fix(model-engine): remediate Trivy vulnerability findings

[scale-ballen]

Summary

• Raise vulnerable model-engine Python dependencies to Trivy-fixed versions and regenerate requirements.txt
• Build kubectl from Kubernetes v1.35.4 so the embedded github.com/moby/spdystream dependency is fixed
• Remove pip from the runtime venv after installation so runtime scans no longer report pip CVEs

Verification

• docker build -f model-engine/Dockerfile -t model-engine:trivy-remediation-local .
• Runtime smoke checks passed: upgraded dependency imports, fixed package versions, pip absent, kubectl version --client=true --output=yaml reports v1.35.4
• FastAPI /healthcheck smoke test passed in the rebuilt image with local fake AWS config
• trivy image --scanners vuln --list-all-pkgs --format json --output trivy-model-engine-remediation-2026-05-01/model-engine-trivy-remediation-local-vuln-all-pkgs.json --timeout 30m model-engine:trivy-remediation-local

Trivy Result

• wolfi OS packages: 25 packages, 0 vulnerabilities
• Python packages: 220 packages, 0 vulnerabilities
• usr/local/bin/aws-iam-authenticator: 90 packages, 0 vulnerabilities
• usr/local/bin/kubectl: 82 packages, 0 vulnerabilities

Greptile Summary

• Remediates Trivy vulnerabilities by bumping Python dependencies (including a major-version jump to transformers>=5.0.0), rebuilding kubectl at v1.35.4 and aws-iam-authenticator at v0.7.15 from source, and uninstalling pip from the runtime venv to eliminate pip CVEs from scan results.
• Code adaptations for the transformers 5.x upgrade are minimal: SPIECE_UNDERLINE is now defined locally in postprocessing/model.py, and the live_tokenizer_repository.py HF-repo lookup is refactored from a raise-and-catch pattern to a cleaner if/else.
• The aws-iam-authenticator Go build omits GOTOOLCHAIN=local that the kubectl build uses, which could allow auto-downloading a newer toolchain in restricted network environments.

Confidence Score: 5/5

Safe to merge; all changes are security-motivated version bumps with verified smoke-test passage and only one minor P2 style inconsistency.

Only P2 findings — the missing GOTOOLCHAIN=local on the aws-iam-authenticator build — with no P0/P1 issues. The logic changes in live_tokenizer_repository.py are functionally equivalent refactors, the SPIECE_UNDERLINE constant is stable, and the dependency upgrades are all security-driven with passing smoke tests per the PR description.

No files require special attention; the Dockerfile aws-iam-authenticator build step has a minor consistency note.

Important Files Changed

Filename	Overview
model-engine/Dockerfile	Upgrades pip to 26.1, uninstalls pip from the runtime venv, bumps kubectl from v1.35.3 to v1.35.4, and switches aws-iam-authenticator from go install to git clone + go build at v0.7.15; the authenticator build omits GOTOOLCHAIN=local unlike the kubectl build.
model-engine/model_engine_server/inference/tensorrt-llm/triton_model_repo/postprocessing/1/model.py	Removes SPIECE_UNDERLINE import from transformers (removed in v5.x) and defines the constant locally as "\u2581" — correct value, safe change.
model-engine/model_engine_server/infra/repositories/live_tokenizer_repository.py	Refactors the HF-repo check to use explicit if/else instead of raise-and-catch RepositoryNotFoundError; functionally equivalent but cleaner.
model-engine/requirements.in	Bumps numerous dependencies to Trivy-fixed versions including a major version upgrade of transformers (4.x → 5.x) and tokenizers (0.21 → 0.22); adds several new indirect-dependency pins to satisfy CVE requirements.
model-engine/requirements.txt	Regenerated lock file reflecting all version bumps; resolves cleanly with no apparent conflicts.

Prompt To Fix All With AI

Fix the following 1 code review issue. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 1
model-engine/Dockerfile:49-51
The `aws-iam-authenticator` build omits `GOTOOLCHAIN=local`, which is explicitly set for the `kubectl` build just above it. Without this flag, if `aws-iam-authenticator`'s `go.mod` specifies a `toolchain` directive requiring a newer Go version than the one installed in the builder image, Go will attempt to auto-download that toolchain at build time, making the build non-reproducible and potentially failing in network-restricted environments.

```suggestion
  git clone --depth 1 --branch v0.7.15 https://github.com/kubernetes-sigs/aws-iam-authenticator.git /tmp/aws-iam-authenticator && \
  cd /tmp/aws-iam-authenticator && \
  GOTOOLCHAIN=local GOOS=linux GOARCH=${TARGETARCH} go build -o /tmp/runtime-bin/aws-iam-authenticator ./cmd/aws-iam-authenticator
```

_{Reviews (7): Last reviewed commit: "fix(model-engine): clear remaining trivy..." | Re-trigger Greptile}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	transformers@​4.55.4 ⏵ 5.7.0	+3	+2
	huggingface-hub@​0.36.2 ⏵ 1.13.0	+10
	gitpython@​3.1.41 ⏵ 3.1.50		+40
	pygments@​2.15.1 ⏵ 2.20.0	+1	+1
	mako@​1.2.4 ⏵ 1.3.12	+1	+18
	azure-identity@​1.15.0 ⏵ 1.25.3	+1	+2
	flask@​3.0.3 ⏵ 3.1.3		+1
	gcloud-aio-auth@​5.4.2 ⏵ 5.4.4
	quart@​0.19.9 ⏵ 0.20.0	+1	+2
	msal-extensions@​1.1.0 ⏵ 1.3.1
	typer@​0.23.1
	filelock@​3.13.1 ⏵ 3.29.0		+3
	python-multipart@​0.0.22 ⏵ 0.0.27	+1	+18
	tokenizers@​0.21.4 ⏵ 0.22.2	+1
	h2@​4.1.0 ⏵ 4.3.0	+1	+2
	regex@​2023.10.3 ⏵ 2026.4.4	+1
	zipp@​3.16.0 ⏵ 3.23.1		+2
	cryptography@​46.0.5 ⏵ 47.0.0	+1	+3
	hf-xet@​1.4.2 ⏵ 1.4.3
	marshmallow@​3.19.0 ⏵ 3.26.2	+1	+2
	hpack@​4.0.0 ⏵ 4.1.0	+1
	blinker@​1.6.2 ⏵ 1.9.0
	hyperframe@​6.0.1 ⏵ 6.1.0
	itsdangerous@​2.1.2 ⏵ 2.2.0

View full report