Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fixed security issues #81

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

vikas-saxena02
Copy link

@vikas-saxena02 vikas-saxena02 commented Jun 14, 2024

Fixed high and critical security issues

Signed-off-by: Vikas Saxena <[email protected]>
Copy link

oss-prow-bot bot commented Jun 14, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: vikas-saxena02
Once this PR has been reviewed and has the lgtm label, please assign kimwnasptd for approval by writing /assign @kimwnasptd in a comment. For more information see:The Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@rimolive
Copy link
Contributor

@vikas-saxena02 Thank you for your contribution! While building the image, I got this error:

npm ERR! Maximum call stack size exceeded

npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2024-06-15T15_41_36_126Z-debug.log
Error: building at STEP "RUN npm install

Any ideas what should we do to fix?

@vikas-saxena02
Copy link
Author

vikas-saxena02 commented Jun 16, 2024

@vikas-saxena02 Thank you for your contribution! While building the image, I got this error:

npm ERR! Maximum call stack size exceeded

npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2024-06-15T15_41_36_126Z-debug.log
Error: building at STEP "RUN npm install

Any ideas what should we do to fix?

@rimolive it is most likely due to upgrade in higher versions or alternative dependencies that were classified as breaking fix. will you be able to send the root/.npm/_logs/2024-06-15T15_41_36_126Z-debug.log file or the steps/command to reproduce the error?

I found this link on stackoverflow that could be helpful https://stackoverflow.com/questions/40566348/maximum-call-stack-size-exceeded-on-npm-install
Seems like the npm cache needs a force clean or a npm rebuild needs to be done.

@rimolive
Copy link
Contributor

I'm building from a container, I can't get access to that file. If it helps, this is the full output of the npm build command from the container build: https://gist.github.com/rimolive/e967eb7f8e19aa878c4c57a3259649a4

@tiansiyuan
Copy link
Contributor

@rimolive it is most likely due to upgrade in higher versions or alternative dependencies that were classified as breaking fix. will you be able to send the root/.npm/_logs/2024-06-15T15_41_36_126Z-debug.log file or the steps/command to reproduce the error?

Hi @vikas-saxena02 I got the log file, Please see attachment for your information.

2024-06-16T13_19_09_286Z-debug.log

@tiansiyuan
Copy link
Contributor

I found this link on stackoverflow that could be helpful https://stackoverflow.com/questions/40566348/maximum-call-stack-size-exceeded-on-npm-install
Seems like the npm cache needs a force clean or a npm rebuild needs to be done.

Adding RUN npm cache clean --force before RUN npm install does not help. �Please see attached log.

2024-06-17T12_11_43_384Z-debug.log

@juliusvonkohout
Copy link
Contributor

@vikas-saxena02 maybe you can add @tiansiyuan as collaborator to your fork.

@vikas-saxena02
Copy link
Author

@juliusvonkohout I am just reviewing the change myself.
I will add @tiansiyuan to my repo as collaborator shortly

@vikas-saxena02
Copy link
Author

vikas-saxena02 commented Jun 18, 2024

@juliusvonkohout @tiansiyuan @rimolive I have just tried to start thre front using the code in master branch and the steps in README.md and i am getting this error

ompiling @angular/material/dialog : es2015 as esm2015
⠙ Generating browser application bundles (phase: building)...node:internal/crypto/hash:79
  this[kHandle] = new _Hash(algorithm, xofLen, algorithmId, getHashCache());
                  ^

Error: error:0308010C:digital envelope routines::unsupported
    at Hash (node:internal/crypto/hash:79:19)
    at Object.createHash (node:crypto:139:10)
    at BulkUpdateDecorator.hashFactory (/Users/vikas_saxena02/kubeflow_repos/models-web-app/frontend/node_modules/webpack/lib/util/createHash.js:145:18)
    at BulkUpdateDecorator.update (/Users/vikas_saxena02/kubeflow_repos/models-web-app/frontend/node_modules/webpack/lib/util/createHash.js:46:50)
    at /Users/vikas_saxena02/kubeflow_repos/models-web-app/frontend/node_modules/webpack/lib/FileSystemInfo.js:2677:9
    at processTicksAndRejections (node:internal/process/task_queues:82:21)
    at runNextTicks (node:internal/process/task_queues:64:3)
    at process.processImmediate (node:internal/timers:449:9) {
  opensslErrorStack: [
    'error:03000086:digital envelope routines::initialization error',
    'error:0308010C:digital envelope routines::unsupported'
  ],
  library: 'digital envelope routines',
  reason: 'unsupported',
  code: 'ERR_OSSL_EVP_UNSUPPORTED'
}

Node.js v22.2.0

Seems like there are already some breaking changes in the existing code. @tiansiyuan happy to work with you to resolve this. I am in Australia so we will need to work out some time that works for both of us.

@vikas-saxena02
Copy link
Author

tiansiyuan

@tiansiyuan I have added you as collaborator to my repo

@tiansiyuan
Copy link
Contributor

tiansiyuan

@tiansiyuan I have added you as collaborator to my repo

Received.

@rimolive
Copy link
Contributor

@juliusvonkohout @tiansiyuan @rimolive I have just tried to start thre front using the code in master branch and the steps in README.md and i am getting this error

ompiling @angular/material/dialog : es2015 as esm2015
⠙ Generating browser application bundles (phase: building)...node:internal/crypto/hash:79
  this[kHandle] = new _Hash(algorithm, xofLen, algorithmId, getHashCache());
                  ^

Error: error:0308010C:digital envelope routines::unsupported
    at Hash (node:internal/crypto/hash:79:19)
    at Object.createHash (node:crypto:139:10)
    at BulkUpdateDecorator.hashFactory (/Users/vikas_saxena02/kubeflow_repos/models-web-app/frontend/node_modules/webpack/lib/util/createHash.js:145:18)
    at BulkUpdateDecorator.update (/Users/vikas_saxena02/kubeflow_repos/models-web-app/frontend/node_modules/webpack/lib/util/createHash.js:46:50)
    at /Users/vikas_saxena02/kubeflow_repos/models-web-app/frontend/node_modules/webpack/lib/FileSystemInfo.js:2677:9
    at processTicksAndRejections (node:internal/process/task_queues:82:21)
    at runNextTicks (node:internal/process/task_queues:64:3)
    at process.processImmediate (node:internal/timers:449:9) {
  opensslErrorStack: [
    'error:03000086:digital envelope routines::initialization error',
    'error:0308010C:digital envelope routines::unsupported'
  ],
  library: 'digital envelope routines',
  reason: 'unsupported',
  code: 'ERR_OSSL_EVP_UNSUPPORTED'
}

Node.js v22.2.0

Seems like there are already some breaking changes in the existing code. @tiansiyuan happy to work with you to resolve this. I am in Australia so we will need to work out some time that works for both of us.

Sorry for taking so long to reply. From my research, this happen because you are using the latest version of Node.js. This code that developed in Node.js 12 (I think) and I believe the better we can do is upgrade to 16 without facing that issue.

@tiansiyuan
Copy link
Contributor

tiansiyuan commented Jun 22, 2024

This code that developed in Node.js 12 (I think) and I believe the better we can do is upgrade to 16 without facing that issue.

I've changed line 23 of Dockerfile from

FROM node:12-buster-slim AS frontend-kubeflow-lib

to

FROM node:16-buster-slim AS frontend-kubeflow-lib

Line 35 from

FROM node:12-buster-slim AS frontend

to

FROM node:16-buster-slim AS frontend

I can build the image.

@juliusvonkohout
Copy link
Contributor

@tiansiyuan then please push to the branch here such that the tests can run again.

@tiansiyuan
Copy link
Contributor

Node.js v22.2.0

This could be the reason. If I use this version of node, I get the same error. If I use v12.22.12 or v16.20.2, no error.

@tiansiyuan
Copy link
Contributor

@tiansiyuan then please push to the branch here such that the tests can run again.

Done.

Please check.

@juliusvonkohout
Copy link
Contributor

@tiansiyuan "Add more commits by pushing to the vikas_fixing_security_issues branch on vikas-saxena02/models-web-app." Is there a reason you created another branch?

@tiansiyuan
Copy link
Contributor

@tiansiyuan "Add more commits by pushing to the vikas_fixing_security_issues branch on vikas-saxena02/models-web-app." Is there a reason you created another branch?

I did it wrong by checking out from the master branch.

Do I make it right this time?

@juliusvonkohout
Copy link
Contributor

juliusvonkohout commented Jun 24, 2024

@tiansiyuan "Add more commits by pushing to the vikas_fixing_security_issues branch on vikas-saxena02/models-web-app." Is there a reason you created another branch?

I did it wrong by checking out from the master branch.

Do I make it right this time?

You need to clone vikas fork and work in his branch. If you then push commits to vikas branch in vikas fork, the commits will appear here.

@juliusvonkohout
Copy link
Contributor

juliusvonkohout commented Jun 24, 2024

@tiansiyuan are you in the vmware open source center? i did some stuff with your colleagues then https://blogs.vmware.com/opensource/2023/06/20/hardening-kubeflow-security-for-enterprise-environments-2/ You can also reach out on the new cncf slack directly

And I have ray integrated into Kubeflow as well in kubeflow/manifests so maybe you can drop something from https://github.com/vmware/vSphere-machine-learning-extension#whats-next

@tiansiyuan
Copy link
Contributor

@tiansiyuan are you in the vmware open source center? i did some stuff with your colleagues then https://blogs.vmware.com/opensource/2023/06/20/hardening-kubeflow-security-for-enterprise-environments-2/ You can also reach out on the new cncf slack directly

And I have ray integrated into Kubeflow as well in kubeflow/manifests so maybe you can drop something from https://github.com/vmware/vSphere-machine-learning-extension#whats-next

I read the blog before.

I've joined some cncf slack channels. Let's talk there if needed.

@juliusvonkohout
Copy link
Contributor

Can you rebase to master and fix the tests?

1 similar comment
@juliusvonkohout
Copy link
Contributor

Can you rebase to master and fix the tests?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants