fix: pin certifi version in dockerfile.cpu instead of requirement.txt

pytorch/jobs/docker/2.0/py3/Dockerfile.gpu

@@ -69,7 +69,6 @@ RUN ln -s $(which ${PYTHON}) /usr/local/bin/python \
 
 RUN apt-get update && apt-get -y install cmake protobuf-compiler
 
-
 # Installing our custom python libraries
 RUN ${PIP} install --no-cache --upgrade \
         amazon-braket-default-simulator==1.20.0 \
@@ -99,6 +98,11 @@ RUN ${PIP} install --no-cache --upgrade \
         scipy==1.9.3 \
         typing_extensions==4.3.0
 
+# Ensure below libraries are updated to mitigate vulnerability
+RUN ${PIP} install --no-cache --upgrade \
+# https://nvd.nist.gov/vuln/detail/CVE-2023-37920
+        certifi>=2023.7.22  
+
 RUN ${PIP} install --no-cache --upgrade sagemaker-training==4.4.10
 
 # install cuQuantum

src/requirements.txt

@@ -1,6 +1,5 @@
 wheel==0.38.1
 docker==6.0.1
-certifi>=2023.7.22
 fabric==2.5.0
 invoke==1.6.0
 pyfiglet==0.8.post1

tensorflow/jobs/docker/2.12/py3/Dockerfile.gpu

@@ -12,6 +12,16 @@ RUN apt-get update \
  && rm -rf /var/lib/apt/lists/* \
  && apt-get clean
 
+# Ensure below libraries are updated to mitigate vulnerability
+RUN apt-get update \
+ && apt-get install -y --no-install-recommends \
+    openssh-client \
+    vim
+
+# Ensure below libraries are pinned to mitigate vulnerability
+RUN ${PIP} install --no-cache --upgrade \
+        certifi>=2023.7.22  
+
 # Installing our custom python libraries
 RUN ${PIP} install --no-cache --upgrade \
         amazon-braket-default-simulator==1.20.0 \
@@ -38,7 +48,8 @@ RUN ${PIP} install --no-cache --upgrade \
         scikit-learn==1.2.2 \
         six==1.16.0 \
         scipy==1.9.3 \
-        typing_extensions==4.3.0
+        typing_extensions==4.3.0 \
+        certifi==2023.7.22
 
 RUN ${PIP} install --no-cache --upgrade sagemaker-training==4.4.10