fixed security issues

[vikas-saxena02]

Fixed high and critical security issues

[oss-prow-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: vikas-saxena02
Once this PR has been reviewed and has the lgtm label, please assign kimwnasptd for approval by writing /assign @kimwnasptd in a comment. For more information see:The Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[rimolive]

@vikas-saxena02 Thank you for your contribution! While building the image, I got this error:

npm ERR! Maximum call stack size exceeded

npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2024-06-15T15_41_36_126Z-debug.log
Error: building at STEP "RUN npm install

Any ideas what should we do to fix?

[vikas-saxena02]

@vikas-saxena02 Thank you for your contribution! While building the image, I got this error:

npm ERR! Maximum call stack size exceeded

npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2024-06-15T15_41_36_126Z-debug.log
Error: building at STEP "RUN npm install

Any ideas what should we do to fix?

@rimolive it is most likely due to upgrade in higher versions or alternative dependencies that were classified as breaking fix. will you be able to send the root/.npm/_logs/2024-06-15T15_41_36_126Z-debug.log file or the steps/command to reproduce the error?

I found this link on stackoverflow that could be helpful https://stackoverflow.com/questions/40566348/maximum-call-stack-size-exceeded-on-npm-install
Seems like the npm cache needs a force clean or a npm rebuild needs to be done.

[rimolive]

I'm building from a container, I can't get access to that file. If it helps, this is the full output of the npm build command from the container build: https://gist.github.com/rimolive/e967eb7f8e19aa878c4c57a3259649a4

[tiansiyuan]

@rimolive it is most likely due to upgrade in higher versions or alternative dependencies that were classified as breaking fix. will you be able to send the root/.npm/_logs/2024-06-15T15_41_36_126Z-debug.log file or the steps/command to reproduce the error?

Hi @vikas-saxena02 I got the log file, Please see attachment for your information.

2024-06-16T13_19_09_286Z-debug.log

[tiansiyuan]

I found this link on stackoverflow that could be helpful https://stackoverflow.com/questions/40566348/maximum-call-stack-size-exceeded-on-npm-install
Seems like the npm cache needs a force clean or a npm rebuild needs to be done.

Adding RUN npm cache clean --force before RUN npm install does not help. �Please see attached log.

2024-06-17T12_11_43_384Z-debug.log

[juliusvonkohout]

@vikas-saxena02 maybe you can add @tiansiyuan as collaborator to your fork.

[vikas-saxena02]

@juliusvonkohout I am just reviewing the change myself.
I will add @tiansiyuan to my repo as collaborator shortly

[vikas-saxena02]

@juliusvonkohout @tiansiyuan @rimolive I have just tried to start thre front using the code in master branch and the steps in README.md and i am getting this error

ompiling @angular/material/dialog : es2015 as esm2015
⠙ Generating browser application bundles (phase: building)...node:internal/crypto/hash:79
  this[kHandle] = new _Hash(algorithm, xofLen, algorithmId, getHashCache());
                  ^

Error: error:0308010C:digital envelope routines::unsupported
    at Hash (node:internal/crypto/hash:79:19)
    at Object.createHash (node:crypto:139:10)
    at BulkUpdateDecorator.hashFactory (/Users/vikas_saxena02/kubeflow_repos/models-web-app/frontend/node_modules/webpack/lib/util/createHash.js:145:18)
    at BulkUpdateDecorator.update (/Users/vikas_saxena02/kubeflow_repos/models-web-app/frontend/node_modules/webpack/lib/util/createHash.js:46:50)
    at /Users/vikas_saxena02/kubeflow_repos/models-web-app/frontend/node_modules/webpack/lib/FileSystemInfo.js:2677:9
    at processTicksAndRejections (node:internal/process/task_queues:82:21)
    at runNextTicks (node:internal/process/task_queues:64:3)
    at process.processImmediate (node:internal/timers:449:9) {
  opensslErrorStack: [
    'error:03000086:digital envelope routines::initialization error',
    'error:0308010C:digital envelope routines::unsupported'
  ],
  library: 'digital envelope routines',
  reason: 'unsupported',
  code: 'ERR_OSSL_EVP_UNSUPPORTED'
}

Node.js v22.2.0

Seems like there are already some breaking changes in the existing code. @tiansiyuan happy to work with you to resolve this. I am in Australia so we will need to work out some time that works for both of us.

[vikas-saxena02]

tiansiyuan

@tiansiyuan I have added you as collaborator to my repo

[tiansiyuan]

tiansiyuan

@tiansiyuan I have added you as collaborator to my repo

Received.

[rimolive]

@juliusvonkohout @tiansiyuan @rimolive I have just tried to start thre front using the code in master branch and the steps in README.md and i am getting this error

ompiling @angular/material/dialog : es2015 as esm2015
⠙ Generating browser application bundles (phase: building)...node:internal/crypto/hash:79
  this[kHandle] = new _Hash(algorithm, xofLen, algorithmId, getHashCache());
                  ^

Error: error:0308010C:digital envelope routines::unsupported
    at Hash (node:internal/crypto/hash:79:19)
    at Object.createHash (node:crypto:139:10)
    at BulkUpdateDecorator.hashFactory (/Users/vikas_saxena02/kubeflow_repos/models-web-app/frontend/node_modules/webpack/lib/util/createHash.js:145:18)
    at BulkUpdateDecorator.update (/Users/vikas_saxena02/kubeflow_repos/models-web-app/frontend/node_modules/webpack/lib/util/createHash.js:46:50)
    at /Users/vikas_saxena02/kubeflow_repos/models-web-app/frontend/node_modules/webpack/lib/FileSystemInfo.js:2677:9
    at processTicksAndRejections (node:internal/process/task_queues:82:21)
    at runNextTicks (node:internal/process/task_queues:64:3)
    at process.processImmediate (node:internal/timers:449:9) {
  opensslErrorStack: [
    'error:03000086:digital envelope routines::initialization error',
    'error:0308010C:digital envelope routines::unsupported'
  ],
  library: 'digital envelope routines',
  reason: 'unsupported',
  code: 'ERR_OSSL_EVP_UNSUPPORTED'
}

Node.js v22.2.0

Seems like there are already some breaking changes in the existing code. @tiansiyuan happy to work with you to resolve this. I am in Australia so we will need to work out some time that works for both of us.

Sorry for taking so long to reply. From my research, this happen because you are using the latest version of Node.js. This code that developed in Node.js 12 (I think) and I believe the better we can do is upgrade to 16 without facing that issue.

[tiansiyuan]

This code that developed in Node.js 12 (I think) and I believe the better we can do is upgrade to 16 without facing that issue.

I've changed line 23 of Dockerfile from

FROM node:12-buster-slim AS frontend-kubeflow-lib

to

FROM node:16-buster-slim AS frontend-kubeflow-lib

Line 35 from

FROM node:12-buster-slim AS frontend

to

FROM node:16-buster-slim AS frontend

I can build the image.

[juliusvonkohout]

@tiansiyuan then please push to the branch here such that the tests can run again.

[tiansiyuan]

Node.js v22.2.0

This could be the reason. If I use this version of node, I get the same error. If I use v12.22.12 or v16.20.2, no error.

[tiansiyuan]

@tiansiyuan then please push to the branch here such that the tests can run again.

Done.

Please check.

[juliusvonkohout]

@tiansiyuan "Add more commits by pushing to the vikas_fixing_security_issues branch on vikas-saxena02/models-web-app." Is there a reason you created another branch?

[tiansiyuan]

@tiansiyuan "Add more commits by pushing to the vikas_fixing_security_issues branch on vikas-saxena02/models-web-app." Is there a reason you created another branch?

I did it wrong by checking out from the master branch.

Do I make it right this time?

[juliusvonkohout]

@tiansiyuan "Add more commits by pushing to the vikas_fixing_security_issues branch on vikas-saxena02/models-web-app." Is there a reason you created another branch?

I did it wrong by checking out from the master branch.

Do I make it right this time?

You need to clone vikas fork and work in his branch. If you then push commits to vikas branch in vikas fork, the commits will appear here.

[juliusvonkohout]

@tiansiyuan are you in the vmware open source center? i did some stuff with your colleagues then https://blogs.vmware.com/opensource/2023/06/20/hardening-kubeflow-security-for-enterprise-environments-2/ You can also reach out on the new cncf slack directly

And I have ray integrated into Kubeflow as well in kubeflow/manifests so maybe you can drop something from https://github.com/vmware/vSphere-machine-learning-extension#whats-next

[tiansiyuan]

@tiansiyuan are you in the vmware open source center? i did some stuff with your colleagues then https://blogs.vmware.com/opensource/2023/06/20/hardening-kubeflow-security-for-enterprise-environments-2/ You can also reach out on the new cncf slack directly

And I have ray integrated into Kubeflow as well in kubeflow/manifests so maybe you can drop something from https://github.com/vmware/vSphere-machine-learning-extension#whats-next

I read the blog before.

I've joined some cncf slack channels. Let's talk there if needed.

[juliusvonkohout]

Can you rebase to master and fix the tests?

[juliusvonkohout]

Can you rebase to master and fix the tests?