[Snyk] Security upgrade python from 3.6 to 3.12.5 #243
+170,218
−64,129
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…rt of kubeflow#10053 (kubeflow#10087) * refactor ml-pipeline component for kustomize5 compatibility Signed-off-by: Alin Spinu <spinualin@gmail.com> * rm bk folder Signed-off-by: Alin Spinu <spinualin@gmail.com> * fix kustomizations using auto kustomize edit Signed-off-by: Alin Spinu <spinualin@gmail.com> * fix env/aws Signed-off-by: Alin Spinu <spinualin@gmail.com> * fix kustomize version v5.0.3 in tests Signed-off-by: Alin Spinu <spinualin@gmail.com> * minor changes to manifest apply method in pipeline deployment script Signed-off-by: Alin Spinu <spinualin@gmail.com> * fix Signed-off-by: Alin Spinu <spinualin@gmail.com> * fix kustomize release Signed-off-by: Alin Spinu <spinualin@gmail.com> * fix archive Signed-off-by: Alin Spinu <spinualin@gmail.com> * fix bin Signed-off-by: Alin Spinu <spinualin@gmail.com> * replace patchStrategicMerge refs in test manifests Signed-off-by: Alin Spinu <spinualin@gmail.com> * replace kustomize version with 5.2.1 Signed-off-by: Alin Spinu <spinualin@gmail.com> * replace all kustomize versions with 5.2.1 Signed-off-by: Alin Spinu <spinualin@gmail.com> --------- Signed-off-by: Alin Spinu <spinualin@gmail.com>
…ification eval pipeline PiperOrigin-RevId: 621897220
PiperOrigin-RevId: 621998414
…ubeflow#10575) Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.6.1 to 1.15.6. - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.6.1...v1.15.6) --- updated-dependencies: - dependency-name: follow-redirects dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ver/visualization (kubeflow#10658) Bumps [pillow](https://github.com/python-pillow/Pillow) from 10.0.1 to 10.3.0. - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@10.0.1...10.3.0) --- updated-dependencies: - dependency-name: pillow dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…esolve_upload_location from function_based PiperOrigin-RevId: 622081254
…w#10639) Bumps [express](https://github.com/expressjs/express) from 4.18.2 to 4.19.2. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) --- updated-dependencies: - dependency-name: express dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Chen Sun <chensun@users.noreply.github.com>
… `chat` variants of `bison@001` with the `preview.llm.rlhf_pipeline` PiperOrigin-RevId: 622229648
…/server (kubeflow#10574) Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.5.10 to 1.15.6. - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.5.10...v1.15.6) --- updated-dependencies: - dependency-name: follow-redirects dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…low#10659) these samples currently only work on the Google Cloud distribution because of hardcoded secret name that only pre-exists there. 1 extract the hardcoded secret name to a const to make it a little easier to change 2 add a note about it. Signed-off-by: Greg Sheremeta <gshereme@redhat.com>
* remove deprecated ibm components Signed-off-by: tomcli <tommy.chaoping.li@ibm.com> * update linkage to the ibm components Signed-off-by: tomcli <tommy.chaoping.li@ibm.com> --------- Signed-off-by: tomcli <tommy.chaoping.li@ibm.com>
PiperOrigin-RevId: 623200033
…#10605) * feat(sdk+backend): Add add_ephemeral_volume method to python sdk + add support to backend Signed-off-by: abaland <abaland@indeed.com> * feat(sdk+backend): Add add_ephemeral_volume method to python sdk + add support to backend Signed-off-by: abaland <abaland@indeed.com> * chore: upgrade go module + go mod tidy Signed-off-by: abaland <abaland@indeed.com> * chore: upgrade license files Signed-off-by: abaland <abaland@indeed.com> --------- Signed-off-by: abaland <abaland@indeed.com>
…ith the `preview.llm.rlhf_pipeline` PiperOrigin-RevId: 623336791
…0689) Signed-off-by: tomcli <tommy.chaoping.li@ibm.com>
Signed-off-by: connor-mccarthy <mccarthy.connor.james@gmail.com>
…ow#10693) Signed-off-by: connor-mccarthy <mccarthy.connor.james@gmail.com>
…low#10671) Signed-off-by: Cornelis Boon <cjidboon94@gmail.com>
PiperOrigin-RevId: 624348564
PiperOrigin-RevId: 625114315
* Merge kfp-tekton backend code Signed-off-by: Ricardo M. Oliveira <rmartine@redhat.com> * Add swf work Signed-off-by: Ricardo M. Oliveira <rmartine@redhat.com> --------- Signed-off-by: Ricardo M. Oliveira <rmartine@redhat.com>
* pull argo v3.4.16 upstream Signed-off-by: Giulio Frasca <gfrasca@redhat.com> * upgrade to Argo v3.4.16 Signed-off-by: Giulio Frasca <gfrasca@redhat.com> * Update ValidateWorkflow calls Signed-off-by: Giulio Frasca <gfrasca@redhat.com> * Add NodeStatus pod name retrieval function - Argo 3.4.16 upgrade introduces a breaking change with inconsistent node.ID vs node.Name - introduce a function in workflow.go to conditionally handle this Signed-off-by: Giulio Frasca <gfrasca@redhat.com> * Remove PNS Executor manifests and containerRuntimeExecutor ConfigMap Key - PNS Executor was removed in Argo v3.4, so manifests no longer valid - WorkflowController will fail to start if `containerRuntimeExecutor` provided as input parameter, so remove from WC ConfigMap and CM patches Signed-off-by: Giulio Frasca <gfrasca@redhat.com> * fix(frontend): Fix Sidebar tabs to work with argo pod name-id mismatch - Stemming from upgrade to argo 3.4, Pod Name is no longer always the same as NodeID, which breaks a few tabs (PodInfo, PodEvents and PodLogs). Add function to address this Signed-off-by: Giulio Frasca <gfrasca@redhat.com> * test: update frontend CI to accommodate pod id/name changes Signed-off-by: Giulio Frasca <gfrasca@redhat.com> --------- Signed-off-by: Giulio Frasca <gfrasca@redhat.com>
…her config for object store paths (kubeflow#10625) * add bucket session info to pipeline context Signed-off-by: Humair Khan <HumairAK@users.noreply.github.com> * allow driver to read bucket session info Instead of only reading the kfp-launcher when a custom pipeline root is specified, the root dag will now always read the kfp-launcher config to search for a matching bucket if such a configuration is provided in kfp-launcher Signed-off-by: Humair Khan <HumairAK@users.noreply.github.com> * add support for bucket prefix matching Provides a structured configuration for bucket providers, whereby user can specify credentials for different providers and path prefixes. A new interface for providing sessions is introduced, which should be implemented for any new provider configuration support. Signed-off-by: Humair Khan <HumairAK@users.noreply.github.com> * allow object store to handle different providers Utilizes blob provider specific constructors to open s3, minio, gcs accordingly. If a sessioninfo is provided (via kfp-launcher config) then the associated secret is fetched for each case to gain credentials. If fromEnv is provided, then the standard url opener is used. Also separates out config fields and operations to a separate file. Signed-off-by: Humair Khan <HumairAK@users.noreply.github.com> * utilize session info in launcher & importer retrieves the session info (if provided via kfp-launcher) and utilizes it for opening the provider's associated bucket Signed-off-by: Humair Khan <HumairAK@users.noreply.github.com> * skip config for default aws s3 endpoint Signed-off-by: Humair Khan <HumairAK@users.noreply.github.com> * chore: refactor/clarify store session info naming also added some additional code comments clarifying store cred variable usage Signed-off-by: Humair Khan <HumairAK@users.noreply.github.com> * chore: handle query parameters as s3 as well as update validation logic for provider config, and fix tests accordingly. Signed-off-by: Humair Khan <HumairAK@users.noreply.github.com> --------- Signed-off-by: Humair Khan <HumairAK@users.noreply.github.com>
…ver/visualization (kubeflow#10700) Bumps [sqlparse](https://github.com/andialbrecht/sqlparse) from 0.4.4 to 0.5.0. - [Changelog](https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG) - [Commits](andialbrecht/sqlparse@0.4.4...0.5.0) --- updated-dependencies: - dependency-name: sqlparse dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…cessor component PiperOrigin-RevId: 625496222
PiperOrigin-RevId: 625739392
…uri to rlhf_preprocessor component PiperOrigin-RevId: 626080295
… classification component to fix incorrect column names for bigquery data source PiperOrigin-RevId: 626436329
…, NETWORK_PLACEHOLDER, PERSISTENT_RESOURCE_ID_PLACEHOLDER and ENCYRPTION_SPEC_KMS_KEY_NAME_PLACEHOLDER. In addition, use PERSISTENT_RESOURCE_ID_PLACEHOLDER as the default value of persistent_resource_id for CustomTrainingJobOp and create_custom_training_job_op_from_component. With this change, custom job created without explicitly setting persistent_resource_id will inherit job level persistent_resource_id, if Persistent Resource is set as job level runtime PiperOrigin-RevId: 627113501
Gh tide integration
update test
update test
update test
update test
update test
…erabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133 - https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133 - https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133 - https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133 - https://snyk.io/vuln/SNYK-DEBIAN11-LIBWEBP-5893094
VaniHaripriya
force-pushed
the
master
branch
2 times, most recently
from
2d860af
to
a8fbbd2
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to fix 2 vulnerabilities in the dockerfile dependencies of this project.
Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.
Snyk changed the following file(s):
samples/contrib/nvidia-resnet/pipeline/DockerfileWe recommend upgrading to
python:3.12.5, as this image has only 197 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.Vulnerabilities that will be fixed with an upgrade:
SNYK-DEBIAN11-GLIBC-5927133
SNYK-DEBIAN11-GLIBC-5927133
SNYK-DEBIAN11-GLIBC-5927133
SNYK-DEBIAN11-GLIBC-5927133
SNYK-DEBIAN11-LIBWEBP-5893094
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.