[release-0.12.1] Cherry picks - Fixes for ODH #345
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Vedant Mahabaleshwarkar <[email protected]>
Signed-off-by: jooho <[email protected]>
Fixes CVE-2024-24762 - Regular Expression Denial of Service (ReDoS) Remove the fastapi when this is addressed: https://issues.redhat.com/browse/RHOAIENG-3894 or ray releses a new version that removes the fastapi version pinning and it gets updated on KServe Signed-off-by: Spolti <[email protected]>
Signed-off-by: Vedant Mahabaleshwarkar <[email protected]>
The increased memory limit is for the controller pod to work normally in clusters having 9k+ secrets. Related https://issues.redhat.com/browse/RHOAIENG-3996 Signed-off-by: Edgar Hernández <[email protected]>
* Upgrade orjson to version 3.9.15 chore: Fixes [CVE-2024-27454](https://nvd.nist.gov/vuln/detail/CVE-2024-27454): orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents. Signed-off-by: Spolti <[email protected]> * Update python/kserve/pyproject.toml Co-authored-by: Sivanantham <[email protected]> Signed-off-by: Filippe Spolti <[email protected]> * re-run poetry lock Signed-off-by: Spolti <[email protected]> --------- Signed-off-by: Spolti <[email protected]> Signed-off-by: Filippe Spolti <[email protected]> Co-authored-by: Sivanantham <[email protected]>
Signed-off-by: jooho <[email protected]>
…ets (kserve#3469) * Remove cluster level list/watch for configmaps, serviceaccounts, secrets Signed-off-by: Sivanantham Chinnaiyan <[email protected]> * Resolve comments Signed-off-by: Sivanantham Chinnaiyan <[email protected]> --------- Signed-off-by: Sivanantham Chinnaiyan <[email protected]>
Signed-off-by: Andrews Arokiam <[email protected]>
Since ODH would support KServe's RawDeployment mode, this modifies the scripts around OpenShift-ci setup to be possible to run RawDeployment-related E2Es. The run-e2e-tests.sh script is modified to exclude installation of Service Mesh and Serverless, when RawDeployments E2Es are requested to run. A supporting file inferenceservice-openshift-ci-raw.yaml was added to patch KServe's configuration to use RawDeployment mode by default and to use OpenShift Ingress when exposing Inference Services. Since the E2Es use some annotations in the InferenceService, changes done to the v1beta1_inference_service.py file in commit ecff079 were reverted. As an alternative, the `enablePassthrough` annotation was moved to the ServingRuntime resources. This is not only cleaner, but also reduces the diverging code with the upstream repository. Furthermore, this seems to be an auto-generated file that should not be touched. Signed-off-by: Edgar Hernández <[email protected]>
chore: fixes the GH [Alert](https://github.com/kserve/kserve/security/code-scanning/12080). filepath.Clean sanitizes the directory path and remove any unnecessary components (such as . and ..) Signed-off-by: Spolti <[email protected]>
…Mode Deployment Signed-off-by: Spolti <[email protected]>
Signed-off-by: Spolti <[email protected]>
opendatahub-io#292) * [RHOAIENG-4617] - follow up - remove hardcoded fastapi from Dockerfile As the Ray Serve latest release removed the hard dependency of old fastapi version we can now remove the workaround from the Storage Initializer Container Image. Signed-off-by: Spolti <[email protected]>
There is an error in the storage-initializer-docker-publisher workflow where a string is being used, but should be a variable. On PR merges, this is causing an error when trying to push the docker image of the storage initializer. This is fixing the issue by properly using the variable. Signed-off-by: Edgar Hernández <[email protected]>
spolti
approved these changes
May 6, 2024
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: israel-hdez, spolti The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/lgtm |
openshift-merge-bot
bot
merged commit 8d736ad
into
opendatahub-io:release-v0.12.1
18 checks passed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
Security fixes not present in upstream's v0.12.1, but are already fixed either in ODH/master or upstream/master:
ODH-specific cherry-picks:
Other fixes that aren't present in upstream v0.12.1, but are cherry-picked for ODH's v0.12.1:
Which issue(s) this PR fixes:
Related to https://issues.redhat.com/browse/RHOAIENG-4180