search

jupyterhub / zero-to-jupyterhub-k8s

Helm Chart & Documentation for deploying JupyterHub on Kubernetes
https://zero-to-jupyterhub.readthedocs.io
Other
1.56k stars 799 forks source link

Vulnerability patch in hub #3386

Closed jupyterhub-bot closed 5 months ago

jupyterhub-bot commented 7 months ago

A rebuild of quay.io/jupyterhub/k8s-hub has been found to influence the detected vulnerabilities! This PR will trigger a rebuild because it has updated a comment in the Dockerfile.

About

This scan for known vulnerabilities has been made by aquasecurity/trivy. Trivy was configured to filter the vulnerabilities with the following settings:

Before

Before trying to rebuild the image, the following vulnerabilities was detected in quay.io/jupyterhub/k8s-hub:4.0.0-0.dev.git.6588.hd5ba9a9f.

Target Vuln. ID Package Name Installed v. Fixed v.
debian CVE-2022-48624 less 551-2 551-2+deb11u2
debian CVE-2024-32487 less 551-2 551-2+deb11u2
debian CVE-2024-33599 libc-bin 2.31-13+deb11u9 2.31-13+deb11u10
debian CVE-2024-33599 libc6 2.31-13+deb11u9 2.31-13+deb11u10
debian CVE-2024-33600 libc-bin 2.31-13+deb11u9 2.31-13+deb11u10
debian CVE-2024-33600 libc6 2.31-13+deb11u9 2.31-13+deb11u10
debian CVE-2024-33601 libc-bin 2.31-13+deb11u9 2.31-13+deb11u10
debian CVE-2024-33601 libc6 2.31-13+deb11u9 2.31-13+deb11u10
debian CVE-2024-33602 libc-bin 2.31-13+deb11u9 2.31-13+deb11u10
debian CVE-2024-33602 libc6 2.31-13+deb11u9 2.31-13+deb11u10

After

Target Vuln. ID Package Name Installed v. Fixed v.
manics commented 5 months ago

Out of date- other dependency PRs will have triggered a rebuild