Pinned down jupyter-server-proxy for cve fixes

[harshad16]

• Pinned kfp-tekton due the requirements changing pyyaml.
• Pinned rest of the packages for dependency resolutions.

Description

Related-to: https://issues.redhat.com/browse/RHOAIENG-6456
These changes upgrade the jupyter-server-proxy to fix the CVE.

Next steps:

• Built as part of 2023b, lets backport this in that version.

How Has This Been Tested?

Build image via Makefile

Merge criteria:

• The commits are squashed in a cohesive manner and have meaningful messages.
• Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
• The developer has manually tested the changes and verified that the changes work

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[jiridanek]

@jstourac guess we should try this image out on a gaudi-enabled machine as part of 2.8 release testing, or possibly now (tomorrow), using a PR build, wdyt?

/lgtm

[atheo89]

The CVE seems to have disappeared: https://quay.io/repository/opendatahub/workbench-images/manifest/sha256:d6c44c0bc78a4fd4fd272f1edfa44924d73ffd971ce17ed884700dcef762808c?tab=vulnerabilities

/lgtm
/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: atheo89

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [atheo89]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[jstourac]

The fully fixed release is 3.2.4, but since the ~= is used, it is installed anyway, see https://quay.io/repository/opendatahub/workbench-images/manifest/sha256:d6c44c0bc78a4fd4fd272f1edfa44924d73ffd971ce17ed884700dcef762808c?tab=packages

[jstourac]

@jstourac guess we should try this image out on a gaudi-enabled machine as part of 2.8 release testing, or possibly now (tomorrow), using a PR build, wdyt?

yeah, we should check the image still work with habana hw and that e.g. a pipeline can be executed properly at least

[harshad16]

/hold

[jiridanek]

/test images

[jiridanek]

/test notebook-habana-1-10-0-ubi8-python-3-8-pr-image-mirror

[jiridanek]

I've tried https://docs.habana.ai/en/v1.10.0/TensorFlow/Migration_Guide/Porting_Simple_TensorFlow_Model_to_Gaudi.html#creating-a-tensorflow-example with http://quay.io/opendatahub/workbench-images:habana-jupyter-1.10.0-ubi8-python-3.8-pr-630, runs fine, and in pip list i see

(app-root) (app-root) pip list | grep jupyter
jupyter-bokeh                   3.0.7
jupyter_client                  7.4.9
jupyter_core                    5.7.2
jupyter-events                  0.10.0
jupyter-lsp                     2.2.5
jupyter_packaging               0.12.3
jupyter-resource-usage          0.7.2
jupyter_server                  2.1.0
jupyter_server_fileid           0.9.2
jupyter-server-mathjax          0.2.6
jupyter-server-proxy            3.2.4
jupyter_server_terminals        0.4.4
jupyter_server_ydoc             0.8.0
jupyter-ydoc                    0.2.5
jupyterlab                      3.5.3
jupyterlab-git                  0.41.0
jupyterlab-lsp                  3.10.2
jupyterlab_pygments             0.3.0
jupyterlab_server               2.27.3
jupyterlab_widgets              3.0.11

so /lgtm

[jstourac]

/lgtm

[harshad16]

/unhold

[openshift-ci]

@harshad16: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/runtime-rocm-pytorch-ubi9-python-3-9-pr-image-mirror	d4fcb18	link	true	/test runtime-rocm-pytorch-ubi9-python-3-9-pr-image-mirror
ci/prow/runtime-rocm-tensorflow-ubi9-python-3-9-pr-image-mirror	d4fcb18	link	true	/test runtime-rocm-tensorflow-ubi9-python-3-9-pr-image-mirror
ci/prow/runtimes-ubi9-e2e-tests	d4fcb18	link	true	/test runtimes-ubi9-e2e-tests
ci/prow/rocm-runtimes-ubi9-e2e-tests	d4fcb18	link	true	/test rocm-runtimes-ubi9-e2e-tests
ci/prow/runtimes-ubi8-e2e-tests	d4fcb18	link	true	/test runtimes-ubi8-e2e-tests

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[harshad16]

/override ci/prow/habana-notebooks-e2e-tests
/override ci/prow/images
/override ci/prow/notebook-habana-1-10-0-ubi8-python-3-8-pr-image-mirror
/override ci/prow/rocm-notebooks-e2e-tests

[openshift-ci]

@harshad16: Overrode contexts on behalf of harshad16: ci/prow/habana-notebooks-e2e-tests, ci/prow/images, ci/prow/notebook-habana-1-10-0-ubi8-python-3-8-pr-image-mirror, ci/prow/rocm-notebooks-e2e-tests

In response to this:

/override ci/prow/habana-notebooks-e2e-tests
/override ci/prow/images
/override ci/prow/notebook-habana-1-10-0-ubi8-python-3-8-pr-image-mirror
/override ci/prow/rocm-notebooks-e2e-tests

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[harshad16]

/hold

[harshad16]

/test notebook-habana-1-10-0-ubi8-python-3-8-pr-image-mirror

[jiridanek]

/cherrypick 2023b

[openshift-cherrypick-robot]

@jiridanek: new pull request created: #677

In response to this:

/cherrypick 2023b

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.