nv-morpheus · rapids-bot · Oct 4, 2023 · Oct 3, 2023 · Oct 3, 2023 · Oct 3, 2023
@@ -98,6 +98,7 @@ function update_conda_env() {
     rapids-logger "Checking for updates to conda env"
 
     # Update the packages
+    rm -rf /opt/conda/.condarc /opt/conda/envs/morpheus/lib/python3.10/site-packages/fastjsonschema-2.18.0.dist-info
     rapids-mamba-retry env update -n morpheus --prune -q --file ${ENV_YAML}
 
     # Finally, reactivate

@@ -59,7 +59,8 @@ dependencies:
     - isort
     - libgrpc>=1.49
     - librdkafka=1.9.2
-    - mlflow>=2.2.1,<3
+    - libwebp>=1.3.2 # Required for CVE mitigation: https://nvd.nist.gov/vuln/detail/CVE-2023-4863
+    - mlflow>=2.2.1,<2.7
     - mrc=23.07
     - networkx=3.1
     - ninja=1.10

@@ -30,7 +30,8 @@ dependencies:
     - dask>=2023.1.1
     - dill=0.3.6
     - distributed>=2023.1.1
-    - mlflow>=2.2.1,<3
+    - libwebp>=1.3.2 # Required for CVE mitigation: https://nvd.nist.gov/vuln/detail/CVE-2023-4863
+    - mlflow>=2.2.1,<2.7
     - papermill=2.3.4
     - s3fs>=2023.6
     - pip

@@ -20,6 +20,7 @@ channels:
 dependencies:
   - boto3
   - onnx
+  - libwebp>=1.3.2 # Required for CVE mitigation: https://nvd.nist.gov/vuln/detail/CVE-2023-4863
   - psycopg2<3
   - pymysql
   - python=3.11