add setup tools to corepackages.json

Jyothirmaikottu · Jyothirmaikottu · commit 47e4a2bd8eed · 2026-02-10T22:21:07.000-08:00
diff --git a/tensorflow/training/buildspec-2-19-sm.yml b/tensorflow/training/buildspec-2-19-sm.yml
@@ -5,7 +5,7 @@ framework: &FRAMEWORK tensorflow
 version: &VERSION 2.19.0
 short_version: &SHORT_VERSION "2.19"
 arch_type: x86
-autopatch_build: "False"
+autopatch_build: "True"
 
 repository_info:
   training_repository: &TRAINING_REPOSITORY
diff --git a/tensorflow/training/docker/2.19/py3/Dockerfile.sagemaker.cpu.core_packages.json b/tensorflow/training/docker/2.19/py3/Dockerfile.sagemaker.cpu.core_packages.json
@@ -1,4 +1,7 @@
 {
+  "setuptools": {
+    "version_specifier": ">=81.0.0"
+  },
   "awscli": {
     "version_specifier": "<2"
   },
diff --git a/tensorflow/training/docker/2.19/py3/Dockerfile.sagemaker.cpu.os_scan_allowlist.json b/tensorflow/training/docker/2.19/py3/Dockerfile.sagemaker.cpu.os_scan_allowlist.json
@@ -549,37 +549,6 @@
       "reason_to_ignore": "N/A"
     }
   ],
-  "jaraco.context": [
-    {
-      "description": "jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the `jaraco.context.tarball()` function starting in version 5.2.0 and prior to version 6.1.0. The vulnerability may allow attackers to extract files outside the intended extraction directory when malicious tar archives are processed. The strip_first_component filter splits the path on the first `/` and extracts the second component, while allowing `../` sequences. Paths like `dummy_dir/../../etc/passwd` become `../../etc/passwd`. Note that this suffers from a nested tarball attack as well with multi-level tar files such as `dummy_dir/inner.tar.gz`, where the inner.tar.gz includes a traversal `dummy_dir/../../config/.env` that also gets translated to `../../config/.env`. Version 6.1.0 contains a patch for the issue.",
-      "vulnerability_id": "CVE-2026-23949",
-      "name": "CVE-2026-23949",
-      "package_name": "jaraco.context",
-      "package_details": {
-        "file_path": "/usr/local/lib/python3.12/site-packages/setuptools/_vendor/jaraco.context-5.3.0.dist-info/METADATA",
-        "name": "jaraco.context",
-        "package_manager": "PYTHON",
-        "version": "5.3.0",
-        "release": null
-      },
-      "remediation": {
-        "recommendation": {
-          "text": "None Provided"
-        }
-      },
-      "cvss_v3_score": 8.6,
-      "cvss_v30_score": 0.0,
-      "cvss_v31_score": 8.6,
-      "cvss_v2_score": 0.0,
-      "cvss_v3_severity": "HIGH",
-      "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23949",
-      "source": "NVD",
-      "severity": "HIGH",
-      "status": "ACTIVE",
-      "title": "CVE-2026-23949 - jaraco.context",
-      "reason_to_ignore": "N/A"
-    }
-  ],
   "qs": [
     {
       "description": "Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: < 6.14.1.\n\nSummaryThe arrayLimit\u00a0option in qs does not enforce limits for bracket notation (a[]=1&a[]=2), allowing attackers to cause denial-of-service via memory exhaustion. Applications using arrayLimit\u00a0for DoS protection are vulnerable.\n\nDetailsThe arrayLimit\u00a0option only checks limits for indexed notation (a[0]=1&a[1]=2) but completely bypasses it for bracket notation (a[]=1&a[]=2).\n\nVulnerable code\u00a0(lib/parse.js:159-162):\n\nif (root === '[]' && options.parseArrays) { obj = utils.combine([], leaf); // No arrayLimit check }\n\nWorking code\u00a0(lib/parse.js:175):\n\nelse if (index <= options.arrayLimit) { // Limit checked here obj = []; obj[index] = leaf; }\n\nThe bracket notation handler at line 159 uses utils.combine([], leaf)\u00a0without validating against options.arrayLimit, while indexed notation at line 175 checks index <= options.arrayLimit\u00a0before creating arrays.\n\nPoCTest 1 - Basic bypass:\n\nnpm install qs\n\nconst qs",
diff --git a/tensorflow/training/docker/2.19/py3/cu125/Dockerfile.sagemaker.gpu.core_packages.json b/tensorflow/training/docker/2.19/py3/cu125/Dockerfile.sagemaker.gpu.core_packages.json
@@ -1,4 +1,7 @@
 {
+  "setuptools": {
+    "version_specifier": ">=81.0.0"
+  },
   "awscli": {
     "version_specifier": "<2"
   },
diff --git a/tensorflow/training/docker/2.19/py3/cu125/Dockerfile.sagemaker.gpu.os_scan_allowlist.json b/tensorflow/training/docker/2.19/py3/cu125/Dockerfile.sagemaker.gpu.os_scan_allowlist.json
@@ -549,37 +549,6 @@
       "reason_to_ignore": "N/A"
     }
   ],
-  "jaraco.context": [
-    {
-      "description": "jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the `jaraco.context.tarball()` function starting in version 5.2.0 and prior to version 6.1.0. The vulnerability may allow attackers to extract files outside the intended extraction directory when malicious tar archives are processed. The strip_first_component filter splits the path on the first `/` and extracts the second component, while allowing `../` sequences. Paths like `dummy_dir/../../etc/passwd` become `../../etc/passwd`. Note that this suffers from a nested tarball attack as well with multi-level tar files such as `dummy_dir/inner.tar.gz`, where the inner.tar.gz includes a traversal `dummy_dir/../../config/.env` that also gets translated to `../../config/.env`. Version 6.1.0 contains a patch for the issue.",
-      "vulnerability_id": "CVE-2026-23949",
-      "name": "CVE-2026-23949",
-      "package_name": "jaraco.context",
-      "package_details": {
-        "file_path": "/usr/local/lib/python3.12/site-packages/setuptools/_vendor/jaraco.context-5.3.0.dist-info/METADATA",
-        "name": "jaraco.context",
-        "package_manager": "PYTHON",
-        "version": "5.3.0",
-        "release": null
-      },
-      "remediation": {
-        "recommendation": {
-          "text": "None Provided"
-        }
-      },
-      "cvss_v3_score": 8.6,
-      "cvss_v30_score": 0.0,
-      "cvss_v31_score": 8.6,
-      "cvss_v2_score": 0.0,
-      "cvss_v3_severity": "HIGH",
-      "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23949",
-      "source": "NVD",
-      "severity": "HIGH",
-      "status": "ACTIVE",
-      "title": "CVE-2026-23949 - jaraco.context",
-      "reason_to_ignore": "N/A"
-    }
-  ],
   "qs": [
     {
       "description": "Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: < 6.14.1.\n\nSummaryThe arrayLimit\u00a0option in qs does not enforce limits for bracket notation (a[]=1&a[]=2), allowing attackers to cause denial-of-service via memory exhaustion. Applications using arrayLimit\u00a0for DoS protection are vulnerable.\n\nDetailsThe arrayLimit\u00a0option only checks limits for indexed notation (a[0]=1&a[1]=2) but completely bypasses it for bracket notation (a[]=1&a[]=2).\n\nVulnerable code\u00a0(lib/parse.js:159-162):\n\nif (root === '[]' && options.parseArrays) { obj = utils.combine([], leaf); // No arrayLimit check }\n\nWorking code\u00a0(lib/parse.js:175):\n\nelse if (index <= options.arrayLimit) { // Limit checked here obj = []; obj[index] = leaf; }\n\nThe bracket notation handler at line 159 uses utils.combine([], leaf)\u00a0without validating against options.arrayLimit, while indexed notation at line 175 checks index <= options.arrayLimit\u00a0before creating arrays.\n\nPoCTest 1 - Basic bypass:\n\nnpm install qs\n\nconst qs",

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,7 @@`
`1`	`1`	`{`
	`2`	`+ "setuptools": {`
	`3`	`+ "version_specifier": ">=81.0.0"`
	`4`	`+ },`
`2`	`5`	`"awscli": {`
`3`	`6`	`"version_specifier": "<2"`
`4`	`7`	`},`