Fix python-dotenv vulnerability in ACFT environments (#5014)

Upgrade python-dotenv in the /opt/conda Python 3.13 environment for the affected curated images so Qualys QID 5011346 is remediated.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: neilyan-msft

assets/training/finetune_acft_hf_nlp/environments/acpt-draft/context/Dockerfile

@@ -22,6 +22,8 @@ RUN pip install xgrammar==0.1.32
 # GHSA-69w3-r845-3855 (CVE-2026-1839): arbitrary code execution in Trainer class;
 # patched only in transformers>=5.0.0rc3. Upgrading to latest stable 5.x.
 RUN pip install transformers==5.5.4
+# python-dotenv in /opt/conda Python 3.13 ships as vulnerable 1.2.1 in the base image.
+RUN /opt/conda/bin/python3.13 -m pip install --no-cache-dir --upgrade 'python-dotenv>=1.2.2'
 # clean conda and pip caches
 RUN rm -rf ~/.cache/pip
 COPY loss /opt/conda/envs/ptca/lib/python3.10/site-packages/specforge/core/loss.py

assets/training/finetune_acft_image/environments/acft_image_medimageinsight_adapter_finetune/context/Dockerfile

@@ -17,5 +17,7 @@ RUN pip install -r requirements.txt --no-cache-dir
 # python-dotenv: mlflow → mlflow-skinny → python-dotenv<2,>=0.19.0;
 #   mlflow 3.11.1 (latest as of 2026-05-04) allows >=1.2.2 but pip may resolve older (GHSA-mf9w-mj56-hr94)
 RUN pip install --no-cache-dir --upgrade 'pyasn1>=0.6.3' 'Mako>=1.3.11' 'python-dotenv>=1.2.2'
+# python-dotenv in /opt/conda Python 3.13 also ships as vulnerable 1.2.1 in the base image.
+RUN /opt/conda/bin/python3.13 -m pip install --no-cache-dir --upgrade 'python-dotenv>=1.2.2'
 
 RUN conda clean -a -y && rm -rf /opt/miniconda/pkgs/