Address CVEs

[mprahl]

This updates:

• nanoid (JavaScript) (CVE-2024-55565)
• path-to-regexp (JavaScript) (CVE-2024-52798)
• golang.org/x/net (Go) (CVE-2024-45338)

This also updates to Node.js 22.

Many of the CVEs addressed are not in the delivered product, but it can help to avoid false positives from CVE scanners and avoid CVEs during development.

Relates:
https://issues.redhat.com/browse/RHOAIENG-17816

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from mprahl. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[dsp-developers]

Commit Checker results:

**NOTE**: These are the results of the commit checker scans. 
If these are not commits from upstream kfp, then please ensure
you adhere to the commit checker formatting

commitchecker verson unknown
Validating 1 commits between 2969fcac9a590bc26c59ca95a9ed8eacc514b6a3...453c61776636f925467e8fc8fc92f26c2b926b03

UPSTREAM commit 453c617 has invalid summary Address CVEs.

UPSTREAM commits are validated against the following regular expression:
  ^UPSTREAM: (revert: )?(([\w.-]+/[\w-.-]+)?: )?(\d+:|<carry>:|<drop>:)

UPSTREAM commit summaries should look like:

  UPSTREAM: <PR number|carry|drop>: description

UPSTREAM commits which revert previous UPSTREAM commits should look like:

  UPSTREAM: revert: <normal upstream format>

Examples of valid summaries:

  UPSTREAM: 12345: A kube fix
  UPSTREAM: <carry>: A carried kube change
  UPSTREAM: <drop>: A dropped kube change
  UPSTREAM: revert: 12345: A kube revert

[hbelmiro]

/lgtm

[DharmitD]

@mprahl could you please confirm that you ran a go mod tidy for the go.mod changes here? Just want to make sure since I don't see a corresponding go.sum file.

[mprahl]

Good catch! I forgot to commit it.

[mprahl]

/hold

[dsp-developers]

Commit Checker results:

**NOTE**: These are the results of the commit checker scans. 
If these are not commits from upstream kfp, then please ensure
you adhere to the commit checker formatting

commitchecker verson unknown
Validating 1 commits between 2969fcac9a590bc26c59ca95a9ed8eacc514b6a3...8f5907de1046e9e20ef0f035041dc538bdc8042d

UPSTREAM commit 8f5907d has invalid summary Address CVEs.

UPSTREAM commits are validated against the following regular expression:
  ^UPSTREAM: (revert: )?(([\w.-]+/[\w-.-]+)?: )?(\d+:|<carry>:|<drop>:)

UPSTREAM commit summaries should look like:

  UPSTREAM: <PR number|carry|drop>: description

UPSTREAM commits which revert previous UPSTREAM commits should look like:

  UPSTREAM: revert: <normal upstream format>

Examples of valid summaries:

  UPSTREAM: 12345: A kube fix
  UPSTREAM: <carry>: A carried kube change
  UPSTREAM: <drop>: A dropped kube change
  UPSTREAM: revert: 12345: A kube revert

[mprahl]

/unhold

[dsp-developers]

Commit Checker results:

**NOTE**: These are the results of the commit checker scans. 
If these are not commits from upstream kfp, then please ensure
you adhere to the commit checker formatting

commitchecker verson unknown
Validating 1 commits between 2969fcac9a590bc26c59ca95a9ed8eacc514b6a3...577d1310b1ae58b6ef8af5e9a879ce46fe9929c8

UPSTREAM commit 577d131 has invalid summary Address CVEs.

UPSTREAM commits are validated against the following regular expression:
  ^UPSTREAM: (revert: )?(([\w.-]+/[\w-.-]+)?: )?(\d+:|<carry>:|<drop>:)

UPSTREAM commit summaries should look like:

  UPSTREAM: <PR number|carry|drop>: description

UPSTREAM commits which revert previous UPSTREAM commits should look like:

  UPSTREAM: revert: <normal upstream format>

Examples of valid summaries:

  UPSTREAM: 12345: A kube fix
  UPSTREAM: <carry>: A carried kube change
  UPSTREAM: <drop>: A dropped kube change
  UPSTREAM: revert: 12345: A kube revert

[dsp-developers]

Change to PR detected. A new PR build was completed.
A set of new images have been built to help with testing out this PR:
API Server: quay.io/opendatahub/ds-pipelines-api-server:pr-125
DSP DRIVER: quay.io/opendatahub/ds-pipelines-driver:pr-125
DSP LAUNCHER: quay.io/opendatahub/ds-pipelines-launcher:pr-125
Persistence Agent: quay.io/opendatahub/ds-pipelines-persistenceagent:pr-125
Scheduled Workflow Manager: quay.io/opendatahub/ds-pipelines-scheduledworkflow:pr-125
MLMD Server: quay.io/opendatahub/mlmd-grpc-server:latest
MLMD Envoy Proxy: registry.redhat.io/openshift-service-mesh/proxyv2-rhel8:2.3.9-2
UI: quay.io/opendatahub/ds-pipelines-frontend:pr-125

[dsp-developers]

Change to PR detected. A new PR build was completed.
A set of new images have been built to help with testing out this PR:
API Server: quay.io/opendatahub/ds-pipelines-api-server:pr-125
DSP DRIVER: quay.io/opendatahub/ds-pipelines-driver:pr-125
DSP LAUNCHER: quay.io/opendatahub/ds-pipelines-launcher:pr-125
Persistence Agent: quay.io/opendatahub/ds-pipelines-persistenceagent:pr-125
Scheduled Workflow Manager: quay.io/opendatahub/ds-pipelines-scheduledworkflow:pr-125
MLMD Server: quay.io/opendatahub/mlmd-grpc-server:latest
MLMD Envoy Proxy: registry.redhat.io/openshift-service-mesh/proxyv2-rhel8:2.3.9-2
UI: quay.io/opendatahub/ds-pipelines-frontend:pr-125

[mprahl]

@hbelmiro and @DharmitD could you please take another look?

[DharmitD]

/lgtm

[hbelmiro]

/lgtm

[dsp-developers]

Commit Checker results:

**NOTE**: These are the results of the commit checker scans. 
If these are not commits from upstream kfp, then please ensure
you adhere to the commit checker formatting

commitchecker verson unknown
Validating 0 commits between dcf2d0e86e8470a2fbcd87401a9d09ed1e35f0ed...577d1310b1ae58b6ef8af5e9a879ce46fe9929c8