Skip to content

[rhoai-2.25] RHAIENG-2887: Upgrade Wheels Package to Fix CVE-2026-24049#1891

Open
dibryant wants to merge 1 commit intored-hat-data-services:rhoai-2.25from
dibryant:rhaieng-2887
Open

[rhoai-2.25] RHAIENG-2887: Upgrade Wheels Package to Fix CVE-2026-24049#1891
dibryant wants to merge 1 commit intored-hat-data-services:rhoai-2.25from
dibryant:rhaieng-2887

Conversation

@dibryant
Copy link

@dibryant dibryant commented Feb 11, 2026

Fixes for https://issues.redhat.com/browse/RHAIENG-2887

Description

Upgrade wheel >= 0.46.2

How Has This Been Tested?

ran Security test locally
Self checklist (all need to be checked):

  • Ensure that you have run make test (gmake on macOS) before asking for review
  • Changes to everything except Dockerfile.konflux files should be done in odh/notebooks and automatically synced to rhds/notebooks. For Konflux-specific changes, modify Dockerfile.konflux files directly in rhds/notebooks as these require special attention in the downstream repository and flow to the upcoming RHOAI release.

Merge criteria:

  • The commits are squashed in a cohesive manner and have meaningful messages.
  • Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
  • The developer has manually tested the changes and verified that the changes work

@openshift-ci openshift-ci bot requested review from atheo89 and jiridanek February 11, 2026 14:45
jiridanek
jiridanek reviewed Feb 11, 2026
View reviewed changes
jupyter/datascience/ubi9-python-3.12/pyproject.toml
"nbgitpuller~=1.2.2",

# Base packages
"wheel~=0.45.1",
Copy link
Member

@jiridanek jiridanek Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

~= to >=, any particular reason to change this?

Copy link
Author

@dibryant dibryant Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needed a version equal to or higher than 0.45.2 to clear out the vulnerability

jiridanek
jiridanek approved these changes Feb 12, 2026
View reviewed changes
Copy link
Member

@jiridanek jiridanek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, just restore the ~=, let's not introducce needless changes on patch release

@openshift-ci openshift-ci bot added the lgtm label Feb 12, 2026
@openshift-ci
Copy link

openshift-ci bot commented Feb 12, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jiridanek

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jiridanek jiridanek changed the title RHAIENG-2887: Upgrade Wheels Package to Fix CVE-2026-24049 [rhoai-2.25] RHAIENG-2887: Upgrade Wheels Package to Fix CVE-2026-24049 Feb 12, 2026
@openshift-ci openshift-ci bot removed the lgtm label Feb 12, 2026
@openshift-ci
Copy link

openshift-ci bot commented Feb 12, 2026

New changes are detected. LGTM label has been removed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jiridanek jiridanek jiridanek approved these changes

@atheo89 atheo89 Awaiting requested review from atheo89

Assignees

@jiridanek jiridanek

Labels

approved review-requested

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dibryant @jiridanek