-
Notifications
You must be signed in to change notification settings - Fork 992
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2024-24762 - update fastapi to 0.109.1 #3556
Conversation
chore: Fix [CVE-2024-24762](https://www.cve.org/CVERecord?id=CVE-2024-24762) - fastapi Regular Expression Denial of Service (ReDoS) Plus, update Ray to 2.10 to allow updating fastapi. On previous versions of Ray the fastapi version was pinned, which was preventing the fastapi version update. use the new handle api: From Ray Serve docs: Ray 2.7 introduces a new {mod}`DeploymentHandle <ray.serve.handle.DeploymentHandle>` API that will replace the existing `RayServeHandle` and `RayServeSyncHandle` APIs. Signed-off-by: Spolti <fspolti@redhat.com>
Hi all, this update required a few more tweaks to remove the |
Signed-off-by: Spolti <fspolti@redhat.com>
@spolti thanks for the ping, the change looks good to me! |
related issue #3541 |
/lgtm |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: sivanantha321, spolti, yuzisun The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
thanks all. |
* CVE-2024-24762 - update fastapi to 0.109.1 chore: Fix [CVE-2024-24762](https://www.cve.org/CVERecord?id=CVE-2024-24762) - fastapi Regular Expression Denial of Service (ReDoS) Plus, update Ray to 2.10 to allow updating fastapi. On previous versions of Ray the fastapi version was pinned, which was preventing the fastapi version update. use the new handle api: From Ray Serve docs: Ray 2.7 introduces a new {mod}`DeploymentHandle <ray.serve.handle.DeploymentHandle>` API that will replace the existing `RayServeHandle` and `RayServeSyncHandle` APIs. Signed-off-by: Spolti <fspolti@redhat.com> * add link to about the RayServeHandle deprecation Signed-off-by: Spolti <fspolti@redhat.com> --------- Signed-off-by: Spolti <fspolti@redhat.com>
* CVE-2024-24762 - update fastapi to 0.109.1 chore: Fix [CVE-2024-24762](https://www.cve.org/CVERecord?id=CVE-2024-24762) - fastapi Regular Expression Denial of Service (ReDoS) Plus, update Ray to 2.10 to allow updating fastapi. On previous versions of Ray the fastapi version was pinned, which was preventing the fastapi version update. use the new handle api: From Ray Serve docs: Ray 2.7 introduces a new {mod}`DeploymentHandle <ray.serve.handle.DeploymentHandle>` API that will replace the existing `RayServeHandle` and `RayServeSyncHandle` APIs. Signed-off-by: Spolti <fspolti@redhat.com> * add link to about the RayServeHandle deprecation Signed-off-by: Spolti <fspolti@redhat.com> --------- Signed-off-by: Spolti <fspolti@redhat.com> Signed-off-by: tjandy98 <3953059+tjandy98@users.noreply.github.com>
Bump kserve to 0.12.1 that includes the following fixes we need: * support for pydantic v2 (kserve/kserve#3374) which is used by knowledge_integrity v0.6 * fix for ray serve compatibility issue (kserve/kserve#3556). Bug: T363127 Change-Id: I3fd7c5963c647ab1f407f21c4bd9e2b530fe8a47
Bump kserve to 0.12.1 that includes the following fixes we need: * support for pydantic v2 (kserve/kserve#3374) which is used by knowledge_integrity v0.6 * fix for ray serve compatibility issue (kserve/kserve#3556). Bug: T363129 Change-Id: I6a4babe2155b0638beb83a0a03af99ef396a666b
Bump kserve to 0.12.1 that includes the following fixes we need: * support for pydantic v2 (kserve/kserve#3374) which is used by knowledge_integrity v0.6 * fix for ray serve compatibility issue (kserve/kserve#3556). Bug: T363130 Change-Id: I9b13d5235b2c52cc71d92db19fe3adc7cdafea1a
chore: Fix CVE-2024-24762 - fastapi Regular Expression Denial of Service (ReDoS)
Plus, update Ray to 2.10 to allow updating fastapi. On previous versions of Ray
the fastapi version was pinned, which was preventing the fastapi version update.
fixes #3541
Release note: