Pinned down jupyter-server-proxy for cve fixes

harshad16 commented 1 month ago

Pinned kfp-tekton due the requirements changing pyyaml.
Pinned rest of the packages for dependency resolutions.

Description

Related-to: https://issues.redhat.com/browse/RHOAIENG-6456 These changes upgrade the jupyter-server-proxy to fix the CVE.

Next steps:

Built as part of 2023b, lets backport this in that version.

How Has This Been Tested?

Build image via Makefile

Merge criteria:

[x] The commits are squashed in a cohesive manner and have meaningful messages.
[x] Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
[x] The developer has manually tested the changes and verified that the changes work

openshift-ci[bot] commented 1 month ago

Skipping CI for Draft Pull Request. If you want CI signal for your change, please convert it to an actual PR. You can still manually trigger a test run with /test all

jiridanek commented 1 month ago

@jstourac guess we should try this image out on a gaudi-enabled machine as part of 2.8 release testing, or possibly now (tomorrow), using a PR build, wdyt?

/lgtm

atheo89 commented 1 month ago

The CVE seems to have disappeared: https://quay.io/repository/opendatahub/workbench-images/manifest/sha256:d6c44c0bc78a4fd4fd272f1edfa44924d73ffd971ce17ed884700dcef762808c?tab=vulnerabilities

/lgtm /approve

openshift-ci[bot] commented 1 month ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: atheo89

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/opendatahub-io/notebooks/blob/main/OWNERS)~~ [atheo89] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

jstourac commented 1 month ago

@jstourac guess we should try this image out on a gaudi-enabled machine as part of 2.8 release testing, or possibly now (tomorrow), using a PR build, wdyt?

yeah, we should check the image still work with habana hw and that e.g. a pipeline can be executed properly at least

harshad16 commented 1 month ago

/hold

jiridanek commented 1 month ago

/test images

jiridanek commented 1 month ago

/test notebook-habana-1-10-0-ubi8-python-3-8-pr-image-mirror

jiridanek commented 1 month ago

I've tried https://docs.habana.ai/en/v1.10.0/TensorFlow/Migration_Guide/Porting_Simple_TensorFlow_Model_to_Gaudi.html#creating-a-tensorflow-example with http://quay.io/opendatahub/workbench-images:habana-jupyter-1.10.0-ubi8-python-3.8-pr-630, runs fine, and in pip list i see

(app-root) (app-root) pip list | grep jupyter
jupyter-bokeh                   3.0.7
jupyter_client                  7.4.9
jupyter_core                    5.7.2
jupyter-events                  0.10.0
jupyter-lsp                     2.2.5
jupyter_packaging               0.12.3
jupyter-resource-usage          0.7.2
jupyter_server                  2.1.0
jupyter_server_fileid           0.9.2
jupyter-server-mathjax          0.2.6
jupyter-server-proxy            3.2.4
jupyter_server_terminals        0.4.4
jupyter_server_ydoc             0.8.0
jupyter-ydoc                    0.2.5
jupyterlab                      3.5.3
jupyterlab-git                  0.41.0
jupyterlab-lsp                  3.10.2
jupyterlab_pygments             0.3.0
jupyterlab_server               2.27.3
jupyterlab_widgets              3.0.11

so /lgtm

jstourac commented 1 month ago

/lgtm

harshad16 commented 1 month ago

/unhold

openshift-ci[bot] commented 1 month ago

@harshad16: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/runtime-rocm-pytorch-ubi9-python-3-9-pr-image-mirror	d4fcb186b53cb8f7e814dd40d0214e76a944df9f	link	true	`/test runtime-rocm-pytorch-ubi9-python-3-9-pr-image-mirror`
ci/prow/runtime-rocm-tensorflow-ubi9-python-3-9-pr-image-mirror	d4fcb186b53cb8f7e814dd40d0214e76a944df9f	link	true	`/test runtime-rocm-tensorflow-ubi9-python-3-9-pr-image-mirror`
ci/prow/runtimes-ubi9-e2e-tests	d4fcb186b53cb8f7e814dd40d0214e76a944df9f	link	true	`/test runtimes-ubi9-e2e-tests`
ci/prow/rocm-runtimes-ubi9-e2e-tests	d4fcb186b53cb8f7e814dd40d0214e76a944df9f	link	true	`/test rocm-runtimes-ubi9-e2e-tests`
ci/prow/runtimes-ubi8-e2e-tests	d4fcb186b53cb8f7e814dd40d0214e76a944df9f	link	true	`/test runtimes-ubi8-e2e-tests`

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).

harshad16 commented 1 month ago

/override ci/prow/habana-notebooks-e2e-tests /override ci/prow/images /override ci/prow/notebook-habana-1-10-0-ubi8-python-3-8-pr-image-mirror /override ci/prow/rocm-notebooks-e2e-tests

openshift-ci[bot] commented 1 month ago

@harshad16: Overrode contexts on behalf of harshad16: ci/prow/habana-notebooks-e2e-tests, ci/prow/images, ci/prow/notebook-habana-1-10-0-ubi8-python-3-8-pr-image-mirror, ci/prow/rocm-notebooks-e2e-tests

In response to [this](https://github.com/opendatahub-io/notebooks/pull/630#issuecomment-2258942640): >/override ci/prow/habana-notebooks-e2e-tests >/override ci/prow/images >/override ci/prow/notebook-habana-1-10-0-ubi8-python-3-8-pr-image-mirror >/override ci/prow/rocm-notebooks-e2e-tests Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.

harshad16 commented 1 month ago

/hold

harshad16 commented 1 month ago

/test notebook-habana-1-10-0-ubi8-python-3-8-pr-image-mirror

jiridanek commented 3 weeks ago

/cherrypick 2023b

openshift-cherrypick-robot commented 3 weeks ago

@jiridanek: new pull request created: #677

In response to [this](https://github.com/opendatahub-io/notebooks/pull/630#issuecomment-2293484172): >/cherrypick 2023b Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.

opendatahub-io / notebooks