patch vulnerabilities [pytorch training neuronx] (#5150)

* patch vulnerabilities [listed from SAFETY_REPORT during build]

* Update ['dlc_developer_config.toml']

dlc_developer_config.toml:
{   'build': {   'build_frameworks': ['huggingface_pytorch'],
                 'build_inference': False,
                 'build_training': True},
    'buildspec_override': {   'dlc-pr-huggingface-pytorch-neuronx-training': 'huggingface/pytorch/training/buildspec-neuronx.yml'},
    'dev': {   'arm64_mode': False,
               'deep_canary_mode': False,
               'graviton_mode': False,
               'neuronx_mode': True},
    'test': {   'ec2_tests': False,
                'ecs_tests': False,
                'eks_tests': False,
                'sagemaker_local_tests': False,
                'sagemaker_remote_tests': False,
                'sanity_tests': True,
                'security_tests': False}}

* ignoring requests

* ignoring urllib

* revert dlc_developer_config.toml

Author: bnpaws

huggingface/pytorch/training/docker/2.1/py3/sdk2.20.0/Dockerfile.neuronx

@@ -44,7 +44,10 @@ RUN pip install -U \
 	boto3 \
 	botocore \
 	google-auth \
-	"urllib3>=1.26.17,<1.27"
+	"urllib3>=1.26.17,<1.27" \
+	"protobuf>=4.25.8" \
+	"regex>=2025.2.10" \
+	"transformers>=4.52.1"
 
 RUN pip install "peft==0.14.0"
 

huggingface/pytorch/training/docker/2.1/py3/sdk2.20.0/Dockerfile.neuronx.py_scan_allowlist.json

@@ -18,5 +18,7 @@
     "72394": "[pkg: mlflow] Required by sagemaker. advisory='Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run.', reason_to_ignore='N/A', spec='>=1.27.0'",
     "73889": "[pkg: werkzeug] Required by sagemaker. advisory='Affected versions of Werkzeug are potentially vulnerable to resource exhaustion when parsing file data in forms.', reason_to_ignore='N/A', spec='>=3.0.6'",
     "73969": "[pkg: werkzeug] Required by sagemaker. advisory='Affected versions of Werkzeug are vulnerable to Path Traversal (CWE-22) on Windows systems running Python versions below 3.11.', reason_to_ignore='N/A', spec='>=3.0.6'",
-    "72809": "[pkg: gunicorn] A vulnerability in Gunicorn allowed the TolerateDangerousFraming setting to process conflicting headers (Transfer-Encoding and Content-Length) and dangerous characters in HTTP header fields.', reason_to_ignore='N/A', spec='>=23.0.0'"
+    "72809": "[pkg: gunicorn] A vulnerability in Gunicorn allowed the TolerateDangerousFraming setting to process conflicting headers (Transfer-Encoding and Content-Length) and dangerous characters in HTTP header fields.', reason_to_ignore='N/A', spec='>=23.0.0'",
+    "77680": "Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.",
+    "77744": "urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0."
 }