Skip to content

RHAIENG-3998: Refresh lock files for 2025a to resolve CVE issues#3205

Closed
ayush17 wants to merge 3 commits into
opendatahub-io:2025afrom
ayush17:refresh-lockfiles-2025a-cve-fix
Closed

RHAIENG-3998: Refresh lock files for 2025a to resolve CVE issues#3205
ayush17 wants to merge 3 commits into
opendatahub-io:2025afrom
ayush17:refresh-lockfiles-2025a-cve-fix

Conversation

@ayush17
Copy link
Copy Markdown
Contributor

@ayush17 ayush17 commented Mar 27, 2026

Summary

Regenerated Pipfile.lock files to update package versions and address CVE vulnerabilities in the 3.3 release branch (2025a).

Updated Lock Files (13 total)

Python 3.11

  • codeserver/ubi9-python-3.11/Pipfile.lock
  • jupyter/datascience/ubi9-python-3.11/Pipfile.lock
  • jupyter/minimal/ubi9-python-3.11/Pipfile.lock
  • jupyter/trustyai/ubi9-python-3.11/Pipfile.lock
  • rstudio/c9s-python-3.11/Pipfile.lock
  • rstudio/rhel9-python-3.11/Pipfile.lock
  • runtimes/datascience/ubi9-python-3.11/Pipfile.lock
  • runtimes/minimal/ubi9-python-3.11/Pipfile.lock

Python 3.12

  • codeserver/ubi9-python-3.12/Pipfile.lock
  • jupyter/datascience/ubi9-python-3.12/Pipfile.lock
  • jupyter/minimal/ubi9-python-3.12/Pipfile.lock
  • runtimes/datascience/ubi9-python-3.12/Pipfile.lock
  • runtimes/minimal/ubi9-python-3.12/Pipfile.lock

Note

PyTorch, TensorFlow, ROCm, and TrustyAI 3.12 images were not updated as they require AIPCC private index access.

Test Plan

  • CI builds pass for the updated images
  • Run CVE scanning tools to verify reduction in CVE count

Fixes: RHAIENG-3998

@ayush17
RHAIENG-3998: Refresh lock files for 2025a to resolve CVE issues
61f60e0 
Regenerated Pipfile.lock files to update package versions and address
CVE vulnerabilities in the 3.3 release branch (2025a).

Updated lock files (13 total):
- codeserver/ubi9-python-3.11/Pipfile.lock
- codeserver/ubi9-python-3.12/Pipfile.lock
- jupyter/datascience/ubi9-python-3.11/Pipfile.lock
- jupyter/datascience/ubi9-python-3.12/Pipfile.lock
- jupyter/minimal/ubi9-python-3.11/Pipfile.lock
- jupyter/minimal/ubi9-python-3.12/Pipfile.lock
- jupyter/trustyai/ubi9-python-3.11/Pipfile.lock
- rstudio/c9s-python-3.11/Pipfile.lock
- rstudio/rhel9-python-3.11/Pipfile.lock
- runtimes/datascience/ubi9-python-3.11/Pipfile.lock
- runtimes/datascience/ubi9-python-3.12/Pipfile.lock
- runtimes/minimal/ubi9-python-3.11/Pipfile.lock
- runtimes/minimal/ubi9-python-3.12/Pipfile.lock

Note: PyTorch, TensorFlow, ROCm, and TrustyAI 3.12 images require
AIPCC private index access and were not updated in this PR.

Fixes: RHAIENG-3998
Made-with: Cursor
@openshift-ci openshift-ci Bot requested review from daniellutz and dibryant March 27, 2026 20:13
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Mar 27, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign jstourac for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Mar 27, 2026
edited
Loading

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

🗂️ Base branches to auto review (2)
  • main
  • 2024b

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 0a2156da-38d9-4197-a353-602c3bbd41a0

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions github-actions Bot added the review-requested GitHub Bot creates notification on #pr-review-ai-ide-team slack channel label Mar 27, 2026
@openshift-ci openshift-ci Bot added size/xxl and removed size/xxl labels Mar 29, 2026
@openshift-ci openshift-ci Bot added size/xxl and removed size/xxl labels Mar 29, 2026
@ayush17 ayush17 closed this Apr 2, 2026
@ayush17
Copy link
Copy Markdown
Contributor Author

ayush17 commented Apr 2, 2026

Closing this PR as it was opened against the wrong repository.

The correct target for this change is the red-hat-data-services/notebooks repository targeting the rhoai-3.3 branch (not opendatahub-io/notebooks with the 2025a branch).

New PR opened at the correct location: red-hat-data-services#2073

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@daniellutz daniellutz Awaiting requested review from daniellutz

@dibryant dibryant Awaiting requested review from dibryant

Assignees

No one assigned

Labels

review-requested GitHub Bot creates notification on #pr-review-ai-ide-team slack channel size/xxl

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ayush17