Added documentation about various dependencies of the AI-Lab

exasol · Jan 15, 2025 · f9fbcd3 · f9fbcd3
1 parent a1aa67a
commit f9fbcd3
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 9 deletions.
diff --git a/doc/changes/changes_3.2.0.md b/doc/changes/changes_3.2.0.md
@@ -9,21 +9,21 @@ This release updates dependencies and fixes security vulnerabilities on top of 3
 Fixed vulnerabilities:
 
 * Vulnerabilities in direct dependency `jinja2` version 3.1.4
-  * [#50](https://github.com/exasol/ai-lab/security/dependabot/#50) Moderate: Jinja has a sandbox breakout through malicious filenames Moderate
-  * [#49](https://github.com/exasol/ai-lab/security/dependabot/#49) Moderate: Jinja has a sandbox breakout through indirect reference to format method Moderate
+  * #50 Moderate: Jinja has a sandbox breakout through malicious filenames Moderate
+  * #49 Moderate: Jinja has a sandbox breakout through indirect reference to format method Moderate
 * Vulnerabilities in transitive dependency `ansible-core` via `ansible`:
-  * [#44](https://github.com/exasol/ai-lab/security/dependabot/44) Moderate, affects versions < 2.17.6, ansible-core Incorrect Authorization vulnerability Moderate
-  * [#47](https://github.com/exasol/ai-lab/security/dependabot/47) Low, affects versions < 2.17.7: Ansible-Core vulnerable to content protections bypass Low
+  * #44 Moderate, affects versions < 2.17.6, ansible-core Incorrect Authorization vulnerability Moderate
+  * #47 Low, affects versions < 2.17.7: Ansible-Core vulnerable to content protections bypass Low
 * Vulnerabilities in transitive testing dependency `tornado` version 6.4.1 via `pytest-check-links`,  `nbconvert`, `nbclient`, `jupyter-client`:
-  * [#46](https://github.com/exasol/ai-lab/security/dependabot/#46) High: Tornado has an HTTP cookie parsing DoS vulnerability High
+  * #46 High: Tornado has an HTTP cookie parsing DoS vulnerability High
 
 Accepted vulnerabilities:
 
 * Vulnerabilities in transitive testing dependency `python-jose` version 3.3.0 via `localstack` as there is no newer version available.
-  * [#31](https://github.com/exasol/ai-lab/security/dependabot/31) Critical: python-jose algorithm confusion with OpenSSH ECDSA keys Critical
-  * [#32](https://github.com/exasol/ai-lab/security/dependabot/#32) Moderate: python-jose denial of service via compressed JWE content Moderate
+  * #31 Critical: python-jose algorithm confusion with OpenSSH ECDSA keys Critical
+  * #32 Moderate: python-jose denial of service via compressed JWE content Moderate
 * Vulnerabilities in transitive dependency `ansible-core` 2.17.7 version via `ansible` as there is no newer version available.
-  * [#43](https://github.com/exasol/ai-lab/security/dependabot/43) High: Ansible vulnerable to Insertion of Sensitive Information into Log File High
+  * #43 High: Ansible vulnerable to Insertion of Sensitive Information into Log File High
 
 ## Security Issues
 

diff --git a/doc/developer_guide/dependencies.md b/doc/developer_guide/dependencies.md
@@ -0,0 +1,21 @@
+### Update dependencies
+
+AI-Lab contains dependencies on multiple levels and specified in multiple places.
+
+* [pyproject.toml](https://github.com/exasol/ai-lab/blob/main/pyproject.toml) impacting [poetry.lock](https://github.com/exasol/ai-lab/blob/main/poetry.lock)
+* Requirements files in ansible scripts
+  * [jupyter_requirements.txt](https://github.com/exasol/ai-lab/blob/main/exasol/ds/sandbox/runtime/ansible/roles/jupyter/files/jupyter_requirements.txt)
+  * [notebook_requirements.txt](https://github.com/exasol/ai-lab/blob/main/exasol/ds/sandbox/runtime/ansible/roles/jupyter/files/notebook_requirements.txt)
+  * Including the notebook-connector and its dependencies SLCT and [slct_manager.py](https://github.com/exasol/notebook-connector/blob/main/exasol/nb_connector/slct_manager.py)
+* Dependencies in other ansible scripts, e.g.
+  * [docker/defaults/main.yml](https://github.com/exasol/ai-lab/blob/main/exasol/ds/sandbox/runtime/ansible/roles/docker/defaults/main.yml)
+* AMI base image, see [exasol/ds/sandbox/lib/config.py](https://github.com/exasol/ai-lab/blob/main/exasol/ds/sandbox/lib/config.py)
+* GitHub Workflows: no actual dependencies
+
+Commands to update operating system packages
+
+```shell
+sudo apt-get update
+sudo apt-get install <package name>=<version>
+sudo apt serarch <package name>
+```
diff --git a/doc/developer_guide/developer_guide.md b/doc/developer_guide/developer_guide.md
@@ -16,5 +16,6 @@ the virtual image formats.
 6. [Running tests in the CI](ci.md)
 7. [Updating Packages](updating_packages.md)
 8. [Notebooks](notebooks.md)
+9. [Dependencies](dependencies.md)
 
-
+Section [Dependencies](dependencies.md) is dedicated to enumerating all places defining dependencies as the AI-Lab contains dependencies on multiple levels and specified in multiple places.