From d59a766358598f3124c370f1a0cfade98b9794e5 Mon Sep 17 00:00:00 2001
From: Srikanth Ramakrishna <srikanth.ramakrishna@intel.com>
Date: Thu, 12 Sep 2024 09:35:53 -0700
Subject: [PATCH 1/5] remove package vulns

Signed-off-by: Srikanth Ramakrishna <srikanth.ramakrishna@intel.com>
---
 pytorch/Dockerfile                              | 2 ++
 pytorch/docker-compose.yaml                     | 2 ++
 pytorch/serving/torchserve-xpu-requirements.txt | 4 +++-
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/pytorch/Dockerfile b/pytorch/Dockerfile
index 4015c2a5..afa65644 100644
--- a/pytorch/Dockerfile
+++ b/pytorch/Dockerfile
@@ -320,6 +320,8 @@ ARG GID=109
 RUN groupadd -g ${GID} render &&\
     usermod -aG video,render model-server
 
+RUN python -m pip install pip==23.3 setuptools==70.0.0
+
 USER model-server
 
 WORKDIR /home/model-server
diff --git a/pytorch/docker-compose.yaml b/pytorch/docker-compose.yaml
index efacdea1..8ee87834 100644
--- a/pytorch/docker-compose.yaml
+++ b/pytorch/docker-compose.yaml
@@ -183,6 +183,8 @@ services:
         dependency.apt.openjdk-17-jdk: true
         dependency.apt.xpu-smi: ${XPU_SMI_VERSION:-1.2.38}
         dependency.idp: false
+        dependency.pip.pip: 23.3
+        dependency.pip.setuptools: 70.0.0
         dependency.python.pip: serving/torchserve-xpu-requirements.txt
         docs: serving
         org.opencontainers.base.name: "intel/python:3.10-core"
diff --git a/pytorch/serving/torchserve-xpu-requirements.txt b/pytorch/serving/torchserve-xpu-requirements.txt
index 693402fe..21176f9f 100644
--- a/pytorch/serving/torchserve-xpu-requirements.txt
+++ b/pytorch/serving/torchserve-xpu-requirements.txt
@@ -3,7 +3,7 @@ torchvision==0.18.1+cxx11.abi
 torchaudio==2.3.1+cxx11.abi
 intel_extension_for_pytorch==2.3.110+xpu
 --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us
-numpy==1.26.4
+numpy==2.1.1
 captum>=0.7.0
 cython>=3.0.10
 pynvml>=11.5.0
@@ -12,3 +12,5 @@ pyyaml>=6.0.1
 torch-model-archiver==0.11.1
 torch-workflow-archiver==0.2.14
 torchserve==0.11.1
+pip==23.3
+setuptools==70.0.0

From 6655ae751493b4e742f1c016cda8e03a93a20926 Mon Sep 17 00:00:00 2001
From: Srikanth Ramakrishna <srikanth.ramakrishna@intel.com>
Date: Thu, 12 Sep 2024 11:05:24 -0700
Subject: [PATCH 2/5] update requirements

Signed-off-by: Srikanth Ramakrishna <srikanth.ramakrishna@intel.com>
---
 pytorch/serving/torchserve-xpu-requirements.txt | 2 --
 1 file changed, 2 deletions(-)

diff --git a/pytorch/serving/torchserve-xpu-requirements.txt b/pytorch/serving/torchserve-xpu-requirements.txt
index 21176f9f..6cd3ff99 100644
--- a/pytorch/serving/torchserve-xpu-requirements.txt
+++ b/pytorch/serving/torchserve-xpu-requirements.txt
@@ -12,5 +12,3 @@ pyyaml>=6.0.1
 torch-model-archiver==0.11.1
 torch-workflow-archiver==0.2.14
 torchserve==0.11.1
-pip==23.3
-setuptools==70.0.0

From 3cd13cde6315762dea0bdc944786bf6837d2e0cf Mon Sep 17 00:00:00 2001
From: Srikanth Ramakrishna <srikanth.ramakrishna@intel.com>
Date: Thu, 12 Sep 2024 12:28:03 -0700
Subject: [PATCH 3/5] resolve venv vulns

Signed-off-by: Srikanth Ramakrishna <srikanth.ramakrishna@intel.com>
---
 pytorch/Dockerfile            | 9 ++++++---
 pytorch/venv-requirements.txt | 5 +++++
 2 files changed, 11 insertions(+), 3 deletions(-)
 create mode 100644 pytorch/venv-requirements.txt

diff --git a/pytorch/Dockerfile b/pytorch/Dockerfile
index afa65644..c429c128 100644
--- a/pytorch/Dockerfile
+++ b/pytorch/Dockerfile
@@ -229,7 +229,12 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends --fix-missin
     python3-venv && \
     rm -rf /var/lib/apt/lists/*
 
-RUN python3 -m venv /home/venv
+COPY venv-requirements.txt .
+
+RUN python3 -m venv /home/venv && \
+    /home/venv/bin/python -m pip install --no-cache-dir --upgrade pip && \
+    /home/venv/bin/python -m pip install --no-cache-dir -r venv-requirements.txt && \
+    rm -rf venv-requirements.txt
 
 ENV PATH="/home/venv/bin:$PATH"
 
@@ -320,8 +325,6 @@ ARG GID=109
 RUN groupadd -g ${GID} render &&\
     usermod -aG video,render model-server
 
-RUN python -m pip install pip==23.3 setuptools==70.0.0
-
 USER model-server
 
 WORKDIR /home/model-server
diff --git a/pytorch/venv-requirements.txt b/pytorch/venv-requirements.txt
new file mode 100644
index 00000000..4d686efe
--- /dev/null
+++ b/pytorch/venv-requirements.txt
@@ -0,0 +1,5 @@
+setuptools>=70.0.0
+psutil==6.0.0
+mkl==2024.2.1
+mkl-include==2024.2.1
+intel-openmp==2024.2.1

From 4e460c93af0f7ecf30ae811972e0ff46830945cd Mon Sep 17 00:00:00 2001
From: Srikanth Ramakrishna <srikanth.ramakrishna@intel.com>
Date: Thu, 12 Sep 2024 12:29:22 -0700
Subject: [PATCH 4/5] remove deps labels

Signed-off-by: Srikanth Ramakrishna <srikanth.ramakrishna@intel.com>
---
 pytorch/docker-compose.yaml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/pytorch/docker-compose.yaml b/pytorch/docker-compose.yaml
index 8ee87834..efacdea1 100644
--- a/pytorch/docker-compose.yaml
+++ b/pytorch/docker-compose.yaml
@@ -183,8 +183,6 @@ services:
         dependency.apt.openjdk-17-jdk: true
         dependency.apt.xpu-smi: ${XPU_SMI_VERSION:-1.2.38}
         dependency.idp: false
-        dependency.pip.pip: 23.3
-        dependency.pip.setuptools: 70.0.0
         dependency.python.pip: serving/torchserve-xpu-requirements.txt
         docs: serving
         org.opencontainers.base.name: "intel/python:3.10-core"

From c3adaf41bfed2525355a0e05316ec39ce0d656be Mon Sep 17 00:00:00 2001
From: Srikanth Ramakrishna <srikanth.ramakrishna@intel.com>
Date: Thu, 12 Sep 2024 12:39:53 -0700
Subject: [PATCH 5/5] fix lint error

Signed-off-by: Srikanth Ramakrishna <srikanth.ramakrishna@intel.com>
---
 pytorch/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pytorch/Dockerfile b/pytorch/Dockerfile
index c429c128..0ad9c07f 100644
--- a/pytorch/Dockerfile
+++ b/pytorch/Dockerfile
@@ -229,6 +229,7 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends --fix-missin
     python3-venv && \
     rm -rf /var/lib/apt/lists/*
 
+WORKDIR /
 COPY venv-requirements.txt .
 
 RUN python3 -m venv /home/venv && \