kubeflow icon indicating copy to clipboard operation
kubeflow copied to clipboard
verified publisher icon kubeflow

notebook-controller: Update dependency versions

Open kimwnasptd opened this issue 2 years ago • 5 comments

Update the dependency versions to reduce the reported CVEs.

Trivy reports the following:

Total: 21 (UNKNOWN: 0, LOW: 15, MEDIUM: 6, HIGH: 0, CRITICAL: 0)

Note that without updating the base image I was getting:

Total: 17 (UNKNOWN: 0, LOW: 11, MEDIUM: 4, HIGH: 2, CRITICAL: 0)

Some notes for the upgrade:

  1. Had to manually update ginkgo package to v2 https://github.com/kubernetes-sigs/controller-runtime/releases/tag/v0.14.0
  2. Update the code for builder.Builder.Watches https://github.com/kubernetes-sigs/controller-runtime/releases/tag/v0.15.0

kimwnasptd avatar May 28 '23 13:05 kimwnasptd

Manually tested the following scenarios as well:

  1. Create a Notebook CR and confirm it becomes ready
    • For both Jupyter, VSCode and RStudio
  2. Test the current culling mechanism

kimwnasptd avatar May 28 '23 13:05 kimwnasptd

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Once this PR has been reviewed and has the lgtm label, please ask for approval from kimwnasptd. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

google-oss-prow[bot] avatar May 28 '23 19:05 google-oss-prow[bot]

/assign @thesuperzapper @elikatsis

kimwnasptd avatar Jun 13 '23 18:06 kimwnasptd

/lgtm

tzstoyanov avatar Oct 11 '23 06:10 tzstoyanov

@tzstoyanov: changing LGTM is restricted to collaborators

In response to this:

/lgtm

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

google-oss-prow[bot] avatar Oct 11 '23 06:10 google-oss-prow[bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Once this PR has been reviewed and has the lgtm label, please ask for approval from kimwnasptd. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

google-oss-prow[bot] avatar May 21 '24 17:05 google-oss-prow[bot]