Removes benchmark folder from 2.x branch to resolve CVEs coming from the folder #1875
Conversation
Signed-off-by: Tejas Shah <[email protected]>
shatejas
requested review from
heemin32,
navneet1v,
VijayanB,
vamshin,
jmazanec15,
naveentatikonda,
junqiu-lei,
martin-gaievski,
ryanbogan and
luyuncheng
as code owners
|
Are the CVEs coming only from 2.x branch but not main branch? How is that? |
@heemin32 You are right. The CVEs are at both main and 2.x. I believe, during release we have strict guideline that no CVEs should be present. Ideally we should fix at main and backport. However, given the issues are with benchmarks/* ( not part of k-nn and they won't be shipped with product ) and imo, we don't need this code at 2.x branch , so it is safe to delete from 2.x branch. We are also working on permanently moving all features from this folder to OSB, so that we can remove from main itself. |
I did not remove it as perf test are needed during release testing. Can remove it once osb is ready |
|
As long as we are also going to remove benchmark folder from main as well I am fine. |
|
@shatejas lets port this PR to main branch too, if not already done. |
|
@shatejas Shouldn't we backport this PR to 2.16 branch to fix the CVEs in 2.16 ? |
Description
Addressing advisories https://advisories.aws.barahmand.com/vulnerabilities/k-NN:%20OpenSearch%20Plugin/origin/main
Related Issues
Check List
--signoff.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.