Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Cherry-Pick] Python vulnerability fixes (#3441) #235

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions .github/workflows/python-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ jobs:
uses: actions/cache@v3
with:
path: python/sklearnserver/.venv
key: sklearn-venv-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/kserve/poetry.lock, **/sklearnserver/poetry.lock') }}
key: sklearn-venv-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/kserve/poetry.lock', '**/sklearnserver/poetry.lock') }}
# install sklearn server dependencies if cache does not exist
- name: Install sklearn dependencies
if: steps.cached-sklearn-dependencies.outputs.cache-hit != 'true'
Expand All @@ -105,7 +105,7 @@ jobs:
uses: actions/cache@v3
with:
path: python/xgbserver/.venv
key: xgb-venv-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/kserve/poetry.lock, **/xgbserver/poetry.lock') }}
key: xgb-venv-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/kserve/poetry.lock', '**/xgbserver/poetry.lock') }}
# install xgb server dependencies if cache does not exist
- name: Install xgb dependencies
if: steps.cached-xgb-dependencies.outputs.cache-hit != 'true'
Expand All @@ -129,7 +129,7 @@ jobs:
uses: actions/cache@v3
with:
path: python/pmmlserver/.venv
key: pmml-venv-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/kserve/poetry.lock, **/pmmlserver/poetry.lock') }}
key: pmml-venv-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/kserve/poetry.lock', '**/pmmlserver/poetry.lock') }}
# install pmml server dependencies if cache does not exist
- name: Install pmml dependencies
if: steps.cached-pmml-dependencies.outputs.cache-hit != 'true'
Expand All @@ -153,7 +153,7 @@ jobs:
uses: actions/cache@v3
with:
path: python/lgbserver/.venv
key: lgb-venv-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/kserve/poetry.lock, **/pmmlserver/poetry.lock') }}
key: lgb-venv-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/kserve/poetry.lock', '**/lgbserver/poetry.lock') }}
# install lgb server dependencies if cache does not exist
- name: Install lgb dependencies
if: steps.cached-lgb-dependencies.outputs.cache-hit != 'true'
Expand All @@ -178,7 +178,7 @@ jobs:
uses: actions/cache@v3
with:
path: python/paddleserver/.venv
key: paddle-venv-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/kserve/poetry.lock, **/paddleserver/poetry.lock') }}
key: paddle-venv-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/kserve/poetry.lock', '**/paddleserver/poetry.lock') }}
# install paddle server dependencies if cache does not exist
- name: Install paddle dependencies
if: ${{ steps.cached-paddle-dependencies.outputs.cache-hit != 'true' && !startsWith(steps.setup-python.outputs.python-version, '3.11') }}
Expand All @@ -205,7 +205,7 @@ jobs:
uses: actions/cache@v3
with:
path: python/alibiexplainer/.venv
key: alibi-venv-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/kserve/poetry.lock, **/alibiexplainer/poetry.lock') }}
key: alibi-venv-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/kserve/poetry.lock', '**/alibiexplainer/poetry.lock') }}
# install alibi explainer dependencies if cache does not exist
- name: Install alibi dependencies
run: |
Expand Down
3 changes: 3 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -336,3 +336,6 @@ apidocs:
.PHONY: check-doc-links
check-doc-links:
@python3 hack/verify-doc-links.py && echo "$@: OK"

poetry-update-lockfiles:
bash -ec 'for value in $$(find . -name poetry.lock -exec dirname {} \;); do (cd "$${value}" && echo "Updating $${value}/poetry.lock" && poetry update --lock); done'
3,028 changes: 1,636 additions & 1,392 deletions python/aiffairness/poetry.lock

Large diffs are not rendered by default.

5,377 changes: 2,907 additions & 2,470 deletions python/alibiexplainer/poetry.lock

Large diffs are not rendered by default.

5 changes: 3 additions & 2 deletions python/alibiexplainer/pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,8 @@ packages = [
[tool.poetry.dependencies]
python = ">=3.8,<3.12"
kserve = { path = "../kserve", extras = ["storage"], develop = true }
alibi = { version = "^0.9.3", extras = ["shap", "tensorflow"] }
alibi = { version = "^0.9.4", extras = ["shap", "tensorflow"] } # From 0.9.5 alibi uses BSL license
tensorflow = ">=2.12.0,<2.14" # the range that supports python 3.8 -- 3.11
dill = "^0.3.6"
nest-asyncio = "~1.4.0"
llvmlite = ">0.38.1" # needed since poetry chooses lower version of llvmlite which is not supported by python 3.9 above
Expand All @@ -32,4 +33,4 @@ file_path = "../VERSION"

[build-system]
requires = ["poetry-core>=1.0.0"]
build-backend = "poetry.core.masonry.api"
build-backend = "poetry.core.masonry.api"
Loading
Loading