[Snyk] Security upgrade python from 3.7 to 3.12.5 #231
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…nclude node affinities and pod (anti)affinities (kubeflow#10583) * feat(kubernetes_platform): Update kubernetes_platform go package to include nodeaffinities and pod (anti)affinities Signed-off-by: Cornelis Boon <cjidboon94@gmail.com> * rename affinity objects and fields to match k8s spec semantics Signed-off-by: Cornelis Boon <cjidboon94@gmail.com> * rename *AffinityRule -> *AffinityTerm and add missing affinity data Signed-off-by: Cornelis Boon <cjidboon94@gmail.com> --------- Signed-off-by: Cornelis Boon <cjidboon94@gmail.com>
…elines PiperOrigin-RevId: 619378459
…rboard_id` is provided PiperOrigin-RevId: 619646459
PiperOrigin-RevId: 619665186
…model if user uploaded model is non-tuned PiperOrigin-RevId: 619714978
PiperOrigin-RevId: 619744783
PiperOrigin-RevId: 619748191
PiperOrigin-RevId: 619982662
PiperOrigin-RevId: 619990671
…ent (kubeflow#10637) Signed-off-by: tomcli <tommy.chaoping.li@ibm.com>
…f_pipeline PiperOrigin-RevId: 620516628
PiperOrigin-RevId: 620699930
PiperOrigin-RevId: 620855438
PiperOrigin-RevId: 621215497
Signed-off-by: tomcli <tommy.chaoping.li@ibm.com>
…pdated API Service Params (kubeflow#10640) * fix(backend): Refactor backend common code to use updated API Service Params Signed-off-by: Giulio Frasca <gfrasca@redhat.com> * fix(backend): Fix Backend int tests to use updated API Service Params Signed-off-by: Giulio Frasca <gfrasca@redhat.com> * WIP: fix(backend): Manually correct the proto schemes to include https - **NOTE**: this was manually updated, tested, and verified locally uploading for CI check - It appears when regenerating the backend API, something in the generation libraries changed and now default the scheme to just http, not http+https, which appears to break tests. - Need to figure out what options to provide api generators to revert DefaultScheme to include https again automatically Signed-off-by: Giulio Frasca <gfrasca@redhat.com> * chore: Update small syntax change in SWF expected test result check Signed-off-by: Giulio Frasca <gfrasca@redhat.com> * chore: Update backend .proto files to include http and https scheme Signed-off-by: Giulio Frasca <gfrasca@redhat.com> --------- Signed-off-by: Giulio Frasca <gfrasca@redhat.com>
kubeflow#10550) * fix(Backend + SDK): Add missing optional field to SecretAsVolume and ConfigMapAsVolume. Signed-off-by: Revital Sur <eres@il.ibm.com> * Update after rebase. Signed-off-by: Revital Sur <eres@il.ibm.com> * Update after rebase. Signed-off-by: Revital Sur <eres@il.ibm.com> * Update after merge. Signed-off-by: Revital Sur <eres@il.ibm.com> * Updates after merge with master branch. Signed-off-by: Revital Sur <eres@il.ibm.com> --------- Signed-off-by: Revital Sur <eres@il.ibm.com>
…rt of kubeflow#10053 (kubeflow#10087) * refactor ml-pipeline component for kustomize5 compatibility Signed-off-by: Alin Spinu <spinualin@gmail.com> * rm bk folder Signed-off-by: Alin Spinu <spinualin@gmail.com> * fix kustomizations using auto kustomize edit Signed-off-by: Alin Spinu <spinualin@gmail.com> * fix env/aws Signed-off-by: Alin Spinu <spinualin@gmail.com> * fix kustomize version v5.0.3 in tests Signed-off-by: Alin Spinu <spinualin@gmail.com> * minor changes to manifest apply method in pipeline deployment script Signed-off-by: Alin Spinu <spinualin@gmail.com> * fix Signed-off-by: Alin Spinu <spinualin@gmail.com> * fix kustomize release Signed-off-by: Alin Spinu <spinualin@gmail.com> * fix archive Signed-off-by: Alin Spinu <spinualin@gmail.com> * fix bin Signed-off-by: Alin Spinu <spinualin@gmail.com> * replace patchStrategicMerge refs in test manifests Signed-off-by: Alin Spinu <spinualin@gmail.com> * replace kustomize version with 5.2.1 Signed-off-by: Alin Spinu <spinualin@gmail.com> * replace all kustomize versions with 5.2.1 Signed-off-by: Alin Spinu <spinualin@gmail.com> --------- Signed-off-by: Alin Spinu <spinualin@gmail.com>
…ification eval pipeline PiperOrigin-RevId: 621897220
PiperOrigin-RevId: 621998414
…ubeflow#10575) Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.6.1 to 1.15.6. - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.6.1...v1.15.6) --- updated-dependencies: - dependency-name: follow-redirects dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ver/visualization (kubeflow#10658) Bumps [pillow](https://github.com/python-pillow/Pillow) from 10.0.1 to 10.3.0. - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@10.0.1...10.3.0) --- updated-dependencies: - dependency-name: pillow dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…esolve_upload_location from function_based PiperOrigin-RevId: 622081254
…w#10639) Bumps [express](https://github.com/expressjs/express) from 4.18.2 to 4.19.2. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) --- updated-dependencies: - dependency-name: express dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Chen Sun <chensun@users.noreply.github.com>
… `chat` variants of `bison@001` with the `preview.llm.rlhf_pipeline` PiperOrigin-RevId: 622229648
…/server (kubeflow#10574) Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.5.10 to 1.15.6. - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.5.10...v1.15.6) --- updated-dependencies: - dependency-name: follow-redirects dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…low#10659) these samples currently only work on the Google Cloud distribution because of hardcoded secret name that only pre-exists there. 1 extract the hardcoded secret name to a const to make it a little easier to change 2 add a note about it. Signed-off-by: Greg Sheremeta <gshereme@redhat.com>
* remove deprecated ibm components Signed-off-by: tomcli <tommy.chaoping.li@ibm.com> * update linkage to the ibm components Signed-off-by: tomcli <tommy.chaoping.li@ibm.com> --------- Signed-off-by: tomcli <tommy.chaoping.li@ibm.com>
PiperOrigin-RevId: 623200033
Signed-off-by: Chen Sun <chensun@users.noreply.github.com>
Signed-off-by: Chen Sun <chensun@users.noreply.github.com>
…ow#11191) Signed-off-by: Chen Sun <chensun@users.noreply.github.com>
Gh tide integration
…ubmit_result/Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN12-GLIBC-5927132 - https://snyk.io/vuln/SNYK-DEBIAN12-GLIBC-5927132 - https://snyk.io/vuln/SNYK-DEBIAN12-GLIBC-5927132 - https://snyk.io/vuln/SNYK-DEBIAN12-GLIBC-5927132 - https://snyk.io/vuln/SNYK-DEBIAN12-NGHTTP2-5953379
VaniHaripriya
force-pushed
the
master
branch
from
2d860af
to
a8fbbd2
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to fix 2 vulnerabilities in the dockerfile dependencies of this project.
Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.
Snyk changed the following file(s):
samples/contrib/versioned-pipeline-ci-samples/kaggle-ci-sample/submit_result/DockerfileWe recommend upgrading to
python:3.12.5, as this image has only 197 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.Vulnerabilities that will be fixed with an upgrade:
SNYK-DEBIAN12-GLIBC-5927132
SNYK-DEBIAN12-GLIBC-5927132
SNYK-DEBIAN12-GLIBC-5927132
SNYK-DEBIAN12-GLIBC-5927132
SNYK-DEBIAN12-NGHTTP2-5953379
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.