From 5abe7688f043f95387740c27491b12f416cce235 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jiri=20Dan=C4=9Bk?= Date: Tue, 29 Jul 2025 18:27:33 +0200 Subject: [PATCH 1/4] [2.22] update `setuptools` to version 78.1.1 in RStudio Pipfiles --- rstudio/c9s-python-3.11/Pipfile | 2 +- rstudio/rhel9-python-3.11/Pipfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rstudio/c9s-python-3.11/Pipfile b/rstudio/c9s-python-3.11/Pipfile index 6610e171d4..bc2f714085 100755 --- a/rstudio/c9s-python-3.11/Pipfile +++ b/rstudio/c9s-python-3.11/Pipfile @@ -8,7 +8,7 @@ verify_ssl = true [packages] # Base packages wheel = "~=0.45.1" -setuptools = "~=75.8.2" +setuptools = "~=78.1.1" [requires] python_version = "3.11" diff --git a/rstudio/rhel9-python-3.11/Pipfile b/rstudio/rhel9-python-3.11/Pipfile index cd380e239f..e01f7d914e 100644 --- a/rstudio/rhel9-python-3.11/Pipfile +++ b/rstudio/rhel9-python-3.11/Pipfile @@ -7,7 +7,7 @@ verify_ssl = true [packages] # Base packages -setuptools = "~=75.8.2" +setuptools = "~=78.1.1" wheel = "~=0.45.1" [requires] From 1e7d5191fa124f1a4ff17c36926a75cc89156a98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jiri=20Dan=C4=9Bk?= Date: Thu, 26 Jun 2025 21:00:14 +0200 Subject: [PATCH 2/4] NO-JIRA: add RStudio image directories for updating Pipfile.locks to Makefile (#1203) --- Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Makefile b/Makefile index 5b9b109e88..5da7d4610f 100644 --- a/Makefile +++ b/Makefile @@ -399,6 +399,8 @@ BASE_DIRS := jupyter/minimal/ubi9-python-$(PYTHON_VERSION) \ jupyter/rocm/tensorflow/ubi9-python-$(PYTHON_VERSION) \ jupyter/rocm/pytorch/ubi9-python-$(PYTHON_VERSION) \ codeserver/ubi9-python-$(PYTHON_VERSION) \ + rstudio/rhel9-python-$(PYTHON_VERSION) \ + rstudio/c9s-python-$(PYTHON_VERSION) \ runtimes/minimal/ubi9-python-$(PYTHON_VERSION) \ runtimes/datascience/ubi9-python-$(PYTHON_VERSION) \ runtimes/pytorch/ubi9-python-$(PYTHON_VERSION) \ From d7f5240e55d38bf391fced9d01ddcc9de4d3d0a9 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 29 Jul 2025 20:23:02 +0000 Subject: [PATCH 3/4] Update Pipfile.lock files by piplock-renewal.yaml action --- rstudio/c9s-python-3.11/Pipfile.lock | 8 ++++---- rstudio/c9s-python-3.11/requirements.txt | 6 +++--- rstudio/rhel9-python-3.11/Pipfile.lock | 8 ++++---- rstudio/rhel9-python-3.11/requirements.txt | 6 +++--- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/rstudio/c9s-python-3.11/Pipfile.lock b/rstudio/c9s-python-3.11/Pipfile.lock index c687e66518..72736d62d0 100644 --- a/rstudio/c9s-python-3.11/Pipfile.lock +++ b/rstudio/c9s-python-3.11/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "d0ef0c3e47575d974a1623e3b51b0660a71d6f6a3e47ce0a6eb989a3323f2bcd" + "sha256": "9c691e9160fbfc0609d97a6005f8e18e11f91a839a2f443c44f30fed33b28130" }, "pipfile-spec": 6, "requires": { @@ -18,12 +18,12 @@ "default": { "setuptools": { "hashes": [ - "sha256:4880473a969e5f23f2a2be3646b2dfd84af9028716d398e46192f84bc36900d2", - "sha256:558e47c15f1811c1fa7adbd0096669bf76c1d3f433f58324df69f3f5ecac4e8f" + "sha256:c3a9c4211ff4c309edb8b8c4f1cbfa7ae324c4ba9f91ff254e3d305b9fd54561", + "sha256:fcc17fd9cd898242f6b4adfaca46137a9edef687f43e6f78469692a5e70d851d" ], "index": "pypi", "markers": "python_version >= '3.9'", - "version": "==75.8.2" + "version": "==78.1.1" }, "wheel": { "hashes": [ diff --git a/rstudio/c9s-python-3.11/requirements.txt b/rstudio/c9s-python-3.11/requirements.txt index 33d053fd3c..64f4b50e45 100644 --- a/rstudio/c9s-python-3.11/requirements.txt +++ b/rstudio/c9s-python-3.11/requirements.txt @@ -4,9 +4,9 @@ # # Default dependencies # -setuptools==75.8.2; python_version >= '3.9' \ - --hash=sha256:4880473a969e5f23f2a2be3646b2dfd84af9028716d398e46192f84bc36900d2 \ - --hash=sha256:558e47c15f1811c1fa7adbd0096669bf76c1d3f433f58324df69f3f5ecac4e8f +setuptools==78.1.1; python_version >= '3.9' \ + --hash=sha256:c3a9c4211ff4c309edb8b8c4f1cbfa7ae324c4ba9f91ff254e3d305b9fd54561 \ + --hash=sha256:fcc17fd9cd898242f6b4adfaca46137a9edef687f43e6f78469692a5e70d851d wheel==0.45.1; python_version >= '3.8' \ --hash=sha256:661e1abd9198507b1409a20c02106d9670b2576e916d58f520316666abca6729 \ --hash=sha256:708e7481cc80179af0e556bbf0cc00b8444c7321e2700b8d8580231d13017248 diff --git a/rstudio/rhel9-python-3.11/Pipfile.lock b/rstudio/rhel9-python-3.11/Pipfile.lock index c687e66518..72736d62d0 100644 --- a/rstudio/rhel9-python-3.11/Pipfile.lock +++ b/rstudio/rhel9-python-3.11/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "d0ef0c3e47575d974a1623e3b51b0660a71d6f6a3e47ce0a6eb989a3323f2bcd" + "sha256": "9c691e9160fbfc0609d97a6005f8e18e11f91a839a2f443c44f30fed33b28130" }, "pipfile-spec": 6, "requires": { @@ -18,12 +18,12 @@ "default": { "setuptools": { "hashes": [ - "sha256:4880473a969e5f23f2a2be3646b2dfd84af9028716d398e46192f84bc36900d2", - "sha256:558e47c15f1811c1fa7adbd0096669bf76c1d3f433f58324df69f3f5ecac4e8f" + "sha256:c3a9c4211ff4c309edb8b8c4f1cbfa7ae324c4ba9f91ff254e3d305b9fd54561", + "sha256:fcc17fd9cd898242f6b4adfaca46137a9edef687f43e6f78469692a5e70d851d" ], "index": "pypi", "markers": "python_version >= '3.9'", - "version": "==75.8.2" + "version": "==78.1.1" }, "wheel": { "hashes": [ diff --git a/rstudio/rhel9-python-3.11/requirements.txt b/rstudio/rhel9-python-3.11/requirements.txt index 33d053fd3c..64f4b50e45 100644 --- a/rstudio/rhel9-python-3.11/requirements.txt +++ b/rstudio/rhel9-python-3.11/requirements.txt @@ -4,9 +4,9 @@ # # Default dependencies # -setuptools==75.8.2; python_version >= '3.9' \ - --hash=sha256:4880473a969e5f23f2a2be3646b2dfd84af9028716d398e46192f84bc36900d2 \ - --hash=sha256:558e47c15f1811c1fa7adbd0096669bf76c1d3f433f58324df69f3f5ecac4e8f +setuptools==78.1.1; python_version >= '3.9' \ + --hash=sha256:c3a9c4211ff4c309edb8b8c4f1cbfa7ae324c4ba9f91ff254e3d305b9fd54561 \ + --hash=sha256:fcc17fd9cd898242f6b4adfaca46137a9edef687f43e6f78469692a5e70d851d wheel==0.45.1; python_version >= '3.8' \ --hash=sha256:661e1abd9198507b1409a20c02106d9670b2576e916d58f520316666abca6729 \ --hash=sha256:708e7481cc80179af0e556bbf0cc00b8444c7321e2700b8d8580231d13017248 From a5f035c304f8ea4215241360ce06a86e094e9590 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jiri=20Dan=C4=9Bk?= Date: Wed, 30 Jul 2025 10:01:08 +0200 Subject: [PATCH 4/4] [2.22] RHOAIENG-10057: add `dnf upgrade` to rstudio images to mitigate fixable vulnerabilities (#1488) Cherry-picked from a49c372484bf737c9e45e9dee407ee47f1266c12 --- rstudio/c9s-python-3.11/Dockerfile.cpu | 6 +++++- rstudio/c9s-python-3.11/Dockerfile.cuda | 6 +++++- rstudio/rhel9-python-3.11/Dockerfile.cpu | 6 +++++- rstudio/rhel9-python-3.11/Dockerfile.cuda | 6 +++++- 4 files changed, 20 insertions(+), 4 deletions(-) diff --git a/rstudio/c9s-python-3.11/Dockerfile.cpu b/rstudio/c9s-python-3.11/Dockerfile.cpu index cb7293ac21..3c715da7d3 100644 --- a/rstudio/c9s-python-3.11/Dockerfile.cpu +++ b/rstudio/c9s-python-3.11/Dockerfile.cpu @@ -11,7 +11,11 @@ RUN pip install --no-cache-dir -U "micropipenv[toml]" # OS Packages needs to be installed as root USER root -# Install usefull OS packages +# upgrade first to avoid fixable vulnerabilities +RUN dnf -y upgrade --refresh --best --nodocs --noplugins --setopt=install_weak_deps=0 --setopt=keepcache=0 \ + && dnf clean all -y + +# Install useful OS packages RUN dnf install -y mesa-libGL skopeo && dnf clean all && rm -rf /var/cache/yum # Other apps and tools installed as default user diff --git a/rstudio/c9s-python-3.11/Dockerfile.cuda b/rstudio/c9s-python-3.11/Dockerfile.cuda index 2fdb2bc5fb..e706c2ff37 100644 --- a/rstudio/c9s-python-3.11/Dockerfile.cuda +++ b/rstudio/c9s-python-3.11/Dockerfile.cuda @@ -11,7 +11,11 @@ RUN pip install --no-cache-dir -U "micropipenv[toml]" # OS Packages needs to be installed as root USER root -# Install usefull OS packages +# upgrade first to avoid fixable vulnerabilities +RUN dnf -y upgrade --refresh --best --nodocs --noplugins --setopt=install_weak_deps=0 --setopt=keepcache=0 \ + && dnf clean all -y + +# Install useful OS packages RUN dnf install -y mesa-libGL skopeo && dnf clean all && rm -rf /var/cache/yum # Other apps and tools installed as default user diff --git a/rstudio/rhel9-python-3.11/Dockerfile.cpu b/rstudio/rhel9-python-3.11/Dockerfile.cpu index fc5279e48e..5d46cfbe88 100644 --- a/rstudio/rhel9-python-3.11/Dockerfile.cpu +++ b/rstudio/rhel9-python-3.11/Dockerfile.cpu @@ -11,7 +11,11 @@ RUN pip install --no-cache-dir -U "micropipenv[toml]" # OS Packages needs to be installed as root USER root -# Install usefull OS packages +# upgrade first to avoid fixable vulnerabilities +RUN dnf -y upgrade --refresh --best --nodocs --noplugins --setopt=install_weak_deps=0 --setopt=keepcache=0 \ + && dnf clean all -y + +# Install useful OS packages RUN dnf install -y mesa-libGL skopeo && dnf clean all && rm -rf /var/cache/yum # Other apps and tools installed as default user diff --git a/rstudio/rhel9-python-3.11/Dockerfile.cuda b/rstudio/rhel9-python-3.11/Dockerfile.cuda index dab87725c5..5122e47ad8 100644 --- a/rstudio/rhel9-python-3.11/Dockerfile.cuda +++ b/rstudio/rhel9-python-3.11/Dockerfile.cuda @@ -11,7 +11,11 @@ RUN pip install --no-cache-dir -U "micropipenv[toml]" # OS Packages needs to be installed as root USER root -# Install usefull OS packages +# upgrade first to avoid fixable vulnerabilities +RUN dnf -y upgrade --refresh --best --nodocs --noplugins --setopt=install_weak_deps=0 --setopt=keepcache=0 \ + && dnf clean all -y + +# Install useful OS packages RUN dnf install -y mesa-libGL skopeo && dnf clean all && rm -rf /var/cache/yum # Other apps and tools installed as default user