[Draft] Add AutoGluon v1.1.1 (#4029)

* inital commit

* initial commit

* removing debug prints

* fix vulnerabilities

* revert

* fix vulnerability

* adding fix message

* fix

* Addressing comments

* revert toml

---------

Co-authored-by: Ubuntu <[email protected]>
Co-authored-by: Ubuntu <[email protected]>

Author: 3 people

autogluon/inference/buildspec.yml

@@ -1,7 +1,7 @@
 account_id: &ACCOUNT_ID <set-$ACCOUNT_ID-in-environment>
 region: &REGION <set-$REGION-in-environment>
 framework: &FRAMEWORK autogluon
-version: &VERSION 1.1.0
+version: &VERSION 1.1.1
 short_version: &SHORT_VERSION 1.1
 arch_type: x86
 
@@ -31,7 +31,7 @@ images:
     image_size_baseline: 6399
     device_type: &DEVICE_TYPE cpu
     python_version: &DOCKER_PYTHON_VERSION py3
-    tag_python_version: &TAG_PYTHON_VERSION py310
+    tag_python_version: &TAG_PYTHON_VERSION py311
     os_version: &OS_VERSION ubuntu20.04
     tag: !join [ *VERSION, "-", *DEVICE_TYPE, "-", *TAG_PYTHON_VERSION, "-", *OS_VERSION ]
     docker_file: !join [ docker/, *SHORT_VERSION, /, *DOCKER_PYTHON_VERSION, /Dockerfile., *DEVICE_TYPE ]
@@ -44,8 +44,8 @@ images:
     image_size_baseline: 19456
     device_type: &DEVICE_TYPE gpu
     python_version: &DOCKER_PYTHON_VERSION py3
-    tag_python_version: &TAG_PYTHON_VERSION py310
-    cuda_version: &CUDA_VERSION cu118
+    tag_python_version: &TAG_PYTHON_VERSION py311
+    cuda_version: &CUDA_VERSION cu121
     os_version: &OS_VERSION ubuntu20.04
     tag: !join [ *VERSION, "-", *DEVICE_TYPE, "-", *TAG_PYTHON_VERSION, "-", *CUDA_VERSION, "-", *OS_VERSION ]
     docker_file: !join [ docker/, *SHORT_VERSION, /, *DOCKER_PYTHON_VERSION, /, *CUDA_VERSION, /Dockerfile., *DEVICE_TYPE ]

autogluon/inference/docker/1.1/py3/Dockerfile.cpu

@@ -1,6 +1,6 @@
-ARG PYTHON_VERSION=3.10.8
+ARG PYTHON_VERSION=3.11.9
 
-FROM 763104351884.dkr.ecr.us-west-2.amazonaws.com/pytorch-inference:2.1.0-cpu-py310-ubuntu20.04-sagemaker
+FROM 763104351884.dkr.ecr.us-west-2.amazonaws.com/pytorch-inference:2.3.0-cpu-py311-ubuntu20.04-sagemaker
 
 # Specify accept-bind-to-port LABEL for inference pipelines to use SAGEMAKER_BIND_TO_PORT
 # https://docs.aws.amazon.com/sagemaker/latest/dg/inference-pipeline-real-time.html
@@ -19,7 +19,7 @@ RUN apt-get update \
  && apt-get clean \
  && rm -rf /var/lib/apt/lists/*
 
-ARG AUTOGLUON_VERSION=1.1.0
+ARG AUTOGLUON_VERSION=1.1.1
 
 # Upgrading pip and installing/updating Python dependencies
 # Comments are added to explain the reason behind each update
@@ -34,8 +34,8 @@ RUN pip install --no-cache-dir -U --trusted-host pypi.org --trusted-host files.p
  && mim install -q mmcv==2.1.0 --timeout 600 \
  && pip install --no-cache-dir -U mmdet>=3.0.0 \
  && pip install --no-cache-dir -U "mmengine" \
-# Update transformers to secure versions that fixes CVE-2023-7018
- && pip install --no-cache-dir -U setuptools>=65.5.1 \  
+# Capping setuptools to 69.5.1 to fix AutoMM tests
+ && pip install --no-cache-dir setuptools==69.5.1 \  
  # Update pillow to a secure version that fixes CVE-2023-50447
  && pip install --no-cache-dir -U pillow>=10.2.0 \
  # Update Jinja2 to a secure version that fixes vulnerability id 64227
@@ -47,7 +47,9 @@ RUN pip install --no-cache-dir -U --trusted-host pypi.org --trusted-host files.p
  && pip install --no-cache-dir -U scipy==1.12.0 \
  && pip install --no-cache-dir -U joblib==1.4.2 \
  # update tqdm to a secure version that fixes CVE-2024-34062
- && pip install --no-cache-dir -U tqdm>=4.66.3
+ && pip install --no-cache-dir -U tqdm>=4.66.3 \
+ # update urllib3 to fix vulnerability id 71608
+ && pip install --no-cache-dir -U urllib3
 
 
 

autogluon/inference/docker/1.1/py3/Dockerfile.cpu.os_scan_allowlist.json

@@ -1,9 +1,9 @@
 {
-    "50916": "Pydantic 1.10.2 prevents long strings as int inputs to fix CVE-2020-10735 - upstream dependencies are still not patched",
-    "51358": "Safety 2.2.0 updates its dependency 'dparse' to include a security fix. - not packaged with container, result of security scanning process",
     "65213": "PyOpenSSL doesn't have this fix yet - the issue only applicable to PowerPC architecture and not applicable to this container",
-    "67599": "pip - No fix for this yet",
     "70612": "jinja2 3.1.4 - The maintainer and multiple third parties believe that this vulnerability isn't valid.",
     "65189": "Ray - autogluon uses ray < 2.11",
-    "70485": "Ray - autogluon uses ray < 2.11"
+    "70485": "Ray - autogluon uses ray < 2.11",
+    "71805": "onnx - this package is required by autogluon multimodal",
+    "71596": "scikit-learn - this package is required by autogluon",
+    "71670": "torch 2.3 is used in the base image and is required by autogluon"
 }