[None][infra] Bump tornado and black in container

[yuanjingx87]

Summary by CodeRabbit

• Chores
  • Updated minimum version constraints for tornado (>=6.5.5) and black (>=26.3.1) to enhance application stability.

Description

Tornado and black are reported with vulnerability, bump their versions to patched ones

Test Coverage

PR Checklist

Please review the following before submitting your PR:

• PR description clearly explains what and why. If using CodeRabbit's summary, please make sure it makes sense.

• PR Follows TRT-LLM CODING GUIDELINES to the best of your knowledge.

• Test cases are provided for new code paths (see test instructions)

• Any new dependencies have been scanned for license and vulnerabilities

• CODEOWNERS updated if ownership changes

• Documentation updated as needed

• Update tava architecture diagram if there is a significant design change in PR.

• The reviewers assigned automatically/manually are appropriate for the PR.

• Please check this after reviewing the above items as appropriate for this PR.

GitHub Bot Help

To see a list of available CI bot commands, please comment /bot help.

[coderabbitai]

📝 Walkthrough

Walkthrough

Added minimum version constraints for tornado (>=6.5.5) and black (>=26.3.1) to the constraints file to address vulnerabilities, without modifying any existing dependency requirements.

Changes

Cohort / File(s)	Summary
Dependency Constraints constraints.txt	Added minimum version constraints for tornado>=6.5.5 and black>=26.3.1 to address security vulnerabilities.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The PR description partially addresses requirements but lacks key details. It mentions the vulnerability issue and version bumps but provides no PR title, missing test coverage information, and lacks explanations of why these specific versions address the vulnerabilities.	Add a properly formatted PR title following the template (e.g., [None][infra] Bump tornado and black versions to address vulnerabilities), provide test coverage section details, and explain which specific vulnerabilities are being addressed by these version bumps.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Title check	✅ Passed	The title clearly identifies the main change: bumping tornado and black versions in the container. It directly matches the changeset which adds version constraints for these two dependencies.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[yuanjingx87]

/bot run --stage-list "Build-Docker-Images"

[tensorrt-cicd]

PR_Github #40788 [ run ] triggered by Bot. Commit: 1e6e2aa Link to invocation

[tensorrt-cicd]

PR_Github #40788 [ run ] completed with state FAILURE. Commit: 1e6e2aa
/LLM/main/L0_MergeRequest_PR pipeline #31805 (Partly Tested) completed with status: 'FAILURE'

CI Report

⚠️ Action Required:

• Please check the failed tests and fix your PR
• If you cannot view the failures, ask the CI triggerer to share details
• Once fixed, request an NVIDIA team member to trigger CI again

Link to invocation

[yuanjingx87]

/bot run --stage-list "Build-Docker-Images"

[tensorrt-cicd]

PR_Github #40996 [ run ] triggered by Bot. Commit: 282abbd Link to invocation

[tensorrt-cicd]

PR_Github #40996 [ run ] completed with state SUCCESS. Commit: 282abbd
/LLM/main/L0_MergeRequest_PR pipeline #31977 (Partly Tested) completed with status: 'SUCCESS'

CI Report

Link to invocation

[yuanjingx87]

/bot run --disable-fail-fast

[tensorrt-cicd]

PR_Github #41243 [ run ] triggered by Bot. Commit: 9127291 Link to invocation

[tensorrt-cicd]

PR_Github #41243 [ run ] completed with state SUCCESS. Commit: 9127291
/LLM/main/L0_MergeRequest_PR pipeline #32202 completed with status: 'FAILURE'

CI Report

⚠️ Action Required:

• Please check the failed tests and fix your PR
• If you cannot view the failures, ask the CI triggerer to share details
• Once fixed, request an NVIDIA team member to trigger CI again

Link to invocation

[yuanjingx87]

/bot run --disable-fail-fast

[tensorrt-cicd]

PR_Github #41384 [ run ] triggered by Bot. Commit: 9127291 Link to invocation

[tensorrt-cicd]

PR_Github #41384 [ run ] completed with state SUCCESS. Commit: 9127291
/LLM/main/L0_MergeRequest_PR pipeline #32324 completed with status: 'SUCCESS'

CI Report

Link to invocation