sync kserve/rest-proxy with odh/rest-proxy #26
Merged
Commits on Jan 10, 2024
-
[RHODS-12555] - CVE-2023-44487
Plus: Fixes lint issues: - Can't run linter goanalysis_metalinter: goanalysis_metalinter: buildir: package "netip" (isInitialPkg: false, needAnalyzeSource: true): in net/netip.AddrFromSlice: cannot convert Load <[]byte> t0 ([]byte) to [4]byte Warnings: WARN [runner] The linter 'structcheck' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter. Replaced by unused. WARN [runner] The linter 'deadcode' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter. Replaced by unused. WARN [runner] The linter 'varcheck' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter. Replaced by unused. Signed-off-by: Spolti <[email protected]>
-
fix: Specify Python 3.8 in Dockerfile (opendatahub-io#34)
Specify and link python38 to fix build/test failures due to the wrong Python version (3.6) being used from base image. --------- Signed-off-by: Rafael Vasquez <[email protected]> Signed-off-by: Spolti <[email protected]>
-
Fix github.com/elazarl/goproxy Denial of Service
Signed-off-by: Spolti <[email protected]>
-
chore: Add CodeQL configuration (opendatahub-io#29)
Add configuration file for CodeQL vulnerability scanning. Signed-off-by: Christian Kadner <[email protected]> Signed-off-by: Spolti <[email protected]>
-
chore(deps): Upgrade golang.org/x/net and golang.org/grpc (opendatahu…
…b-io#30) Issues addressed: - https://github.com/kserve/rest-proxy/security/dependabot/1 - https://github.com/kserve/rest-proxy/security/dependabot/2 - https://github.com/kserve/rest-proxy/security/dependabot/3 - https://github.com/kserve/rest-proxy/security/dependabot/4 - https://github.com/kserve/rest-proxy/security/dependabot/5 - https://www.cve.org/CVERecord?id=CVE-2023-37788 --------- Signed-off-by: Spolti <[email protected]>
-
chore: Upgrade Golang version from 1.18 to 1.19 (opendatahub-io#28)
- Remove the linters for "deadcode", "structcheck", "varcheck" - Use "os" packages instead of deprecated "io/ioutil" (SA1019) - Capture pre-commit output in a local log file --------- Signed-off-by: Spolti <[email protected]>
-
chore: Upgrade google.golang.org/protobuf
chore: Fixes google.golang.org/protobuf Stack-based Buffer Overflow https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFENCODINGPROTOJSON-6137908 Signed-off-by: Spolti <[email protected]>
-
chore: Upgrade golang.org/x/crypto (opendatahub-io#36)
chore: address the following CVE: - [CVE-2023-48795](https://www.cve.org/CVERecord?id=CVE-2023-48795): golang.org/x/crypto Authentication Bypass by Capture-replay --------- Signed-off-by: Spolti <[email protected]>
-
Signed-off-by: Filippe Spolti <[email protected]>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.