Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump odh 0.12.rc0 to rhoai main branch #10

Merged
merged 33 commits into from
May 21, 2024
Merged

Bump odh 0.12.rc0 to rhoai main branch #10

merged 33 commits into from
May 21, 2024

Conversation

Jooho
Copy link

@Jooho Jooho commented May 21, 2024

Bump odh 0.12.rc0 to rhoai main branch

spolti and others added 30 commits October 19, 2023 14:52
@spolti
[RHODS-12555] - CVE-2023-44487
35dcc34 
Plus:

Fixes lint issues:

- Can't run linter goanalysis_metalinter: goanalysis_metalinter: buildir: package "netip" (isInitialPkg: false, needAnalyzeSource: true): in net/netip.AddrFromSlice: cannot convert Load <[]byte> t0 ([]byte) to [4]byte

Warnings:

WARN [runner] The linter 'structcheck' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused.
WARN [runner] The linter 'deadcode' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused.
WARN [runner] The linter 'varcheck' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused.

Signed-off-by: Spolti <[email protected]>
@openshift-ci
Merge pull request opendatahub-io#20 from spolti/RHODS-12555
4c5fb80 
[RHODS-12555] - CVE-2023-44487
@ckadner
chore: Add CodeQL configuration (opendatahub-io#29)
36cb079 
Add configuration file for CodeQL vulnerability scanning.

Signed-off-by: Christian Kadner <[email protected]>
@rafvasq
fix: Specify Python 3.8 in Dockerfile (opendatahub-io#34)
7b8af3d 
Specify and link python38 to fix build/test failures due to
the wrong Python version (3.6) being used from base image.

---------

Signed-off-by: Rafael Vasquez <[email protected]>
@rafvasq @spolti
fix: Specify Python 3.8 in Dockerfile (opendatahub-io#34)
7d17855 
Specify and link python38 to fix build/test failures due to
the wrong Python version (3.6) being used from base image.

---------

Signed-off-by: Rafael Vasquez <[email protected]>
@openshift-merge-bot
Merge pull request opendatahub-io#25 from spolti/fixCi
b30e426 
fix: Specify Python 3.8 in Dockerfile (opendatahub-io#34)
@spolti
Fix github.com/elazarl/goproxy Denial of Service
e499d5d 
Signed-off-by: Spolti <[email protected]>
@openshift-merge-bot
Merge pull request opendatahub-io#24 from spolti/goproxy
09e54c6 
Fix github.com/elazarl/goproxy Denial of Service
@spolti
chore(deps): Upgrade golang.org/x/net and golang.org/grpc (opendatahu…
e2857ff 
…b-io#30)

Issues addressed:
- https://github.com/kserve/rest-proxy/security/dependabot/1
- https://github.com/kserve/rest-proxy/security/dependabot/2
- https://github.com/kserve/rest-proxy/security/dependabot/3
- https://github.com/kserve/rest-proxy/security/dependabot/4
- https://github.com/kserve/rest-proxy/security/dependabot/5
- https://www.cve.org/CVERecord?id=CVE-2023-37788

---------

Signed-off-by: Spolti <[email protected]>
@spolti
chore: Upgrade Golang version from 1.18 to 1.19 (opendatahub-io#28)
61dc700 
- Remove the linters for "deadcode", "structcheck", "varcheck"
- Use "os" packages instead of deprecated "io/ioutil" (SA1019)
- Capture pre-commit output in a local log file

---------

Signed-off-by: Spolti <[email protected]>
@spolti
chore: Upgrade google.golang.org/protobuf
2f63e34 
chore: Fixes google.golang.org/protobuf Stack-based Buffer Overflow

https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFENCODINGPROTOJSON-6137908

Signed-off-by: Spolti <[email protected]>
@spolti
chore: Upgrade golang.org/x/crypto (opendatahub-io#36)
513a3f2 
chore:	address the following CVE:
- [CVE-2023-48795](https://www.cve.org/CVERecord?id=CVE-2023-48795):
golang.org/x/crypto Authentication Bypass by Capture-replay

---------

Signed-off-by: Spolti <[email protected]>
@spolti
[RHODS-12555] - CVE-2023-44487
918f79c 
Plus:

Fixes lint issues:

- Can't run linter goanalysis_metalinter: goanalysis_metalinter: buildir: package "netip" (isInitialPkg: false, needAnalyzeSource: true): in net/netip.AddrFromSlice: cannot convert Load <[]byte> t0 ([]byte) to [4]byte

Warnings:

WARN [runner] The linter 'structcheck' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused.
WARN [runner] The linter 'deadcode' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused.
WARN [runner] The linter 'varcheck' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused.

Signed-off-by: Spolti <[email protected]>
@rafvasq @spolti
fix: Specify Python 3.8 in Dockerfile (opendatahub-io#34)
da70aa6 
Specify and link python38 to fix build/test failures due to
the wrong Python version (3.6) being used from base image.

---------

Signed-off-by: Rafael Vasquez <[email protected]>
Signed-off-by: Spolti <[email protected]>
@spolti
Fix github.com/elazarl/goproxy Denial of Service
a485071 
Signed-off-by: Spolti <[email protected]>
@ckadner @spolti
chore: Add CodeQL configuration (opendatahub-io#29)
c750c98 
Add configuration file for CodeQL vulnerability scanning.

Signed-off-by: Christian Kadner <[email protected]>
Signed-off-by: Spolti <[email protected]>
@spolti
chore(deps): Upgrade golang.org/x/net and golang.org/grpc (opendatahu…
11c52d0 
…b-io#30)

Issues addressed:
- https://github.com/kserve/rest-proxy/security/dependabot/1
- https://github.com/kserve/rest-proxy/security/dependabot/2
- https://github.com/kserve/rest-proxy/security/dependabot/3
- https://github.com/kserve/rest-proxy/security/dependabot/4
- https://github.com/kserve/rest-proxy/security/dependabot/5
- https://www.cve.org/CVERecord?id=CVE-2023-37788

---------

Signed-off-by: Spolti <[email protected]>
@spolti
chore: Upgrade Golang version from 1.18 to 1.19 (opendatahub-io#28)
2884d60 
- Remove the linters for "deadcode", "structcheck", "varcheck"
- Use "os" packages instead of deprecated "io/ioutil" (SA1019)
- Capture pre-commit output in a local log file

---------

Signed-off-by: Spolti <[email protected]>
@spolti
chore: Upgrade google.golang.org/protobuf
bd494fe 
chore: Fixes google.golang.org/protobuf Stack-based Buffer Overflow

https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFENCODINGPROTOJSON-6137908

Signed-off-by: Spolti <[email protected]>
@spolti
chore: Upgrade golang.org/x/crypto (opendatahub-io#36)
51ba6d1 
chore:	address the following CVE:
- [CVE-2023-48795](https://www.cve.org/CVERecord?id=CVE-2023-48795):
golang.org/x/crypto Authentication Bypass by Capture-replay

---------

Signed-off-by: Spolti <[email protected]>
@spolti
Merge branch 'main' into sync
6d147f8 
Signed-off-by: Filippe Spolti <[email protected]>
@openshift-merge-bot
Merge pull request opendatahub-io#26 from spolti/sync
b8ecd15 
sync kserve/rest-proxy with odh/rest-proxy
@heyselbi
Update OWNERS
066ed25 
Signed-off-by: Selbi Nuryyeva <[email protected]>
@openshift-merge-bot
Merge pull request opendatahub-io#34 from heyselbi/main
ed6f3d2 
Update OWNERS in main branch
@spolti
chore: Make the builder configurable in the Makefile (opendatahub-io#35)
4d8e991 
Some developers might not have the `docker` CLI installed anymore.
Configurable builder allows to build using `podman` or `buildah`.
It can be invoked like this: `ENGINE=podman make build`

---------

Signed-off-by: Spolti <[email protected]>
Signed-off-by: Filippe Spolti <[email protected]>
@spolti
Merge branch 'upstream main' into odh main
050bcb5
@openshift-merge-bot
Merge pull request opendatahub-io#37 from spolti/sync1
6c74cb0 
Sync1
@israel-hdez
chore: update google.golang.org/protobuf to v1.33.0 (opendatahub-io#40)
9ce55d4 
This is to move away from CVE-20204-24786: infinite loop vulnerability.

Signed-off-by: Edgar Hernández <[email protected]>
@rpancham
Add Tag and Release workflow
79bd03b 
Signed-off-by: rpancham <[email protected]>
@openshift-merge-bot
Merge pull request opendatahub-io#42 from rpancham/tagrversion
2389140 
Add Tag and Release workflow
spolti and others added 3 commits April 18, 2024 13:58
@spolti
chore: Update golang.org/x/net (opendatahub-io#41)
c5a4f74 
[RHOAIENG-5424] - golang.org/x/net Allocation of Resources Without
Limits or Throttling

chore: Fixes
[CVE-2023-45288](https://www.cve.org/CVERecord?id=CVE-2023-45288)

Signed-off-by: Spolti <[email protected]>
@openshift-merge-bot
Merge pull request opendatahub-io#39 from kserve/main
61eb922 
[pull] main from kserve:main
Merge branch 'odh_0.12.0-rc0' into 0.12.rc0-sync
975bbc7
@Jooho Jooho merged commit 5ccb5b9 into red-hat-data-services:main May 21, 2024
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@Jooho @spolti @ckadner @rafvasq @heyselbi @israel-hdez @rpancham