Skip to content

fix: update gopkg.in/yaml.v3 to v3.0.1 in tensorboard-controller #795

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
asaadbalum wants to merge 1 commit into
base: notebooks-v1
Choose a base branch
from
Open

fix: update gopkg.in/yaml.v3 to v3.0.1 in tensorboard-controller #795

asaadbalum wants to merge 1 commit into from
+3 −2

Conversation

@asaadbalum
Copy link

@asaadbalum asaadbalum commented Dec 9, 2025

Description

Update gopkg.in/yaml.v3 from v3.0.0-20210107192922-496545a6307b to v3.0.1 in the tensorboard-controller to fix security vulnerabilities.

CVEs Fixed:

Related Issue: Closes #781 (PR 5)

Changes

Updated dependencies in components/tensorboard-controller/go.mod:

Dependency Old Version New Version
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b v3.0.1

Testing

Local Build & Tests

Test Result
go mod tidy ✅ Pass
go vet ./... ✅ No issues
make build ✅ Builds cleanly
make test ✅ All tests pass

CVE Verification (Trivy Scan)

Acceptance Criteria

  • Run go mod tidy to ensure dependencies are clean
  • Run make build to build the controller
  • Run unit tests to verify functionality
  • Verify CVE is fixed via Trivy scan

Signed-off-by: Asaad Balum asaad.balum@gmail.com

@asaadbalum
fix: update gopkg.in/yaml.v3 to v3.0.1 in tensorboard-controller
a8dd75a 
Update gopkg.in/yaml.v3 from v3.0.0-20210107192922-496545a6307b to v3.0.1 to fix:
- CVE-2022-28948

Testing performed:
- go mod tidy - completed successfully
- go vet ./... - no issues found
- make build - controller builds cleanly
- make test - all tests pass

Part of: kubeflow#781

Signed-off-by: Asaad Balum <asaad.balum@gmail.com>
@github-project-automation github-project-automation bot moved this to Needs Triage in Kubeflow Notebooks Dec 9, 2025
@google-oss-prow google-oss-prow bot added the area/controller area - related to controller components label Dec 9, 2025
@google-oss-prow
Copy link

google-oss-prow bot commented Dec 9, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign thesuperzapper for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@google-oss-prow google-oss-prow bot added area/v1 area - version - kubeflow notebooks v1 size/XS labels Dec 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kimwnasptd kimwnasptd Awaiting requested review from kimwnasptd

@thesuperzapper thesuperzapper Awaiting requested review from thesuperzapper

Assignees

No one assigned

Labels

area/controller area - related to controller components area/v1 area - version - kubeflow notebooks v1 size/XS

Projects

Kubeflow Notebooks
Status: Needs Triage

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@asaadbalum