[pull] master from kserve:master #162

* Handles s3 download for object name starts with folder name. Signed-off-by: Andrews Arokiam <andrews.arokiam@ideas2it.com> * Fix storage test. Signed-off-by: Andrews Arokiam <andrews.arokiam@ideas2it.com> * Added s3 storage test. Signed-off-by: Andrews Arokiam <andrews.arokiam@ideas2it.com> * Simplified logic Signed-off-by: Andrews Arokiam <andrews.arokiam@ideas2it.com> --------- Signed-off-by: Andrews Arokiam <andrews.arokiam@ideas2it.com>

* fix: Add missing --timeout flag in batcher Signed-off-by: Yuan Tang <terrytangyuan@gmail.com> * removal Signed-off-by: Yuan Tang <terrytangyuan@gmail.com> --------- Signed-off-by: Yuan Tang <terrytangyuan@gmail.com>

* ci: Automate release process Signed-off-by: Yuan Tang <terrytangyuan@gmail.com> * Update changes to release branch Signed-off-by: Yuan Tang <terrytangyuan@gmail.com> * update Signed-off-by: Yuan Tang <terrytangyuan@gmail.com> * Push tag Signed-off-by: Yuan Tang <terrytangyuan@gmail.com> * udpate Signed-off-by: Yuan Tang <terrytangyuan@gmail.com> * Split wf Signed-off-by: Yuan Tang <terrytangyuan@gmail.com> * monitor tags Signed-off-by: Yuan Tang <terrytangyuan@gmail.com> * fix Signed-off-by: Yuan Tang <terrytangyuan@gmail.com> * Use softprops/action-gh-release Signed-off-by: Yuan Tang <terrytangyuan@gmail.com> * Update automated-release.yml Signed-off-by: Yuan Tang <terrytangyuan@gmail.com> --------- Signed-off-by: Yuan Tang <terrytangyuan@gmail.com>

fixes critical vulnerabiolities on ray chore: fix the following CVEs - [CVE-2023-6019](https://www.cve.org/CVERecord?id=CVE-2023-6019): Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') - [CVE-2023-6020](https://www.cve.org/CVERecord?id=CVE-2023-6020): Use of GET Request Method With Sensitive Query Strings There are no fix for [CVE-2023-48023](https://www.cve.org/CVERecord?id=CVE-2023-48023) yet Signed-off-by: Spolti <fspolti@redhat.com>

* Bump versions Signed-off-by: Yuan Tang <terrytangyuan@gmail.com> * Bump versions Signed-off-by: Yuan Tang <terrytangyuan@gmail.com> --------- Signed-off-by: Yuan Tang <terrytangyuan@gmail.com>

Signed-off-by: Pitos <contact@gawsoft.com>

* Fixes CVE-2023-48795 chore: Fixes [CVE-2023-48795](https://www.cve.org/CVERecord?id=CVE-2023-48795) - golang.org/x/crypto Authentication Bypass by Capture-replay Signed-off-by: Spolti <fspolti@redhat.com> * review - run go mod tidy Signed-off-by: Spolti <fspolti@redhat.com> --------- Signed-off-by: Spolti <fspolti@redhat.com>

Fix Stack-based Buffer Overflow on protobuf chore: Fix Stack-based Buffer Overflow on protobuf on protobuf - https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFENCODINGPROTOJSON-6137908 Signed-off-by: Spolti <fspolti@redhat.com>

chore: The purpose of this pull request is to addres [this](https://security.snyk.io/vuln/SNYK-GOLANG-KNATIVEDEVSERVINGPKGAUTOSCALERMETRICS-6091906) vulnerability. In the Snyk report it says that the version 0.39.3 still affected, however it seems to be a false positive, since the fix can be found merged as this [commit](knative/serving@fff40ef) shows. Signed-off-by: Spolti <fspolti@redhat.com>

chore: Fixes the following vulnerabilities in the go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp dependency: - [CVE-2022-21698](https://www.cve.org/CVERecord?id=CVE-2022-21698) / [CVE-2023-45142](https://www.cve.org/CVERecord?id=CVE-2023-45142): Allocation of Resources Without Limits or Throttling Signed-off-by: Spolti <fspolti@redhat.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[pull] master from kserve:master #162

[pull] master from kserve:master #162

Commits on Jan 6, 2024

Commits on Jan 9, 2024

Commits on Jan 10, 2024

Commits on Jan 12, 2024

Commits on Jan 13, 2024