Add pinned libwebp to resolve CVE (nv-morpheus#1236)

Authors:
  - Devin Robison (https://github.com/drobison00)
  - David Gardner (https://github.com/dagardner-nv)

Approvers:
  - David Gardner (https://github.com/dagardner-nv)
  - Michael Demoret (https://github.com/mdemoret-nv)

URL: nv-morpheus#1236

ci/scripts/github/common.sh

@@ -98,6 +98,7 @@ function update_conda_env() {
     rapids-logger "Checking for updates to conda env"
 
     # Update the packages
+    rm -rf /opt/conda/.condarc /opt/conda/envs/morpheus/lib/python3.10/site-packages/fastjsonschema-2.18.0.dist-info
     rapids-mamba-retry env update -n morpheus --prune -q --file ${ENV_YAML}
 
     # Finally, reactivate

docker/conda/environments/cuda11.8_dev.yml

@@ -59,7 +59,8 @@ dependencies:
     - isort
     - libgrpc>=1.49
     - librdkafka=1.9.2
-    - mlflow>=2.2.1,<3
+    - libwebp>=1.3.2 # Required for CVE mitigation: https://nvd.nist.gov/vuln/detail/CVE-2023-4863
+    - mlflow>=2.2.1,<2.7
     - mrc=23.07
     - networkx=3.1
     - ninja=1.10

docker/conda/environments/cuda11.8_examples.yml

@@ -30,7 +30,8 @@ dependencies:
     - dask>=2023.1.1
     - dill=0.3.6
     - distributed>=2023.1.1
-    - mlflow>=2.2.1,<3
+    - libwebp>=1.3.2 # Required for CVE mitigation: https://nvd.nist.gov/vuln/detail/CVE-2023-4863
+    - mlflow>=2.2.1,<2.7
     - papermill=2.3.4
     - s3fs>=2023.6
     - pip

models/mlflow/docker/conda/mlflow-env.yml

@@ -20,6 +20,7 @@ channels:
 dependencies:
   - boto3
   - onnx
+  - libwebp>=1.3.2 # Required for CVE mitigation: https://nvd.nist.gov/vuln/detail/CVE-2023-4863
   - psycopg2<3
   - pymysql
   - python=3.11