Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix CVE-2023-45288 for qpext #3618

Merged
merged 1 commit into from
Apr 23, 2024
Merged

Conversation

sivanantha321
Copy link
Member

@sivanantha321 sivanantha321 commented Apr 22, 2024

What this PR does / why we need it:
Fixes CVE-2023-45288 for qpext

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

Type of changes
Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

Feature/Issue validation/testing:

Please describe the tests that you ran to verify your changes and relevant result summary. Provide instructions so it can be reproduced.
Please also list any relevant details for your test configuration.

  • Test A

  • Test B

  • Logs

Special notes for your reviewer:

  1. Please confirm that if this PR changes any image versions, then that's the sole change this PR makes.

Checklist:

  • Have you added unit/e2e tests that prove your fix is effective or that this feature works?
  • Has code been commented, particularly in hard-to-understand areas?
  • Have you made corresponding changes to the documentation?

Release note:


@sivanantha321 sivanantha321 changed the title Fix [CVE-2023-45288](https://www.cve.org/CVERecord?id=CVE-2023-45288) for qpext Fix CVE-2023-45288 for qpext Apr 22, 2024
Signed-off-by: Sivanantham Chinnaiyan <sivanantham.chinnaiyan@ideas2it.com>
Copy link
Member

@terrytangyuan terrytangyuan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@@ -103,7 +103,7 @@ require (
golang.org/x/crypto v0.21.0 // indirect
golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa // indirect
golang.org/x/mod v0.14.0 // indirect
golang.org/x/net v0.21.0 // indirect
golang.org/x/net v0.23.0 // indirect
Copy link
Contributor

@spolti spolti Apr 22, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it updated automatically (go mod tidy)?

@yuzisun
Copy link
Member

yuzisun commented Apr 23, 2024

/approve

Copy link

oss-prow-bot bot commented Apr 23, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: sivanantha321, terrytangyuan, yuzisun

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@yuzisun yuzisun merged commit cefdc2e into kserve:master Apr 23, 2024
56 of 57 checks passed
cmaddalozzo added a commit to cmaddalozzo/kserve that referenced this pull request Apr 26, 2024
* master:
  Add OpenAI API support to Huggingfaceserver (kserve#3582)
  Allow rerunning failed workflows by comment (kserve#3550)
  Fix CVE-2023-45288 for qpext (kserve#3618)
  chore: v0.12.1 install files (kserve#3619)
  build: Fix CRD copying in generate-install.sh (kserve#3620)
  Fix Pydantic 2 warnings (kserve#3622)
  Fix make deploy-dev-storage-initializer not working (kserve#3617)
israel-hdez pushed a commit to israel-hdez/kserve that referenced this pull request May 6, 2024
Remove replace for golang.org/x/net and fix CVE-2023-45288 for qpext

Signed-off-by: Sivanantham Chinnaiyan <sivanantham.chinnaiyan@ideas2it.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants