[rhoai-3.3] fix(cve): bump tornado>=6.5.5 and keras>=3.13.2 for CVE mitigation

[mtchoum1]

Summary

Remediates two sets of CVEs in the rhoai-3.3 release branch:

Tornado CVEs (RHAIENG-4279, RHAIENG-4081)

• CVE-2026-35536: Cookie attribute injection due to improper handling of cookie arguments (Moderate)
• CVE-2026-31958: Denial of Service via large multipart bodies (Moderate)
• Fix: tornado>=6.5.5 — all 18 images updated from 6.5.4 → 6.5.5

Keras CVE (RHAIENG-4459)

• CVE-2026-1462: Arbitrary Code Execution Vulnerability Bypassing Safe Mode (HIGH, CVSS 8.8)
• Fix: keras~=3.13.2 (was ~=3.12.0) — 4 TensorFlow images updated from 3.12.0 → 3.13.2

Changes

• dependencies/cve-constraints.txt — new file with tornado>=6.5.5 and keras>=3.13.2 constraints
• scripts/pylocks_generator.sh — added CVE constraints file support (mirrors rhoai-2.25 approach)
• dependencies/odh-notebooks-meta-runtime-elyra-deps/pyproject.toml — tornado~=6.5.2 → >=6.5.5
• jupyter/tensorflow/, jupyter/rocm/tensorflow/, runtimes/tensorflow/, runtimes/rocm-tensorflow/ pyproject.toml — keras~=3.12.0 → ~=3.13.2
• pyproject.toml (root) — fix module-name = ["ntb"] → "ntb" for uv 0.7.8 compatibility
• All 18 pylock.toml files regenerated with bash scripts/pylocks_generator.sh public-index

Test plan

• gmake refresh-lock-files completed successfully (18/18 images)
• Verified tornado 6.5.5 in all pylock.toml files
• Verified keras 3.13.2 in TF image pylock.toml files
• gmake test fails due to pre-existing baseline issues in rhoai-3.3 branch (conftest.py collection errors unrelated to this change — consistent with RHAIENG-4015 NLTK fix PR RHAIENG-4015: bump nltk to 3.9.4 for rhoai-3.3 #2051)
• CI build/image tests to validate TF + keras 3.13.2 compatibility

Jira

• RHAIENG-4279 (CVE-2026-35536 Tornado cookie injection rhoai-3.3)
• RHAIENG-4081 (CVE-2026-31958 Tornado DoS rhoai-3.3)
• RHAIENG-4459 (CVE-2026-1462 Keras ACE rhoai-3.3)

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Added CVE security constraints for vulnerable dependencies: tornado (≥6.5.5) and keras (≥3.13.2)
  • Updated all runtime environments to use secure dependency versions
  • Implemented automated constraint enforcement in dependency lock file generation for enhanced security

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign daniellutz for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[github-actions]

@mtchoum1 — This PR is from a fork.
The build-rhoai CI job was skipped because subscription
builds (RHEL, AIPCC) need secrets unavailable to forks.
ODH builds and code quality checks still ran.

Recommended: Push your branch to the main repo for full CI:

git remote add upstream https://github.com/red-hat-data-services/notebooks.git
git push upstream HEAD:mtchoum1/your-branch-name

Then open a new PR from that branch.

No push access? A maintainer will cherry-pick and test your changes.

See CONTRIBUTING.md for details.

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

This PR introduces a new CVE constraints file to enforce minimum dependency versions for packages with known vulnerabilities (tornado >=6.5.5 and keras >=3.13.2), updates the lock generation script to automatically apply these constraints, regenerates multiple dependency lockfiles across Jupyter, RStudio, and runtime environments, and migrates PyTorch wheel URLs to a new CDN. A minor build backend configuration change also converts the module-name setting to scalar format.

Changes

Cohort / File(s)	Summary
CVE constraints framework dependencies/cve-constraints.txt, scripts/pylocks_generator.sh	New constraints file defining CVE-induced minimum versions (tornado >=6.5.5, keras >=3.13.2). Script updated to auto-discover and apply constraints file during lock generation via computed relative paths and conditional flag inclusion.
Dependency version overrides dependencies/odh-notebooks-meta-runtime-elyra-deps/pyproject.toml, jupyter/rocm/tensorflow/.../pyproject.toml, jupyter/tensorflow/.../pyproject.toml, runtimes/rocm-tensorflow/.../pyproject.toml, runtimes/tensorflow/.../pyproject.toml	Updated tornado and keras dependency constraints: tornado from ~6.5.2 to >=6.5.5; keras from ~3.12.0 to ~3.13.2.
Jupyter environment lockfiles jupyter/datascience/.../pylock.toml, jupyter/pytorch+llmcompressor/.../pylock.toml, jupyter/pytorch/.../pylock.toml, jupyter/rocm/pytorch/.../pylock.toml, jupyter/rocm/tensorflow/.../pylock.toml, jupyter/tensorflow/.../pylock.toml, jupyter/trustyai/.../pylock.toml	Regenerated lockfiles with CVE constraints flag, tornado bumped 6.5.4→6.5.5, keras bumped 6.5.4→6.5.5 (where applicable), PyTorch wheels migrated to download-r2.pytorch.org CDN, and torchvision markers simplified.
RStudio environment lockfiles rstudio/c9s-python-3.12/pylock.toml, rstudio/rhel9-python-3.12/pylock.toml	Updated compile command headers to include CVE constraints file reference (no other dependency changes).
Runtime environment lockfiles runtimes/datascience/.../pylock.toml, runtimes/minimal/.../pylock.toml, runtimes/pytorch+llmcompressor/.../pylock.toml, runtimes/pytorch/.../pylock.toml, runtimes/rocm-pytorch/.../pylock.toml, runtimes/rocm-tensorflow/.../pylock.toml, runtimes/tensorflow/.../pylock.toml	Regenerated lockfiles with CVE constraints flag, tornado bumped 6.5.4→6.5.5, keras bumped 6.5.4→6.5.5 (where applicable), PyTorch wheels migrated to download-r2.pytorch.org, and torchvision markers simplified.
Build configuration pyproject.toml	Changed module-name under [tool.uv.build-backend] from array form (["ntb"]) to scalar string form ("ntb").

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• RHAIENG-4014: constrain nltk to 3.9.4 for rhoai-2.25 #2050: Adds/modifies the repo-level CVE constraints file and regenerates pylock lockfiles to enforce those constraints.
• [rhoai-3.4-ea.2] lockfile refresh with protobuf pinned to keep IBM arch wheels #2053: Includes the same tornado version bump (6.5.4 → 6.5.5) across multiple regenerated lockfiles.
• RHAIENG-3998: Refresh lock files for rhoai-3.3 to resolve CVE issues #2073: Modifies the same pylock.toml files and updates PyTorch wheel download hosts from download.pytorch.org to download-r2.pytorch.org.

Suggested labels

lgtm, review-requested

Suggested reviewers

• dibryant
• daniellutz
• ayush17

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main objective: CVE mitigation by bumping tornado and keras versions for the rhoai-3.3 branch.
Description check	✅ Passed	The description includes clear summaries of CVEs addressed, changes made, test plan, and Jira references. It covers the core requirements despite some unchecked self-checklist items being pre-existing baseline issues.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}