[Snyk] Security upgrade aiohttp from 3.8.6 to 3.12.14 #98
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit upgrades various protobuf packages in KFP. To support this change various code changes had to be made to account for breaking api changes. The changes were: Python: * all python packages now supports protobuf 5 & 6 * proto files for pipeline spec, kfp-kubernetes, and backend/api have been re-compiled with the latest protoc (31.1) * project go.mod runtime proto and grpc packages have been updated to match the latest packages for generated code, i.e. protoc-gen-go, protobuf, grpc-gateway, etc. * backend code has been updated to support new api changes * python packages have new make commands to allow developers to build the python packages using the same project dependencies used for releases * workflow ci has been updated to trigger tests on changes to pipeline-spec * kfp-generate image has been updated to reflect the lates dependencies & the same image was used to generate the compiled code everywhere * there are inline comments added in various places to help future maintainers keep packages in sync, but more work is needed here in terms of documentation. Some additional future work warrants CI changes to ensure dependencies are in sync. Runtime Protobuf packages need to stay aligned with packages used to generate code. Signed-off-by: Humair Khan <[email protected]>
Signed-off-by: Humair Khan <[email protected]>
Signed-off-by: Humair Khan <[email protected]>
…s from the go client side, nameply the changes to the "Body" parameter, which now requires you to specify the actual name of the object type (Run, Experiment, Pipeline, Version, etc.) Signed-off-by: Humair Khan <[email protected]>
Signed-off-by: Humair Khan <[email protected]>
Signed-off-by: Humair Khan <[email protected]>
…rain_model/requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-10742466
🎉 Snyk checks have passed. No issues have been found so far.✅ security/snyk check is complete. No issues have been found. (View Details) |
HumairAK
force-pushed
the
master
branch
9 times, most recently
from
aa17af9 to
87e54d1
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to fix 1 vulnerabilities in the pip dependencies of this project.
Snyk changed the following file(s):
samples/contrib/versioned-pipeline-ci-samples/kaggle-ci-sample/train_model/requirements.txtImportant
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.