update(dep): change mooncake-transfer-engine pip version to 0.3.7.post2

[stmatengss]

Overview:

Details:

Where should the reviewer start?

Related Issues: (use one of the action keywords Closes / Fixes / Resolves / Relates to)

• closes GitHub issue: #xxx

Summary by CodeRabbit

• Chores
  • Updated build dependencies to ensure optimal performance and stability.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[github-actions]

👋 Hi stmatengss! Thank you for contributing to ai-dynamo/dynamo.

Just a reminder: The NVIDIA Test Github Validation CI runs an essential subset of the testing framework to quickly catch errors.Your PR reviewers may elect to test the changes comprehensively before approving your changes.

🚀

[coderabbitai]

Walkthrough

The Dockerfile for sglang is updated to bump the mooncake-transfer-engine dependency version from 0.3.6.post1 to 0.3.7.post2. This is a single dependency version increment with no logic or control flow modifications.

Changes

Cohort / File(s)	Summary
Dependency Version Update container/Dockerfile.sglang	Bumped mooncake-transfer-engine from 0.3.6.post1 to 0.3.7.post2

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A tiny hop, a version bump so neat,
From .post1 to .post2, the update's sweet!
The mooncake engine runs faster still,
With dependencies fresh—just one small thrill! 🌙✨

Pre-merge checks

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description contains only the empty template with no actual content filled in—all sections lack substantive information about the changes.	Fill in the Overview, Details, and Where should the reviewer start sections with meaningful information about why the dependency was updated and any testing performed.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically summarizes the main change: updating a dependency version from 0.3.6.post1 to 0.3.7.post2.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0e1efb8 and 083cc79.

📒 Files selected for processing (1)

• container/Dockerfile.sglang (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Build and Test - dynamo

🔇 Additional comments (1)

container/Dockerfile.sglang (1)

576-579: Verify package version availability before merging.

The version 0.3.7.post2 could not be confirmed through available resources (PyPI is inaccessible). Security vulnerabilities CVE-2025-29783 and CVE-2025-32444 exist related to vLLM's Mooncake integration due to unsafe deserialization over unsecured ZeroMQ sockets, but these are integration-specific issues in vLLM, not direct vulnerabilities in the mooncake-transfer-engine package itself. CVE-2025-29783 is fixed in version 0.8.0 of Mooncake, so ensure the installed version addresses any relevant security concerns for your use case.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}