RHAIENG-4014: constrain nltk to 3.9.4 for rhoai-2.25

[jiridanek]

https://redhat.atlassian.net/browse/RHAIENG-4014

Summary

• add a CVE constraint for nltk>=3.9.4 on rhoai-2.25
• refresh the affected pytorch+llmcompressor workbench and runtime pylock.toml files
• update the shipped nltk resolution from 3.9.2 to 3.9.4

Root Cause

rhoai-2.25 shipped nltk 3.9.2 transitively in the pytorch+llmcompressor workbench and runtime images, which kept the vulnerable version in the released lock state for those two image families.

Changes

• dependencies/cve-constraints.txt
  • add nltk>=3.9.4 for CVE-2026-33236
• jupyter/pytorch+llmcompressor/ubi9-python-3.12/pylock.toml
  • refresh lock resolution so nltk is upgraded to 3.9.4
• runtimes/pytorch+llmcompressor/ubi9-python-3.12/pylock.toml
  • refresh lock resolution so nltk is upgraded to 3.9.4

Test Results

• gmake test: passed
• ./uv run pytest tests/unit/: not runnable on this branch because tests/unit/ is absent
• ./uv run ruff check: fails on unrelated existing tests/__init__.py
• ./uv run pyright: fails on unrelated existing ci/check-software-versions.py

This PR is draft because the branch has baseline verification issues outside the fix scope.

Jira

https://redhat.atlassian.net/browse/RHAIENG-4014

Made with Cursor

Summary by CodeRabbit

• Chores
  • Introduced security-focused dependency constraints to mitigate known vulnerabilities. The NLTK package minimum version requirement has been updated to 3.9.4 to address CVE-2026-33236, ensuring your installation maintains protection against identified security risks. Refer to the Red Hat security advisory for additional details on affected versions and recommended actions.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[coderabbitai]

📝 Walkthrough

Walkthrough

A new constraints file is introduced to manage CVE-related dependency version requirements. The file contains formatting instructions for use with uv pip compile --constraints and specifies a minimum version constraint for the nltk package (3.9.4) with CVE-2026-33236 reference and security advisory link.

Changes

Cohort / File(s)	Summary
Dependency constraints dependencies/cve-constraints.txt	New file containing CVE-related minimum dependency version constraints. Includes documentation comments on file usage and a single constraint entry requiring nltk>=3.9.4 with CVE metadata and security advisory reference.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: constraining nltk to version 3.9.4 for the rhoai-2.25 release to address a CVE, with reference to the Jira ticket.
Description check	✅ Passed	The PR description is comprehensive and covers the summary, root cause, changes, and test results, though it deviates from the template's structure.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[jiridanek]

/build-konflux

[jiridanek]

/build-konflux

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@dependencies/cve-constraints.txt`:
- Around line 10-12: Replace the current Red Hat advisory comment for
CVE-2026-33236 with public advisories: update the top comment block that
references CVE-2026-33236 (above the dependency line "nltk>=3.9.4") to use the
NVD and GitHub advisory links instead (e.g., "Reference:
https://nvd.nist.gov/vuln/detail/CVE-2026-33236" and "GitHub advisory:
https://github.com/nltk/nltk/security/advisories/GHSA-469j-vmhf-r6v7") and
adjust the wording to note that nltk>=3.9.4 contains the fix.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 30efee96-694c-4e3c-871a-aaa812e2ff2a

📥 Commits

Reviewing files that changed from the base of the PR and between 63db5f8 and e65b74b.

📒 Files selected for processing (3)

• dependencies/cve-constraints.txt
• jupyter/pytorch+llmcompressor/ubi9-python-3.12/pylock.toml
• runtimes/pytorch+llmcompressor/ubi9-python-3.12/pylock.toml

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

Does CVE-2026-33236 exist and what is the minimum NLTK version that fixes it?

💡 Result:

Yes, CVE-2026-33236 exists. It is a path traversal vulnerability in the NLTK downloader that affects versions 3.9.3 and prior. The issue is fixed in commit 89fe2ec2c6bae6e2e7a46dad65cc34231976ed8a from March 18, 2026. NLTK 3.9.4, released on March 24, 2026, includes this fix along with several security enhancements.

Citations:

• 1: https://nvd.nist.gov/vuln/detail/CVE-2026-33236
• 2: nltk/nltk@89fe2ec
• 3: GHSA-469j-vmhf-r6v7
• 4: https://raw.githubusercontent.com/nltk/nltk/master/ChangeLog
• 5: https://pypi.org/project/nltk/

---

🌐 Web query:

Is the Red Hat security advisory at https://access.redhat.com/security/cve/CVE-2026-33236 valid and accessible?

💡 Result:

No, the Red Hat security advisory at https://access.redhat.com/security/cve/CVE-2026-33236 is not valid in the sense of providing specific security details or affected products for CVE-2026-33236. The page exists and is accessible publicly, but it displays only generic Red Hat Customer Portal content (e.g., login prompts, links to subscriptions, support) without any CVE-specific information such as description, severity, affected products, or patches. This indicates Red Hat has not yet published a full advisory for this CVE. CVE-2026-33236 is a real vulnerability in NLTK (Natural Language Toolkit) involving path traversal in the downloader via remote XML index files, allowing arbitrary file creation/overwrite (CVSS 8.1 High, published 2026-03-20). Red Hat has tracked it in Bugzilla (BZ 2449824, status NEW, high priority, Security Response product), confirming awareness, but no RHSA or affected products are listed in public sources. It does not appear in recent RHSAs (e.g., RHSA-2026:3360, RHSA-2026:2664) or the Red Hat Security API CVE list.

Citations:

• 1: https://access.redhat.com/security/cve/CVE-2026-33236
• 2: https://access.redhat.com/security/cve/cve-2026-33236
• 3: https://bugzilla.redhat.com/show_bug.cgi?id=2449824
• 4: https://nvd.nist.gov/vuln/detail/CVE-2026-33236
• 5: https://www.tenable.com/cve/CVE-2026-33236

---

Update advisory reference for accuracy.

CVE-2026-33236 is confirmed as a real path traversal vulnerability in NLTK affecting versions 3.9.3 and prior, with NLTK 3.9.4 (released March 24, 2026) containing the fix. However, the Red Hat advisory link does not currently contain detailed CVE information—Red Hat is tracking the vulnerability but has not yet published a public RHSA. Update the reference to point to the publicly available advisories instead:

Updated comment (recommended)

# CVE-2026-33236: NLTK path traversal in XML index files
# Reference: https://nvd.nist.gov/vuln/detail/CVE-2026-33236
# GitHub advisory: https://github.com/nltk/nltk/security/advisories/GHSA-469j-vmhf-r6v7
nltk>=3.9.4

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@dependencies/cve-constraints.txt` around lines 10 - 12, Replace the current
Red Hat advisory comment for CVE-2026-33236 with public advisories: update the
top comment block that references CVE-2026-33236 (above the dependency line
"nltk>=3.9.4") to use the NVD and GitHub advisory links instead (e.g.,
"Reference: https://nvd.nist.gov/vuln/detail/CVE-2026-33236" and "GitHub
advisory: https://github.com/nltk/nltk/security/advisories/GHSA-469j-vmhf-r6v7")
and adjust the wording to note that nltk>=3.9.4 contains the fix.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: ide-developer
Once this PR has been reviewed and has the lgtm label, please assign paulovmr for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment