-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Follow-up: Address remaining "High" vulnerabilities in KServe repo from SNYK scans #91
Comments
SNYK also creates automatic PRs which might be of use: |
Fix in: #93
|
I cannot deactivate the other python entries that we are not using. Deactivating does not remove from the list... Maybe we can keep as is, since those still will introduce noise? |
Upstream PR: kserve#3157 |
Downstream commit that is part of rhods 1.34: red-hat-data-services@820006e Closing the issue. The kserve upstream issue, whenever it is merged, will be part of new kserve release. |
If these files are not used, could they be deleted? @israel-hdez What about |
https://kserve.github.io/website/0.11/reference/api/
My rationale for not deleting, is that upstream community DO use that code and they maintain it. We could delete these files, but by doing so we introduce a point of conflict; i.e.
I'm not fully familiar with all the code base. My guess is that this Dockerfile is used to generate this reference documentation: https://github.com/kserve/website/blob/main/docs/reference/api.md, which is the source for this web-doc: https://kserve.github.io/website/0.11/reference/api/. If my guess is right, the vulnerabilities are not a concern, because the deliverable artifact is the |
understood. So, our downstream image doesn't contain these files right? |
That's right. I just want to stress that files under |
got it, thank you for the clarifications @israel-hdez |
SNYK scan of KServe repo
/python
directory that are not used in the build/python
directory that are used in the build, if any (perhaps one in/python/kserve/
?)Code analysis
go.mod
The text was updated successfully, but these errors were encountered: