Fix
https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFENCODINGPROTOJSON-6137908

Signed-off-by: jooho <jlee@redhat.com>
Co-authored-by: jooho <jlee@redhat.com>

Address DoS vulnerability in github.com/pkg/sftp

https://app.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPKGSFTP-569475

---------

Signed-off-by: jooho <jlee@redhat.com>
Signed-off-by: Davide Salerno <dsalerno@redhat.com>
Co-authored-by: Signed-off-by: Davide Salerno <dsalerno@redhat.com>

Mitigate CVE-2023-48713

---------

Signed-off-by: Christian Kadner <ckadner@us.ibm.com>

…487)

* Rebase dev image from ubi8/go-toolset to ubi8/ubi-minimal
* Add new build stage to install Go and CLI tools that previously
  were available with the ubi/go-toolset image
* Update Go version from 1.20 to 1.21 (Dockerfile, go.mod)

---------

Signed-off-by: Christian Kadner <ckadner@us.ibm.com>

#### Motivation

https://github.com/kserve/modelmesh-serving/security

> **Code scanning configuration error**
> CodeQL is reporting errors. Check the [tool
status](https://github.com/kserve/modelmesh-serving/security/code-scanning/tools/CodeQL/status/configurations/actions-FZTWS5DIOVRC653POJVWM3DPO5ZS6Y3PMRSXC3BOPFWWY/b3dc626bc1db336b4a359feba12ef6c0998163ba0ab6e63305c9bc82567d61c9)
for help.

<img width="683" alt="image"
src="https://github.com/kserve/modelmesh-serving/assets/12246093/d97338cd-8288-43c1-ba58-4c328780debe">


#### Modifications

- update Go version for build/test/lint workflow(s)
- update versions of (all) GitHub actions

#### Result

TBD

Signed-off-by: Christian Kadner <ckadner@us.ibm.com>

#### Motivation
Followed the quickstart and ran into "jq not found" when running the
following command. [Quickstart
link](https://github.com/kserve/modelmesh-serving/blob/91b610bd1bcd8d5264dcd696db4e2b65730f7468/scripts/self-signed-ca.sh#L136-L139)

```./scripts/install.sh --namespace modelmesh-serving --quickstart --enable-self-signed-ca```


The following change made jq a necessary dependency:

https://github.com/kserve/modelmesh-serving/blob/91b610bd1bcd8d5264dcd696db4e2b65730f7468/scripts/self-signed-ca.sh#L136-L139

#### Modifications

Modified the list under the following link to point to where jq can be downloaded or installed https://github.com/kserve/modelmesh-serving/blob/main/docs/quickstart.md#prerequisites

#### Result
The prerequisites list has the link detailed below.

---------

Signed-off-by: medinad96 <medinad@bu.edu>

#### Motivation
Triton introduced [support for more model frameworks last
year](https://developer.nvidia.com/blog/real-time-serving-for-xgboost-scikit-learn-randomforest-lightgbm-and-more/)
and can support xgboost, lightgbm, and more. This PR adds examples and
docs to advertise this.

#### Modifications
- Add newly supported models to Triton runtime config, setting
`autoSelect: false`.
- Add an example ISVC config for Triton-served XGBoost model.
- Update example-models doc to reflect example models added in
kserve/modelmesh-minio-examples#7
- Update model-formats README to reflect framework support and
framework-specific docs to show example ISVC using Triton.
- Add FVTs for lightgbm and xgboost deployment on Triton runtime

#### Result
Closes #185

---------

Signed-off-by: Rafael Vasquez <raf.vasquez@ibm.com>
Signed-off-by: Rafael Vasquez <rafvasq21@gmail.com>

This is to move away from CVE-20204-24786: infinite loop vulnerability.

Signed-off-by: Edgar Hernández <23639005+israel-hdez@users.noreply.github.com>

#### Motivation

I'm very happy to quickly install `kserve modelmesh` by following
[quickstart](https://github.com/kserve/modelmesh-serving/blob/main/docs/quickstart.md),
but I encountered the problem when I want to write a python-based custom
`ServingRuntime` for model `mnist-svm.joblib` which is also used in many
guides and docs, and I also opened an [issue
](#494) for it.
However, I can hardly find the complete process which is available
online, including the community. So I pieced together some information
to make it's easier for user to do it.

#### Modifications

1. Add a REAMD for describing the complete process
2. Add a folder for custom ServingRuntime, including the python code,
Dockerfile and required library configuration file.

#### Result

The process for writing a python-based custom `ServingRuntime` is
completed, hope it can be a easy start for fresh user.

---------

Signed-off-by: zhlsunshine <huailong.zhang@intel.com>

Updating packages used in recently introduced custom runtime example.

- https://github.com/kserve/modelmesh-serving/security/dependabot/14 
- https://github.com/kserve/modelmesh-serving/security/dependabot/15

Signed-off-by: Rafael Vasquez <rafvasq21@gmail.com>

* Update kserve/kserve dependency to v0.12.0
* Update KServe CRDs to the ones in KServe v0.12.0
* Code adaptations for controller-runtime upgrade.

---------

Signed-off-by: Edgar Hernández <23639005+israel-hdez@users.noreply.github.com>

[RHOAIENG-5305] - golang.org/x/net Allocation of Resources Without
Limits or Throttling

chore: Fixes
[CVE-2023-45288](https://www.cve.org/CVERecord?id=CVE-2023-45288)

---------

Signed-off-by: Spolti <fspolti@redhat.com>