenation of the two string literals in the commands list explicit. The goal is to keep the User-Agent value exactly the same while avoiding implicit string concatenation inside the list, thereby satisfying CodeQL and improving readability.

The best minimal change is to join the two adjacent literals on lines 168–169 with + so that Python’s intent is clear while still passing a single User-Agent string as the value for the --user-agent option. We should only edit the string element in the commands list and not change any other behavior or imports.

Concretely, in scripts/dataset_processing/get_commonvoice_data.py, locate the commands = [ block in main() and replace the two-line implicit concatenation:

            'Mozilla/5.0 (Windows NT 10.0; WOW64) '
            'AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36',

with an explicit concatenation (split across lines for readability):

            'Mozilla/5.0 (Windows NT 10.0; WOW64) ' +
            'AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36',

No new methods, imports, or definitions are needed.

[melllinia]

LGTM

[github-actions]

[🤖]: Hi @nithinraok 👋,

We wanted to let you know that a CICD pipeline for this PR just finished successfully.

So it might be time to merge this PR or get some approvals.

//cc @chtruong814 @ko3n1g @pablo-garay @thomasdhc