Add Dockerfiles for Neuron DLC with SDK 2.20.2 (#29)

*Issue #, if available:*

*Description of changes:*


By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice.

Author: foolhb

docker/pytorch/inference/1.13.1/Dockerfile.neuron

@@ -5,7 +5,7 @@ LABEL maintainer="Amazon AI"
 LABEL com.amazonaws.sagemaker.capabilities.accept-bind-to-port=true
 
 # Neuron SDK components version numbers
-ARG NEURON_FRAMEWORK_VERSION=1.13.1.2.11.7.0
+ARG NEURON_FRAMEWORK_VERSION=1.13.1.2.11.13.0
 ARG NEURON_CC_VERSION=1.24.0.0
 ARG NEURONX_TOOLS_VERSION=2.19.0.0
 

docker/pytorch/inference/1.13.1/Dockerfile.neuronx

@@ -7,10 +7,10 @@ LABEL com.amazonaws.sagemaker.capabilities.accept-bind-to-port=true
 # Neuron SDK components version numbers
 ARG NEURONX_FRAMEWORK_VERSION=1.13.1.1.16.0
 ARG NEURONX_DISTRIBUTED_VERSION=0.9.0
-ARG NEURONX_CC_VERSION=2.15.141.0
+ARG NEURONX_CC_VERSION=2.15.143.0
 ARG NEURONX_TRANSFORMERS_VERSION=0.12.313
-ARG NEURONX_COLLECTIVES_LIB_VERSION=2.22.26.0-17a033bc8
-ARG NEURONX_RUNTIME_LIB_VERSION=2.22.14.0-6e27b8d5b
+ARG NEURONX_COLLECTIVES_LIB_VERSION=2.22.33.0-d2128d1aa
+ARG NEURONX_RUNTIME_LIB_VERSION=2.22.19.0-5856c0b42
 ARG NEURONX_TOOLS_VERSION=2.19.0.0
 
 ARG PYTHON=python3.10

docker/pytorch/inference/2.1.2/Dockerfile.neuronx

@@ -6,11 +6,11 @@ LABEL com.amazonaws.sagemaker.capabilities.accept-bind-to-port=true
 
 # Neuron SDK components version numbers
 ARG NEURONX_DISTRIBUTED_VERSION=0.9.0
-ARG NEURONX_CC_VERSION=2.15.141.0
-ARG NEURONX_FRAMEWORK_VERSION=2.1.2.2.3.1
+ARG NEURONX_CC_VERSION=2.15.143.0
+ARG NEURONX_FRAMEWORK_VERSION=2.1.2.2.3.2
 ARG NEURONX_TRANSFORMERS_VERSION=0.12.313
-ARG NEURONX_COLLECTIVES_LIB_VERSION=2.22.26.0-17a033bc8
-ARG NEURONX_RUNTIME_LIB_VERSION=2.22.14.0-6e27b8d5b
+ARG NEURONX_COLLECTIVES_LIB_VERSION=2.22.33.0-d2128d1aa
+ARG NEURONX_RUNTIME_LIB_VERSION=2.22.19.0-5856c0b42
 ARG NEURONX_TOOLS_VERSION=2.19.0.0
 
 ARG PYTHON=python3.10

docker/pytorch/training/1.13.1/Dockerfile.neuronx

@@ -6,10 +6,10 @@ LABEL dlc_major_version="1"
 # Neuron SDK components version numbers
 ARG NEURONX_FRAMEWORK_VERSION=1.13.1.1.16.0
 ARG NEURONX_DISTRIBUTED_VERSION=0.9.0
-ARG NEURONX_DISTRIBUTED_TRAINING_VERSION=1.0.0
-ARG NEURONX_CC_VERSION=2.15.141.0
-ARG NEURONX_COLLECTIVES_LIB_VERSION=2.22.26.0-17a033bc8
-ARG NEURONX_RUNTIME_LIB_VERSION=2.22.14.0-6e27b8d5b
+ARG NEURONX_DISTRIBUTED_TRAINING_VERSION=1.0.1
+ARG NEURONX_CC_VERSION=2.15.143.0
+ARG NEURONX_COLLECTIVES_LIB_VERSION=2.22.33.0-d2128d1aa
+ARG NEURONX_RUNTIME_LIB_VERSION=2.22.19.0-5856c0b42
 ARG NEURONX_TOOLS_VERSION=2.19.0.0
 
 ARG PYTHON=python3.10
@@ -162,12 +162,11 @@ RUN git clone https://github.com/NVIDIA/apex.git /root/apex \
 
 #Install dependencies from requirements and extras for SageMaker usecase
 RUN wget https://raw.githubusercontent.com/aws-neuron/neuronx-distributed-training/master/requirements.txt \
-    && pip install --no-deps --no-cache-dir  --no-build-isolation -r requirements.txt /root/apex/dist/apex-0.1-py3-none-any.whl \
-    && pip install --force-reinstall "numba==0.57.1" \
-    "multiprocess==0.70.16" \
-    "numpy>=1.24.3,<=1.25.2" \
-    "dill==0.3.8"
-
+    && pip install --no-cache-dir -r requirements.txt /root/apex/dist/apex-0.1-py3-none-any.whl \
+    && pip install --force-reinstall "multiprocess==0.70.16" \
+    "dill==0.3.8" \
+    "torch==1.13.1"
+    
 
 RUN ${PIP} install --force-reinstall --no-deps neuronx_distributed_training==$NEURONX_DISTRIBUTED_TRAINING_VERSION --extra-index-url https://pip.repos.neuron.amazonaws.com
 
@@ -192,9 +191,7 @@ RUN pip install --no-cache-dir -U \
     "opencv-python>=4.8.1.78" \
     "plotly>=5.11,<6" \
     "seaborn>=0.12,<1" \
-    "numba>=0.56.4,<0.57" \
-    "shap>=0.41,<1" \
-    "numpy<1.24,>1.21"
+    "shap>=0.41,<1"
 
 # EFA Installer does apt get. Make sure to run apt update before that
 RUN apt-get update

docker/pytorch/training/1.13.1/Dockerfile.neuronx.cve_allowlist.json

@@ -1,84 +1,4 @@
 {
-    "CVE-2023-6730": {
-        "description": "Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.",
-        "remediation": {
-            "recommendation": {
-                "text": "None Provided"
-            }
-        },
-        "score": 8.8,
-        "score_details": {
-            "cvss": {
-                "adjustments": [],
-                "score": 8.8,
-                "scoreSource": "NVD",
-                "scoringVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
-                "version": "3.1"
-            }
-        },
-        "severity": "HIGH",
-        "source": "NVD",
-        "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6730",
-        "status": "ACTIVE",
-        "title": "CVE-2023-6730 - transformers, transformers",
-        "vulnerability_id": "CVE-2023-6730",
-        "vulnerable_packages": [
-            {
-                "epoch": 0,
-                "filePath": "usr/local/lib/python3.10/site-packages/transformers-4.31.0.dist-info/METADATA",
-                "name": "transformers",
-                "packageManager": "PYTHONPKG",
-                "version": "4.31.0"
-            },
-            {
-                "epoch": 0,
-                "filePath": "requirements.txt",
-                "name": "transformers",
-                "packageManager": "PIP",
-                "version": "4.31.0"
-            }
-        ]
-    },
-    "CVE-2023-7018": {
-        "description": "Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.",
-        "remediation": {
-            "recommendation": {
-                "text": "None Provided"
-            }
-        },
-        "score": 7.8,
-        "score_details": {
-            "cvss": {
-                "adjustments": [],
-                "score": 7.8,
-                "scoreSource": "NVD",
-                "scoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
-                "version": "3.1"
-            }
-        },
-        "severity": "HIGH",
-        "source": "NVD",
-        "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7018",
-        "status": "ACTIVE",
-        "title": "CVE-2023-7018 - transformers, transformers",
-        "vulnerability_id": "CVE-2023-7018",
-        "vulnerable_packages": [
-            {
-                "epoch": 0,
-                "filePath": "usr/local/lib/python3.10/site-packages/transformers-4.31.0.dist-info/METADATA",
-                "name": "transformers",
-                "packageManager": "PYTHONPKG",
-                "version": "4.31.0"
-            },
-            {
-                "epoch": 0,
-                "filePath": "requirements.txt",
-                "name": "transformers",
-                "packageManager": "PIP",
-                "version": "4.31.0"
-            }
-        ]
-    },
     "CVE-2024-31580": {
         "description": "PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.",
         "remediation": {
@@ -197,17 +117,17 @@
         "vulnerable_packages": [
             {
                 "epoch": 0,
-                "filePath": "usr/local/lib/python3.10/site-packages/transformers-4.31.0.dist-info/METADATA",
+                "filePath": "usr/local/lib/python3.10/site-packages/transformers-4.36.0.dist-info/METADATA",
                 "name": "transformers",
                 "packageManager": "PYTHONPKG",
-                "version": "4.31.0"
+                "version": "4.36.0"
             },
             {
                 "epoch": 0,
                 "filePath": "requirements.txt",
                 "name": "transformers",
                 "packageManager": "PIP",
-                "version": "4.31.0"
+                "version": "4.36.0"
             }
         ]
     },

docker/pytorch/training/2.1.2/Dockerfile.neuronx

@@ -5,11 +5,11 @@ LABEL dlc_major_version="1"
 
 # Neuron SDK components version numbers
 ARG NEURONX_DISTRIBUTED_VERSION=0.9.0
-ARG NEURONX_DISTRIBUTED_TRAINING_VERSION=1.0.0
-ARG NEURONX_CC_VERSION=2.15.141.0
-ARG NEURONX_FRAMEWORK_VERSION=2.1.2.2.3.1
-ARG NEURONX_COLLECTIVES_LIB_VERSION=2.22.26.0-17a033bc8
-ARG NEURONX_RUNTIME_LIB_VERSION=2.22.14.0-6e27b8d5b
+ARG NEURONX_DISTRIBUTED_TRAINING_VERSION=1.0.1
+ARG NEURONX_CC_VERSION=2.15.143.0
+ARG NEURONX_FRAMEWORK_VERSION=2.1.2.2.3.2
+ARG NEURONX_COLLECTIVES_LIB_VERSION=2.22.33.0-d2128d1aa
+ARG NEURONX_RUNTIME_LIB_VERSION=2.22.19.0-5856c0b42
 ARG NEURONX_TOOLS_VERSION=2.19.0.0
 
 ARG PYTHON=python3.10
@@ -146,8 +146,9 @@ RUN ${PIP} config set global.extra-index-url https://pip.repos.neuron.amazonaws.
 RUN ${PIP} install --force-reinstall --no-deps neuronx_distributed==$NEURONX_DISTRIBUTED_VERSION --extra-index-url https://pip.repos.neuron.amazonaws.com
 
 ## Installation for Neuronx Distributed Training framework
-# Install Cython
-RUN pip install --no-cache-dir Cython
+# Install Cython & wheel
+RUN ${PIP} install --no-cache-dir Cython \
+ && ${PIP} install --no-cache-dir wheel
 
 # Copy the apex_setup.py file
 COPY apex_setup.py /root/apex_setup.py
@@ -161,11 +162,10 @@ RUN git clone https://github.com/NVIDIA/apex.git /root/apex \
 
 #Install dependencies from requirements and extras for SageMaker usecase
 RUN wget https://raw.githubusercontent.com/aws-neuron/neuronx-distributed-training/master/requirements.txt \
-    && pip install --no-deps --no-cache-dir --no-build-isolation -r requirements.txt /root/apex/dist/apex-0.1-py3-none-any.whl \
-    && pip install --force-reinstall "numba==0.57.1" \
-    "multiprocess==0.70.16" \
-    "numpy>=1.24.3,<=1.25.2" \
-    "dill==0.3.8"
+    && ${PIP} install --no-cache-dir -r requirements.txt /root/apex/dist/apex-0.1-py3-none-any.whl \
+    && ${PIP} install --force-reinstall "multiprocess==0.70.16" \
+    "dill==0.3.8" \
+    "torch==2.1.2"
 
 
 RUN ${PIP} install --force-reinstall --no-deps neuronx_distributed_training==$NEURONX_DISTRIBUTED_TRAINING_VERSION --extra-index-url https://pip.repos.neuron.amazonaws.com
@@ -191,9 +191,7 @@ RUN pip install --no-cache-dir -U \
     "opencv-python>=4.8.1.78" \
     "plotly>=5.11,<6" \
     "seaborn>=0.12,<1" \
-    "numba>=0.56.4,<0.57" \
-    "shap>=0.41,<1" \
-    "numpy<1.24,>1.21"
+    "shap>=0.41,<1"
 
 # EFA Installer does apt get. Make sure to run apt update before that
 RUN apt-get update

docker/pytorch/training/2.1.2/Dockerfile.neuronx.cve_allowlist.json

@@ -1,81 +1,34 @@
 {
-    "CVE-2023-6730": {
-        "description": "Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.",
+    "CVE-2022-40897": {
+        "description": "Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.",
         "remediation": {
             "recommendation": {
                 "text": "None Provided"
             }
         },
-        "score": 8.8,
+        "score": 5.9,
         "score_details": {
             "cvss": {
                 "adjustments": [],
-                "score": 8.8,
+                "score": 5.9,
                 "scoreSource": "NVD",
-                "scoringVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+                "scoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                 "version": "3.1"
             }
         },
-        "severity": "HIGH",
+        "severity": "MEDIUM",
         "source": "NVD",
-        "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6730",
+        "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40897",
         "status": "ACTIVE",
-        "title": "CVE-2023-6730 - transformers, transformers",
-        "vulnerability_id": "CVE-2023-6730",
+        "title": "CVE-2022-40897 - setuptools",
+        "vulnerability_id": "CVE-2022-40897",
         "vulnerable_packages": [
             {
                 "epoch": 0,
-                "filePath": "usr/local/lib/python3.10/site-packages/transformers-4.31.0.dist-info/METADATA",
-                "name": "transformers",
-                "packageManager": "PYTHONPKG",
-                "version": "4.31.0"
-            },
-            {
-                "epoch": 0,
-                "filePath": "requirements.txt",
-                "name": "transformers",
-                "packageManager": "PIP",
-                "version": "4.31.0"
-            }
-        ]
-    },
-    "CVE-2023-7018": {
-        "description": "Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.",
-        "remediation": {
-            "recommendation": {
-                "text": "None Provided"
-            }
-        },
-        "score": 7.8,
-        "score_details": {
-            "cvss": {
-                "adjustments": [],
-                "score": 7.8,
-                "scoreSource": "NVD",
-                "scoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
-                "version": "3.1"
-            }
-        },
-        "severity": "HIGH",
-        "source": "NVD",
-        "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7018",
-        "status": "ACTIVE",
-        "title": "CVE-2023-7018 - transformers, transformers",
-        "vulnerability_id": "CVE-2023-7018",
-        "vulnerable_packages": [
-            {
-                "epoch": 0,
-                "filePath": "usr/local/lib/python3.10/site-packages/transformers-4.31.0.dist-info/METADATA",
-                "name": "transformers",
+                "filePath": "usr/local/lib/python3.10/site-packages/setuptools-59.5.0.dist-info/METADATA",
+                "name": "setuptools",
                 "packageManager": "PYTHONPKG",
-                "version": "4.31.0"
-            },
-            {
-                "epoch": 0,
-                "filePath": "requirements.txt",
-                "name": "transformers",
-                "packageManager": "PIP",
-                "version": "4.31.0"
+                "version": "59.5.0"
             }
         ]
     },
@@ -197,17 +150,17 @@
         "vulnerable_packages": [
             {
                 "epoch": 0,
-                "filePath": "usr/local/lib/python3.10/site-packages/transformers-4.31.0.dist-info/METADATA",
+                "filePath": "usr/local/lib/python3.10/site-packages/transformers-4.36.0.dist-info/METADATA",
                 "name": "transformers",
                 "packageManager": "PYTHONPKG",
-                "version": "4.31.0"
+                "version": "4.36.0"
             },
             {
                 "epoch": 0,
                 "filePath": "requirements.txt",
                 "name": "transformers",
                 "packageManager": "PIP",
-                "version": "4.31.0"
+                "version": "4.36.0"
             }
         ]
     },
@@ -282,5 +235,30 @@
                 "version": "1.8.6"
             }
         ]
+    },
+    "CVE-2024-6345": {
+        "description": "A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.",
+        "remediation": {
+            "recommendation": {
+                "text": "None Provided"
+            }
+        },
+        "score": 0.0,
+        "score_details": {},
+        "severity": "UNTRIAGED",
+        "source": "NVD",
+        "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345",
+        "status": "ACTIVE",
+        "title": "CVE-2024-6345 - setuptools",
+        "vulnerability_id": "CVE-2024-6345",
+        "vulnerable_packages": [
+            {
+                "epoch": 0,
+                "filePath": "usr/local/lib/python3.10/site-packages/setuptools-59.5.0.dist-info/METADATA",
+                "name": "setuptools",
+                "packageManager": "PYTHONPKG",
+                "version": "59.5.0"
+            }
+        ]
     }
 }