Fix PSIRT Vulnerability - Dependency Confusion in oneccl_bind_pt package (#13305)

* Fix PSIRT Vulnerability - Dependency Confusion in oneccl_bind_pt package

* update

---------

Co-authored-by: YongZhuIntel <[email protected]>

Author: liu-shaojun

docker/llm/serving/cpu/docker/Dockerfile

@@ -75,7 +75,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     pip install Jinja2==3.1.3 && \
     pip install torch==2.2.0 torchvision==0.17.0 torchaudio==2.2.0 --index-url https://download.pytorch.org/whl/cpu && \
     pip install intel-extension-for-pytorch==2.2.0 && \
-    pip install oneccl_bind_pt==2.2.0 --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/cpu/cn/ && \
+    pip install oneccl_bind_pt==2.2.0 --index-url https://pytorch-extension.intel.com/release-whl/stable/cpu/cn/ && \
     pip install transformers==4.36.2 && \
 # Install vllm dependencies
     pip install --upgrade fastapi && \

docs/mddocs/Quickstart/deepspeed_autotp_fastapi_quickstart.md

@@ -20,7 +20,7 @@ conda create -n llm python=3.11
 conda activate llm
 # below command will install intel_extension_for_pytorch==2.1.10+xpu as default
 pip install --pre --upgrade ipex-llm[xpu] --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/
-pip install oneccl_bind_pt==2.1.100 --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/
+pip install oneccl_bind_pt==2.1.100 --index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/
 # configures OneAPI environment variables
 source /opt/intel/oneapi/setvars.sh
 pip install git+https://github.com/microsoft/DeepSpeed.git@ed8aed5

python/llm/example/CPU/QLoRA-FineTuning/alpaca-qlora/README.md

@@ -53,7 +53,7 @@ python ./alpaca_qlora_finetuning_cpu.py \
 ```bash
 # need to run the alpaca stand-alone version first
 # for using mpirun
-pip install oneccl_bind_pt --extra-index-url https://developer.intel.com/ipex-whl-stable
+pip install oneccl_bind_pt --index-url https://developer.intel.com/ipex-whl-stable
 ```
 
 2. modify conf in `finetune_one_node_two_sockets.sh` and run

python/llm/example/CPU/Speculative-Decoding/Self-Speculation/baichuan2/README.md

@@ -69,7 +69,7 @@ To accelerate speculative decoding on CPU, optionally, you can install our valid
 ```bash
 python -m pip install torch==2.2.0 torchvision==0.17.0 torchaudio==2.2.0 --index-url https://download.pytorch.org/whl/cpu
 python -m pip install intel-extension-for-pytorch==2.2.0
-python -m pip install oneccl_bind_pt==2.2.0 --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/cpu/us/
+python -m pip install oneccl_bind_pt==2.2.0 --index-url https://pytorch-extension.intel.com/release-whl/stable/cpu/us/
 # if there is any installation problem for oneccl_binding, you can also find suitable index url at "https://pytorch-extension.intel.com/release-whl/stable/cpu/cn/" or "https://developer.intel.com/ipex-whl-stable-cpu" according to your environment.
 
 # Install other dependencies

python/llm/example/CPU/Speculative-Decoding/Self-Speculation/llama2/README.md

@@ -104,7 +104,7 @@ To accelerate speculative decoding on CPU, you can install our validated version
 # Install IPEX 2.2.0+cpu
 python -m pip install torch==2.2.0 torchvision==0.17.0 torchaudio==2.2.0 --index-url https://download.pytorch.org/whl/cpu
 python -m pip install intel-extension-for-pytorch==2.2.0
-python -m pip install oneccl_bind_pt==2.2.0 --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/cpu/us/
+python -m pip install oneccl_bind_pt==2.2.0 --index-url https://pytorch-extension.intel.com/release-whl/stable/cpu/us/
 # if there is any installation problem for oneccl_binding, you can also find suitable index url at "https://pytorch-extension.intel.com/release-whl/stable/cpu/cn/" or "https://developer.intel.com/ipex-whl-stable-cpu" according to your environment.
 
 # Update transformers

python/llm/example/CPU/Speculative-Decoding/Self-Speculation/llama3/README.md

@@ -81,7 +81,7 @@ To accelerate speculative decoding on CPU, you can install our validated version
 # Install IPEX 2.2.0+cpu
 python -m pip install torch==2.2.0 torchvision==0.17.0 torchaudio==2.2.0 --index-url https://download.pytorch.org/whl/cpu
 python -m pip install intel-extension-for-pytorch==2.2.0
-python -m pip install oneccl_bind_pt==2.2.0 --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/cpu/us/
+python -m pip install oneccl_bind_pt==2.2.0 --index-url https://pytorch-extension.intel.com/release-whl/stable/cpu/us/
 # if there is any installation problem for oneccl_binding, you can also find suitable index url at "https://pytorch-extension.intel.com/release-whl/stable/cpu/cn/" or "https://developer.intel.com/ipex-whl-stable-cpu" according to your environment.
 
 # Update transformers

python/llm/example/CPU/Speculative-Decoding/Self-Speculation/mistral/README.md

@@ -90,7 +90,7 @@ To accelerate speculative decoding on CPU, you can install our validated version
 # Install IPEX 2.2.0+cpu
 python -m pip install torch==2.2.0 torchvision==0.17.0 torchaudio==2.2.0 --index-url https://download.pytorch.org/whl/cpu
 python -m pip install intel-extension-for-pytorch==2.2.0
-python -m pip install oneccl_bind_pt==2.2.0 --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/cpu/us/
+python -m pip install oneccl_bind_pt==2.2.0 --index-url https://pytorch-extension.intel.com/release-whl/stable/cpu/us/
 # if there is any installation problem for oneccl_binding, you can also find suitable index url at "https://pytorch-extension.intel.com/release-whl/stable/cpu/cn/" or "https://developer.intel.com/ipex-whl-stable-cpu" according to your environment.
 
 # Update transformers

python/llm/example/GPU/Deepspeed-AutoTP-FastAPI/README.md

@@ -15,7 +15,7 @@ conda create -n llm python=3.11
 conda activate llm
 # below command will install intel_extension_for_pytorch==2.1.10+xpu as default
 pip install --pre --upgrade ipex-llm[xpu] --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/
-pip install oneccl_bind_pt==2.1.100 --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/
+pip install oneccl_bind_pt==2.1.100 --index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/
 # configures OneAPI environment variables
 source /opt/intel/oneapi/setvars.sh
 pip install git+https://github.com/microsoft/DeepSpeed.git@ed8aed5

python/llm/example/GPU/LLM-Finetuning/HF-PEFT/README.md

@@ -17,7 +17,7 @@ pip install --pre --upgrade ipex-llm[xpu] --extra-index-url https://pytorch-exte
 pip install transformers==4.45.0 "trl<0.12.0" datasets
 pip install bitsandbytes==0.45.1 scipy
 pip install fire peft==0.10.0
-pip install oneccl_bind_pt==2.1.100 --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/ # necessary to run distributed finetuning
+pip install oneccl_bind_pt==2.1.100 --index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/ # necessary to run distributed finetuning
 ```
 
 ### 2. Configures OneAPI environment variables

python/llm/example/GPU/LLM-Finetuning/LoRA/README.md

@@ -15,7 +15,7 @@ pip install --pre --upgrade ipex-llm[xpu] --extra-index-url https://pytorch-exte
 pip install transformers==4.45.0 "trl<0.12.0" datasets
 pip install fire peft==0.10.0
 pip install bitsandbytes==0.45.1 scipy
-pip install oneccl_bind_pt==2.1.100 --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/ # necessary to run distributed finetuning
+pip install oneccl_bind_pt==2.1.100 --index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/ # necessary to run distributed finetuning
 ```
 
 ### 2. Configures OneAPI environment variables