Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Update dependencies #97

Merged
merged 1 commit into from
Jan 20, 2025
Merged

chore: Update dependencies #97

merged 1 commit into from
Jan 20, 2025

Conversation

spolti
Copy link
Contributor

@spolti spolti commented Jan 20, 2025

chore: Fixes the following CVEs:
CVE-2023-45288 - Non-linear parsing of case-insensitive content in golang.org/x/net/html
CVE-2024-45337 - Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

Motivation

Modifications

Result

@spolti
x/net and x/crypto cves
59cd478 
chore:  Fixes the following CVEs:
        CVE-2023-45288 - Non-linear parsing of case-insensitive content in golang.org/x/net/html
        CVE-2024-45337 - Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

Signed-off-by: Spolti <[email protected]>
rafvasq
rafvasq approved these changes Jan 20, 2025
View reviewed changes
Copy link
Member

@rafvasq rafvasq left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@rafvasq rafvasq changed the title x/net and x/crypto cves chore: Update dependencies Jan 20, 2025
@rafvasq rafvasq merged commit 729d296 into kserve:main Jan 20, 2025
3 checks passed
@spolti spolti deleted the CVE-2023-45288 branch January 20, 2025 18:31
openshift-merge-bot bot pushed a commit to opendatahub-io/modelmesh-runtime-adapter that referenced this pull request Jan 23, 2025
@spolti
Sync Upstream/main with ODH/main (#77)
d1f1532 
* feat: Make container build engine configurable (#87)

chore: Allow to run make goals provinding the desired Container Enginer
builder tool,
	e.g. `ENGINE=podman make build`

Signed-off-by: Spolti <[email protected]>

* chore: Update dependencies

chore: Update dependencies

Signed-off-by: Spolti <[email protected]>

* chore: Update dependencies  (kserve#97)

chore:  Fixes the following CVEs:
CVE-2023-45288 - Non-linear parsing of case-insensitive content in
golang.org/x/net/html
CVE-2024-45337 - Misuse of ServerConfig.PublicKeyCallback may cause
authorization bypass in golang.org/x/crypto

#### Motivation

#### Modifications

#### Result

Signed-off-by: Spolti <[email protected]>

---------

Signed-off-by: Spolti <[email protected]>
openshift-merge-bot bot pushed a commit to opendatahub-io/modelmesh-runtime-adapter that referenced this pull request Feb 20, 2025
@brettmthompson @spolti
Sync 'kserve/main' into 'odh/main' (#82)
099418b 
* feat: Make container build engine configurable (#87)

chore: Allow to run make goals provinding the desired Container Enginer
builder tool,
	e.g. `ENGINE=podman make build`

Signed-off-by: Spolti <[email protected]>

* chore: Update dependencies

chore: Update dependencies

Signed-off-by: Spolti <[email protected]>

* chore: Update dependencies  (kserve#97)

chore:  Fixes the following CVEs:
CVE-2023-45288 - Non-linear parsing of case-insensitive content in
golang.org/x/net/html
CVE-2024-45337 - Misuse of ServerConfig.PublicKeyCallback may cause
authorization bypass in golang.org/x/crypto

#### Motivation

#### Modifications

#### Result

Signed-off-by: Spolti <[email protected]>

---------

Signed-off-by: Spolti <[email protected]>
Signed-off-by: Brett Thompson <[email protected]>
Co-authored-by: Filippe Spolti <[email protected]>
openshift-merge-bot bot pushed a commit to opendatahub-io/modelmesh-runtime-adapter that referenced this pull request Feb 26, 2025
@spolti
Sync (#84)
cc545fc 
* feat: Make container build engine configurable (#87)

chore: Allow to run make goals provinding the desired Container Enginer
builder tool,
	e.g. `ENGINE=podman make build`

Signed-off-by: Spolti <[email protected]>

* chore: Update dependencies

chore: Update dependencies

Signed-off-by: Spolti <[email protected]>

* chore: Update dependencies  (kserve#97)

chore:  Fixes the following CVEs:
CVE-2023-45288 - Non-linear parsing of case-insensitive content in
golang.org/x/net/html
CVE-2024-45337 - Misuse of ServerConfig.PublicKeyCallback may cause
authorization bypass in golang.org/x/crypto

#### Motivation

#### Modifications

#### Result

Signed-off-by: Spolti <[email protected]>

* Upgrade python to 3.11 (kserve#98)

chore:	Update python to 3.11 in preparation of UBI9 upgrade.

#### Motivation

#### Modifications

#### Result

Signed-off-by: Spolti <[email protected]>

---------

Signed-off-by: Spolti <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rafvasq rafvasq rafvasq approved these changes

@terrytangyuan terrytangyuan Awaiting requested review from terrytangyuan

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@spolti @rafvasq