install(packages): overcome CVEs #90
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 3 commits
July 21, 2022 19:50
Manually installed the four packages according to the versions on the CVE site. Then I ran rpm audit fix, then make build-local, then npm run dev. Packages affected: eventsource <1.1.1 Severity: critical Exposure of Sensitive Information in eventsource - GHSA-6h5x-7c5m-7cr7 fix available via up to date, audited 1756 packages in 6s 58 packages are looking for funding run `npm fund` for details # npm audit report ajv <6.12.3 Severity: moderate Prototype Pollution in Ajv - GHSA-v88g-cgmw-v5xw fix available via `npm audit fix --force` Will install istanbul-instrumenter-loader@2.0.0, which is a breaking change node_modules/istanbul-instrumenter-loader/node_modules/ajv schema-utils <=0.4.3 Depends on vulnerable versions of ajv node_modules/istanbul-instrumenter-loader/node_modules/schema-utils istanbul-instrumenter-loader >=3.0.0-beta.0 Depends on vulnerable versions of schema-utils node_modules/istanbul-instrumenter-loader glob-parent <=5.1.1 Severity: high Regular expression denial of service in glob-parent - GHSA-ww39-953v-wcq6 glob-parent before 6.0.1 and 5.1.2 vulnerable to Regular Expression Denial of Service (ReDoS) - GHSA-cj88-88mr-972w fix available via `npm audit fix --force` Will install copy-webpack-plugin@11.0.0, which is a breaking change node_modules/glob-parent chokidar 1.0.0-rc1 - 2.1.8 Depends on vulnerable versions of glob-parent node_modules/watchpack-chokidar2/node_modules/chokidar node_modules/webpack-dev-server/node_modules/chokidar watchpack-chokidar2 * Depends on vulnerable versions of chokidar node_modules/watchpack-chokidar2 watchpack 1.7.2 - 1.7.5 Depends on vulnerable versions of watchpack-chokidar2 node_modules/watchpack webpack 4.44.0 - 4.46.0 Depends on vulnerable versions of watchpack node_modules/webpack webpack-dev-server 2.0.0-beta - 4.7.2 Depends on vulnerable versions of chokidar Depends on vulnerable versions of selfsigned node_modules/webpack-dev-server copy-webpack-plugin 5.0.1 - 5.1.2 Depends on vulnerable versions of glob-parent node_modules/copy-webpack-plugin json-bigint <1.0.0 Severity: high Uncontrolled Resource Consumption in json-bigint - GHSA-wgfq-7857-4jcc fix available via `npm audit fix --force` Will install google-auth-library@8.1.1, which is a breaking change node_modules/gcp-metadata/node_modules/json-bigint gcp-metadata 0.8.0 - 4.1.0 Depends on vulnerable versions of json-bigint node_modules/gcp-metadata google-auth-library 0.9.4 - 5.10.1 Depends on vulnerable versions of gcp-metadata Depends on vulnerable versions of gtoken node_modules/google-auth-library karma <=6.3.15 Severity: high Open redirect in karma - GHSA-rc3x-jf5g-xvc5 Cross-site Scripting in karma - GHSA-7x7c-qm48-pq9c Depends on vulnerable versions of ua-parser-js fix available via `npm audit fix --force` Will install karma@6.4.0, which is a breaking change node_modules/karma node-forge <=1.2.1 Severity: high Open Redirect in node-forge - GHSA-8fr3-hfg3-gpgp Prototype Pollution in node-forge debug API. - GHSA-5rrq-pxf6-6jx5 URL parsing in node-forge could lead to undesired behavior. - GHSA-gf8q-jrpm-jvxq Improper Verification of Cryptographic Signature in `node-forge` - GHSA-2r2c-g63r-vccr Improper Verification of Cryptographic Signature in node-forge - GHSA-x4jg-mjrx-434g Improper Verification of Cryptographic Signature in node-forge - GHSA-cfm4-qjh2-4765 fix available via `npm audit fix --force` Will install webpack-dev-server@4.9.3, which is a breaking change node_modules/node-forge google-p12-pem <=3.1.2 Depends on vulnerable versions of node-forge node_modules/google-p12-pem gtoken <=5.0.0 Depends on vulnerable versions of google-p12-pem node_modules/gtoken selfsigned 1.1.1 - 1.10.14 Depends on vulnerable versions of node-forge node_modules/selfsigned pug <3.0.1 Severity: high Remote code execution via the `pretty` option. - GHSA-p493-635q-r6gr fix available via `npm audit fix --force` Will install pug@3.0.2, which is a breaking change node_modules/pug pug-loader >=2.0.0 Depends on vulnerable versions of pug node_modules/pug-loader ua-parser-js <=0.7.23 Severity: high Regular Expression Denial of Service (ReDoS) in ua-parser-js - GHSA-394c-5j6w-4xmx Regular Expression Denial of Service (ReDoS) in ua-parser-js - GHSA-78cj-fxph-m83p fix available via `npm audit fix --force` Will install karma@6.4.0, which is a breaking change node_modules/ua-parser-js 21 vulnerabilities (12 moderate, 9 high) To address all issues (including breaking changes), run: npm audit fix --force node_modules/eventsource --- xmlhttprequest-ssl <=1.6.1 Severity: critical Improper Certificate Validation in xmlhttprequest-ssl - GHSA-72mh-269x-7mh5 Arbitrary Code Injection - GHSA-h4j5-c7cj-74xg fix available via up to date, audited 1756 packages in 4s 58 packages are looking for funding run `npm fund` for details # npm audit report ajv <6.12.3 Severity: moderate Prototype Pollution in Ajv - GHSA-v88g-cgmw-v5xw fix available via `npm audit fix --force` Will install istanbul-instrumenter-loader@2.0.0, which is a breaking change node_modules/istanbul-instrumenter-loader/node_modules/ajv schema-utils <=0.4.3 Depends on vulnerable versions of ajv node_modules/istanbul-instrumenter-loader/node_modules/schema-utils istanbul-instrumenter-loader >=3.0.0-beta.0 Depends on vulnerable versions of schema-utils node_modules/istanbul-instrumenter-loader glob-parent <=5.1.1 Severity: high Regular expression denial of service in glob-parent - GHSA-ww39-953v-wcq6 glob-parent before 6.0.1 and 5.1.2 vulnerable to Regular Expression Denial of Service (ReDoS) - GHSA-cj88-88mr-972w fix available via `npm audit fix --force` Will install copy-webpack-plugin@11.0.0, which is a breaking change node_modules/glob-parent chokidar 1.0.0-rc1 - 2.1.8 Depends on vulnerable versions of glob-parent node_modules/watchpack-chokidar2/node_modules/chokidar node_modules/webpack-dev-server/node_modules/chokidar watchpack-chokidar2 * Depends on vulnerable versions of chokidar node_modules/watchpack-chokidar2 watchpack 1.7.2 - 1.7.5 Depends on vulnerable versions of watchpack-chokidar2 node_modules/watchpack webpack 4.44.0 - 4.46.0 Depends on vulnerable versions of watchpack node_modules/webpack webpack-dev-server 2.0.0-beta - 4.7.2 Depends on vulnerable versions of chokidar Depends on vulnerable versions of selfsigned node_modules/webpack-dev-server copy-webpack-plugin 5.0.1 - 5.1.2 Depends on vulnerable versions of glob-parent node_modules/copy-webpack-plugin json-bigint <1.0.0 Severity: high Uncontrolled Resource Consumption in json-bigint - GHSA-wgfq-7857-4jcc fix available via `npm audit fix --force` Will install google-auth-library@8.1.1, which is a breaking change node_modules/gcp-metadata/node_modules/json-bigint gcp-metadata 0.8.0 - 4.1.0 Depends on vulnerable versions of json-bigint node_modules/gcp-metadata google-auth-library 0.9.4 - 5.10.1 Depends on vulnerable versions of gcp-metadata Depends on vulnerable versions of gtoken node_modules/google-auth-library karma <=6.3.15 Severity: high Open redirect in karma - GHSA-rc3x-jf5g-xvc5 Cross-site Scripting in karma - GHSA-7x7c-qm48-pq9c Depends on vulnerable versions of ua-parser-js fix available via `npm audit fix --force` Will install karma@6.4.0, which is a breaking change node_modules/karma node-forge <=1.2.1 Severity: high Open Redirect in node-forge - GHSA-8fr3-hfg3-gpgp Prototype Pollution in node-forge debug API. - GHSA-5rrq-pxf6-6jx5 URL parsing in node-forge could lead to undesired behavior. - GHSA-gf8q-jrpm-jvxq Improper Verification of Cryptographic Signature in `node-forge` - GHSA-2r2c-g63r-vccr Improper Verification of Cryptographic Signature in node-forge - GHSA-x4jg-mjrx-434g Improper Verification of Cryptographic Signature in node-forge - GHSA-cfm4-qjh2-4765 fix available via `npm audit fix --force` Will install webpack-dev-server@4.9.3, which is a breaking change node_modules/node-forge google-p12-pem <=3.1.2 Depends on vulnerable versions of node-forge node_modules/google-p12-pem gtoken <=5.0.0 Depends on vulnerable versions of google-p12-pem node_modules/gtoken selfsigned 1.1.1 - 1.10.14 Depends on vulnerable versions of node-forge node_modules/selfsigned pug <3.0.1 Severity: high Remote code execution via the `pretty` option. - GHSA-p493-635q-r6gr fix available via `npm audit fix --force` Will install pug@3.0.2, which is a breaking change node_modules/pug pug-loader >=2.0.0 Depends on vulnerable versions of pug node_modules/pug-loader ua-parser-js <=0.7.23 Severity: high Regular Expression Denial of Service (ReDoS) in ua-parser-js - GHSA-394c-5j6w-4xmx Regular Expression Denial of Service (ReDoS) in ua-parser-js - GHSA-78cj-fxph-m83p fix available via `npm audit fix --force` Will install karma@6.4.0, which is a breaking change node_modules/ua-parser-js 21 vulnerabilities (12 moderate, 9 high) To address all issues (including breaking changes), run: npm audit fix --force node_modules/xmlhttprequest-ssl --- url-parse <=1.5.8 Severity: critical Incorrect hostname / protocol due to unstripped leading control characters. - GHSA-jf5r-8hm2-f872 Authorization Bypass Through User-Controlled Key in url-parse - GHSA-hgjh-723h-mx2j Authorization bypass in url-parse - GHSA-rqff-837h-mm52 Open redirect in url-parse - GHSA-hh27-ffr2-f2jc Incorrect returned href via an '@' sign but no user info and hostname - GHSA-8v38-pw62-9cw2 Path traversal in url-parse - GHSA-9m6j-fcg5-2442 fix available via up to date, audited 1756 packages in 5s 58 packages are looking for funding run `npm fund` for details # npm audit report ajv <6.12.3 Severity: moderate Prototype Pollution in Ajv - GHSA-v88g-cgmw-v5xw fix available via `npm audit fix --force` Will install istanbul-instrumenter-loader@2.0.0, which is a breaking change node_modules/istanbul-instrumenter-loader/node_modules/ajv schema-utils <=0.4.3 Depends on vulnerable versions of ajv node_modules/istanbul-instrumenter-loader/node_modules/schema-utils istanbul-instrumenter-loader >=3.0.0-beta.0 Depends on vulnerable versions of schema-utils node_modules/istanbul-instrumenter-loader glob-parent <=5.1.1 Severity: high Regular expression denial of service in glob-parent - GHSA-ww39-953v-wcq6 glob-parent before 6.0.1 and 5.1.2 vulnerable to Regular Expression Denial of Service (ReDoS) - GHSA-cj88-88mr-972w fix available via `npm audit fix --force` Will install copy-webpack-plugin@11.0.0, which is a breaking change node_modules/glob-parent chokidar 1.0.0-rc1 - 2.1.8 Depends on vulnerable versions of glob-parent node_modules/watchpack-chokidar2/node_modules/chokidar node_modules/webpack-dev-server/node_modules/chokidar watchpack-chokidar2 * Depends on vulnerable versions of chokidar node_modules/watchpack-chokidar2 watchpack 1.7.2 - 1.7.5 Depends on vulnerable versions of watchpack-chokidar2 node_modules/watchpack webpack 4.44.0 - 4.46.0 Depends on vulnerable versions of watchpack node_modules/webpack webpack-dev-server 2.0.0-beta - 4.7.2 Depends on vulnerable versions of chokidar Depends on vulnerable versions of selfsigned node_modules/webpack-dev-server copy-webpack-plugin 5.0.1 - 5.1.2 Depends on vulnerable versions of glob-parent node_modules/copy-webpack-plugin json-bigint <1.0.0 Severity: high Uncontrolled Resource Consumption in json-bigint - GHSA-wgfq-7857-4jcc fix available via `npm audit fix --force` Will install google-auth-library@8.1.1, which is a breaking change node_modules/gcp-metadata/node_modules/json-bigint gcp-metadata 0.8.0 - 4.1.0 Depends on vulnerable versions of json-bigint node_modules/gcp-metadata google-auth-library 0.9.4 - 5.10.1 Depends on vulnerable versions of gcp-metadata Depends on vulnerable versions of gtoken node_modules/google-auth-library karma <=6.3.15 Severity: high Open redirect in karma - GHSA-rc3x-jf5g-xvc5 Cross-site Scripting in karma - GHSA-7x7c-qm48-pq9c Depends on vulnerable versions of ua-parser-js fix available via `npm audit fix --force` Will install karma@6.4.0, which is a breaking change node_modules/karma node-forge <=1.2.1 Severity: high Open Redirect in node-forge - GHSA-8fr3-hfg3-gpgp Prototype Pollution in node-forge debug API. - GHSA-5rrq-pxf6-6jx5 URL parsing in node-forge could lead to undesired behavior. - GHSA-gf8q-jrpm-jvxq Improper Verification of Cryptographic Signature in `node-forge` - GHSA-2r2c-g63r-vccr Improper Verification of Cryptographic Signature in node-forge - GHSA-x4jg-mjrx-434g Improper Verification of Cryptographic Signature in node-forge - GHSA-cfm4-qjh2-4765 fix available via `npm audit fix --force` Will install webpack-dev-server@4.9.3, which is a breaking change node_modules/node-forge google-p12-pem <=3.1.2 Depends on vulnerable versions of node-forge node_modules/google-p12-pem gtoken <=5.0.0 Depends on vulnerable versions of google-p12-pem node_modules/gtoken selfsigned 1.1.1 - 1.10.14 Depends on vulnerable versions of node-forge node_modules/selfsigned pug <3.0.1 Severity: high Remote code execution via the `pretty` option. - GHSA-p493-635q-r6gr fix available via `npm audit fix --force` Will install pug@3.0.2, which is a breaking change node_modules/pug pug-loader >=2.0.0 Depends on vulnerable versions of pug node_modules/pug-loader ua-parser-js <=0.7.23 Severity: high Regular Expression Denial of Service (ReDoS) in ua-parser-js - GHSA-394c-5j6w-4xmx Regular Expression Denial of Service (ReDoS) in ua-parser-js - GHSA-78cj-fxph-m83p fix available via `npm audit fix --force` Will install karma@6.4.0, which is a breaking change node_modules/ua-parser-js 21 vulnerabilities (12 moderate, 9 high) To address all issues (including breaking changes), run: npm audit fix --force node_modules/url-parse --- minimist <1.2.6 Severity: critical Prototype Pollution in minimist - GHSA-xvch-5gv4-984h fix available via up to date, audited 1756 packages in 4s 58 packages are looking for funding run `npm fund` for details # npm audit report ajv <6.12.3 Severity: moderate Prototype Pollution in Ajv - GHSA-v88g-cgmw-v5xw fix available via `npm audit fix --force` Will install istanbul-instrumenter-loader@2.0.0, which is a breaking change node_modules/istanbul-instrumenter-loader/node_modules/ajv schema-utils <=0.4.3 Depends on vulnerable versions of ajv node_modules/istanbul-instrumenter-loader/node_modules/schema-utils istanbul-instrumenter-loader >=3.0.0-beta.0 Depends on vulnerable versions of schema-utils node_modules/istanbul-instrumenter-loader glob-parent <=5.1.1 Severity: high Regular expression denial of service in glob-parent - GHSA-ww39-953v-wcq6 glob-parent before 6.0.1 and 5.1.2 vulnerable to Regular Expression Denial of Service (ReDoS) - GHSA-cj88-88mr-972w fix available via `npm audit fix --force` Will install copy-webpack-plugin@11.0.0, which is a breaking change node_modules/glob-parent chokidar 1.0.0-rc1 - 2.1.8 Depends on vulnerable versions of glob-parent node_modules/watchpack-chokidar2/node_modules/chokidar node_modules/webpack-dev-server/node_modules/chokidar watchpack-chokidar2 * Depends on vulnerable versions of chokidar node_modules/watchpack-chokidar2 watchpack 1.7.2 - 1.7.5 Depends on vulnerable versions of watchpack-chokidar2 node_modules/watchpack webpack 4.44.0 - 4.46.0 Depends on vulnerable versions of watchpack node_modules/webpack webpack-dev-server 2.0.0-beta - 4.7.2 Depends on vulnerable versions of chokidar Depends on vulnerable versions of selfsigned node_modules/webpack-dev-server copy-webpack-plugin 5.0.1 - 5.1.2 Depends on vulnerable versions of glob-parent node_modules/copy-webpack-plugin json-bigint <1.0.0 Severity: high Uncontrolled Resource Consumption in json-bigint - GHSA-wgfq-7857-4jcc fix available via `npm audit fix --force` Will install google-auth-library@8.1.1, which is a breaking change node_modules/gcp-metadata/node_modules/json-bigint gcp-metadata 0.8.0 - 4.1.0 Depends on vulnerable versions of json-bigint node_modules/gcp-metadata google-auth-library 0.9.4 - 5.10.1 Depends on vulnerable versions of gcp-metadata Depends on vulnerable versions of gtoken node_modules/google-auth-library karma <=6.3.15 Severity: high Open redirect in karma - GHSA-rc3x-jf5g-xvc5 Cross-site Scripting in karma - GHSA-7x7c-qm48-pq9c Depends on vulnerable versions of ua-parser-js fix available via `npm audit fix --force` Will install karma@6.4.0, which is a breaking change node_modules/karma node-forge <=1.2.1 Severity: high Open Redirect in node-forge - GHSA-8fr3-hfg3-gpgp Prototype Pollution in node-forge debug API. - GHSA-5rrq-pxf6-6jx5 URL parsing in node-forge could lead to undesired behavior. - GHSA-gf8q-jrpm-jvxq Improper Verification of Cryptographic Signature in `node-forge` - GHSA-2r2c-g63r-vccr Improper Verification of Cryptographic Signature in node-forge - GHSA-x4jg-mjrx-434g Improper Verification of Cryptographic Signature in node-forge - GHSA-cfm4-qjh2-4765 fix available via `npm audit fix --force` Will install webpack-dev-server@4.9.3, which is a breaking change node_modules/node-forge google-p12-pem <=3.1.2 Depends on vulnerable versions of node-forge node_modules/google-p12-pem gtoken <=5.0.0 Depends on vulnerable versions of google-p12-pem node_modules/gtoken selfsigned 1.1.1 - 1.10.14 Depends on vulnerable versions of node-forge node_modules/selfsigned pug <3.0.1 Severity: high Remote code execution via the `pretty` option. - GHSA-p493-635q-r6gr fix available via `npm audit fix --force` Will install pug@3.0.2, which is a breaking change node_modules/pug pug-loader >=2.0.0 Depends on vulnerable versions of pug node_modules/pug-loader ua-parser-js <=0.7.23 Severity: high Regular Expression Denial of Service (ReDoS) in ua-parser-js - GHSA-394c-5j6w-4xmx Regular Expression Denial of Service (ReDoS) in ua-parser-js - GHSA-78cj-fxph-m83p fix available via `npm audit fix --force` Will install karma@6.4.0, which is a breaking change node_modules/ua-parser-js 21 vulnerabilities (12 moderate, 9 high) To address all issues (including breaking changes), run: npm audit fix --force node_modules/@babel/core/node_modules/minimist node_modules/babel-loader/node_modules/minimist node_modules/minimist node_modules/portfinder/node_modules/minimist node_modules/webpack/node_modules/minimist
wg102
approved these changes
Jul 22, 2022
chuckbelisle
pushed a commit
that referenced
this pull request
Sep 2, 2022
* releasing: Add WG-Notebooks leads to release owners (kubeflow#5777) Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com> * Specify commonLabels for tensorboard-controller (kubeflow#5780) * Remove jlewi as an approver (kubeflow#5786) Removing myself as an owner. This should lead to better auto-assignment of code reviews. * Update notebook server base images (kubeflow#5804) * Update second layer docker images to new tags and some python deps (kubeflow#5809) * Update image tags and python packages in pytorch and tensorflow full dockerfiles (kubeflow#5817) * Add CI format checks for the Jupyter web app (kubeflow#5811) * jwa(front): Add npm rule for checking the format Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * ci: Add common tasks for format checks Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * ci(jwa): Add format check tasks Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(back): Fix formatting Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): Fix formatting Run `npm run format:write` on frontend Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): Include prettier in package.json Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(docker): Don't copy node_modules in Dockerfile Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * web-apps: Add global dockerignore file Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa: Remove unused dockerignore file Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(make): Don't include dockerignore and cleanup Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * initial notebook server images README.md (kubeflow#5818) * tensorboard-controller: Fix scheduling unbound PVCs (kubeflow#5819) When the TB controller attempts to schedule a RWO PVC it checks its accessModes in the PVC status. The controller panics if the list is empty. This commit adds a check to ensure the list is not empty. Signed-off-by: Ilias Katsakioris <elikatsis@arrikto.com> * Fix profile-controller CRD pruning issue (kubeflow#5822) * api: Add marker for preserving unknown fields in Plugins Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com> * manifests: Regenerate manifests Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com> * Remove Logo Trademarks from the Jupyter Web App and make logos configurable (kubeflow#5823) * rebase: Make logos configurable in configmap and remove trademark references Rebased to remove the changes to the package-lock.json * review: add suggested changes and add image group section to README * Make notebook limits configurable with a multiplication factor (kubeflow#5815) * Make notebook limits configurable with a multiplication factor * Make limits configurable under advanced section * run prettier to format frontend code * fix formatting and add rounding in backend * Return error if limit is smaller than request * Allow disabling limitFactor by setting it to none * review: remove camelCase in python backend * fix: update spawner_ui_config.yaml in manifests directory * review: fix setting limits backend * review: remove unnecessary check from backend * notebook-servers: Update JupyterLab and add Git Extension (kubeflow#5846) * chore: Add comment to reference RStudio license. (kubeflow#5884) * CI/CD: add kustomize build tests (kubeflow#5919) * Add CI format checks for the Volumes web app (kubeflow#5820) * vwa(front): Add npm script to check the formatting Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(front): Update the package-lock.json Run `npm install` to bring the package-lock.json up to date Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(front): Fix formatting Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(back): Fix formatting Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(docker): Remove unused dockerignore file We have created a global dockerignore file for all the web apps in the parent dir. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(docker): Don't copy node_modules in dockerfile Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(make): Don't include dockerignore Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * ci(vwa): Add format check tasks Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(docker): Copy only necessary files for build Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * review: Use docker context instead of cd .. Don't use a `cd ..` and copy dockerignore files back and forth. Instead we should use the Docker context and the global dockerignore file we have for all the web apps. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * tensorboard-controller: fix binding issue (kubeflow#5925) * JWA: Don't override assets with logos ConfigMap (kubeflow#5942) * jwa(front): Add static logos in the app The app does not contain the logos' svgs in its source code/static files. This results in the icons to not show when developing locally. This commit adds the svgs found in the logos ConfigMap to the static files of the app as well. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): Change logos fetch url Change the URLs of the logos from `static/assets/*` to `static/assets/logos`. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(manifests): Don't override assets with logos Mount the ConfigMap under the `static/assets/logos` directory to not override the contents of the entire assets dir. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * Make it possible to add Namespaced menu items (kubeflow#5871) * Make it possible to add Namespaced menu items * Reduce the nesting levels * FIX The number of gpu must be set as string in Kubernetes/Openshift (kubeflow#5891) * Update form.py * Update form.py * Update form-default.component.ts * fix whitespace issue * feat(jupyter): add fonts as assets to service (kubeflow#5691) * cwa(front): Ignore font files in assets * feat(jupyter): add fonts as assets to service * CRUD: fonts in common * CWA: Remove link to css file * jwa(front): Remove font assets from jupyter Co-authored-by: Wendy Gaultier <wvgaultier@gmail.com> * Update base notebook for Renovate compatibility (kubeflow#5955) * Update base notebook for Renovate compatibility * Separate kubectl and S6 arch * Update jupyter, rstudio and vs code notebook images + allow rstudio in iframe (kubeflow#5961) * Update jupyter, rstudio and vs code notebook images * Remove sed and use substring removal * Make menu bar scrollable again (kubeflow#5964) * [fix]: Make jupyter-web-app parse workspace volume MountPath (kubeflow#5952) * [fix]: Make jupyter-web-app parse workspace volume MountPath - workspace volume path was fixed with "/home/jovyan" - it should be enable to parse from jupyter-web-app-config's data * change parsing key correctly * Remove the f-strings in the Jupyter web app's backend (kubeflow#5680) * Notebook servers: Add explanation about kernel not connecting (kubeflow#5920) * fix(profile-controller): KNative probes (kubeflow#5848) Knative control-plane components need to probe certain paths of Knative Pods, in order to function correctly. These paths are: - /healthz - /metrics - /ready - /wait-for-drain For this reason, we extend the Profile Controller to apply an Istio AuthorizationPolicy that allows traffic to these HTTP paths for Pods in user namespaces, as per Knative's instructions: https://knative.dev/docs/serving/istio-authorization/#allowing-access-from-system-pods-by-paths This only fixes requests through the public ingress. Cluster-internal traffic and predictor-transformer use-cases are not supported yet. We continue discussing these in kubeflow#5965. Refs kubeflow#5965 Refs kserve/kserve#1558 Signed-off-by: Yurii Komar <subreptivus@gmail.com> * feat(jupyter): Support hiding image registry/tag (kubeflow#5681) * feat(jupyter): Support hiding image registry/tag * feat(jupyter): Support hiding VSCode/RStudio images registry/tag * rebasing onto upstream master * fix: formatting with prettier and set default hideRegistry=true * fix: move hideRegistry and hideTag from spawnerFormDefaults.image * fix whitespace * add tooltip for images Co-authored-by: JessicaBarh <jessicabarhoma@gmail.com> * Update dockerfiles and make compatible with Renovate (kubeflow#5968) * Update dockerfiles and make compatible with Renovate * Set memory for jupyter pytorch to the same as jupyter tensorflow * Update protobuf * Remove conda version and use substring expansion * Update SQLAlchemy * Update dill * Create OWNERS file in .github folder for Renovate config + workflows (kubeflow#5983) * Extend deadline for PyTorch image building (kubeflow#5991) * Allow user to add/delete labels to user namespace using ConfigMap. Fix kubeflow#5712 (kubeflow#5761) The profile-controller applies a hardcoded list of labels to Profile namespaces. Make this list of labels configurable with a ConfigMap. The new list of steps for the profile-controller is: 1. **(new)** Profile-controller starts and reads the file given by the `--namespace-labels-path` CLI flag (defaults to `/etc/profile-controller/namespace-labels.yaml`). This file contains a YAML dict of label key/values to add to each Profile namespace. 2. Profile-controller creates namespace. 3. Profile-controller merges existing namespace labels with given labels. A given label is applied ONLY if it doesn't exist already. 4. **(new)** If a given label value is empty (``), remove the label from the namespace if it already exists. We are using a ConfigMap instead of a plain CLI flag, so that users can change the list of labels without restarting the profile-controller. Closes kubeflow#5712 Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com> Co-authored-by: James Liu <jamxl@google.com> Co-authored-by: Yannis Zarkadas <yanniszark@arrikto.com> * Update last batch of notebook server Dockerfiles (kubeflow#5997) * Update spawner_ui_config.yaml with new tags (kubeflow#5998) * Update images in spawner_ui_config.yaml * Update manifest image tags * CRUD web apps: i18n (kubeflow#5880) * feat(jupyter): add modules for translations * feat(jupyter): fix path for translations + add GPU translations * feat(jupyter): add translations * feat(jupyter): add translations to form-default * feat(jupyter): add translations to affinity/tolerations * feat(jupyter): add translations to Image Pull Policy * feat(jupyter): remove imports from app.module.ts + fix translations * web-apps(front): add TranslationModule to common for jupyter * Implement i18n for jupyter frontend - Including common components needed - Refactor translation file * web-apps(front): add i18n to messages from backend Status tooltip text Snackbar message * web-apps(front): volumes and tensorboards i18n ini Add the i18n feature for the other 2 projects * feat(volume): add translations for volume * feat(jupyter): refactor asset file * Update asset files for all folders * feat(tensorboards): add i18n Update all asset files * cwa: add new translations * cwa: Add README documentation * fix: formatting with prettier * Fix tests * Fix python format * remove comment Co-authored-by: saffaalvi <alvi118@uwindsor.ca> Co-authored-by: Jose-Matsuda <tongster789@gmail.com> * Remove deprecated JWA (kubeflow#5959) Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * Sync spawner yaml from source to manifests (kubeflow#5999) * notebooks: Add additional PGP server for RStudio package validation (kubeflow#6010) * Change PGP server for RStudio validation to pgp.surfnet.nl * Add as secondary keyserver * Add support for ServiceAccountName and AutomountServiceAccountName to admission-webhook (kubeflow#5939) * WA: Use relative paths for fetching translation files (kubeflow#6034) * jwa(front): Use relative path for i18n json Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(front): Use relative path for i18n json Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * twa(front): Use relative path for i18n json Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * Update CRUD web apps from Angular 8 to Angular 12 (kubeflow#6004) * common: update angular core and cli to 9 ng update @angular/core@9 @angular/cli@9 * common: update material, cdk and cdk-experimental to 9 ng update @angular/cdk@9 @angular/material@9 @angular/cdk-experimental@9 * common: remove entryComponents and replace TestBed.get with TestBed.inject Edit files manually * common: make compatible with Angular 9 Edit files manually * common: update fontawesome to 0.6.0 npm i @fortawesome/angular-fontawesome@0.6.0 * update kubeflow-common project dependencies * common: add @angular/localize ng add @angular/localize * jupyter: update angular core and cli 8 ng update @angular/core@8 @angular/cli@8 * jupyter: update angular core and cli to 9 ng update @angular/core@9 @angular/cli@9 * jupyter: update material, cdk and cdk-experimental to 9 ng update @angular/cdk@9 @angular/material@9 @angular/cdk-experimental@9 * jupyter: remove entryComponents Edit file manually * jupyter: update fontawesome to 0.6.0 npm i @fortawesome/angular-fontawesome@0.6.0 * jupyter: add @angular/localize ng add @angular/localize * tensorboards: update angular core and cli to 9 ng update @angular/core@9 @angular/cli@9 * tensorboards: update material, cdk and cdk-experimental to 9 ng update @angular/cdk@9 @angular/material@9 @angular/cdk-experimental@9 * tensorboards: remove entryComponents and replace TestBed.get with TestBed.inje… Edit files manually * tensorboards: update fontawesome to 0.6.0 npm i @fortawesome/angular-fontawesome@0.6.0 * tensorboards: add @angular/localize ng add @angular/localize * Fix tensorboards-web-app run-dev in makefile Edit file manually * volumes: update angular core and cli to 9 ng update @angular/core@9 @angular/cli@9 * volumes: update material, cdk and cdk-experimental to 9 ng update @angular/cdk@9 @angular/material@9 @angular/cdk-experimental@9 * volumes: remove entryComponents and replace TestBed.get with TestBe… Edit files manually * volumes: update fontawesome to 0.6.0 npm i @fortawesome/angular-fontawesome@0.6.0 * volumes: add @angular/localize ng add @angular/localize * common: update angular core and cli to 10 ng update @angular/core@10 @angular/cli@10 --force * common: update material, cdk and cdk-experimental to 10 ng update @angular/cdk@10 @angular/material@10 @angular/cdk-experimental@10 * update kubeflow-common project dependencies Edit file manually * common: update fontawesome to 0.7.0 npm i @fortawesome/angular-fontawesome@0.7.0 * common: fix font location Edit file manually * jupyter: update angular-fontawesome to 0.7.0 npm i @fortawesome/angular-fontawesome@0.7.0 * jupyter: update angular core and cli to 10 ng update @angular/core@10 @angular/cli@10 * jupyter: update material, cdk and cdk-experimental to 10 ng update @angular/cdk@10 @angular/material@10 @angular/cdk-experimental@10 * tensorboards: update angular-fontawesome to 0.7.0 npm i @fortawesome/angular-fontawesome@0.7.0 * tensorboards: update angular core and cli to 10 ng update @angular/core@10 @angular/cli@10 * tensorboards: update material, cdk and cdk-experimental to 10 ng update @angular/cdk@10 @angular/material@10 @angular/cdk-experimental@10 * volumes: update angular-fontawesome to 0.7.0 npm i @fortawesome/angular-fontawesome@0.7.0 * volumes: update angular core and cli to 10 ng update @angular/core@10 @angular/cli@10 * volumes: update material, cdk and cdk-experimental to 10 ng update @angular/cdk@10 @angular/material@10 @angular/cdk-experimental@10 * common: update angular-fontawesome to 0.8.2 npm i @fortawesome/angular-fontawesome@0.8.2 * common: update codelyzer to 6.0.2 npm i codelyzer@6.0.2 * common: install @angular-devkit/core@11 npm install --save-dev @angular-devkit/core@11 * common: update angular core and cli to 11 ng update @angular/core@11 @angular/cli@11 * common: update material, cdk and cdk-experimental to 11 ng update @angular/cdk@11 @angular/material@11 @angular/cdk-experimental@11 * update kubeflow-common project dependencies Edit file manually * jupyter: update angular-fontawesome to 0.8.2 npm i @fortawesome/angular-fontawesome@0.8.2 * jupyter: update codelyzer to 6.0.2 npm i codelyzer@6.0.2 * jupyter: update angular core and cli to 11 ng update @angular/core@11 @angular/cli@11 * jupyter: update material, cdk and cdk-experimental to 11 ng update @angular/cdk@11 @angular/material@11 @angular/cdk-experimental@11 * tensorboards: update angular-fontawesome to 0.8.2 npm i @fortawesome/angular-fontawesome@0.8.2 * tensorboards: update codelyzer to 6.0.2 npm i codelyzer@6.0.2 * tensorboards: update angular core and cli to 11 ng update @angular/core@11 @angular/cli@11 * tensorboards: update material, cdk and cdk-experimental to 11 ng update @angular/cdk@11 @angular/material@11 @angular/cdk-experimental@11 * volumes: update angular-fontawesome to 0.8.2 npm i @fortawesome/angular-fontawesome@0.8.2 * volumes: update codelyzer to 6.0.2 npm i codelyzer@6.0.2 * volumes: update angular core and cli to 11 ng update @angular/core@11 @angular/cli@11 * volumes: update material, cdk and cdk-experimental to 11 ng update @angular/cdk@11 @angular/material@11 @angular/cdk-experimental@11 * common: Fix CI failure * jupyter: npm run format:write npm run format:write * volumes: npm run format:write npm run format:write * tensorboards: manually run prettier prettier --write 'src/**/*.{js,ts,html,scss,css}' * common: Fix MockComponent entryComponents for CI Manually edit file * common: update angular-fontawesome to 0.9.0 npm i @fortawesome/angular-fontawesome@0.9.0 * common: update angular core and cli to 12 ng update @angular/core@12 @angular/cli@12 * common: update material, cdk and cdk-experimental to 12 ng update @angular/cdk@12 @angular/material@12 @angular/cdk-experimental@12 * update kubeflow-common project dependencies Edit file manually * common: fix Intl.DateTimeFormatOptions Edit file manually. Type of defaultDateOptions and defaultTimeOptions needs to explicitly be set to Intl.DateTimeFormatOptions. * jupyter: update angular-fontawesome to 0.9.0 npm i @fortawesome/angular-fontawesome@0.9.0 * jupyter: update codelyzer to 6.0.2 npm i codelyzer@6.0.2 * jupyter: update angular core and cli to 12 ng update @angular/core@12 @angular/cli@12 * jupyter: update material, cdk and cdk-experimental to 12 ng update @angular/cdk@12 @angular/material@12 @angular/cdk-experimental@12 * tensorboards: update angular-fontawesome to 0.9.0 npm i @fortawesome/angular-fontawesome@0.9.0 * tensorboards: update angular core and cli to 12 ng update @angular/core@12 @angular/cli@12 * tensorboards: update material, cdk and cdk-experimental to 12 ng update @angular/cdk@12 @angular/material@12 @angular/cdk-experimental@12 * volumes: update angular-fontawesome to 0.9.0 npm i @fortawesome/angular-fontawesome@0.9.0 * volumes: update angular core and cli to 12 ng update @angular/core@12 @angular/cli@12 * volumes: update material, cdk and cdk-experimental to 12 ng update @angular/cdk@12 @angular/material@12 @angular/cdk-experimental@12 * common: update and audit packages npm update && npm audit fix && npm i lodash-es@4.17.21 && npm i material-icons@0.7.3 * jupyter: update and audit packages npm update && npm audit fix && npm i material-icons@0.7.3 * tensorboards: update and audit packages npm update && npm audit fix && npm i material-icons@0.7.3 * volumes: update and audit packages npm update && npm audit fix && npm i material-icons@0.7.3 * jupyter: npm run format:write npm run format:write * lists roadmap in reverse chronological order (kubeflow#6055) Signed-off-by: Malini Bhandaru <mbhandaru@vmware.com> * Correct missing predicates in controller watches. Fixes kubeflow#5326 (kubeflow#5873) Co-authored-by: Filinto Duran <fduran@d2iq.com> * fix(web-apps): Use Angular's i18n proposed implementation (kubeflow#6065) * jwa(front): Add i18n for french in angular.json Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): Add i18n rules in package.json Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): i18n FormImage Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): i18n FormAdvancedOptions Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): i18n FormAffinityTolerations Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): i18n FormConfigurations Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): i18n FormCpuRam Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): i18n FormDataVolumes Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): i18n FormGpus Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): i18n FromName Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): i18n FormWorkspaceVolume Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): i18n Volume Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * web-apps(front): i18n BackendService Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * web-apps(front): Add localize to peerDependencies Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * web-apps(front): Import $localize in library Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * web-apps(front): i18n RokService Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): i18n Form Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): i18n BackendService Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * web-apps(front): i18n ConfirmDialog Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): i18n Index Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * web-apps(front): i18n ResourceTable Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * web-apps(front): i18n SnackBar Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * web-apps(front): i18n Form Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * web-app(front): i18n NameNamespaceSelector Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * web-apps(front): Remove ngx-translate Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): i18n App Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): Remove ngx-translate from package.json Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(back): Don't parse keys in status Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(back): Revert backend messages Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): Update translation language files Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * web-apps(back): Don't parse keys in status Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(front): Add i18n for french in angular.json Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(front): Add i18n rules in package.json Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(front): i18n Form Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(front): i18n Index Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(front): i18n BackendService Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(front): i18n App Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(front): Remove ngx-translate from package.json Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(front): i18n Form Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(front): Update translation language files Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * twa(back): Revert backend messages Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * twa(front): Add i18n rules in package.json Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * twa(front): Add i18n for french in angular.json Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * twa(front): i18n Index Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * twa(front): i18n BackendService Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * twa(front): i18n App Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * twa(front): Update translation language files Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * twa(front): Remove ngx-translate from package.json Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * wa: Update READMEs Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * web-apps(front): Add localize when testing Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * [CentralDashboard] Add entry for Models web app (kubeflow#6085) Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * Interact with the namespace selector (kubeflow#5995) * Interact with the namespace selector * Use namespace given as an argument * Keep the index of selected item * fix(jwa): Fix limits calculation when limitFactor is none (kubeflow#6058) * jwa(front): Don't allow NaN values in limits The UI should always catch a NaN value and don't add it in the form. Currently this is the case for the cpu/memory limits. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): Limits should not be changed if dirty If the user has manually edited the limits fields then the UI should not try to automatically calculate them again, using the limitFactors. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * Update image tags in 1.4 release branch (kubeflow#6096) Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * Fix NaN in Kubeflow Notebooks (kubeflow#6092) * Fix NaN in Kubeflow Notebooks * add a validation check for NaN values * fix: validation check if value is None * lint: fix line length * add section for 1.4; small updates for 1.3 section (kubeflow#6082) * add section for 1.4; small updates for 1.3 section * refer to training operators consistently; add link to Notebooks roadmap. * address @Bobgy feedback regarding Kubeflow Pipelines portions of 1.4 roadmap * Remove virtualservice timeout to prevent websocket disconnect (kubeflow#6126) In the existing version, the 'timeout: 300s' added to the notebook's virtual service would cause websockets to disconnect at the 5 minute mark, causing the Jupyter Notebook web terminal function to hang. This is described in kubeflow#6124. * fix(admission-webhook): attach namespace to pod request if pod does not have it (kubeflow#6052) * fix(admission-webhook): attach namespace to pod request if pod does not have it * Apply suggestions from code review Add more explicit logs * Add more explicit log Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * Cherry-pick: Notebooks base gpg fix (kubeflow#6139) * Update images for RC 1 (kubeflow#6137) Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * Final preparations for 1.4 (kubeflow#6177) * Improve README for example-notebook-servers (kubeflow#6165) * jwa(front): Don't disable vendors with no GPUs (kubeflow#6171) JWA should not block users from selecting GPUs if the current cluster nodes do not have any GPUs attached to them. We've seen users that have autoscaled nodegroups for GPUs, so a GPU node will be added to the cluster once a Pod has requested it. Refs: arrikto/dev#1484 Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * Update the version to 1.4 1. Run the `python releasing/update-manifests-images v1.4` script to update all the images of our components to the `v1.4` tag 2. Update the VERSION file so that the post-submit script will build all images Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * Bump Golang version in PodDefaults, TensorBoard Controller and KFAM to 1.17 (kubeflow#6180) * kfam: Upgrade go to 1.17 Update to a more recent docker image that has a newer version of openssl. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * poddefaults: Upgrade go to 1.17 Update to a more recent docker image that has a newer version of openssl. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * tensorboards: Upgrade go to 1.17 Update to a more recent docker image that has a newer version of openssl. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * Automated cherry pick of kubeflow#4751: Add AWS IAM Role for ServiceAccount support in profile Cherry pick of kubeflow#4751 on v1.0-branch. kubeflow#4751: Add AWS IAM Role for ServiceAccount support in profile (kubeflow#4804) * Add AWS IAM Role for ServiceAccount support in profile controller * Add eks profile iam plugin instructions and examples * Clean up codes and add unit tests * Optimize character size of policy document * Always set oidc audience to trust identity * Support AssumeRoleWithWebIdentity call via * feat(jupyter): add ci * Update build.yml * Update build.yml * feat(jupyter): Update GPU options * fix(access-management): Add patch from kubeflow/kubeflow!5202 * fix(npm): vulnerabilities * fix(profile): Update webpack.config.js for kf profiles * ci: Don't use upstream issue triage * ci: Stop building jupyter-web-app component The jupyter-web-app component is superceded by StatCan/jupyter-apis. This commit stops building the redundant component. * ci: Build/push centraldashboard component * chore(fonts): move into service * fix: rearrange dashboard cards * fix: failing tests * fix: Fix broken container scan Run container scanning as a step after building rather than its own job so that it can find the target image. * fix: Security vulnerabilities * Upgrades packages to fix high and critical severity vulnerabilities * Refactor to use updated Kubernetes client API * fix: add 'ws' module to package.json * wip(centraldashboard): Manage multiple profiles * feat: Manage multiple profiles * feat(centraldashboard):Official Languages * fix(centraldashboard): i18n english text and french youtube link * Automated cherry pick of kubeflow#5404: Remove metadata link from centraldashboard (kubeflow#5412) * fix(jupyter): resolve build error Resolves a build error for the changes in #2 * feat(jupyter): add ci * Update build.yml * Update build.yml * ci: Stop building jupyter-web-app component The jupyter-web-app component is superceded by StatCan/jupyter-apis. This commit stops building the redundant component. * fix: rearrange dashboard cards * fix(centraldashboard): remove config map usage + artifact menu and quicklink * feat(pipelines): Fix pipelines on dashboard * fix(centraldashboard): fix pipeline tests * fix(centraldashboard): Remove configmap call + fix conflicts * feat(centraldashboard): Add i18n to dashboard links * cherry pick missing commits into v1.3-branch (kubeflow#5836) * Update notebook server base images (kubeflow#5804) (cherry picked from commit ebc0c4f) * Update second layer docker images to new tags and some python deps (kubeflow#5809) (cherry picked from commit 3dbc352) * Update image tags and python packages in pytorch and tensorflow full dockerfiles (kubeflow#5817) (cherry picked from commit e8250b9) * Add CI format checks for the Jupyter web app (kubeflow#5811) * jwa(front): Add npm rule for checking the format Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * ci: Add common tasks for format checks Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * ci(jwa): Add format check tasks Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(back): Fix formatting Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): Fix formatting Run `npm run format:write` on frontend Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): Include prettier in package.json Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(docker): Don't copy node_modules in Dockerfile Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * web-apps: Add global dockerignore file Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa: Remove unused dockerignore file Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(make): Don't include dockerignore and cleanup Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> (cherry picked from commit 43e03d4) * initial notebook server images README.md (kubeflow#5818) (cherry picked from commit 923a7c8) * Fix profile-controller CRD pruning issue (kubeflow#5822) * api: Add marker for preserving unknown fields in Plugins Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com> * manifests: Regenerate manifests Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com> (cherry picked from commit 8a12599) * Remove Logo Trademarks from the Jupyter Web App and make logos configurable (kubeflow#5823) * rebase: Make logos configurable in configmap and remove trademark references Rebased to remove the changes to the package-lock.json * review: add suggested changes and add image group section to README (cherry picked from commit d73e468) * Make notebook limits configurable with a multiplication factor (kubeflow#5815) * Make notebook limits configurable with a multiplication factor * Make limits configurable under advanced section * run prettier to format frontend code * fix formatting and add rounding in backend * Return error if limit is smaller than request * Allow disabling limitFactor by setting it to none * review: remove camelCase in python backend * fix: update spawner_ui_config.yaml in manifests directory * review: fix setting limits backend * review: remove unnecessary check from backend (cherry picked from commit 2ed54bc) Co-authored-by: DavidSpek <vanderspek.david@gmail.com> Co-authored-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> Co-authored-by: Yannis Zarkadas <yanniszark@arrikto.com> * Release v1.3.0-rc.1 for kubeflow/kubeflow (kubeflow#5838) Follow release procedure to release images and manifests for version v1.3.0-rc.1 Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com> * Cherry-picks for 1.3.1 (kubeflow#6007) * chore: Add comment to reference RStudio license. (kubeflow#5884) * CI/CD: add kustomize build tests (kubeflow#5919) * Add CI format checks for the Volumes web app (kubeflow#5820) * vwa(front): Add npm script to check the formatting Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(front): Update the package-lock.json Run `npm install` to bring the package-lock.json up to date Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(front): Fix formatting Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(back): Fix formatting Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(docker): Remove unused dockerignore file We have created a global dockerignore file for all the web apps in the parent dir. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(docker): Don't copy node_modules in dockerfile Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(make): Don't include dockerignore Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * ci(vwa): Add format check tasks Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(docker): Copy only necessary files for build Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * review: Use docker context instead of cd .. Don't use a `cd ..` and copy dockerignore files back and forth. Instead we should use the Docker context and the global dockerignore file we have for all the web apps. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * tensorboard-controller: fix binding issue (kubeflow#5925) * JWA: Don't override assets with logos ConfigMap (kubeflow#5942) * jwa(front): Add static logos in the app The app does not contain the logos' svgs in its source code/static files. This results in the icons to not show when developing locally. This commit adds the svgs found in the logos ConfigMap to the static files of the app as well. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): Change logos fetch url Change the URLs of the logos from `static/assets/*` to `static/assets/logos`. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(manifests): Don't override assets with logos Mount the ConfigMap under the `static/assets/logos` directory to not override the contents of the entire assets dir. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * FIX The number of gpu must be set as string in Kubernetes/Openshift (kubeflow#5891) * Update form.py * Update form.py * Update form-default.component.ts * fix whitespace issue * Update base notebook for Renovate compatibility (kubeflow#5955) * Update base notebook for Renovate compatibility * Separate kubectl and S6 arch * Update jupyter, rstudio and vs code notebook images + allow rstudio in iframe (kubeflow#5961) * Update jupyter, rstudio and vs code notebook images * Remove sed and use substring removal * Make menu bar scrollable again (kubeflow#5964) * [fix]: Make jupyter-web-app parse workspace volume MountPath (kubeflow#5952) * [fix]: Make jupyter-web-app parse workspace volume MountPath - workspace volume path was fixed with "/home/jovyan" - it should be enable to parse from jupyter-web-app-config's data * change parsing key correctly * Remove the f-strings in the Jupyter web app's backend (kubeflow#5680) * Notebook servers: Add explanation about kernel not connecting (kubeflow#5920) * fix(profile-controller): KNative probes (kubeflow#5848) Knative control-plane components need to probe certain paths of Knative Pods, in order to function correctly. These paths are: - /healthz - /metrics - /ready - /wait-for-drain For this reason, we extend the Profile Controller to apply an Istio AuthorizationPolicy that allows traffic to these HTTP paths for Pods in user namespaces, as per Knative's instructions: https://knative.dev/docs/serving/istio-authorization/#allowing-access-from-system-pods-by-paths This only fixes requests through the public ingress. Cluster-internal traffic and predictor-transformer use-cases are not supported yet. We continue discussing these in kubeflow#5965. Refs kubeflow#5965 Refs kserve/kserve#1558 Signed-off-by: Yurii Komar <subreptivus@gmail.com> * Update dockerfiles and make compatible with Renovate (kubeflow#5968) * Update dockerfiles and make compatible with Renovate * Set memory for jupyter pytorch to the same as jupyter tensorflow * Update protobuf * Remove conda version and use substring expansion * Update SQLAlchemy * Update dill * Extend deadline for PyTorch image building (kubeflow#5991) * Update last batch of notebook server Dockerfiles (kubeflow#5997) * notebooks: Add additional PGP server for RStudio package validation (kubeflow#6010) * Change PGP server for RStudio validation to pgp.surfnet.nl * Add as secondary keyserver * use eslint versions from upstream v1.3 branch * fix eslint errors in pipelines.js * fix: test with namespace for pipeline-cards * fix: wrong text for test * centraldashboard: Update node and use latest-stable (kubeflow#6260) Change the tests to NOT fetch Chromium from the Edge branch, which is develop, but instead use latest-stable. We saw that edge can have problems from times to times. In the same commit we also update the node version to fix CVEs with the current v12.18.3 version that we had. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> (cherry picked from commit bedda47) * eslint auto fixes * fix(vuln): Update base image Update base image and fix json-schema Comment out vulnerability scan (should be reworked to actually block) * feat(ci): add notebook-controller workflow * fix(ci): update notebook-controller ci (#86) Co-authored-by: jumana-s <salwa.mohamed@canda.ca> * fix(ci): push to acr once (#87) Co-authored-by: jumana-s <salwa.mohamed@canda.ca> * feat(notebook-controller): add readiness probe (#85) * fix(npm): fix vulnerabilities * install(packages): overcome CVEs (#90) * install(packages): overcome CVEs * regenerate package-lock.json * Fix package version Co-authored-by: Bryan Paget <bryan.paget@statcan.gc.ca> Co-authored-by: Wendy V Gaultier <wendyvgaultier@gmail.com> Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com> Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> Signed-off-by: Ilias Katsakioris <elikatsis@arrikto.com> Signed-off-by: Yurii Komar <subreptivus@gmail.com> Signed-off-by: Malini Bhandaru <mbhandaru@vmware.com> Co-authored-by: Yannis Zarkadas <yanniszark@arrikto.com> Co-authored-by: DavidSpek <vanderspek.david@gmail.com> Co-authored-by: Jeremy Lewi <jeremy+github@lewi.us> Co-authored-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> Co-authored-by: Mathew Wicks <thesuperzapper@users.noreply.github.com> Co-authored-by: Ilias Katsakioris <elikatsis@arrikto.com> Co-authored-by: James Liu <37026441+zijianjoy@users.noreply.github.com> Co-authored-by: toshi_k <high_luin@yahoo.co.jp> Co-authored-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> Co-authored-by: Saffa Alvi <alvi118@uwindsor.ca> Co-authored-by: Wendy Gaultier <wvgaultier@gmail.com> Co-authored-by: Jaeyeon Kim <anencore94@gmail.com> Co-authored-by: Yurii Komar <Subreptivus@gmail.com> Co-authored-by: JessicaBarh <jessicabarhoma@gmail.com> Co-authored-by: Jose-Matsuda <tongster789@gmail.com> Co-authored-by: Stephen Hopper <50119450+hopper-signifyd@users.noreply.github.com> Co-authored-by: Malini Bhandaru <mbhandaru@vmware.com> Co-authored-by: Filinto Duran <duranto@gmail.com> Co-authored-by: Filinto Duran <fduran@d2iq.com> Co-authored-by: Jiaxin Shan <seedjeffwan@gmail.com> Co-authored-by: Frances Zsurka <franceszsurka@gmail.com> Co-authored-by: William H <sylus1984@gmail.com> Co-authored-by: Zachary Seguin <zachary@zacharyseguin.ca> Co-authored-by: Zachary Seguin <zachary.seguin@canada.ca> Co-authored-by: Brendan Gadd <brendangadd@gmail.com> Co-authored-by: wg102 <wgaul102@uottawa.ca> Co-authored-by: frazs <frances.zsurka@gmail.com> Co-authored-by: Skye Turriff <turriff.skye@gmail.com> Co-authored-by: Jose-Matsuda <jose.matsuda@canada.ca> Co-authored-by: jumana-s <salwa.mohamed@canda.ca> Co-authored-by: Salwa <51963397+jumana-s@users.noreply.github.com> Co-authored-by: Wendy V Gaultier <wendyvgaultier@gmail.com> Co-authored-by: Bryan Paget <bbrryyaann@protonmail.com> Co-authored-by: Bryan Paget <bryan.paget@statcan.gc.ca>
bryanpaget
added a commit
that referenced
this pull request
Sep 9, 2022
* releasing: Add WG-Notebooks leads to release owners (kubeflow#5777) Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com> * Specify commonLabels for tensorboard-controller (kubeflow#5780) * Remove jlewi as an approver (kubeflow#5786) Removing myself as an owner. This should lead to better auto-assignment of code reviews. * Update notebook server base images (kubeflow#5804) * Update second layer docker images to new tags and some python deps (kubeflow#5809) * Update image tags and python packages in pytorch and tensorflow full dockerfiles (kubeflow#5817) * Add CI format checks for the Jupyter web app (kubeflow#5811) * jwa(front): Add npm rule for checking the format Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * ci: Add common tasks for format checks Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * ci(jwa): Add format check tasks Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(back): Fix formatting Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): Fix formatting Run `npm run format:write` on frontend Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): Include prettier in package.json Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(docker): Don't copy node_modules in Dockerfile Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * web-apps: Add global dockerignore file Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa: Remove unused dockerignore file Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(make): Don't include dockerignore and cleanup Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * initial notebook server images README.md (kubeflow#5818) * tensorboard-controller: Fix scheduling unbound PVCs (kubeflow#5819) When the TB controller attempts to schedule a RWO PVC it checks its accessModes in the PVC status. The controller panics if the list is empty. This commit adds a check to ensure the list is not empty. Signed-off-by: Ilias Katsakioris <elikatsis@arrikto.com> * Fix profile-controller CRD pruning issue (kubeflow#5822) * api: Add marker for preserving unknown fields in Plugins Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com> * manifests: Regenerate manifests Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com> * Remove Logo Trademarks from the Jupyter Web App and make logos configurable (kubeflow#5823) * rebase: Make logos configurable in configmap and remove trademark references Rebased to remove the changes to the package-lock.json * review: add suggested changes and add image group section to README * Make notebook limits configurable with a multiplication factor (kubeflow#5815) * Make notebook limits configurable with a multiplication factor * Make limits configurable under advanced section * run prettier to format frontend code * fix formatting and add rounding in backend * Return error if limit is smaller than request * Allow disabling limitFactor by setting it to none * review: remove camelCase in python backend * fix: update spawner_ui_config.yaml in manifests directory * review: fix setting limits backend * review: remove unnecessary check from backend * notebook-servers: Update JupyterLab and add Git Extension (kubeflow#5846) * chore: Add comment to reference RStudio license. (kubeflow#5884) * CI/CD: add kustomize build tests (kubeflow#5919) * Add CI format checks for the Volumes web app (kubeflow#5820) * vwa(front): Add npm script to check the formatting Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(front): Update the package-lock.json Run `npm install` to bring the package-lock.json up to date Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(front): Fix formatting Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(back): Fix formatting Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(docker): Remove unused dockerignore file We have created a global dockerignore file for all the web apps in the parent dir. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(docker): Don't copy node_modules in dockerfile Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(make): Don't include dockerignore Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * ci(vwa): Add format check tasks Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(docker): Copy only necessary files for build Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * review: Use docker context instead of cd .. Don't use a `cd ..` and copy dockerignore files back and forth. Instead we should use the Docker context and the global dockerignore file we have for all the web apps. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * tensorboard-controller: fix binding issue (kubeflow#5925) * JWA: Don't override assets with logos ConfigMap (kubeflow#5942) * jwa(front): Add static logos in the app The app does not contain the logos' svgs in its source code/static files. This results in the icons to not show when developing locally. This commit adds the svgs found in the logos ConfigMap to the static files of the app as well. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): Change logos fetch url Change the URLs of the logos from `static/assets/*` to `static/assets/logos`. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(manifests): Don't override assets with logos Mount the ConfigMap under the `static/assets/logos` directory to not override the contents of the entire assets dir. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * Make it possible to add Namespaced menu items (kubeflow#5871) * Make it possible to add Namespaced menu items * Reduce the nesting levels * FIX The number of gpu must be set as string in Kubernetes/Openshift (kubeflow#5891) * Update form.py * Update form.py * Update form-default.component.ts * fix whitespace issue * feat(jupyter): add fonts as assets to service (kubeflow#5691) * cwa(front): Ignore font files in assets * feat(jupyter): add fonts as assets to service * CRUD: fonts in common * CWA: Remove link to css file * jwa(front): Remove font assets from jupyter Co-authored-by: Wendy Gaultier <wvgaultier@gmail.com> * Update base notebook for Renovate compatibility (kubeflow#5955) * Update base notebook for Renovate compatibility * Separate kubectl and S6 arch * Update jupyter, rstudio and vs code notebook images + allow rstudio in iframe (kubeflow#5961) * Update jupyter, rstudio and vs code notebook images * Remove sed and use substring removal * Make menu bar scrollable again (kubeflow#5964) * [fix]: Make jupyter-web-app parse workspace volume MountPath (kubeflow#5952) * [fix]: Make jupyter-web-app parse workspace volume MountPath - workspace volume path was fixed with "/home/jovyan" - it should be enable to parse from jupyter-web-app-config's data * change parsing key correctly * Remove the f-strings in the Jupyter web app's backend (kubeflow#5680) * Notebook servers: Add explanation about kernel not connecting (kubeflow#5920) * fix(profile-controller): KNative probes (kubeflow#5848) Knative control-plane components need to probe certain paths of Knative Pods, in order to function correctly. These paths are: - /healthz - /metrics - /ready - /wait-for-drain For this reason, we extend the Profile Controller to apply an Istio AuthorizationPolicy that allows traffic to these HTTP paths for Pods in user namespaces, as per Knative's instructions: https://knative.dev/docs/serving/istio-authorization/#allowing-access-from-system-pods-by-paths This only fixes requests through the public ingress. Cluster-internal traffic and predictor-transformer use-cases are not supported yet. We continue discussing these in kubeflow#5965. Refs kubeflow#5965 Refs kserve/kserve#1558 Signed-off-by: Yurii Komar <subreptivus@gmail.com> * feat(jupyter): Support hiding image registry/tag (kubeflow#5681) * feat(jupyter): Support hiding image registry/tag * feat(jupyter): Support hiding VSCode/RStudio images registry/tag * rebasing onto upstream master * fix: formatting with prettier and set default hideRegistry=true * fix: move hideRegistry and hideTag from spawnerFormDefaults.image * fix whitespace * add tooltip for images Co-authored-by: JessicaBarh <jessicabarhoma@gmail.com> * Update dockerfiles and make compatible with Renovate (kubeflow#5968) * Update dockerfiles and make compatible with Renovate * Set memory for jupyter pytorch to the same as jupyter tensorflow * Update protobuf * Remove conda version and use substring expansion * Update SQLAlchemy * Update dill * Create OWNERS file in .github folder for Renovate config + workflows (kubeflow#5983) * Extend deadline for PyTorch image building (kubeflow#5991) * Allow user to add/delete labels to user namespace using ConfigMap. Fix kubeflow#5712 (kubeflow#5761) The profile-controller applies a hardcoded list of labels to Profile namespaces. Make this list of labels configurable with a ConfigMap. The new list of steps for the profile-controller is: 1. **(new)** Profile-controller starts and reads the file given by the `--namespace-labels-path` CLI flag (defaults to `/etc/profile-controller/namespace-labels.yaml`). This file contains a YAML dict of label key/values to add to each Profile namespace. 2. Profile-controller creates namespace. 3. Profile-controller merges existing namespace labels with given labels. A given label is applied ONLY if it doesn't exist already. 4. **(new)** If a given label value is empty (``), remove the label from the namespace if it already exists. We are using a ConfigMap instead of a plain CLI flag, so that users can change the list of labels without restarting the profile-controller. Closes kubeflow#5712 Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com> Co-authored-by: James Liu <jamxl@google.com> Co-authored-by: Yannis Zarkadas <yanniszark@arrikto.com> * Update last batch of notebook server Dockerfiles (kubeflow#5997) * Update spawner_ui_config.yaml with new tags (kubeflow#5998) * Update images in spawner_ui_config.yaml * Update manifest image tags * CRUD web apps: i18n (kubeflow#5880) * feat(jupyter): add modules for translations * feat(jupyter): fix path for translations + add GPU translations * feat(jupyter): add translations * feat(jupyter): add translations to form-default * feat(jupyter): add translations to affinity/tolerations * feat(jupyter): add translations to Image Pull Policy * feat(jupyter): remove imports from app.module.ts + fix translations * web-apps(front): add TranslationModule to common for jupyter * Implement i18n for jupyter frontend - Including common components needed - Refactor translation file * web-apps(front): add i18n to messages from backend Status tooltip text Snackbar message * web-apps(front): volumes and tensorboards i18n ini Add the i18n feature for the other 2 projects * feat(volume): add translations for volume * feat(jupyter): refactor asset file * Update asset files for all folders * feat(tensorboards): add i18n Update all asset files * cwa: add new translations * cwa: Add README documentation * fix: formatting with prettier * Fix tests * Fix python format * remove comment Co-authored-by: saffaalvi <alvi118@uwindsor.ca> Co-authored-by: Jose-Matsuda <tongster789@gmail.com> * Remove deprecated JWA (kubeflow#5959) Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * Sync spawner yaml from source to manifests (kubeflow#5999) * notebooks: Add additional PGP server for RStudio package validation (kubeflow#6010) * Change PGP server for RStudio validation to pgp.surfnet.nl * Add as secondary keyserver * Add support for ServiceAccountName and AutomountServiceAccountName to admission-webhook (kubeflow#5939) * WA: Use relative paths for fetching translation files (kubeflow#6034) * jwa(front): Use relative path for i18n json Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(front): Use relative path for i18n json Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * twa(front): Use relative path for i18n json Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * Update CRUD web apps from Angular 8 to Angular 12 (kubeflow#6004) * common: update angular core and cli to 9 ng update @angular/core@9 @angular/cli@9 * common: update material, cdk and cdk-experimental to 9 ng update @angular/cdk@9 @angular/material@9 @angular/cdk-experimental@9 * common: remove entryComponents and replace TestBed.get with TestBed.inject Edit files manually * common: make compatible with Angular 9 Edit files manually * common: update fontawesome to 0.6.0 npm i @fortawesome/angular-fontawesome@0.6.0 * update kubeflow-common project dependencies * common: add @angular/localize ng add @angular/localize * jupyter: update angular core and cli 8 ng update @angular/core@8 @angular/cli@8 * jupyter: update angular core and cli to 9 ng update @angular/core@9 @angular/cli@9 * jupyter: update material, cdk and cdk-experimental to 9 ng update @angular/cdk@9 @angular/material@9 @angular/cdk-experimental@9 * jupyter: remove entryComponents Edit file manually * jupyter: update fontawesome to 0.6.0 npm i @fortawesome/angular-fontawesome@0.6.0 * jupyter: add @angular/localize ng add @angular/localize * tensorboards: update angular core and cli to 9 ng update @angular/core@9 @angular/cli@9 * tensorboards: update material, cdk and cdk-experimental to 9 ng update @angular/cdk@9 @angular/material@9 @angular/cdk-experimental@9 * tensorboards: remove entryComponents and replace TestBed.get with TestBed.inje… Edit files manually * tensorboards: update fontawesome to 0.6.0 npm i @fortawesome/angular-fontawesome@0.6.0 * tensorboards: add @angular/localize ng add @angular/localize * Fix tensorboards-web-app run-dev in makefile Edit file manually * volumes: update angular core and cli to 9 ng update @angular/core@9 @angular/cli@9 * volumes: update material, cdk and cdk-experimental to 9 ng update @angular/cdk@9 @angular/material@9 @angular/cdk-experimental@9 * volumes: remove entryComponents and replace TestBed.get with TestBe… Edit files manually * volumes: update fontawesome to 0.6.0 npm i @fortawesome/angular-fontawesome@0.6.0 * volumes: add @angular/localize ng add @angular/localize * common: update angular core and cli to 10 ng update @angular/core@10 @angular/cli@10 --force * common: update material, cdk and cdk-experimental to 10 ng update @angular/cdk@10 @angular/material@10 @angular/cdk-experimental@10 * update kubeflow-common project dependencies Edit file manually * common: update fontawesome to 0.7.0 npm i @fortawesome/angular-fontawesome@0.7.0 * common: fix font location Edit file manually * jupyter: update angular-fontawesome to 0.7.0 npm i @fortawesome/angular-fontawesome@0.7.0 * jupyter: update angular core and cli to 10 ng update @angular/core@10 @angular/cli@10 * jupyter: update material, cdk and cdk-experimental to 10 ng update @angular/cdk@10 @angular/material@10 @angular/cdk-experimental@10 * tensorboards: update angular-fontawesome to 0.7.0 npm i @fortawesome/angular-fontawesome@0.7.0 * tensorboards: update angular core and cli to 10 ng update @angular/core@10 @angular/cli@10 * tensorboards: update material, cdk and cdk-experimental to 10 ng update @angular/cdk@10 @angular/material@10 @angular/cdk-experimental@10 * volumes: update angular-fontawesome to 0.7.0 npm i @fortawesome/angular-fontawesome@0.7.0 * volumes: update angular core and cli to 10 ng update @angular/core@10 @angular/cli@10 * volumes: update material, cdk and cdk-experimental to 10 ng update @angular/cdk@10 @angular/material@10 @angular/cdk-experimental@10 * common: update angular-fontawesome to 0.8.2 npm i @fortawesome/angular-fontawesome@0.8.2 * common: update codelyzer to 6.0.2 npm i codelyzer@6.0.2 * common: install @angular-devkit/core@11 npm install --save-dev @angular-devkit/core@11 * common: update angular core and cli to 11 ng update @angular/core@11 @angular/cli@11 * common: update material, cdk and cdk-experimental to 11 ng update @angular/cdk@11 @angular/material@11 @angular/cdk-experimental@11 * update kubeflow-common project dependencies Edit file manually * jupyter: update angular-fontawesome to 0.8.2 npm i @fortawesome/angular-fontawesome@0.8.2 * jupyter: update codelyzer to 6.0.2 npm i codelyzer@6.0.2 * jupyter: update angular core and cli to 11 ng update @angular/core@11 @angular/cli@11 * jupyter: update material, cdk and cdk-experimental to 11 ng update @angular/cdk@11 @angular/material@11 @angular/cdk-experimental@11 * tensorboards: update angular-fontawesome to 0.8.2 npm i @fortawesome/angular-fontawesome@0.8.2 * tensorboards: update codelyzer to 6.0.2 npm i codelyzer@6.0.2 * tensorboards: update angular core and cli to 11 ng update @angular/core@11 @angular/cli@11 * tensorboards: update material, cdk and cdk-experimental to 11 ng update @angular/cdk@11 @angular/material@11 @angular/cdk-experimental@11 * volumes: update angular-fontawesome to 0.8.2 npm i @fortawesome/angular-fontawesome@0.8.2 * volumes: update codelyzer to 6.0.2 npm i codelyzer@6.0.2 * volumes: update angular core and cli to 11 ng update @angular/core@11 @angular/cli@11 * volumes: update material, cdk and cdk-experimental to 11 ng update @angular/cdk@11 @angular/material@11 @angular/cdk-experimental@11 * common: Fix CI failure * jupyter: npm run format:write npm run format:write * volumes: npm run format:write npm run format:write * tensorboards: manually run prettier prettier --write 'src/**/*.{js,ts,html,scss,css}' * common: Fix MockComponent entryComponents for CI Manually edit file * common: update angular-fontawesome to 0.9.0 npm i @fortawesome/angular-fontawesome@0.9.0 * common: update angular core and cli to 12 ng update @angular/core@12 @angular/cli@12 * common: update material, cdk and cdk-experimental to 12 ng update @angular/cdk@12 @angular/material@12 @angular/cdk-experimental@12 * update kubeflow-common project dependencies Edit file manually * common: fix Intl.DateTimeFormatOptions Edit file manually. Type of defaultDateOptions and defaultTimeOptions needs to explicitly be set to Intl.DateTimeFormatOptions. * jupyter: update angular-fontawesome to 0.9.0 npm i @fortawesome/angular-fontawesome@0.9.0 * jupyter: update codelyzer to 6.0.2 npm i codelyzer@6.0.2 * jupyter: update angular core and cli to 12 ng update @angular/core@12 @angular/cli@12 * jupyter: update material, cdk and cdk-experimental to 12 ng update @angular/cdk@12 @angular/material@12 @angular/cdk-experimental@12 * tensorboards: update angular-fontawesome to 0.9.0 npm i @fortawesome/angular-fontawesome@0.9.0 * tensorboards: update angular core and cli to 12 ng update @angular/core@12 @angular/cli@12 * tensorboards: update material, cdk and cdk-experimental to 12 ng update @angular/cdk@12 @angular/material@12 @angular/cdk-experimental@12 * volumes: update angular-fontawesome to 0.9.0 npm i @fortawesome/angular-fontawesome@0.9.0 * volumes: update angular core and cli to 12 ng update @angular/core@12 @angular/cli@12 * volumes: update material, cdk and cdk-experimental to 12 ng update @angular/cdk@12 @angular/material@12 @angular/cdk-experimental@12 * common: update and audit packages npm update && npm audit fix && npm i lodash-es@4.17.21 && npm i material-icons@0.7.3 * jupyter: update and audit packages npm update && npm audit fix && npm i material-icons@0.7.3 * tensorboards: update and audit packages npm update && npm audit fix && npm i material-icons@0.7.3 * volumes: update and audit packages npm update && npm audit fix && npm i material-icons@0.7.3 * jupyter: npm run format:write npm run format:write * lists roadmap in reverse chronological order (kubeflow#6055) Signed-off-by: Malini Bhandaru <mbhandaru@vmware.com> * Correct missing predicates in controller watches. Fixes kubeflow#5326 (kubeflow#5873) Co-authored-by: Filinto Duran <fduran@d2iq.com> * fix(web-apps): Use Angular's i18n proposed implementation (kubeflow#6065) * jwa(front): Add i18n for french in angular.json Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): Add i18n rules in package.json Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): i18n FormImage Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): i18n FormAdvancedOptions Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): i18n FormAffinityTolerations Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): i18n FormConfigurations Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): i18n FormCpuRam Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): i18n FormDataVolumes Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): i18n FormGpus Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): i18n FromName Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): i18n FormWorkspaceVolume Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): i18n Volume Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * web-apps(front): i18n BackendService Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * web-apps(front): Add localize to peerDependencies Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * web-apps(front): Import $localize in library Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * web-apps(front): i18n RokService Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): i18n Form Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): i18n BackendService Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * web-apps(front): i18n ConfirmDialog Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): i18n Index Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * web-apps(front): i18n ResourceTable Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * web-apps(front): i18n SnackBar Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * web-apps(front): i18n Form Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * web-app(front): i18n NameNamespaceSelector Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * web-apps(front): Remove ngx-translate Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): i18n App Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): Remove ngx-translate from package.json Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(back): Don't parse keys in status Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(back): Revert backend messages Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): Update translation language files Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * web-apps(back): Don't parse keys in status Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(front): Add i18n for french in angular.json Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(front): Add i18n rules in package.json Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(front): i18n Form Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(front): i18n Index Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(front): i18n BackendService Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(front): i18n App Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(front): Remove ngx-translate from package.json Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(front): i18n Form Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(front): Update translation language files Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * twa(back): Revert backend messages Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * twa(front): Add i18n rules in package.json Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * twa(front): Add i18n for french in angular.json Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * twa(front): i18n Index Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * twa(front): i18n BackendService Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * twa(front): i18n App Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * twa(front): Update translation language files Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * twa(front): Remove ngx-translate from package.json Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * wa: Update READMEs Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * web-apps(front): Add localize when testing Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * [CentralDashboard] Add entry for Models web app (kubeflow#6085) Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * Interact with the namespace selector (kubeflow#5995) * Interact with the namespace selector * Use namespace given as an argument * Keep the index of selected item * fix(jwa): Fix limits calculation when limitFactor is none (kubeflow#6058) * jwa(front): Don't allow NaN values in limits The UI should always catch a NaN value and don't add it in the form. Currently this is the case for the cpu/memory limits. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): Limits should not be changed if dirty If the user has manually edited the limits fields then the UI should not try to automatically calculate them again, using the limitFactors. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * Update image tags in 1.4 release branch (kubeflow#6096) Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * Fix NaN in Kubeflow Notebooks (kubeflow#6092) * Fix NaN in Kubeflow Notebooks * add a validation check for NaN values * fix: validation check if value is None * lint: fix line length * add section for 1.4; small updates for 1.3 section (kubeflow#6082) * add section for 1.4; small updates for 1.3 section * refer to training operators consistently; add link to Notebooks roadmap. * address @Bobgy feedback regarding Kubeflow Pipelines portions of 1.4 roadmap * Remove virtualservice timeout to prevent websocket disconnect (kubeflow#6126) In the existing version, the 'timeout: 300s' added to the notebook's virtual service would cause websockets to disconnect at the 5 minute mark, causing the Jupyter Notebook web terminal function to hang. This is described in kubeflow#6124. * fix(admission-webhook): attach namespace to pod request if pod does not have it (kubeflow#6052) * fix(admission-webhook): attach namespace to pod request if pod does not have it * Apply suggestions from code review Add more explicit logs * Add more explicit log Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * Cherry-pick: Notebooks base gpg fix (kubeflow#6139) * Update images for RC 1 (kubeflow#6137) Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * Final preparations for 1.4 (kubeflow#6177) * Improve README for example-notebook-servers (kubeflow#6165) * jwa(front): Don't disable vendors with no GPUs (kubeflow#6171) JWA should not block users from selecting GPUs if the current cluster nodes do not have any GPUs attached to them. We've seen users that have autoscaled nodegroups for GPUs, so a GPU node will be added to the cluster once a Pod has requested it. Refs: arrikto/dev#1484 Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * Update the version to 1.4 1. Run the `python releasing/update-manifests-images v1.4` script to update all the images of our components to the `v1.4` tag 2. Update the VERSION file so that the post-submit script will build all images Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * Bump Golang version in PodDefaults, TensorBoard Controller and KFAM to 1.17 (kubeflow#6180) * kfam: Upgrade go to 1.17 Update to a more recent docker image that has a newer version of openssl. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * poddefaults: Upgrade go to 1.17 Update to a more recent docker image that has a newer version of openssl. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * tensorboards: Upgrade go to 1.17 Update to a more recent docker image that has a newer version of openssl. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * Automated cherry pick of kubeflow#4751: Add AWS IAM Role for ServiceAccount support in profile Cherry pick of kubeflow#4751 on v1.0-branch. kubeflow#4751: Add AWS IAM Role for ServiceAccount support in profile (kubeflow#4804) * Add AWS IAM Role for ServiceAccount support in profile controller * Add eks profile iam plugin instructions and examples * Clean up codes and add unit tests * Optimize character size of policy document * Always set oidc audience to trust identity * Support AssumeRoleWithWebIdentity call via * feat(jupyter): add ci * Update build.yml * Update build.yml * feat(jupyter): Update GPU options * fix(access-management): Add patch from kubeflow/kubeflow!5202 * fix(npm): vulnerabilities * fix(profile): Update webpack.config.js for kf profiles * ci: Don't use upstream issue triage * ci: Stop building jupyter-web-app component The jupyter-web-app component is superceded by StatCan/jupyter-apis. This commit stops building the redundant component. * ci: Build/push centraldashboard component * chore(fonts): move into service * fix: rearrange dashboard cards * fix: failing tests * fix: Fix broken container scan Run container scanning as a step after building rather than its own job so that it can find the target image. * fix: Security vulnerabilities * Upgrades packages to fix high and critical severity vulnerabilities * Refactor to use updated Kubernetes client API * fix: add 'ws' module to package.json * wip(centraldashboard): Manage multiple profiles * feat: Manage multiple profiles * feat(centraldashboard):Official Languages * fix(centraldashboard): i18n english text and french youtube link * Automated cherry pick of kubeflow#5404: Remove metadata link from centraldashboard (kubeflow#5412) * fix(jupyter): resolve build error Resolves a build error for the changes in #2 * feat(jupyter): add ci * Update build.yml * Update build.yml * ci: Stop building jupyter-web-app component The jupyter-web-app component is superceded by StatCan/jupyter-apis. This commit stops building the redundant component. * fix: rearrange dashboard cards * fix(centraldashboard): remove config map usage + artifact menu and quicklink * feat(pipelines): Fix pipelines on dashboard * fix(centraldashboard): fix pipeline tests * fix(centraldashboard): Remove configmap call + fix conflicts * feat(centraldashboard): Add i18n to dashboard links * cherry pick missing commits into v1.3-branch (kubeflow#5836) * Update notebook server base images (kubeflow#5804) (cherry picked from commit ebc0c4f) * Update second layer docker images to new tags and some python deps (kubeflow#5809) (cherry picked from commit 3dbc352) * Update image tags and python packages in pytorch and tensorflow full dockerfiles (kubeflow#5817) (cherry picked from commit e8250b9) * Add CI format checks for the Jupyter web app (kubeflow#5811) * jwa(front): Add npm rule for checking the format Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * ci: Add common tasks for format checks Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * ci(jwa): Add format check tasks Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(back): Fix formatting Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): Fix formatting Run `npm run format:write` on frontend Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): Include prettier in package.json Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(docker): Don't copy node_modules in Dockerfile Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * web-apps: Add global dockerignore file Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa: Remove unused dockerignore file Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(make): Don't include dockerignore and cleanup Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> (cherry picked from commit 43e03d4) * initial notebook server images README.md (kubeflow#5818) (cherry picked from commit 923a7c8) * Fix profile-controller CRD pruning issue (kubeflow#5822) * api: Add marker for preserving unknown fields in Plugins Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com> * manifests: Regenerate manifests Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com> (cherry picked from commit 8a12599) * Remove Logo Trademarks from the Jupyter Web App and make logos configurable (kubeflow#5823) * rebase: Make logos configurable in configmap and remove trademark references Rebased to remove the changes to the package-lock.json * review: add suggested changes and add image group section to README (cherry picked from commit d73e468) * Make notebook limits configurable with a multiplication factor (kubeflow#5815) * Make notebook limits configurable with a multiplication factor * Make limits configurable under advanced section * run prettier to format frontend code * fix formatting and add rounding in backend * Return error if limit is smaller than request * Allow disabling limitFactor by setting it to none * review: remove camelCase in python backend * fix: update spawner_ui_config.yaml in manifests directory * review: fix setting limits backend * review: remove unnecessary check from backend (cherry picked from commit 2ed54bc) Co-authored-by: DavidSpek <vanderspek.david@gmail.com> Co-authored-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> Co-authored-by: Yannis Zarkadas <yanniszark@arrikto.com> * Release v1.3.0-rc.1 for kubeflow/kubeflow (kubeflow#5838) Follow release procedure to release images and manifests for version v1.3.0-rc.1 Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com> * Cherry-picks for 1.3.1 (kubeflow#6007) * chore: Add comment to reference RStudio license. (kubeflow#5884) * CI/CD: add kustomize build tests (kubeflow#5919) * Add CI format checks for the Volumes web app (kubeflow#5820) * vwa(front): Add npm script to check the formatting Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(front): Update the package-lock.json Run `npm install` to bring the package-lock.json up to date Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(front): Fix formatting Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(back): Fix formatting Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(docker): Remove unused dockerignore file We have created a global dockerignore file for all the web apps in the parent dir. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(docker): Don't copy node_modules in dockerfile Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * vwa(make): Don't include dockerignore Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * ci(vwa): Add format check tasks Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(docker): Copy only necessary files for build Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * review: Use docker context instead of cd .. Don't use a `cd ..` and copy dockerignore files back and forth. Instead we should use the Docker context and the global dockerignore file we have for all the web apps. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * tensorboard-controller: fix binding issue (kubeflow#5925) * JWA: Don't override assets with logos ConfigMap (kubeflow#5942) * jwa(front): Add static logos in the app The app does not contain the logos' svgs in its source code/static files. This results in the icons to not show when developing locally. This commit adds the svgs found in the logos ConfigMap to the static files of the app as well. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(front): Change logos fetch url Change the URLs of the logos from `static/assets/*` to `static/assets/logos`. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * jwa(manifests): Don't override assets with logos Mount the ConfigMap under the `static/assets/logos` directory to not override the contents of the entire assets dir. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> * FIX The number of gpu must be set as string in Kubernetes/Openshift (kubeflow#5891) * Update form.py * Update form.py * Update form-default.component.ts * fix whitespace issue * Update base notebook for Renovate compatibility (kubeflow#5955) * Update base notebook for Renovate compatibility * Separate kubectl and S6 arch * Update jupyter, rstudio and vs code notebook images + allow rstudio in iframe (kubeflow#5961) * Update jupyter, rstudio and vs code notebook images * Remove sed and use substring removal * Make menu bar scrollable again (kubeflow#5964) * [fix]: Make jupyter-web-app parse workspace volume MountPath (kubeflow#5952) * [fix]: Make jupyter-web-app parse workspace volume MountPath - workspace volume path was fixed with "/home/jovyan" - it should be enable to parse from jupyter-web-app-config's data * change parsing key correctly * Remove the f-strings in the Jupyter web app's backend (kubeflow#5680) * Notebook servers: Add explanation about kernel not connecting (kubeflow#5920) * fix(profile-controller): KNative probes (kubeflow#5848) Knative control-plane components need to probe certain paths of Knative Pods, in order to function correctly. These paths are: - /healthz - /metrics - /ready - /wait-for-drain For this reason, we extend the Profile Controller to apply an Istio AuthorizationPolicy that allows traffic to these HTTP paths for Pods in user namespaces, as per Knative's instructions: https://knative.dev/docs/serving/istio-authorization/#allowing-access-from-system-pods-by-paths This only fixes requests through the public ingress. Cluster-internal traffic and predictor-transformer use-cases are not supported yet. We continue discussing these in kubeflow#5965. Refs kubeflow#5965 Refs kserve/kserve#1558 Signed-off-by: Yurii Komar <subreptivus@gmail.com> * Update dockerfiles and make compatible with Renovate (kubeflow#5968) * Update dockerfiles and make compatible with Renovate * Set memory for jupyter pytorch to the same as jupyter tensorflow * Update protobuf * Remove conda version and use substring expansion * Update SQLAlchemy * Update dill * Extend deadline for PyTorch image building (kubeflow#5991) * Update last batch of notebook server Dockerfiles (kubeflow#5997) * notebooks: Add additional PGP server for RStudio package validation (kubeflow#6010) * Change PGP server for RStudio validation to pgp.surfnet.nl * Add as secondary keyserver * use eslint versions from upstream v1.3 branch * fix eslint errors in pipelines.js * fix: test with namespace for pipeline-cards * fix: wrong text for test * centraldashboard: Update node and use latest-stable (kubeflow#6260) Change the tests to NOT fetch Chromium from the Edge branch, which is develop, but instead use latest-stable. We saw that edge can have problems from times to times. In the same commit we also update the node version to fix CVEs with the current v12.18.3 version that we had. Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> (cherry picked from commit bedda47) * eslint auto fixes * fix(vuln): Update base image Update base image and fix json-schema Comment out vulnerability scan (should be reworked to actually block) * feat(ci): add notebook-controller workflow * fix(ci): update notebook-controller ci (#86) Co-authored-by: jumana-s <salwa.mohamed@canda.ca> * fix(ci): push to acr once (#87) Co-authored-by: jumana-s <salwa.mohamed@canda.ca> * feat(notebook-controller): add readiness probe (#85) * fix(npm): fix vulnerabilities * install(packages): overcome CVEs (#90) * install(packages): overcome CVEs * regenerate package-lock.json * Fix package version Co-authored-by: Bryan Paget <bryan.paget@statcan.gc.ca> Co-authored-by: Wendy V Gaultier <wendyvgaultier@gmail.com> Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com> Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> Signed-off-by: Ilias Katsakioris <elikatsis@arrikto.com> Signed-off-by: Yurii Komar <subreptivus@gmail.com> Signed-off-by: Malini Bhandaru <mbhandaru@vmware.com> Co-authored-by: Yannis Zarkadas <yanniszark@arrikto.com> Co-authored-by: DavidSpek <vanderspek.david@gmail.com> Co-authored-by: Jeremy Lewi <jeremy+github@lewi.us> Co-authored-by: Kimonas Sotirchos <kimwnasptd@arrikto.com> Co-authored-by: Mathew Wicks <thesuperzapper@users.noreply.github.com> Co-authored-by: Ilias Katsakioris <elikatsis@arrikto.com> Co-authored-by: James Liu <37026441+zijianjoy@users.noreply.github.com> Co-authored-by: toshi_k <high_luin@yahoo.co.jp> Co-authored-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> Co-authored-by: Saffa Alvi <alvi118@uwindsor.ca> Co-authored-by: Wendy Gaultier <wvgaultier@gmail.com> Co-authored-by: Jaeyeon Kim <anencore94@gmail.com> Co-authored-by: Yurii Komar <Subreptivus@gmail.com> Co-authored-by: JessicaBarh <jessicabarhoma@gmail.com> Co-authored-by: Jose-Matsuda <tongster789@gmail.com> Co-authored-by: Stephen Hopper <50119450+hopper-signifyd@users.noreply.github.com> Co-authored-by: Malini Bhandaru <mbhandaru@vmware.com> Co-authored-by: Filinto Duran <duranto@gmail.com> Co-authored-by: Filinto Duran <fduran@d2iq.com> Co-authored-by: Jiaxin Shan <seedjeffwan@gmail.com> Co-authored-by: Frances Zsurka <franceszsurka@gmail.com> Co-authored-by: William H <sylus1984@gmail.com> Co-authored-by: Zachary Seguin <zachary@zacharyseguin.ca> Co-authored-by: Zachary Seguin <zachary.seguin@canada.ca> Co-authored-by: Brendan Gadd <brendangadd@gmail.com> Co-authored-by: wg102 <wgaul102@uottawa.ca> Co-authored-by: frazs <frances.zsurka@gmail.com> Co-authored-by: Skye Turriff <turriff.skye@gmail.com> Co-authored-by: Jose-Matsuda <jose.matsuda@canada.ca> Co-authored-by: jumana-s <salwa.mohamed@canda.ca> Co-authored-by: Salwa <51963397+jumana-s@users.noreply.github.com> Co-authored-by: Wendy V Gaultier <wendyvgaultier@gmail.com> Co-authored-by: Bryan Paget <bbrryyaann@protonmail.com> Co-authored-by: Bryan Paget <bryan.paget@statcan.gc.ca>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Manually installed the four packages according to the versions on the CVE site. Then I ran rpm audit fix, then make build-local, then npm run dev.
Packages affected:
eventsource <1.1.1
Severity: critical
Exposure of Sensitive Information in eventsource - GHSA-6h5x-7c5m-7cr7
fix available via
up to date, audited 1756 packages in 6s
58 packages are looking for funding
run
npm fundfor detailsnpm audit report
ajv <6.12.3
Severity: moderate
Prototype Pollution in Ajv - GHSA-v88g-cgmw-v5xw
fix available via
npm audit fix --forceWill install istanbul-instrumenter-loader@2.0.0, which is a breaking change
node_modules/istanbul-instrumenter-loader/node_modules/ajv
schema-utils <=0.4.3
Depends on vulnerable versions of ajv
node_modules/istanbul-instrumenter-loader/node_modules/schema-utils
istanbul-instrumenter-loader >=3.0.0-beta.0
Depends on vulnerable versions of schema-utils
node_modules/istanbul-instrumenter-loader
glob-parent <=5.1.1
Severity: high
Regular expression denial of service in glob-parent - GHSA-ww39-953v-wcq6
glob-parent before 6.0.1 and 5.1.2 vulnerable to Regular Expression Denial of Service (ReDoS) - GHSA-cj88-88mr-972w
fix available via
npm audit fix --forceWill install copy-webpack-plugin@11.0.0, which is a breaking change
node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/watchpack-chokidar2/node_modules/chokidar
node_modules/webpack-dev-server/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/watchpack
webpack 4.44.0 - 4.46.0
Depends on vulnerable versions of watchpack
node_modules/webpack
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
node_modules/webpack-dev-server
copy-webpack-plugin 5.0.1 - 5.1.2
Depends on vulnerable versions of glob-parent
node_modules/copy-webpack-plugin
json-bigint <1.0.0
Severity: high
Uncontrolled Resource Consumption in json-bigint - GHSA-wgfq-7857-4jcc
fix available via
npm audit fix --forceWill install google-auth-library@8.1.1, which is a breaking change
node_modules/gcp-metadata/node_modules/json-bigint
gcp-metadata 0.8.0 - 4.1.0
Depends on vulnerable versions of json-bigint
node_modules/gcp-metadata
google-auth-library 0.9.4 - 5.10.1
Depends on vulnerable versions of gcp-metadata
Depends on vulnerable versions of gtoken
node_modules/google-auth-library
karma <=6.3.15
Severity: high
Open redirect in karma - GHSA-rc3x-jf5g-xvc5
Cross-site Scripting in karma - GHSA-7x7c-qm48-pq9c
Depends on vulnerable versions of ua-parser-js
fix available via
npm audit fix --forceWill install karma@6.4.0, which is a breaking change
node_modules/karma
node-forge <=1.2.1
Severity: high
Open Redirect in node-forge - GHSA-8fr3-hfg3-gpgp
Prototype Pollution in node-forge debug API. - GHSA-5rrq-pxf6-6jx5
URL parsing in node-forge could lead to undesired behavior. - GHSA-gf8q-jrpm-jvxq
Improper Verification of Cryptographic Signature in
node-forge- GHSA-2r2c-g63r-vccrImproper Verification of Cryptographic Signature in node-forge - GHSA-x4jg-mjrx-434g
Improper Verification of Cryptographic Signature in node-forge - GHSA-cfm4-qjh2-4765
fix available via
npm audit fix --forceWill install webpack-dev-server@4.9.3, which is a breaking change
node_modules/node-forge
google-p12-pem <=3.1.2
Depends on vulnerable versions of node-forge
node_modules/google-p12-pem
gtoken <=5.0.0
Depends on vulnerable versions of google-p12-pem
node_modules/gtoken
selfsigned 1.1.1 - 1.10.14
Depends on vulnerable versions of node-forge
node_modules/selfsigned
pug <3.0.1
Severity: high
Remote code execution via the
prettyoption. - GHSA-p493-635q-r6grfix available via
npm audit fix --forceWill install pug@3.0.2, which is a breaking change
node_modules/pug
pug-loader >=2.0.0
Depends on vulnerable versions of pug
node_modules/pug-loader
ua-parser-js <=0.7.23
Severity: high
Regular Expression Denial of Service (ReDoS) in ua-parser-js - GHSA-394c-5j6w-4xmx
Regular Expression Denial of Service (ReDoS) in ua-parser-js - GHSA-78cj-fxph-m83p
fix available via
npm audit fix --forceWill install karma@6.4.0, which is a breaking change
node_modules/ua-parser-js
21 vulnerabilities (12 moderate, 9 high)
To address all issues (including breaking changes), run:
npm audit fix --force
node_modules/eventsource
xmlhttprequest-ssl <=1.6.1
Severity: critical
Improper Certificate Validation in xmlhttprequest-ssl - GHSA-72mh-269x-7mh5
Arbitrary Code Injection - GHSA-h4j5-c7cj-74xg
fix available via
up to date, audited 1756 packages in 4s
58 packages are looking for funding
run
npm fundfor detailsnpm audit report
ajv <6.12.3
Severity: moderate
Prototype Pollution in Ajv - GHSA-v88g-cgmw-v5xw
fix available via
npm audit fix --forceWill install istanbul-instrumenter-loader@2.0.0, which is a breaking change
node_modules/istanbul-instrumenter-loader/node_modules/ajv
schema-utils <=0.4.3
Depends on vulnerable versions of ajv
node_modules/istanbul-instrumenter-loader/node_modules/schema-utils
istanbul-instrumenter-loader >=3.0.0-beta.0
Depends on vulnerable versions of schema-utils
node_modules/istanbul-instrumenter-loader
glob-parent <=5.1.1
Severity: high
Regular expression denial of service in glob-parent - GHSA-ww39-953v-wcq6
glob-parent before 6.0.1 and 5.1.2 vulnerable to Regular Expression Denial of Service (ReDoS) - GHSA-cj88-88mr-972w
fix available via
npm audit fix --forceWill install copy-webpack-plugin@11.0.0, which is a breaking change
node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/watchpack-chokidar2/node_modules/chokidar
node_modules/webpack-dev-server/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/watchpack
webpack 4.44.0 - 4.46.0
Depends on vulnerable versions of watchpack
node_modules/webpack
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
node_modules/webpack-dev-server
copy-webpack-plugin 5.0.1 - 5.1.2
Depends on vulnerable versions of glob-parent
node_modules/copy-webpack-plugin
json-bigint <1.0.0
Severity: high
Uncontrolled Resource Consumption in json-bigint - GHSA-wgfq-7857-4jcc
fix available via
npm audit fix --forceWill install google-auth-library@8.1.1, which is a breaking change
node_modules/gcp-metadata/node_modules/json-bigint
gcp-metadata 0.8.0 - 4.1.0
Depends on vulnerable versions of json-bigint
node_modules/gcp-metadata
google-auth-library 0.9.4 - 5.10.1
Depends on vulnerable versions of gcp-metadata
Depends on vulnerable versions of gtoken
node_modules/google-auth-library
karma <=6.3.15
Severity: high
Open redirect in karma - GHSA-rc3x-jf5g-xvc5
Cross-site Scripting in karma - GHSA-7x7c-qm48-pq9c
Depends on vulnerable versions of ua-parser-js
fix available via
npm audit fix --forceWill install karma@6.4.0, which is a breaking change
node_modules/karma
node-forge <=1.2.1
Severity: high
Open Redirect in node-forge - GHSA-8fr3-hfg3-gpgp
Prototype Pollution in node-forge debug API. - GHSA-5rrq-pxf6-6jx5
URL parsing in node-forge could lead to undesired behavior. - GHSA-gf8q-jrpm-jvxq
Improper Verification of Cryptographic Signature in
node-forge- GHSA-2r2c-g63r-vccrImproper Verification of Cryptographic Signature in node-forge - GHSA-x4jg-mjrx-434g
Improper Verification of Cryptographic Signature in node-forge - GHSA-cfm4-qjh2-4765
fix available via
npm audit fix --forceWill install webpack-dev-server@4.9.3, which is a breaking change
node_modules/node-forge
google-p12-pem <=3.1.2
Depends on vulnerable versions of node-forge
node_modules/google-p12-pem
gtoken <=5.0.0
Depends on vulnerable versions of google-p12-pem
node_modules/gtoken
selfsigned 1.1.1 - 1.10.14
Depends on vulnerable versions of node-forge
node_modules/selfsigned
pug <3.0.1
Severity: high
Remote code execution via the
prettyoption. - GHSA-p493-635q-r6grfix available via
npm audit fix --forceWill install pug@3.0.2, which is a breaking change
node_modules/pug
pug-loader >=2.0.0
Depends on vulnerable versions of pug
node_modules/pug-loader
ua-parser-js <=0.7.23
Severity: high
Regular Expression Denial of Service (ReDoS) in ua-parser-js - GHSA-394c-5j6w-4xmx
Regular Expression Denial of Service (ReDoS) in ua-parser-js - GHSA-78cj-fxph-m83p
fix available via
npm audit fix --forceWill install karma@6.4.0, which is a breaking change
node_modules/ua-parser-js
21 vulnerabilities (12 moderate, 9 high)
To address all issues (including breaking changes), run:
npm audit fix --force
node_modules/xmlhttprequest-ssl
url-parse <=1.5.8
Severity: critical
Incorrect hostname / protocol due to unstripped leading control characters. - GHSA-jf5r-8hm2-f872
Authorization Bypass Through User-Controlled Key in url-parse - GHSA-hgjh-723h-mx2j
Authorization bypass in url-parse - GHSA-rqff-837h-mm52
Open redirect in url-parse - GHSA-hh27-ffr2-f2jc
Incorrect returned href via an '@' sign but no user info and hostname - GHSA-8v38-pw62-9cw2
Path traversal in url-parse - GHSA-9m6j-fcg5-2442
fix available via
up to date, audited 1756 packages in 5s
58 packages are looking for funding
run
npm fundfor detailsnpm audit report
ajv <6.12.3
Severity: moderate
Prototype Pollution in Ajv - GHSA-v88g-cgmw-v5xw
fix available via
npm audit fix --forceWill install istanbul-instrumenter-loader@2.0.0, which is a breaking change
node_modules/istanbul-instrumenter-loader/node_modules/ajv
schema-utils <=0.4.3
Depends on vulnerable versions of ajv
node_modules/istanbul-instrumenter-loader/node_modules/schema-utils
istanbul-instrumenter-loader >=3.0.0-beta.0
Depends on vulnerable versions of schema-utils
node_modules/istanbul-instrumenter-loader
glob-parent <=5.1.1
Severity: high
Regular expression denial of service in glob-parent - GHSA-ww39-953v-wcq6
glob-parent before 6.0.1 and 5.1.2 vulnerable to Regular Expression Denial of Service (ReDoS) - GHSA-cj88-88mr-972w
fix available via
npm audit fix --forceWill install copy-webpack-plugin@11.0.0, which is a breaking change
node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/watchpack-chokidar2/node_modules/chokidar
node_modules/webpack-dev-server/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/watchpack
webpack 4.44.0 - 4.46.0
Depends on vulnerable versions of watchpack
node_modules/webpack
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
node_modules/webpack-dev-server
copy-webpack-plugin 5.0.1 - 5.1.2
Depends on vulnerable versions of glob-parent
node_modules/copy-webpack-plugin
json-bigint <1.0.0
Severity: high
Uncontrolled Resource Consumption in json-bigint - GHSA-wgfq-7857-4jcc
fix available via
npm audit fix --forceWill install google-auth-library@8.1.1, which is a breaking change
node_modules/gcp-metadata/node_modules/json-bigint
gcp-metadata 0.8.0 - 4.1.0
Depends on vulnerable versions of json-bigint
node_modules/gcp-metadata
google-auth-library 0.9.4 - 5.10.1
Depends on vulnerable versions of gcp-metadata
Depends on vulnerable versions of gtoken
node_modules/google-auth-library
karma <=6.3.15
Severity: high
Open redirect in karma - GHSA-rc3x-jf5g-xvc5
Cross-site Scripting in karma - GHSA-7x7c-qm48-pq9c
Depends on vulnerable versions of ua-parser-js
fix available via
npm audit fix --forceWill install karma@6.4.0, which is a breaking change
node_modules/karma
node-forge <=1.2.1
Severity: high
Open Redirect in node-forge - GHSA-8fr3-hfg3-gpgp
Prototype Pollution in node-forge debug API. - GHSA-5rrq-pxf6-6jx5
URL parsing in node-forge could lead to undesired behavior. - GHSA-gf8q-jrpm-jvxq
Improper Verification of Cryptographic Signature in
node-forge- GHSA-2r2c-g63r-vccrImproper Verification of Cryptographic Signature in node-forge - GHSA-x4jg-mjrx-434g
Improper Verification of Cryptographic Signature in node-forge - GHSA-cfm4-qjh2-4765
fix available via
npm audit fix --forceWill install webpack-dev-server@4.9.3, which is a breaking change
node_modules/node-forge
google-p12-pem <=3.1.2
Depends on vulnerable versions of node-forge
node_modules/google-p12-pem
gtoken <=5.0.0
Depends on vulnerable versions of google-p12-pem
node_modules/gtoken
selfsigned 1.1.1 - 1.10.14
Depends on vulnerable versions of node-forge
node_modules/selfsigned
pug <3.0.1
Severity: high
Remote code execution via the
prettyoption. - GHSA-p493-635q-r6grfix available via
npm audit fix --forceWill install pug@3.0.2, which is a breaking change
node_modules/pug
pug-loader >=2.0.0
Depends on vulnerable versions of pug
node_modules/pug-loader
ua-parser-js <=0.7.23
Severity: high
Regular Expression Denial of Service (ReDoS) in ua-parser-js - GHSA-394c-5j6w-4xmx
Regular Expression Denial of Service (ReDoS) in ua-parser-js - GHSA-78cj-fxph-m83p
fix available via
npm audit fix --forceWill install karma@6.4.0, which is a breaking change
node_modules/ua-parser-js
21 vulnerabilities (12 moderate, 9 high)
To address all issues (including breaking changes), run:
npm audit fix --force
node_modules/url-parse
minimist <1.2.6
Severity: critical
Prototype Pollution in minimist - GHSA-xvch-5gv4-984h
fix available via
up to date, audited 1756 packages in 4s
58 packages are looking for funding
run
npm fundfor detailsnpm audit report
ajv <6.12.3
Severity: moderate
Prototype Pollution in Ajv - GHSA-v88g-cgmw-v5xw
fix available via
npm audit fix --forceWill install istanbul-instrumenter-loader@2.0.0, which is a breaking change
node_modules/istanbul-instrumenter-loader/node_modules/ajv
schema-utils <=0.4.3
Depends on vulnerable versions of ajv
node_modules/istanbul-instrumenter-loader/node_modules/schema-utils
istanbul-instrumenter-loader >=3.0.0-beta.0
Depends on vulnerable versions of schema-utils
node_modules/istanbul-instrumenter-loader
glob-parent <=5.1.1
Severity: high
Regular expression denial of service in glob-parent - GHSA-ww39-953v-wcq6
glob-parent before 6.0.1 and 5.1.2 vulnerable to Regular Expression Denial of Service (ReDoS) - GHSA-cj88-88mr-972w
fix available via
npm audit fix --forceWill install copy-webpack-plugin@11.0.0, which is a breaking change
node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/watchpack-chokidar2/node_modules/chokidar
node_modules/webpack-dev-server/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/watchpack
webpack 4.44.0 - 4.46.0
Depends on vulnerable versions of watchpack
node_modules/webpack
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
node_modules/webpack-dev-server
copy-webpack-plugin 5.0.1 - 5.1.2
Depends on vulnerable versions of glob-parent
node_modules/copy-webpack-plugin
json-bigint <1.0.0
Severity: high
Uncontrolled Resource Consumption in json-bigint - GHSA-wgfq-7857-4jcc
fix available via
npm audit fix --forceWill install google-auth-library@8.1.1, which is a breaking change
node_modules/gcp-metadata/node_modules/json-bigint
gcp-metadata 0.8.0 - 4.1.0
Depends on vulnerable versions of json-bigint
node_modules/gcp-metadata
google-auth-library 0.9.4 - 5.10.1
Depends on vulnerable versions of gcp-metadata
Depends on vulnerable versions of gtoken
node_modules/google-auth-library
karma <=6.3.15
Severity: high
Open redirect in karma - GHSA-rc3x-jf5g-xvc5
Cross-site Scripting in karma - GHSA-7x7c-qm48-pq9c
Depends on vulnerable versions of ua-parser-js
fix available via
npm audit fix --forceWill install karma@6.4.0, which is a breaking change
node_modules/karma
node-forge <=1.2.1
Severity: high
Open Redirect in node-forge - GHSA-8fr3-hfg3-gpgp
Prototype Pollution in node-forge debug API. - GHSA-5rrq-pxf6-6jx5
URL parsing in node-forge could lead to undesired behavior. - GHSA-gf8q-jrpm-jvxq
Improper Verification of Cryptographic Signature in
node-forge- GHSA-2r2c-g63r-vccrImproper Verification of Cryptographic Signature in node-forge - GHSA-x4jg-mjrx-434g
Improper Verification of Cryptographic Signature in node-forge - GHSA-cfm4-qjh2-4765
fix available via
npm audit fix --forceWill install webpack-dev-server@4.9.3, which is a breaking change
node_modules/node-forge
google-p12-pem <=3.1.2
Depends on vulnerable versions of node-forge
node_modules/google-p12-pem
gtoken <=5.0.0
Depends on vulnerable versions of google-p12-pem
node_modules/gtoken
selfsigned 1.1.1 - 1.10.14
Depends on vulnerable versions of node-forge
node_modules/selfsigned
pug <3.0.1
Severity: high
Remote code execution via the
prettyoption. - GHSA-p493-635q-r6grfix available via
npm audit fix --forceWill install pug@3.0.2, which is a breaking change
node_modules/pug
pug-loader >=2.0.0
Depends on vulnerable versions of pug
node_modules/pug-loader
ua-parser-js <=0.7.23
Severity: high
Regular Expression Denial of Service (ReDoS) in ua-parser-js - GHSA-394c-5j6w-4xmx
Regular Expression Denial of Service (ReDoS) in ua-parser-js - GHSA-78cj-fxph-m83p
fix available via
npm audit fix --forceWill install karma@6.4.0, which is a breaking change
node_modules/ua-parser-js
21 vulnerabilities (12 moderate, 9 high)
To address all issues (including breaking changes), run:
npm audit fix --force
node_modules/@babel/core/node_modules/minimist
node_modules/babel-loader/node_modules/minimist
node_modules/minimist
node_modules/portfinder/node_modules/minimist
node_modules/webpack/node_modules/minimist