LCORE-1568: Bump llama-stack to 0.6.0, fix transitive CVEs

[are-ces]

Description

Bump llama-stack, llama-stack-api, and llama-stack-client from 0.5.0 to 0.6.0.

llama-stack 0.5.0 introduced vulnerable transitive dependencies. This PR bumps llama-stack to 0.6.0 and explicitly pins the affected transitive deps to patched versions:

Package	Old (via llama-stack 0.5.0)	New	CVEs Fixed
python-multipart	0.0.22	0.0.29	CVE-2026-40347 (Medium): DoS via large multipart preamble/epilogue, CVE-2026-42561 (High): DoS via unbounded multipart part headers
pyopenssl	25.3.0	26.2.0	Affected range >=22.0.0,<26.0.0 — patched in 26.0.0
oci	2.168.3	2.176.0	Required for pyopenssl>=26.0.0 (oci pinned pyOpenSSL<=25.3.0)
idna	3.11	3.16	Affected <3.15
lxml	6.0.2	6.1.1	Affected <6.1.0 (transitive via docling 2.73.1)

Also fixes:

• triton 3.5.0 → 3.5.1: RHOAI torch-2.9.1-4 wheel declares triton==3.5.1 in METADATA; pip check fails with triton 3.5.0. Updated overrides, arch-specific hash files, and both generation scripts to use RHOAI triton-3.5.1-2 wheels.

Updated transitive dependencies:

• opentelemetry-api/sdk 1.40.0 → 1.42.1
• Added opentelemetry-distro 0.63b1, opentelemetry-instrumentation 0.63b1

Changes

• pyproject.toml: llama-stack{,-api,-client}==0.6.0, python-multipart>=0.0.27, pyopenssl>=26.0.0, idna>=3.15, lxml>=6.1.0
• uv.lock: Updated all packages
• Regenerated all hashed requirement files
• Updated triton pins + hashes in overrides and generation scripts (CPU + CUDA)

Type of change

• Bump-up dependent library
• CVE fix

Tools used to create PR

• Assisted-by: Claude Code (Claude Opus 4.6)
• Generated by: N/A

Related Tickets & Documents

• Closes LCORE-1568

Checklist before requesting a review

• I have performed a self-review of my code.
• PR has passed all pre-merge test jobs.
• If it is a core feature, I have added thorough tests.

Testing

• Regenerated hashed requirement files via make konflux-requirements
• Verified x86_64 image (on-pr-2dc9a35) no longer hits torch/torchvision ABI mismatch
• Konflux hermetic build pending

Summary by CodeRabbit

• Chores
  • Updated core dependencies: upgraded llama-stack suite to v0.6.0, torch to v2.9.1, torchvision to v0.24.1, and triton to v3.5.1
  • Added starlette and lxml libraries
  • Added OpenTelemetry instrumentation and distribution packages
  • Updated supporting packages including idna, platformdirs, and tornado
  • Updated build configuration and wheel hash requirements across CPU and CUDA environments

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 14a8e168-7e11-405c-b741-94e96e43f52b

📥 Commits

Reviewing files that changed from the base of the PR and between 2dc9a35 and d6553c8.

⛔ Files ignored due to path filters (1)

• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

• pyproject.toml

🚧 Files skipped from review as they are similar to previous changes (1)

• pyproject.toml

---

Walkthrough

This PR refreshes dependency pins and generated hash/wheel lock files, adds OpenTelemetry build pins and starlette, rotates several wheel/source hashes, updates per-arch torch/torchvision/triton wheel pins, adjusts Tekton prefetch package lists, and updates the requirements helper scripts.

Changes

Dependency and Build Configuration Updates

Layer / File(s)	Summary
Project dependency declarations pyproject.toml	llama-stack, llama-stack-api, and llama-stack-client bumped to 0.6.0; starlette and lxml added.
Build requirement pins and via-annotations .konflux/requirements-build.txt, .konflux/requirements-build.cuda.txt	Added OpenTelemetry build pins (opentelemetry-distro, opentelemetry-instrumentation, opentelemetry-exporter-otlp-proto-common, opentelemetry-exporter-otlp-proto-http); removed cffi==2.0.0 and pycparser==3.0; updated via … provenance lines to include/remove cryptography, add marko, and adjust other entries.
Source hash pins regeneration (CPU and CUDA) .konflux/requirements.hashes.source.txt, .konflux/requirements.hashes.source.cuda.txt	Regenerated SHA256 hashes and rotated pins: llama-stack* → 0.6.0, added marko==2.2.3, added/updated OpenTelemetry packages to 0.63b1, bumped tornado, updated platformdirs, rotated cryptography hash block, and replaced rpds-py pin.
Wheel hashes, wheel-only files, and wheel pypi base updates .konflux/requirements.hashes.wheel.txt, .konflux/requirements.hashes.wheel.cpu.*.txt, .konflux/requirements.hashes.wheel.cuda.txt, .konflux/requirements.hashes.wheel.pypi.cuda.base.txt	Updated per-arch wheel URLs and SHA256s for torch/torchvision/triton, added cryptography==46.0.7 wheel pins, removed marko==2.2.2 from CUDA/wheel lists, removed trailing torch==2.9.0 pypi wheel block, and bumped idna/platformdirs/docling-core/rpds-py in wheel pypi base.
Overrides and per-arch wheel pin scripts .konflux/requirements.overrides.txt, .konflux/requirements.overrides.cuda.txt, scripts/konflux_requirements.sh, scripts/konflux_requirements_cuda.sh	Bumped triton to 3.5.1, advanced torch/torchvision pins, added starlette==1.1.0, updated RHOAI pulp index reference to 3.3, and updated emitted per-arch wheel pin URLs/hashes in helper scripts.
CI prefetch lists and small pipeline edits .tekton/rag-tool-pull-request.yaml, .tekton/rag-tool-push.yaml	Tekton prefetch binary.packages lists updated to drop marko and a trailing duplicate torch, and ordering adjusted for pull/push pipelines.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• lightspeed-core/rag-content#183: Modifies the same Tekton prefetch-input/binary.packages dependency list (different package changes).

Suggested reviewers

• syedriko
• tisnik

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: bumping llama-stack to 0.6.0 and addressing transitive CVEs, which align with the primary objectives described in the PR.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.konflux/requirements.overrides.txt:
- Line 31: The override pin "starlette==1.1.0" is likely incorrect/unavailable;
update the override in .konflux/requirements.overrides.txt by either removing
the hard pin and using a permissive constraint (e.g., "starlette>=1.1.0") or
changing it to a concrete RHOAI-available version (e.g., match versions found in
uv.lock like 1.2.0), and add a brief comment justifying a strict pin if you must
keep it (compatibility/CVE); ensure this aligns with the dependency that pulls
starlette (llama-stack==0.6.0) and re-run dependency resolution/lockfile to
verify consistency.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: cd6b70fe-1c6b-48e8-99f1-b83e6aecaf9a

📥 Commits

Reviewing files that changed from the base of the PR and between 559f620 and 2dc9a35.

⛔ Files ignored due to path filters (1)

• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (19)

• .konflux/requirements-build.cuda.txt
• .konflux/requirements-build.txt
• .konflux/requirements.hashes.source.cuda.txt
• .konflux/requirements.hashes.source.txt
• .konflux/requirements.hashes.wheel.cpu.aarch64.txt
• .konflux/requirements.hashes.wheel.cpu.x86_64.txt
• .konflux/requirements.hashes.wheel.cuda.txt
• .konflux/requirements.hashes.wheel.pypi.cuda.aarch64.txt
• .konflux/requirements.hashes.wheel.pypi.cuda.base.txt
• .konflux/requirements.hashes.wheel.pypi.cuda.x86_64.txt
• .konflux/requirements.hashes.wheel.pypi.txt
• .konflux/requirements.hashes.wheel.txt
• .konflux/requirements.overrides.cuda.txt
• .konflux/requirements.overrides.txt
• .tekton/rag-tool-pull-request.yaml
• .tekton/rag-tool-push.yaml
• pyproject.toml
• scripts/konflux_requirements.sh
• scripts/konflux_requirements_cuda.sh

💤 Files with no reviewable changes (2)

• .konflux/requirements.hashes.wheel.pypi.txt
• .konflux/requirements.hashes.wheel.cuda.txt

✅ Files skipped from review due to trivial changes (4)

• .konflux/requirements.hashes.wheel.pypi.cuda.aarch64.txt
• .konflux/requirements.hashes.wheel.pypi.cuda.base.txt
• .konflux/requirements.hashes.source.txt
• .konflux/requirements-build.txt

🚧 Files skipped from review as they are similar to previous changes (4)

• .tekton/rag-tool-push.yaml
• .konflux/requirements.hashes.source.cuda.txt
• pyproject.toml
• .konflux/requirements.hashes.wheel.cpu.x86_64.txt

[coderabbitai]

⚠️ Potential issue | 🟠 Major | 💤 Low value

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check if starlette is a dependency of llama-stack packages
echo "Checking llama-stack dependencies for starlette..."
rg -i "starlette" pyproject.toml uv.lock

# Check RHOAI index for starlette availability
echo -e "\nChecking RHOAI index for starlette 1.1.0..."
curl -sf "https://packages.redhat.com/api/pypi/public-rhai/rhoai/3.3/cpu-ubi9/simple/starlette/" | grep -o 'starlette-1\.1\.0[^"]*' | head -3

Repository: lightspeed-core/rag-content

Length of output: 1751

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== overrides file (lines 1-120) =="
nl -ba .konflux/requirements.overrides.txt | sed -n '1,120p'

echo
echo "== overrides file: starlette pins =="
rg -n "starlette(==|>=|<=|~=|!=)" .konflux/requirements.overrides.txt || true

echo
echo "== uv.lock: all starlette entries (context) =="
rg -n "name = \"starlette\"|sse-starlette|starlette>=" uv.lock | head -200

echo
echo "== uv.lock: distinct starlette versions =="
python3 - <<'PY'
import re, pathlib
text = pathlib.Path("uv.lock").read_text(errors="ignore")
vers = set()
# matches: name = "starlette", version = "x.y.z" OR starlette-x.y.z... style
for m in re.finditer(r'name = "starlette".{0,200}?version = "([^"]+)"', text, re.S):
    vers.add(m.group(1))
# fallback: look for starlette-<ver>- in artifact urls
for m in re.finditer(r'starlette-([0-9]+\.[0-9]+\.[0-9]+)', text):
    vers.add(m.group(1))
print("versions:", sorted(vers))
PY

echo
echo "== search for llama-stack version and any starlette mention in repo =="
rg -n "llama-stack|starlette" pyproject.toml .konflux -S || true

echo
echo "== re-run RHOAI check with more visible output and error handling =="
set +e
curl -sS -f "https://packages.redhat.com/api/pypi/public-rhai/rhoai/3.3/cpu-ubi9/simple/starlette/" | head -50
echo
echo "exit_code=$?"

Repository: lightspeed-core/rag-content

Length of output: 167

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== overrides file (first 160 lines, with line numbers via awk) =="
awk '{printf "%4d\t%s\n", NR, $0}' .konflux/requirements.overrides.txt | sed -n '1,160p'

echo
echo "== overrides file: starlette pins =="
rg -n "starlette(==|>=|<=|~=|!=)" .konflux/requirements.overrides.txt || true

echo
echo "== uv.lock: starlette-related entries (first 200 matches) =="
rg -n "name = \"starlette\"|name = \"sse-starlette\"|starlette>=" uv.lock | head -200

echo
echo "== uv.lock: starlette versions (parsed) =="
python3 - <<'PY'
import re, pathlib
p = pathlib.Path("uv.lock")
txt = p.read_text(errors="ignore")
vers = set()
# direct starlette entry like: name = "starlette" ... version = "x.y.z"
for m in re.finditer(r'name = "starlette"[\s\S]{0,400}?version = "([^"]+)"', txt):
    vers.add(m.group(1))
# artifact URLs like: .../starlette-1.2.0-...
for m in re.finditer(r'starlette-([0-9]+\.[0-9]+\.[0-9]+)', txt):
    vers.add(m.group(1))
print("versions:", ", ".join(sorted(vers)) if vers else "none found")
PY

echo
echo "== search for llama-stack and starlette mentions in repo (top hits) =="
rg -n "llama-stack|starlette" pyproject.toml .konflux -S || true

echo
echo "== RHOAI check: starlette-1.1.0 (print first 20 lines of response or error) =="
set +e
curl -sS -f "https://packages.redhat.com/api/pypi/public-rhai/rhoai/3.3/cpu-ubi9/simple/starlette/" \
  | head -20
echo
echo "exit_code=$?"

Repository: lightspeed-core/rag-content

Length of output: 5971

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== uv.lock: llama-stack / api / client sections (context around starlette requirements) =="
# Print a limited window around each llama-stack-related "name" occurrence
for pat in 'name = "llama-stack"' 'name = "llama-stack-api"' 'name = "llama-stack-client"'; do
  echo
  echo "-- matches for: $pat"
  rg -n "$pat" uv.lock | head -20 | cut -d: -f1 | while read -r line; do
    start=$((line-40))
    end=$((line+120))
    echo
    echo "## uv.lock lines $start-$end"
    sed -n "${start},${end}p" uv.lock
  done
done

echo
echo "== uv.lock: any explicit starlette version constraints near llama-stack-related stanzas =="
rg -n "llama-stack|llama-stack-api|llama-stack-client" uv.lock | head -50 | cut -d: -f1 | head -10 | while read -r line; do
  start=$((line-60))
  end=$((line+160))
  echo
  echo "## uv.lock lines $start-$end"
  sed -n "${start},${end}p" uv.lock | rg -n "starlette|sse-starlette|llama-stack" || true
done

Repository: lightspeed-core/rag-content

Length of output: 50384

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== uv.lock: starlette stanzas (name/version) - first 30 matches =="
rg -n '^name = "starlette"$' -n uv.lock | head -30 | cut -d: -f1 | while read -r line; do
  start=$((line-2))
  end=$((line+10))
  echo
  echo "-- around line $line"
  sed -n "${start},${end}p" uv.lock
done

echo
echo "== uv.lock: does it contain starlette-1.1.0 anywhere? =="
rg -n "starlette-1\.1\.0" uv.lock || true

echo
echo "== RHOAI simple/starlette/ contains starlette-1.1.0? =="
curl -sS "https://packages.redhat.com/api/pypi/public-rhai/rhoai/3.3/cpu-ubi9/simple/starlette/" \
  | rg -n "starlette-1\.1\.0" || true

echo
echo "== RHOAI simple/starlette/ all starlette versions present (limited) =="
curl -sS "https://packages.redhat.com/api/pypi/public-rhai/rhoai/3.3/cpu-ubi9/simple/starlette/" \
  | rg -o "starlette-[0-9]+\.[0-9]+\.[0-9]+" \
  | sort -u | head -30

Repository: lightspeed-core/rag-content

Length of output: 1191

---

Revisit starlette==1.1.0 override pin (likely mismatched / unjustified)

• uv.lock contains starlette versions like 1.2.0, but there’s no starlette==1.1.0 entry.
• The RHOAI wheel index listing for starlette does not include starlette-1.1.0 (response shows only versions like 0.46.2 / 0.50.0 / 0.51.0 / 0.52.1).
• llama-stack==0.6.0 depends on starlette without pinning, while this repo’s constraint is only starlette>=1.1.0, so the specific 1.1.0 pin needs a concrete reason (compat/CVE) or should be changed to a RHOAI-available version.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.konflux/requirements.overrides.txt at line 31, The override pin
"starlette==1.1.0" is likely incorrect/unavailable; update the override in
.konflux/requirements.overrides.txt by either removing the hard pin and using a
permissive constraint (e.g., "starlette>=1.1.0") or changing it to a concrete
RHOAI-available version (e.g., match versions found in uv.lock like 1.2.0), and
add a brief comment justifying a strict pin if you must keep it
(compatibility/CVE); ensure this aligns with the dependency that pulls starlette
(llama-stack==0.6.0) and re-run dependency resolution/lockfile to verify
consistency.

[tisnik]

LGTM