[Snyk] Fix for 22 vulnerabilities #331

VaniHaripriya · 2024-10-14T15:42:17Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- frontend/server/package.json
- frontend/server/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	No	Proof of Concept
589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-AXIOS-6144788	No	No Known Exploit
761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-7361793	No	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	Yes	Proof of Concept
386/1000 Why? Recently disclosed, CVSS 6.3	Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060	No	No Known Exploit
574/1000 Why? Has a fix available, CVSS 7.2	Use of Weak Hash SNYK-JS-CRYPTOJS-6028119	Yes	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-DATEANDTIME-1054430	Yes	No Known Exploit
631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	No	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-JSONBIGINT-608659	Yes	Proof of Concept
589/1000 Why? Has a fix available, CVSS 7.5	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	Yes	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	Yes	No Known Exploit
579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NODEFORGE-598677	Yes	Proof of Concept
676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Improper Privilege Management SNYK-JS-SHELLJS-2332187	No	Proof of Concept
596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	No	Proof of Concept
589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	No	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Prototype Pollution SNYK-JS-XML2JS-5414874	No	Proof of Concept
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @google-cloud/storage

The new version differs by 250 commits.

66d5b57 chore(main): release 5.19.0 (test PR to check if sample test is blocking it. kubeflow/pipelines#1845)
caf7ee5 feat: Dual Region Support (Release b8afd0418f55362112d1fbe077fdd7da2737c500 kubeflow/pipelines#1814)
91fe5ed chore(deps): update actions/setup-node action to v3 (expose configuration for setting the max number of tensorboard kubeflow/pipelines#1393) (SDK - Tests - Improved the "ContainerOp.set_retry" test kubeflow/pipelines#1843)
21cbce0 chore(deps): Internalize common (Cloud Build fails due to visualization server build configuration error kubeflow/pipelines#1839)
58903d6 chore: Enable Size-Label bot in all googleapis NodeJs repositories (We only can run about 10 pipeline tasks per giant node kubeflow/pipelines#1382) (Can't store scikit-learn model through IBM/wml-store component kubeflow/pipelines#1841)
53b988c docs: add callout for crc32c checksum and md5 hash options (Adding a sample for serving component kubeflow/pipelines#1830)
5775279 docs: add offset to createResumableUpload docs (pipeline-lite: Introduce metadata component to pipeline-lite kubeflow/pipelines#1840)
8418f20 chore: move gcs-resumable-upload (Publish the container image for the Keras Trainer component kubeflow/pipelines#1833)
465a5cd docs: fix lifecycle typo (create a tf serving using kubeflow pipeline serving component kubeflow/pipelines#1831)
3fd8488 chore(main): release 5.18.3 (Failed to store run - Error 1062: Duplicate entry. ml-pipelines service becomes unresonsive kubeflow/pipelines#1826)
5522b35 fix: encode name portion when calling publicUrl function (Update for sample repo restructuring kubeflow/pipelines#1828)
a10b91e test: Clean-up sample test buckets by prefix (KFP tests fail kubeflow/pipelines#1825)
cf6f787 samples: set client endpoint (Refactors toolbar buttons to use a map rather than an array kubeflow/pipelines#1812)
ac786c3 chore: Update createBucketWithTurboReplication.js (Disable flaky tests temporarily kubeflow/pipelines#1809)
f72cdc5 chore(deps): update actions/checkout action to v3 (Use KFP lite deployment for presubmit tests kubeflow/pipelines#1808)
a3e3d33 refactor: Improve `offset` < `numBytesWritten` error message (Container builder default gcr kubeflow/pipelines#1806)
99caf88 chore(deps): update actions/setup-node action to v3 (Garbage collect the completed workflow after persisted to database kubeflow/pipelines#1802)
be70dae fix: fixed typo (Persist Pod Logs for non-GCP Pipeline Deployment kubeflow/pipelines#1803)
ca96958 test: Repair and Refactor Requester Pays Tests (Add integration test for Run's Retry API kubeflow/pipelines#1800)
e9cce0d docs: Document `DownscopedClient` usage (Address security issue in package-lock.json kubeflow/pipelines#1797)
c4a27e9 chore: fix npm link url (provided by github user galkin) (Release b8afd0418f55362112d1fbe077fdd7da2737c500 kubeflow/pipelines#1799)
4e95330 chore: refactor exception strings into enums (Pipeline UI: logs keep force scrolling to bottom even after step has finished kubeflow/pipelines#1790)
faca1dd chore: update system test message for requester pays error (Release b8afd04 kubeflow/pipelines#1791)
3149457 build: Pin TypeScript to 3.9.x (Remove yebrahim from approvers/reviewers kubeflow/pipelines#1787)

See the full diff

Package name: @kubernetes/client-node

The new version differs by 250 commits.

2b3ad2c Update release.yml
263e3f5 Update release.yml
e05b37c Merge pull request Add missing main_class arg to spark job and set default values. kubeflow/pipelines#966 from brendandburns/examples
f2a0219 Fix push script to be able to run without input and skip tagging.
22e0b76 Merge pull request Fixing dependency versions to avoid future breaks kubeflow/pipelines#873 from brendandburns/examples
a45f53d Add a workflow to perform releases.
f293107 Merge pull request dsl.ContainerOp.after() only works with Ops that have already sanitized names kubeflow/pipelines#965 from andekande/master
57c6bfc Update cache_test.ts
eb4d246 Update cache.ts
e0127b4 Update informer.ts
14b6d48 Merge pull request Set default values for payload objects in case of empty. kubeflow/pipelines#962 from vBitza/feature/update-ingress-example
7c3f4e1 Merge pull request Add an NVIDIA ResNet example kubeflow/pipelines#963 from kubernetes-client/dependabot/npm_and_yarn/prettier-2.8.3
0f5706f build(deps-dev): bump prettier from 2.8.2 to 2.8.3
e848e4d update ingress example to NetworkingV1Api apiVersion
fc68199 Merge pull request Make single step pipeline easier in DSL kubeflow/pipelines#961 from kubernetes-client/dependabot/npm_and_yarn/nock-13.3.0
56a84bd build(deps-dev): bump nock from 13.2.9 to 13.3.0
0944e91 Merge pull request tfx/taxi-cab-classification-pipeline.py fails at preprocess step with kubeflow/pipelines#960 from kubernetes-client/dependabot/npm_and_yarn/prettier-2.8.2
007f13d Merge pull request Make the data generated by a pipeline step available before the pipeline step completes. kubeflow/pipelines#959 from kubernetes-client/dependabot/npm_and_yarn/typedoc-0.23.24
878788a Merge pull request value in file_outputs is not being passed to input parameters correctly kubeflow/pipelines#957 from anandfresh/contributing
a2d15bf build(deps-dev): bump prettier from 2.8.1 to 2.8.2
e7f8a4d build(deps-dev): bump typedoc from 0.23.23 to 0.23.24
41b7916 Merge pull request Add type check samples kubeflow/pipelines#955 from edify42/master
a7b0347 Contribution note
e722309 lint/prettier bug!

See the full diff

Package name: axios

The new version differs by 73 commits.

abd24a7 chore(release): v1.7.4 (chore: Release KFP SDK and v2 launcher 1.8.1 kubeflow/pipelines#6544)
6b6b605 fix(sec): CVE-2024-39338 (feat(components/google-cloud): Expose all Custom Job parameters via Custom Job wrapper kubeflow/pipelines#6539) (chore(sdk): fix sdk/python/tests/run_tests.sh to run all the tests in the folder. kubeflow/pipelines#6543)
07a661a fix(sec): disregard protocol-relative URL to remediate SSRF (feat(components/google-cloud): Expose all Custom Job parameters via Custom Job wrapper kubeflow/pipelines#6539)
c6cce43 chore(release): v1.7.3 (feat(components): add dataflow wait component yaml kubeflow/pipelines#6521)
e3c76fc fix(adapter): fix progress event emitting; (Fix: Kfservingdeployer reduce output size kubeflow/pipelines#6518)
85d4d0e fix(fetch): fix withCredentials request config (chore: Release KFP SDK and v2 launcher 1.8.0 kubeflow/pipelines#6505)
92cd8ed chore(github): update ISSUE_TEMPLATE.md (feat(frontend): Stateful v2 Node styling. Fix #6280 kubeflow/pipelines#6519)
8966ee7 fix(xhr): return original config on errors from XHR adapter (feat(sdk.v2): Support container environment variable in v2. kubeflow/pipelines#6515)
0e4f9fa chore(release): v1.7.2 (chore(components/pytorch): Update ax-hpo pytorch samples notebook kubeflow/pipelines#6414)
4f79aef fix(fetch): enhance fetch API detection; (feat(components/google-cloud): add project_id to the inputs of preprocessing component kubeflow/pipelines#6413)
67d1373 chore(release): v1.7.1 (Kubeflow GCP component to deploy model error. kubeflow/pipelines#6411)
733f15f fix(fetch): fixed ReferenceError issue when TextEncoder is not available in the environment; ([sdk] Pipeline V2 - Ouput[Dataset] giving error - TypeError: expected str, bytes or os.PathLike object, not NoneType kubeflow/pipelines#6410)
3041c61 [Release] v1.7.0 (chore(frontend): Change edge type from animated to arrowclosed. Partial #6397 kubeflow/pipelines#6408)
18b13cb chore(docs): add fetch adapter docs; (feat(frontend): v2 Execution Node element. Partial #6280 kubeflow/pipelines#6407)
e62099b fix(fetch): fixed a possible memory leak in the AbortController for the stream response if the ReadableStream is not supported; (chore(sdk): clean up the unused arg in AIPlatformClient docstring. kubeflow/pipelines#6406)
b49aa8e chore(release): v1.7.0-beta.2 (chore(components/google-cloud): Update args and location of ForecastingPreprocessingOp and ForecastingValidationOp kubeflow/pipelines#6403)
d57f03a chore(ci): bump create-pull-request version to fix a bug; (feat(frontend): Add version description to pipelineVersionList. Part of #6256 kubeflow/pipelines#6405)
097b0d1 chore(ci): add tag resolution for npm releases based on package version; (feat(sdk): detail option to kfp run get. Fixes #6315 kubeflow/pipelines#6404)
870e0a7 fix(fetch): fix headers getting from a stream response; (chore: sync pipeline_spec to current version. kubeflow/pipelines#6401)
95a3e8e fix(fetch): fix & optimize progress capturing for cases when the request data has a nullish value or zero data length (Show active V2 runs list, show archived V2 runs list. When not breaking v1 run list kubeflow/pipelines#6400)
ad3174a fix(fetch): capitalize HTTP method names; (feat(sdk): Add description to upload_pipeline_version in kfp. Part of #6256 kubeflow/pipelines#6395)
b9f4848 chore(release): v1.7.0-beta.1 ([sdk] V2 IR compiler cannot compile nested parallel loop kubeflow/pipelines#6383)
bb5f9a5 fix(fetch): treat fetch-related TypeError as an AxiosError.ERR_NETWORK error; ([frontend] Run frontend server locally for development with multi-user enabled in server(k8s) kubeflow/pipelines#6380)
81e0455 fix(core/axios): handle un-writable error stack (fix(manifests): replace argo ClusterRoleBinding namespace kubeflow/pipelines#6362)

See the full diff

Package name: crypto-js

The new version differs by 47 commits.

ac34a5a Merge branch 'release/4.2.0' into develop
d5af3ae Update release notes.
9496e07 Bump version.
421dd53 Change default hash algorithm and iteration's for PBKDF2 to prevent weak security by using the default configuration.
d1f4f4d Update grunt.
1da3dab Discontinued
4dcaa7a Merge pull request [Snyk] Security upgrade python from 3.6-slim to 3.14.0a1-slim #380 from Alanscut/dev
762feb2 chore: rename BF to Blowfish
fb81418 feat: blowfish support
c8a2312 Merge pull request [Snyk] Security upgrade python from 3.6 to 3.14.0a1 #379 from Alanscut/dev
09ee2ab feat: custom KDF hasher
0229694 Merge branch 'develop' of ssh://github.com/brix/crypto-js into develop
df09288 Remove travis status, as travis is not used anymore.
6703e79 Merge pull request [Snyk] Security upgrade python from 3.7-slim to 3.13.0rc2-slim #285 from paulmwatson/develop
d50d964 No es default param.
4840268 Merge pull request [Snyk] Security upgrade python from 3.7 to 3.14.0a1 #378 from Elity/develop
f92ddc0 Merge pull request [Snyk] Security upgrade python from 3.7 to 3.14.0a1 #377 from Alanscut/dev
fe84967 fix: es-check error
ca7384f test: add test case,using salt in the config
dcc3848 fix:The "cfg.salt" parameter don't work
ecfe2e4 Update dev dependencies.
a4dac50 Merge branch 'release/4.1.1' into develop
81ed562 Update release notes.
0326a86 Bump version.

See the full diff

Package name: express

The new version differs by 2 commits.

8e229f9 4.21.1
a024c8a fix(deps): cookie@0.7.1

See the full diff

Package name: minio

The new version differs by 136 commits.

e6eb60d remove already removed method (Add integration test for filtering kubeflow/pipelines#1155)
5144d0d refactor: migrate `Client` base methods to TypeScript (Add filter to next page token so it applies to subsequently requested pages kubeflow/pipelines#1153)
261fe01 fix meta data directive in copy object (fix missing filter for list call kubeflow/pipelines#1151)
838aa8f example require minio (Expose service-type as parameter kubeflow/pipelines#1136)
1ba5ad6 chore: remove old api (Add integration test for pagination kubeflow/pipelines#1152)
ff0e3cc fix(types): missing transportAgent on client options (Backend Docker build fails with python error in resnet-train-pipeline.py kubeflow/pipelines#1142)
6298bde refactor: rewrite `AssumeRoleProvider` in TypeScript (Set run model default timestamp to 0 kubeflow/pipelines#1140)
43d204b docs: improve readme (use kubeflow/pipelines branch for deployment in test kubeflow/pipelines#1143)
613932c refactor: migrate `CopyConditions` `PostPolicy` to TypeScript ([WIP] - Add a k8s helper method for generating viewer crd for tensorboard. kubeflow/pipelines#1141)
43bef25 docs: improve example (The number of members in the policy (1,503) is larger than the maximum allowed size 1,500 kubeflow/pipelines#1146)
0229893 refactor: migrate `Credentials` `CredentialProvider` to TypeScript (Enable local test runner for Kubeflow Pipelines kubeflow/pipelines#1138)
766eb40 start minio first (Pagination broken in UI kubeflow/pipelines#1149)
52e214e refactor: migrate helpers.js/s3-endpoints.js/signing.js to TypeScript (Allow later versions of dependencies to be used with Python KFP package. kubeflow/pipelines#1137)
3ec0a68 correct path for mint tests (Allow adding pipeline with name and description. kubeflow/pipelines#1139)
b3cfc7d build: update workflow to support ts (SDK - Removed SourceSpec structure kubeflow/pipelines#1119)
28b3530 fix: minio.js wrong error name
e02b0fe Bump yaml from 2.2.1 to 2.2.2 (Use range instead of pin for python dependencies for kfp kubeflow/pipelines#1134)
5b233c9 style: add prettier, lint-staged, husky and eslint rules (SDK - Simplified the @pipeline decorator kubeflow/pipelines#1120)
d6d82c0 Update version to next release
36a8741 bump release tag to 7.1.0
832ac71 Fixed issue with closing files in fPutObject() function (Updated the "Basic - Sequential execution" sample kubeflow/pipelines#1112)
75ed013 Fixed error handling in putObject (Expose Pipelines as CRD and enable to easy migration from Argo workflow kubeflow/pipelines#1132)
14474b5 feat: specify custom transport agent parameter (KFP SDK should support gcloud credential kubeflow/pipelines#1104)
a2d2c0b fixbatch deletion in removeObjects (Add AWS Support in Pipeline kubeflow/pipelines#1131)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-side Request Forgery (SSRF)
🦉 More lessons are available in Snyk Learn

Signed-off-by: Chen Sun <chensun@users.noreply.github.com>

…line_evaluation_pairwise` component PiperOrigin-RevId: 629549849

PiperOrigin-RevId: 629556915

…n rlhf preprocessor and infer preprocessor PiperOrigin-RevId: 630245237

* chore(components): Drop GCPC Python 3.7 PiperOrigin-RevId: 627500444 **Description of your changes:** **Checklist:** - [ ] The title for your pull request (PR) should follow our title convention. [Learn more about the pull request title convention used in this repository](https://github.com/kubeflow/pipelines/blob/master/CONTRIBUTING.md#pull-request-title-convention).  * drop support python3.7 * fix test Signed-off-by: rickyxie0929 <rickyxie@google.com> * fix test Signed-off-by: rickyxie0929 <rickyxie@google.com> * fix test Signed-off-by: rickyxie0929 <rickyxie@google.com> * fix test Signed-off-by: rickyxie0929 <rickyxie@google.com> * fix tes Signed-off-by: rickyxie0929 <rickyxie@google.com> * fix test Signed-off-by: rickyxie0929 <rickyxie@google.com> * fix test Signed-off-by: rickyxie0929 <rickyxie@google.com> * remove kfp related Signed-off-by: rickyxie0929 <rickyxie@google.com> * remove kfp related Signed-off-by: rickyxie0929 <rickyxie@google.com> * just kfp change Signed-off-by: rickyxie0929 <rickyxie@google.com> * only change in kubernetes_platform/python/setup.py Signed-off-by: rickyxie0929 <rickyxie@google.com> * only change in init.py Signed-off-by: rickyxie0929 <rickyxie@google.com> * change Signed-off-by: rickyxie0929 <rickyxie@google.com> * change Signed-off-by: rickyxie0929 <rickyxie@google.com> * Update release Signed-off-by: rickyxie0929 <rickyxie@google.com> * Update base image Signed-off-by: rickyxie0929 <rickyxie@google.com> * change test python 3.7 to python 3.8 Signed-off-by: rickyxie0929 <rickyxie@google.com> * update golden snapshot Signed-off-by: rickyxie0929 <rickyxie@google.com> * update yaml to python3.8 under kubernetes_platform/python/test/snapshot/data/toleration.yaml Signed-off-by: rickyxie0929 <rickyxie@google.com> * update yaml python 3.8 for sdk/python/test_data/pipelines/parallelfor_fan_in Signed-off-by: rickyxie0929 <rickyxie@google.com> * update yaml to fix tests Signed-off-by: rickyxie0929 <rickyxie@google.com> * Update Readme Signed-off-by: rickyxie0929 <rickyxie@google.com> * Update kubernetes_setup python version Signed-off-by: rickyxie0929 <rickyxie@google.com> * Update readme Signed-off-by: rickyxie0929 <rickyxie@google.com> --------- Signed-off-by: rickyxie0929 <rickyxie@google.com>

Signed-off-by: Chen Sun <chensun@users.noreply.github.com>

…el graph PiperOrigin-RevId: 631266689

Signed-off-by: Humair Khan <HumairAK@users.noreply.github.com>

…ubeflow#10751) * periodic functional tests migration Signed-off-by: shruti2522 <shruti.apc01@gmail.com> feat: migrate periodic functional tests to GH actions Signed-off-by: shruti2522 <shruti.apc01@gmail.com> feat: migrate periodic functional tests to GH actions Signed-off-by: shruti2522 <shruti.apc01@gmail.com> feat: migrate periodic functional tests to GH actions feat: migrate periodic functional tests to GH actions Signed-off-by: shruti2522 <shruti.apc01@gmail.com> feat: migrate periodic functional tests to GH actions Signed-off-by: shruti2522 <shruti.apc01@gmail.com> * updated kind installation and artifact collection Signed-off-by: shruti2522 <shruti.apc01@gmail.com> * updated artifact collection code Signed-off-by: shruti2522 <shruti.apc01@gmail.com> * updated version Signed-off-by: shruti2522 <shruti.apc01@gmail.com> * updated path Signed-off-by: shruti2522 <shruti.apc01@gmail.com> * added log_dir Signed-off-by: shruti2522 <shruti.apc01@gmail.com> --------- Signed-off-by: shruti2522 <shruti.apc01@gmail.com>

…iles (kubeflow#10725) When building images via `make`: - Allow users to specify an alternate Container Engine rather than docker - Allow users to specify image names/tags rather than a hardcoded image name and `latest` tag for backend images Signed-off-by: Giulio Frasca <gfrasca@redhat.com>

Signed-off-by: Humair Khan <HumairAK@users.noreply.github.com>

…nclude EnabledSharedMemory (kubeflow#10703) Signed-off-by: hsteude <henrik.steude@prokube.ai>

Signed-off-by: Michael Hu <humichael@google.com> PiperOrigin-RevId: 631917851

…mponent Signed-off-by: Michael Hu <humichael@google.com> PiperOrigin-RevId: 631958163

Signed-off-by: Googler <nobody@google.com> PiperOrigin-RevId: 631959982

Signed-off-by: Googler <nobody@google.com> PiperOrigin-RevId: 632325315

Signed-off-by: Googler <nobody@google.com> PiperOrigin-RevId: 632575448

Signed-off-by: Googler <nobody@google.com> PiperOrigin-RevId: 632653742

Signed-off-by: Googler <nobody@google.com> PiperOrigin-RevId: 634137095

Signed-off-by: Googler <nobody@google.com> PiperOrigin-RevId: 634900210

Signed-off-by: Googler <nobody@google.com> PiperOrigin-RevId: 635894975

Signed-off-by: Igor Kvachenok <igor.kvachenok@prokube.ai>

…0842) Signed-off-by: ddalvi <ddalvi@redhat.com>

Signed-off-by: Igor Kvachenok <igor.kvachenok@prokube.ai>

Signed-off-by: Humair Khan <HumairAK@users.noreply.github.com> Co-authored-by: Humair Khan <HumairAK@users.noreply.github.com>

* fix(frontend): reduce list run latency Signed-off-by: droctothorpe <mythicalsunlight@gmail.com> Co-authored-by: quinnovator <jack@jq.codes> Co-authored-by: tarat44 <32471142+tarat44@users.noreply.github.com> Co-authored-by: owmasch <owenmaschal0598@gmail.com> * Handle multi-user deployments Signed-off-by: droctothorpe <mythicalsunlight@gmail.com> --------- Signed-off-by: droctothorpe <mythicalsunlight@gmail.com> Co-authored-by: quinnovator <jack@jq.codes> Co-authored-by: tarat44 <32471142+tarat44@users.noreply.github.com> Co-authored-by: owmasch <owenmaschal0598@gmail.com>

Signed-off-by: Michael Hu <humichael@google.com> PiperOrigin-RevId: 638080280

…e_user_defined_error function Signed-off-by: Googler <nobody@google.com> PiperOrigin-RevId: 638523242

…h right key_name within use_config_map_as_env() block. (kubeflow#10855) Signed-off-by: Vamsi Mathala <vmathala@redhat.com> Co-authored-by: Vamsi Mathala <vmathala@vmathala-thinkpadp1gen4i.punetw6.csb>

…ubeflow#11238) Signed-off-by: carter.fendley <carter.fendley@gmail.com>

Signed-off-by: paulinapk <paulinapk@google.com>

Signed-off-by: Helber Belmiro <helber.belmiro@gmail.com>

…kubeflow#11222) * feat(sdk): Allow setting a default of execution caching disabled via a compiler CLI flag and env var Co-authored-by: Greg Sheremeta <gshereme@redhat.com> Signed-off-by: ddalvi <ddalvi@redhat.com> * Add tests for disabling default caching var and flag Signed-off-by: ddalvi <ddalvi@redhat.com> --------- Signed-off-by: ddalvi <ddalvi@redhat.com> Co-authored-by: Greg Sheremeta <gshereme@redhat.com>

… run creation. Fixes kubeflow#10884 (kubeflow#11163) * UPSTREAM: <carry>: add last_run_creation Signed-off-by: Humair Khan <HumairAK@users.noreply.github.com> * Allow-the-ability-to-sort-Experiments-by-last-run-creation-kubeflow#10884 Signed-off-by: Elay Aharoni (EXT-Nokia) <elay.aharoni.ext@nokia.com> * UPSTREAM: <carry>: chore(backend): Rename UpdateLastRun -> SetLastRunTimestamp follup up to bf77909. Rename UpdateLastRun -> SetLastRunTimestamp also tweak a related log message Signed-off-by: Greg Sheremeta <gshereme@redhat.com> * UPSTREAM: <carry>: chore(backend): Rename UpdateLastRun -> SetLastRunTimestamp follup up to bf77909. Rename UpdateLastRun -> SetLastRunTimestamp also tweak a related log message Signed-off-by: Greg Sheremeta <gshereme@redhat.com> --------- Signed-off-by: Humair Khan <HumairAK@users.noreply.github.com> Signed-off-by: Elay Aharoni (EXT-Nokia) <elay.aharoni.ext@nokia.com> Signed-off-by: Greg Sheremeta <gshereme@redhat.com> Co-authored-by: Humair Khan <HumairAK@users.noreply.github.com> Co-authored-by: Elay Aharoni (EXT-Nokia) <elay.aharoni.ext@nokia.com> Co-authored-by: Greg Sheremeta <gshereme@redhat.com>

Signed-off-by: Chen Sun <chensun@users.noreply.github.com>

Signed-off-by: ntny <ntny1986@gmail.com>

Signed-off-by: hbelmiro <helber.belmiro@gmail.com> Signed-off-by: Helber Belmiro <helber.belmiro@gmail.com>

…ponsibilies. Fixes kubeflow#10509 (kubeflow#10790) * feat(backend): Remove PipelineSpec Template storage from ObjStore responsibilies. Fixes kubeflow#10509 Signed-off-by: Giulio Frasca <gfrasca@redhat.com> * chore: Remove BadObjStore unit tests (no longer applicable) Signed-off-by: Giulio Frasca <gfrasca@redhat.com> * test: Update backend unit tests to not retrieve PipelineSpec from mock ObjStore - Add PipelineSpec to mock PVs as they are no longer retrieved from ObjStore Signed-off-by: Giulio Frasca <gfrasca@redhat.com> --------- Signed-off-by: Giulio Frasca <gfrasca@redhat.com>

…ubeflow#10186 (kubeflow#11243) Signed-off-by: b4sus <jurob19@gmail.com>

Signed-off-by: Humair Khan <HumairAK@users.noreply.github.com>

…#11254) Bumps [rollup](https://github.com/rollup/rollup) from 2.63.0 to 2.79.2. - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v2.63.0...v2.79.2) --- updated-dependencies: - dependency-name: rollup dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…w#11271) Bumps [webpack](https://github.com/webpack/webpack) from 5.90.3 to 5.95.0. - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.90.3...v5.95.0) --- updated-dependencies: - dependency-name: webpack dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(doc): Update kfp-kubenetes release instructions. Signed-off-by: Chen Sun <chensun@users.noreply.github.com> * Update RELEASE.md Signed-off-by: Chen Sun <chensun@users.noreply.github.com> --------- Signed-off-by: Chen Sun <chensun@users.noreply.github.com>

…11281) Signed-off-by: zazulam <m.zazula@gmail.com>

Signed-off-by: vmudadla <vmudadla@redhat.com>

… regression component to fix issues with bigquery data source Signed-off-by: Jason Dai <jsndai@google.com> PiperOrigin-RevId: 684488025

* Patch deployments and include debugging info Signed-off-by: carter.fendley <carter.fendley@gmail.com> * Build and use driver / launcher too! Signed-off-by: carter.fendley <carter.fendley@gmail.com> * Modify waiting status message Signed-off-by: carter.fendley <carter.fendley@gmail.com> * Fix typo Signed-off-by: carter.fendley <carter.fendley@gmail.com> --------- Signed-off-by: carter.fendley <carter.fendley@gmail.com>

Signed-off-by: vmudadla <vmudadla@redhat.com>

Ghaction tide integration

chensun and others added 30 commits April 30, 2024 21:38

chore: Update RELEASE.md (kubeflow#10767)

5f80285

Signed-off-by: Chen Sun <chensun@users.noreply.github.com>

fix(components): Add input param autorater_prompt_parameters to `on…

cf7450b

…line_evaluation_pairwise` component PiperOrigin-RevId: 629549849

feat(components): create infer preprocessor component

e9d6876

PiperOrigin-RevId: 629556915

feat(components): create utility class for preprocessors and use it i…

cd16a33

…n rlhf preprocessor and infer preprocessor PiperOrigin-RevId: 630245237

chore: Promote @rimolive as a backend approver (kubeflow#10780)

804ee00

Signed-off-by: Chen Sun <chensun@users.noreply.github.com>

feat(components): use preprocessor utility methods for the upload mod…

7908ed6

…el graph PiperOrigin-RevId: 631266689

chore: upgrade node to v18 (kubeflow#10794)

d91a70a

Signed-off-by: Humair Khan <HumairAK@users.noreply.github.com>

chore: add meaningful logs to client initialization. (kubeflow#10801)

92046be

Signed-off-by: Humair Khan <HumairAK@users.noreply.github.com>

feat(kubernetes_platform): Update kubernetes_platform go package to i…

7c63599

…nclude EnabledSharedMemory (kubeflow#10703) Signed-off-by: hsteude <henrik.steude@prokube.ai>

feat(components): Retry on batch prediction internal errors in AutoSxS

5d9f4ab

Signed-off-by: Michael Hu <humichael@google.com> PiperOrigin-RevId: 631917851

fix(components): Add staging and temp locations to prophet trainer co…

00440f7

…mponent Signed-off-by: Michael Hu <humichael@google.com> PiperOrigin-RevId: 631958163

fix(components): Remove unused import function_based from infer pipeline

e369bd3

Signed-off-by: Googler <nobody@google.com> PiperOrigin-RevId: 631959982

docs(components): Bump the python version to 3.8

61a1166

Signed-off-by: Googler <nobody@google.com> PiperOrigin-RevId: 632325315

chore(components): GCPC 2.14.1 Release

0c8950a

Signed-off-by: Googler <nobody@google.com> PiperOrigin-RevId: 632575448

chore(components): Rollback GCPC 2.14.1 Release due to b/339911077

06c0816

Signed-off-by: Googler <nobody@google.com> PiperOrigin-RevId: 632653742

chore(components): Add TaskError proto

606bcfa

Signed-off-by: Googler <nobody@google.com> PiperOrigin-RevId: 634137095

chore(components): GCPC 2.14.1 Release

61331d2

Signed-off-by: Googler <nobody@google.com> PiperOrigin-RevId: 634900210

feat(components): Create the write_user_defined_error function

454a654

Signed-off-by: Googler <nobody@google.com> PiperOrigin-RevId: 635894975

test: fix CI failure for periodic functional tests (kubeflow#10817)

c18ec0b

Signed-off-by: Igor Kvachenok <igor.kvachenok@prokube.ai>

chore(docs): Fix link (kubeflow#7533)

a9d5d07

chore: Update Periodic Functional Tests to run once a day (kubeflow#1…

d7e39e9

…0842) Signed-off-by: ddalvi <ddalvi@redhat.com>

test: fix version conflict for functional tests (kubeflow#10837)

1d5e83b

Signed-off-by: Igor Kvachenok <igor.kvachenok@prokube.ai>

chore: server should skip sample load if path DNE (kubeflow#10833)

01ee4af

Signed-off-by: Humair Khan <HumairAK@users.noreply.github.com> Co-authored-by: Humair Khan <HumairAK@users.noreply.github.com>

feat(components): Support parsing Gemini BP outputs in AutoSxS pipeline

b4f91a3

Signed-off-by: Michael Hu <humichael@google.com> PiperOrigin-RevId: 638080280

feat(components): Use GetModel integration test to manually test writ…

609c637

…e_user_defined_error function Signed-off-by: Googler <nobody@google.com> PiperOrigin-RevId: 638523242

docs: modified the ConfigMap as Env variable example in README.md wit…

6d3b8c3

…h right key_name within use_config_map_as_env() block. (kubeflow#10855) Signed-off-by: Vamsi Mathala <vmathala@redhat.com> Co-authored-by: Vamsi Mathala <vmathala@vmathala-thinkpadp1gen4i.punetw6.csb>

CarterFendley and others added 26 commits September 23, 2024 18:40

fix(workflows): patch reversed launcher / driver in workflow matrix (k…

ceeda01

…ubeflow#11238) Signed-off-by: carter.fendley <carter.fendley@gmail.com>

chore: Remove PaulinaPacyna from reviewers (kubeflow#11242)

be6adb6

Signed-off-by: paulinapk <paulinapk@google.com>

test: Fixed kubeflow-pipelines-integration-v2 workflow (kubeflow#11244)

880e46d

Signed-off-by: Helber Belmiro <helber.belmiro@gmail.com>

chore: adding HumairAK to root OWNERS (kubeflow#11253)

feacb52

Signed-off-by: Chen Sun <chensun@users.noreply.github.com>

feat(backend): add configurable S3 path style support (kubeflow#11246)

85fdd73

Signed-off-by: ntny <ntny1986@gmail.com>

chore: adding @hbelmiro to backend reviewers (kubeflow#11256)

6c3ab39

Signed-off-by: hbelmiro <helber.belmiro@gmail.com> Signed-off-by: Helber Belmiro <helber.belmiro@gmail.com>

chore: pinned estroz/rerun-actions version (kubeflow#11257)

f4cdbeb

Signed-off-by: hbelmiro <helber.belmiro@gmail.com> Signed-off-by: Helber Belmiro <helber.belmiro@gmail.com>

fix(backend): randomizing output uri path to avoid overwriting. Fixes k…

219725d

…ubeflow#10186 (kubeflow#11243) Signed-off-by: b4sus <jurob19@gmail.com>

correct lastrun unittest timestamps (kubeflow#11270)

6f6c8ae

Signed-off-by: Humair Khan <HumairAK@users.noreply.github.com>

fix(backend): set default value to true for ForcePathStyle (kubeflow#…

391de8c

…11281) Signed-off-by: zazulam <m.zazula@gmail.com>

Added new Github Action workflow to verify CI checks

91328b1

Signed-off-by: vmudadla <vmudadla@redhat.com>

fix(components): remove default prediction column names in evaluation…

753a2f1

… regression component to fix issues with bigquery data source Signed-off-by: Jason Dai <jsndai@google.com> PiperOrigin-RevId: 684488025

test: Integrate Git Hub Action Results into Tide (kubeflow#11262)

4ccb047

Signed-off-by: vmudadla <vmudadla@redhat.com>

update wf

8e40aff

update wf

f0fb537

update wf

02ee85a

update wf

c7808fe

Merge pull request #330 from VaniHaripriya/ghaction-tide-integration

b30330f

Ghaction tide integration

VaniHaripriya force-pushed the master branch from c6abe6a to 50c4869 Compare October 16, 2024 15:17

VaniHaripriya force-pushed the master branch from 50c4869 to 60a8865 Compare November 5, 2024 18:18

VaniHaripriya force-pushed the master branch from e13b16a to e27b687 Compare November 12, 2024 20:27

github-actions bot added the Stale label Jan 12, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 22 vulnerabilities #331

[Snyk] Fix for 22 vulnerabilities #331

VaniHaripriya commented Oct 14, 2024

[Snyk] Fix for 22 vulnerabilities #331

Are you sure you want to change the base?

[Snyk] Fix for 22 vulnerabilities #331

Conversation

VaniHaripriya commented Oct 14, 2024

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade: