[Cherry-Pick] Python vulnerability fixes (#3441) #235

spolti · 2024-02-26T18:21:51Z

sync security fixes from upstream

Cherry picks: 338e364 and 0d311b3

* Bump paddlepaddle to 2.6.0 Signed-off-by: Sivanantham Chinnaiyan <sivanantham.chinnaiyan@ideas2it.com> * Bump transformers to version 4.37.2 Signed-off-by: Sivanantham Chinnaiyan <sivanantham.chinnaiyan@ideas2it.com> * Bump cryptography to version 42.0.2 Signed-off-by: Sivanantham Chinnaiyan <sivanantham.chinnaiyan@ideas2it.com> * Bump fastapi to version 0.109.2 Signed-off-by: Sivanantham Chinnaiyan <sivanantham.chinnaiyan@ideas2it.com> * Bump pillow to version 10.2.0 Signed-off-by: Sivanantham Chinnaiyan <sivanantham.chinnaiyan@ideas2it.com> * Bump aiohttp to version 3.9.3 Signed-off-by: Sivanantham Chinnaiyan <sivanantham.chinnaiyan@ideas2it.com> * Revert fastapi bump Signed-off-by: Sivanantham Chinnaiyan <sivanantham.chinnaiyan@ideas2it.com> * Bump ray serve to 2.9.2 Signed-off-by: Sivanantham Chinnaiyan <sivanantham.chinnaiyan@ideas2it.com> * Pin alibi to >=0.9.4 Signed-off-by: Sivanantham Chinnaiyan <sivanantham.chinnaiyan@ideas2it.com> * Fix alibi version Signed-off-by: Sivanantham Chinnaiyan <sivanantham.chinnaiyan@ideas2it.com> --------- Signed-off-by: Sivanantham Chinnaiyan <sivanantham.chinnaiyan@ideas2it.com>

ValueError: `detached=False` is no longer supported. In a future release, it will be removed altogether. Signed-off-by: Spolti <fspolti@redhat.com>

Signed-off-by: Spolti <fspolti@redhat.com>

* Allow ray 2.6.1 Signed-off-by: ddelange <14880945+ddelange@users.noreply.github.com> * PR suggestion Signed-off-by: ddelange <14880945+ddelange@users.noreply.github.com> * Run poetry update --lock Signed-off-by: ddelange <14880945+ddelange@users.noreply.github.com> * Support RayServeSyncHandle in ray>=2.5.0 Signed-off-by: ddelange <14880945+ddelange@users.noreply.github.com> * Run poetry update --lock Signed-off-by: ddelange <14880945+ddelange@users.noreply.github.com> * Correct hashFiles cache for sklearn Signed-off-by: ddelange <14880945+ddelange@users.noreply.github.com> * Run poetry update --lock Signed-off-by: ddelange <14880945+ddelange@users.noreply.github.com> * Avoid faulty tritonclient release Signed-off-by: ddelange <14880945+ddelange@users.noreply.github.com> * Run poetry update --lock Signed-off-by: ddelange <14880945+ddelange@users.noreply.github.com> * Add and run make poetry-update-lockfiles Signed-off-by: ddelange <14880945+ddelange@users.noreply.github.com> * Refrain from private imports and make poetry-update-lockfiles Signed-off-by: ddelange <14880945+ddelange@users.noreply.github.com> * Revert paddle to max 3.10 Signed-off-by: ddelange <14880945+ddelange@users.noreply.github.com> * Revert "Revert paddle to max 3.10" This reverts commit a5afe2b. Signed-off-by: ddelange <14880945+ddelange@users.noreply.github.com> --------- Signed-off-by: ddelange <14880945+ddelange@users.noreply.github.com>

Signed-off-by: Spolti <fspolti@redhat.com>

terrytangyuan

/lgtm

openshift-ci · 2024-02-27T14:32:20Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: spolti, terrytangyuan

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~OWNERS~~ [spolti,terrytangyuan]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

…dates/kserve-agent-29 Update kserve-agent-29 to 21201ea

spolti requested a review from israel-hdez February 26, 2024 18:21

openshift-ci bot requested a review from Jooho February 26, 2024 18:22

openshift-ci bot added the approved label Feb 26, 2024

Address issues on pythoh/kserve test

05199e7

ValueError: `detached=False` is no longer supported. In a future release, it will be removed altogether. Signed-off-by: Spolti <fspolti@redhat.com>

spolti force-pushed the RHOAIENG-3381 branch 3 times, most recently from 099366c to 05199e7 Compare February 26, 2024 19:02

spolti and others added 3 commits February 26, 2024 16:34

test

0dc3395

Signed-off-by: Spolti <fspolti@redhat.com>

update tensorflow-io-gcs-filesystem to align with odh/master

ed4f7a0

Signed-off-by: Spolti <fspolti@redhat.com>

spolti force-pushed the RHOAIENG-3381 branch from fd97fe7 to ed4f7a0 Compare February 27, 2024 12:14

spolti requested a review from terrytangyuan February 27, 2024 13:55

spolti changed the title ~~Python vulnerability fixes (#3441)~~ [Cherry-Pick] Python vulnerability fixes (#3441) Feb 27, 2024

terrytangyuan approved these changes Feb 27, 2024

View reviewed changes

openshift-ci bot assigned terrytangyuan Feb 27, 2024

openshift-ci bot added the lgtm label Feb 27, 2024

openshift-merge-bot bot merged commit 298fe40 into opendatahub-io:release-v0.11.1 Feb 27, 2024
20 checks passed

spolti deleted the RHOAIENG-3381 branch February 27, 2024 15:17

israel-hdez mentioned this pull request Feb 28, 2024

[Cherry-pick] Python fixes and CrashLoop Fix red-hat-data-services/kserve#156

Merged

spolti referenced this pull request in spolti/kserve Apr 17, 2024

Merge pull request #235 from red-hat-data-services/rhtap/component-up…

4ef7e40

…dates/kserve-agent-29 Update kserve-agent-29 to 21201ea

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Cherry-Pick] Python vulnerability fixes (#3441) #235

[Cherry-Pick] Python vulnerability fixes (#3441) #235

spolti commented Feb 26, 2024 •

edited

Loading

terrytangyuan left a comment

openshift-ci bot commented Feb 27, 2024

[Cherry-Pick] Python vulnerability fixes (#3441) #235

[Cherry-Pick] Python vulnerability fixes (#3441) #235

Conversation

spolti commented Feb 26, 2024 • edited Loading

terrytangyuan left a comment

Choose a reason for hiding this comment

openshift-ci bot commented Feb 27, 2024

spolti commented Feb 26, 2024 •

edited

Loading