environments ai ml automl dnn - Azure/azureml-assets GitHub Wiki

ai-ml-automl-dnn

Overview

An environment used by Azure ML AutoML for training models.

Version: 41

Tags

OS : Ubuntu20.04 Training Preview OpenMpi : 4.1.0 Python : 3.9

View in Studio: https://ml.azure.com/registries/azureml/environments/ai-ml-automl-dnn/version/41

Docker image: mcr.microsoft.com/azureml/curated/ai-ml-automl-dnn:41

Docker build context

Dockerfile

FROM mcr.microsoft.com/azureml/openmpi5.0-ubuntu24.04:20260315.v1

ENV AZUREML_CONDA_ENVIRONMENT_PATH=/azureml-envs/azureml-automl-dnn
# Prepend path to AzureML conda environment
ENV PATH=$AZUREML_CONDA_ENVIRONMENT_PATH/bin:$PATH

COPY --from=mcr.microsoft.com/azureml/mlflow-ubuntu20.04-py38-cpu-inference:20250506.v1 /var/mlflow_resources/ /var/mlflow_resources/

ENV MLFLOW_MODEL_FOLDER="mlflow-model"
# ENV AML_APP_ROOT="/var/mlflow_resources"
# ENV AZUREML_ENTRY_SCRIPT="mlflow_score_script.py"

ENV ENABLE_METADATA=true

# begin conda create
# Create conda environment (minimal — packages installed via pip to avoid solver OOM)
RUN conda create -p $AZUREML_CONDA_ENVIRONMENT_PATH \
    python=3.10 \
    -c conda-forge && \
    conda clean -a -y

# Install cudatoolkit via conda (not available on pip; single-package solve is trivial)
RUN conda install -p $AZUREML_CONDA_ENVIRONMENT_PATH \
    cudatoolkit=10.0.130 \
    -c nvidia -c conda-forge && \
    conda clean -a -y

# Install scientific packages via pip (avoids conda solver OOM)
RUN conda run -p $AZUREML_CONDA_ENVIRONMENT_PATH pip install --no-cache-dir \
    'numpy>=1.23.5,<1.24' \
    'py-cpuinfo==5.0.0' \
    'joblib==1.2.0' \
    'cloudpickle==1.6.0' \
    'scikit-learn==1.5.1' \
    'pandas>=1.5.3,<1.6' \
    'holidays==0.29' \
    'setuptools-git' \
    'setuptools==82.0.1' \
    'wheel>=0.46.2' \
    'torch==2.8.0' \
    'scipy==1.10.1' \
    'psutil>5.0.0,<6.0.0' \
    'pip>=26.0'
# end conda create

# begin pip install
# Install pip dependencies
# GitPython>=3.1.41 is required for https://github.com/advisories/GHSA-2mqj-m65w-jghx and is not available in conda
RUN pip install \
                # begin pypi dependencies
                azureml-core==1.61.0.post3 \
                azureml-mlflow==1.62.0.post1 \
                azureml-pipeline-core==1.62.0 \
                azureml-telemetry==1.62.0 \
                azureml-interpret==1.62.0 \
                azureml-responsibleai==1.62.0 \
                azureml-automl-core==1.62.0 \
                azureml-automl-runtime==1.62.0 \
                azureml-train-automl-client==1.62.0 \
                azureml-train-automl-runtime==1.62.0 \
                azureml-dataset-runtime==1.62.0 \
                azureml-defaults==1.62.0 \
                'inference-schema' \
                'mlflow-skinny>=2.16.0' \
                'cmdstanpy==1.0.4' \
                'prophet==1.1.4' \
                'xgboost==1.5.2' \
                'mltable>=1.0.0' \
                'pytorch-transformers==1.0.0' \
                'GitPython>=3.1.41' \
                'spacy==3.7.4' \
                'pillow>=12.1.1' \
                'https://aka.ms/automl-resources/packages/en_core_web_sm-3.7.1.tar.gz'
                # end pypi dependencies
# end pip install

# Fix vulnerabilities - security overrides for transitive dependencies
#
# starlette>=0.49.1        CVE-2025-62727  DoS via HTTP Range header parsing
#                          Chain: mlflow-skinny -> fastapi -> starlette
#
# urllib3==2.6.3           CVE-2025-66418  DoS via unbounded content-encoding decompression
#                          Chain (L1): azureml-core -> urllib3
#                          Chain (L1): azureml-automl-runtime -> urllib3
#                          Chain (L2): azureml-core -> requests -> urllib3
#
# h2>=4.3.0               CVE-2025-57804  HTTP/2 request splitting via CRLF injection
#                          Chain: azureml-core -> urllib3 -> h2
#
# bokeh==3.8.2             CVE-2026-21883  Cross-Site WebSocket Hijacking on server
#                          Chain (L1): azureml-train-automl-runtime -> bokeh
#                          Chain (L2): prophet -> dask -> bokeh
#
# PyNaCl==1.6.2            CVE-2025-69277  libsodium incomplete input validation
#                          Chain: azureml-core -> paramiko -> PyNaCl
#
# distributed>=2026.1.0    CVE-2026-23528  XSS-to-RCE via Dask dashboard proxy
#                          Chain (L1): prophet -> distributed
#                          Chain (L1): xgboost -> distributed
#                          Chain (L2): prophet -> dask -> distributed
#
# jaraco.context>=6.1.0    CVE-2026-23949  Zip Slip path traversal fix. Direct install required
#                          because setuptools 82.0.1 (latest) vendors jaraco.context with
#                          vulnerable code despite dist-info labeling 6.1.0
#
# protobuf>=5.29.6         CVE-2025-4565   DoS via recursive protobuf messages (pure-Python)
#                          Chain (L1): mlflow-skinny -> protobuf
#                          Chain (L2): azureml-automl-runtime -> onnxruntime -> protobuf
#
# cryptography>=46.0.5     CVE-2026-26007  EC subgroup validation bypass (ECDH key leak)
#                          Chain (L1): azureml-mlflow -> cryptography
#                          Chain (L1): mltable -> cryptography
#                          Chain (L2): azureml-core -> paramiko -> cryptography
#
# tornado>=6.5.0           CVE-2025-47287  DoS via multipart/form-data log flood
#                          Chain: bokeh -> tornado
#                          Chain: distributed -> tornado
RUN pip install --upgrade 'starlette>=0.49.1' 'urllib3==2.6.3' 'h2>=4.3.0' 'bokeh==3.8.2' 'PyNaCl==1.6.2' 'distributed>=2026.1.0' 'jaraco.context>=6.1.0' 'protobuf>=5.29.6' 'cryptography>=46.0.5' 'tornado>=6.5.0'
RUN rm -rf /opt/miniconda/pkgs/

ENV LD_LIBRARY_PATH=$AZUREML_CONDA_ENVIRONMENT_PATH/lib:$LD_LIBRARY_PATH
⚠️ **GitHub.com Fallback** ⚠️