Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

chore: Update dependencies #97

Merged
merged 1 commit into from
Jan 20, 2025
Merged

chore: Update dependencies #97

merged 1 commit into from
Jan 20, 2025

Conversation

spolti
Copy link
Contributor

@spolti spolti commented Jan 20, 2025

chore: Fixes the following CVEs:
CVE-2023-45288 - Non-linear parsing of case-insensitive content in golang.org/x/net/html
CVE-2024-45337 - Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

Motivation

Modifications

Result

@spolti
x/net and x/crypto cves
59cd478 
chore:  Fixes the following CVEs:
        CVE-2023-45288 - Non-linear parsing of case-insensitive content in golang.org/x/net/html
        CVE-2024-45337 - Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

Signed-off-by: Spolti <fspolti@redhat.com>
rafvasq
rafvasq approved these changes Jan 20, 2025
View reviewed changes
Copy link
Member

@rafvasq rafvasq left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@rafvasq rafvasq changed the title x/net and x/crypto cves chore: Update dependencies Jan 20, 2025
@rafvasq rafvasq merged commit 729d296 into kserve:main Jan 20, 2025
3 checks passed
@spolti spolti deleted the CVE-2023-45288 branch January 20, 2025 18:31
openshift-merge-bot bot pushed a commit to opendatahub-io/modelmesh-runtime-adapter that referenced this pull request Jan 23, 2025
@spolti
Sync Upstream/main with ODH/main (#77)
d1f1532 
* feat: Make container build engine configurable (#87)

chore: Allow to run make goals provinding the desired Container Enginer
builder tool,
	e.g. `ENGINE=podman make build`

Signed-off-by: Spolti <fspolti@redhat.com>

* chore: Update dependencies

chore: Update dependencies

Signed-off-by: Spolti <fspolti@redhat.com>

* chore: Update dependencies  (kserve#97)

chore:  Fixes the following CVEs:
CVE-2023-45288 - Non-linear parsing of case-insensitive content in
golang.org/x/net/html
CVE-2024-45337 - Misuse of ServerConfig.PublicKeyCallback may cause
authorization bypass in golang.org/x/crypto

#### Motivation

#### Modifications

#### Result

Signed-off-by: Spolti <fspolti@redhat.com>

---------

Signed-off-by: Spolti <fspolti@redhat.com>
openshift-merge-bot bot pushed a commit to opendatahub-io/modelmesh-runtime-adapter that referenced this pull request Feb 20, 2025
@brettmthompson @spolti
Sync 'kserve/main' into 'odh/main' (#82)
099418b 
* feat: Make container build engine configurable (#87)

chore: Allow to run make goals provinding the desired Container Enginer
builder tool,
	e.g. `ENGINE=podman make build`

Signed-off-by: Spolti <fspolti@redhat.com>

* chore: Update dependencies

chore: Update dependencies

Signed-off-by: Spolti <fspolti@redhat.com>

* chore: Update dependencies  (kserve#97)

chore:  Fixes the following CVEs:
CVE-2023-45288 - Non-linear parsing of case-insensitive content in
golang.org/x/net/html
CVE-2024-45337 - Misuse of ServerConfig.PublicKeyCallback may cause
authorization bypass in golang.org/x/crypto

#### Motivation

#### Modifications

#### Result

Signed-off-by: Spolti <fspolti@redhat.com>

---------

Signed-off-by: Spolti <fspolti@redhat.com>
Signed-off-by: Brett Thompson <196701379+brettmthompson@users.noreply.github.com>
Co-authored-by: Filippe Spolti <fspolti@redhat.com>
openshift-merge-bot bot pushed a commit to opendatahub-io/modelmesh-runtime-adapter that referenced this pull request Feb 26, 2025
@spolti
Sync (#84)
cc545fc 
* feat: Make container build engine configurable (#87)

chore: Allow to run make goals provinding the desired Container Enginer
builder tool,
	e.g. `ENGINE=podman make build`

Signed-off-by: Spolti <fspolti@redhat.com>

* chore: Update dependencies

chore: Update dependencies

Signed-off-by: Spolti <fspolti@redhat.com>

* chore: Update dependencies  (kserve#97)

chore:  Fixes the following CVEs:
CVE-2023-45288 - Non-linear parsing of case-insensitive content in
golang.org/x/net/html
CVE-2024-45337 - Misuse of ServerConfig.PublicKeyCallback may cause
authorization bypass in golang.org/x/crypto

#### Motivation

#### Modifications

#### Result

Signed-off-by: Spolti <fspolti@redhat.com>

* Upgrade python to 3.11 (kserve#98)

chore:	Update python to 3.11 in preparation of UBI9 upgrade.

#### Motivation

#### Modifications

#### Result

Signed-off-by: Spolti <fspolti@redhat.com>

---------

Signed-off-by: Spolti <fspolti@redhat.com>
spolti added a commit to spolti/modelmesh-runtime-adapter that referenced this pull request Mar 3, 2025
@spolti
chore: Update dependencies (kserve#97)
64677e7 
chore:  Fixes the following CVEs:
CVE-2023-45288 - Non-linear parsing of case-insensitive content in
golang.org/x/net/html
CVE-2024-45337 - Misuse of ServerConfig.PublicKeyCallback may cause
authorization bypass in golang.org/x/crypto

#### Motivation

#### Modifications

#### Result

Signed-off-by: Spolti <fspolti@redhat.com>
spolti added a commit to spolti/modelmesh-runtime-adapter that referenced this pull request Mar 3, 2025
@spolti
chore: Update dependencies (kserve#97)
f0c2d4b 
chore:  Fixes the following CVEs:
CVE-2023-45288 - Non-linear parsing of case-insensitive content in
golang.org/x/net/html
CVE-2024-45337 - Misuse of ServerConfig.PublicKeyCallback may cause
authorization bypass in golang.org/x/crypto

Signed-off-by: Spolti <fspolti@redhat.com>
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@rafvasq rafvasq rafvasq approved these changes

@terrytangyuan terrytangyuan Awaiting requested review from terrytangyuan

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@spolti @rafvasq