Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Switch to wolfi to fix critical vulnerability #421

Merged
merged 11 commits into from
Sep 10, 2024
Merged

chore: Switch to wolfi to fix critical vulnerability #421

merged 11 commits into from
Sep 10, 2024

Conversation

jakubhava
Copy link
Collaborator

No description provided.

@jakubhava jakubhava marked this pull request as ready for review September 8, 2024 21:44
@jakubhava jakubhava linked an issue Sep 8, 2024 that may be closed by this pull request
Switch to chainguard base to fix the critical vulnerability #420
Closed
@senalw
Copy link

senalw commented Sep 9, 2024

closes #423

@jakubhava jakubhava merged commit 276b986 into main Sep 10, 2024
15 checks passed
@jakubhava jakubhava deleted the jh/upgrade-to-wolfi branch September 10, 2024 06:59
@jakubhava
Copy link
Collaborator Author 

Feature: MLOPS GW E2E:  Compute prediction interval values for Driverless MOJOs and Scoring pipeline when the model support
    Scenario: Prediction interval values are requested from JAVA MOJO runtime
        Given a fully authenticated user1
        And a project in Driverless
        And a Driverless credit card regression experiment
        And the Driverless experiment is linked to the project
        When a deployment is created for the ALL shapley options enabled JAVA runtime
        Then the deployment should become HEALTHY in LARGE amount of time
        And capabilities response should have prediction interval capability
        And score response should expose prediction interval field when requestPredictionIntervals is enabled in score request
        And score response should not expose prediction interval field when requestPredictionIntervals is disabled in score request in JAVA runtime
    PASSED
    ```

jakubhava added a commit that referenced this pull request Sep 30, 2024
@jakubhava @Rupeekshan
@dependabot @Sivakajan-tech
chore: move state from main to fix the cve fix on release branch (#435)
81f7746 
* fix: Inherit secrets and update branch retrieval for manual publish workflow (#415)

* chore: bump slackapi/slack-github-action in /.github/workflows (#416)

Bumps [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action) from 1.26.0 to 1.27.0.
- [Release notes](https://github.com/slackapi/slack-github-action/releases)
- [Commits](slackapi/slack-github-action@v1.26.0...v1.27.0)

---
updated-dependencies:
- dependency-name: slackapi/slack-github-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: Run Full CI/CD on release tag and release branch creation (#417)

* chore: Run Full CI/CD on release tag and release branch creation

* chore: Run Full CI/CD on release tag and release branch creation

* chore: Run Full CI/CD on release tag and release branch creation

---------

Co-authored-by: Rupeekshan Maheswaran <[email protected]>

* chore: Make the Image Security Scan as a part of CI workflow (#418)

* chore: add commit to manually published image tag (#422)

* chore: use github_sha variable as in other repos

* chore: Switch to wolfi to fix critical vulnerability (#421)

* chore: Switch to wolfi to fix critical vulnerability

* nl

* fix nl

* fix

* fix

* Fix manual

* needs'

* make more clear

* toolchains

* Fix

* fix: Fix job dependencies and commit hash input for scheduled scans (#424)

* fix: Improve commit hash input logic for CI versioning

* fix: Resolve job dependencies for scheduled scans

* fix: use numeric uid (#425)

* fix: Fix CVE-2024-38816 vulnerability (#426)

* fix: Fix CVE-2024-38816 vulnerability

* comment

* chore: bump joda-time:joda-time from 2.12.7 to 2.13.0 (#427)

* fix: Upgrade spring (#428)

* fix: Upgrade spring

* gradle.properties

* chore: bump chainguard/wolfi-base in /local-rest-scorer (#429)

Bumps [chainguard/wolfi-base](https://github.com/chainguard-images/images) from `0f1d816` to `b06d453`.
- [Commits](https://github.com/chainguard-images/images/commits)

---
updated-dependencies:
- dependency-name: chainguard/wolfi-base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: bump chainguard/wolfi-base in /local-rest-scorer (#430)

Bumps [chainguard/wolfi-base](https://github.com/chainguard-images/images) from `b06d453` to `7574456`.
- [Commits](https://github.com/chainguard-images/images/commits)

---
updated-dependencies:
- dependency-name: chainguard/wolfi-base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: Upgrade Spring 3.3.4 (#432)

* feat: Migrate image registry from GAR to AWS ECR (#431)

* eat: Migrate image registry from GAR to AWS ECR

* fix

* chore: Disable release publishing to MLOps ECR (#433)

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Rupeekshan Maheswaran <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sivakajan Sivaparan <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Rupeekshan Rupeekshan Rupeekshan left review comments

@shsma shsma Awaiting requested review from shsma shsma is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Switch to chainguard base to fix the critical vulnerability
3 participants
@jakubhava @senalw @Rupeekshan