Align knative/serving version across Modelmesh repositories

**Describe the bug**

Recently we had 2 CVEs in the `knative/serving` component which led us to update it to a newer version that would require k8s dependencies to be bumped to _0.27.x_., but it is incompatible with `controller-runtime` _0.14.x._

For this reason, to be able to update the `knative/serving` to a newer version we had to pin down the k8s version to _0.26.x_.

There are two vulnerabilities that are fixed by bumping Knative to _0.39.3_:

 - [CVE](https://nvd.nist.gov/vuln/detail/CVE-2023-48713): PR https://github.com/kserve/modelmesh-serving/pull/468
 - https://security.snyk.io/vuln/SNYK-GOLANG-KNATIVEDEVSERVINGPKGAUTOSCALERMETRICS-6091906

To property update it, we would need, first, address https://github.com/kserve/modelmesh-serving/issues/481 to not need to pin the k8s version, once it is updated, we can revert the replace tag changes and start using k8s 0.27.x


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Align knative/serving version across Modelmesh repositories #483

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Align knative/serving version across Modelmesh repositories #483

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions