Sync from kubeflow/model-registry ef896c3

[ppadti]

Description

Sync to pull in changes from:

• Fix the label order in model catalog card and details page kubeflow/hub#2827
• fix(ui): fix reset-all-defaults and slider rounding for performance filters kubeflow/hub#2822
• chore(deps): bump github.com/onsi/gomega from 1.40.0 to 1.42.0 in /clients/ui/bff kubeflow/hub#2833
• Fix the source label dispaly name kubeflow/hub#2847
• chore(deps): bump tmp from 0.2.6 to 0.2.7 in /clients/ui/frontend kubeflow/hub#2839
• feat(ui): resolve hardware configs from cold-start artifacts and filter query OR clause kubeflow/hub#2852
• chore(deps): bump form-data from 4.0.5 to 4.0.6 in /clients/ui/frontend kubeflow/hub#2845

Conflicts Resolved

The following conflicts were resolved during this sync:

#2827 - Fix the label order in model catalog card and details page

• frontend/src/concepts/modelCatalog/const.ts
• frontend/src/app/pages/modelCatalog/components/ModelCatalogLabels.tsx

Nature of conflict: The downstream fork has an additional RED_HAT key in MODEL_CATALOG_POPOVER_MESSAGES that upstream does not have, causing context mismatch in const.ts. In ModelCatalogLabels.tsx, the downstream version had a data-testid="validated-task-icon" attribute on the validated icon that upstream did not include.

Resolution: Applied the upstream text change to the VALIDATED popover message while preserving the downstream-only RED_HAT key. For ModelCatalogLabels.tsx, took the full upstream version which adds task sorting logic (validated tasks first) and a provider label.

#2822 - fix(ui): fix reset-all-defaults and slider rounding for performance filters

• frontend/src/concepts/modelCatalog/const.ts

Nature of conflict: Same downstream RED_HAT key difference caused context mismatch for the patch targeting PERFORMANCE_FILTER_KEYS and getAllFiltersToShow.

Resolution: Applied the upstream changes — moved MIN_VRAM and IMAGE_SIZE out of PERFORMANCE_FILTER_KEYS (sidebar-only filters) and added them explicitly in getAllFiltersToShow. Preserved the downstream RED_HAT key.

#2833 - chore(deps): bump github.com/onsi/gomega from 1.40.0 to 1.42.0

• bff/go.mod

Nature of conflict: Downstream has different go.mod context (different kubeflow/hub/pkg/openapi version) causing patch context mismatch.

Resolution: Applied the gomega version bump from v1.40.0 to v1.42.0.

#2839 - chore(deps): bump tmp from 0.2.6 to 0.2.7

• frontend/package-lock.json

Nature of conflict: Downstream already had tmp at v0.2.7, so the patch context expecting v0.2.6 didn't match.

Resolution: No-op — the downstream was already at the target version. Conflict markers removed.

#2852 - feat(ui): resolve hardware configs from cold-start artifacts and filter query OR clause

• frontend/src/app/pages/modelCatalog/components/ModelCatalogCardBody.tsx
• frontend/src/app/pages/modelCatalog/utils/modelCatalogUtils.ts

Nature of conflict: Downstream import paths differ from upstream (CatalogSource imported from ~/app/modelCatalogTypes vs ~/app/shared/types/catalogTypes), causing context mismatch.

Resolution: Applied all upstream changes (cold-start artifact separation, hardware config resolution, filter query OR clause) while preserving downstream import conventions.

How Has This Been Tested?

Tested by running the federated model-registry package locally, verifying existing behavior in the files this diff touches, and verifying the incoming changes.

Also ran available test scripts in packages/model-registry/upstream/frontend:

• test:lint — passed (0 warnings)
• test:unit — 823 tests passing across 64 suites
• test:type-check — passed clean

Test Impact

Upstream changes include their own tests.

Request review criteria:

Self checklist (all need to be checked):

• The developer has manually tested the changes and verified that the changes work
• Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
• The developer has added tests or explained why testing cannot be added (unit or cypress tests for related changes)
• The code follows our Best Practices (React coding standards, PatternFly usage, performance considerations)

If you have UI changes:

• Included any necessary screenshots or gifs if it was a UI change.
• Included tags to the UX team if it was a UI/UX change.

After the PR is posted & before it merges:

• The developer has tested their solution on a cluster by using the image produced by the PR to main

[coderabbitai]

📝 Walkthrough

Walkthrough

The subtree.commit field in packages/model-registry/package.json is updated from 3e8c430880aac2fbaf0b26e74d596609a5d95163 to ef896c3877ec18e6feca9c97210307ae5850edbb. No other fields in the file are modified.

---

Supply chain surface (CWE-829: Inclusion of Functionality from Untrusted Control Sphere): This is a subtree commit pin change. The new SHA ef896c3877ec18e6feca9c97210307ae5850edbb must be verified against the canonical upstream kubeflow/model-registry repository. Confirm:

1. The commit exists on the expected branch/tag in the upstream repo — not on a fork or attacker-controlled remote.
2. The diff between 3e8c430880aac2fbaf0b26e74d596609a5d95163 and ef896c3877ec18e6feca9c97210307ae5850edbb has been reviewed for unexpected code introduction.
3. No git subtree remote URL was silently altered alongside this pin (check .gitmodules, git config, and any subtree helper scripts).

🚥 Pre-merge checks | ✅ 10

✅ Passed checks (10 passed)

Check name	Status	Explanation
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Contribution Quality And Spam Detection	✅ Passed	This is a legitimate git subtree synchronization PR. PR references real upstream PRs with detailed conflict resolution showing deep codebase knowledge; minimal change (1 line); no security fix clai...
No Hardcoded Secrets	✅ Passed	No hardcoded secrets found. PR only updates git commit SHA in package.json, which is public information. No API keys, tokens, passwords, credentials, or suspicious base64 strings in any files.
No Weak Cryptography	✅ Passed	PR contains only a subtree commit SHA update in package.json; no cryptographic primitives, custom crypto implementations, or insecure secret comparisons found in code.
No Injection Vectors	✅ Passed	No injection vectors detected. Code changes are limited to hardcoded constants in const.ts and safe React component rendering in ModelCatalogLabels.tsx with trusted enum values. No CWE-89, CWE-78,...
No Privileged Containers	✅ Passed	PR only updates subtree.commit SHA in package.json metadata. No Kubernetes/OpenShift manifests, Helm templates, or Dockerfiles were modified; no privileged container patterns detected.
No Sensitive Data In Logs	✅ Passed	No logging statements expose passwords, tokens, API keys, PII, session IDs, or raw request/response bodies. Development-only debug logging is properly guarded by NODE_ENV checks. Token handling cod...
Title check	✅ Passed	Title accurately describes the main change: syncing from upstream kubeflow/model-registry at commit ef896c3.
Description check	✅ Passed	Description comprehensively covers the sync purpose, lists 7 upstream PRs, details conflict resolutions with file paths and technical rationale, includes testing methodology and verification results.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign griffin-sullivan for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[codecov]

Codecov Report

❌ Patch coverage is 0% with 26 lines in your changes missing coverage. Please review.
✅ Project coverage is 63.35%. Comparing base (0aae7a6) to head (27967ea).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
...ges/modelCatalog/components/ModelCatalogLabels.tsx	0.00%	18 Missing ⚠️
...pages/modelCatalog/utils/performanceFilterUtils.ts	0.00%	4 Missing ⚠️
...c/app/context/modelCatalog/ModelCatalogContext.tsx	0.00%	2 Missing ⚠️
...es/modelCatalog/components/SidebarSliderFilter.tsx	0.00%	1 Missing ⚠️
...talog/components/globalFilters/SliderWithInput.tsx	0.00%	1 Missing ⚠️

❌ Your patch check has failed because the patch coverage (0.00%) is below the target coverage (70.00%). You can increase the patch coverage or adjust the target coverage.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #8132      +/-   ##
==========================================
- Coverage   63.38%   63.35%   -0.03%     
==========================================
  Files        2725     2725              
  Lines       83930    83945      +15     
  Branches    21356    21362       +6     
==========================================
- Hits        53195    53180      -15     
- Misses      30735    30765      +30     

Files with missing lines	Coverage Δ
...es/modelCatalog/components/ModelCatalogFilters.tsx	9.75% <ø> (ø)
...stream/frontend/src/concepts/modelCatalog/const.ts	91.76% <ø> (ø)
...es/modelCatalog/components/SidebarSliderFilter.tsx	2.85% <0.00%> (ø)
...talog/components/globalFilters/SliderWithInput.tsx	3.22% <0.00%> (ø)
...c/app/context/modelCatalog/ModelCatalogContext.tsx	3.09% <0.00%> (-0.07%)	⬇️
...pages/modelCatalog/utils/performanceFilterUtils.ts	10.75% <0.00%> (-0.49%)	⬇️
...ges/modelCatalog/components/ModelCatalogLabels.tsx	12.00% <0.00%> (-6.75%)	⬇️

... and 14 files with indirect coverage changes

---

Continue to review full report in Codecov by Harness.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0aae7a6...27967ea. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[manaswinidas]

/retest