jupyterhub / zero-to-jupyterhub-k8s

Helm Chart & Documentation for deploying JupyterHub on Kubernetes
https://zero-to-jupyterhub.readthedocs.io
Other
1.56k stars 799 forks source link

Vulnerability patch in secret-sync #3436

Closed jupyterhub-bot closed 5 months ago

jupyterhub-bot commented 5 months ago

A rebuild of quay.io/jupyterhub/k8s-secret-sync has been found to influence the detected vulnerabilities! This PR will trigger a rebuild because it has updated a comment in the Dockerfile.

About

This scan for known vulnerabilities has been made by aquasecurity/trivy. Trivy was configured to filter the vulnerabilities with the following settings:

Before

Before trying to rebuild the image, the following vulnerabilities was detected in quay.io/jupyterhub/k8s-secret-sync:4.0.0-0.dev.git.6619.hd126b1bd.

Target Vuln. ID Package Name Installed v. Fixed v.
alpine CVE-2023-42364 busybox 1.36.1-r28 1.36.1-r29
alpine CVE-2023-42364 busybox-binsh 1.36.1-r28 1.36.1-r29
alpine CVE-2023-42364 ssl_client 1.36.1-r28 1.36.1-r29
alpine CVE-2023-42365 busybox 1.36.1-r28 1.36.1-r29
alpine CVE-2023-42365 busybox-binsh 1.36.1-r28 1.36.1-r29
alpine CVE-2023-42365 ssl_client 1.36.1-r28 1.36.1-r29
alpine CVE-2024-4741 libcrypto3 3.3.0-r2 3.3.0-r3
alpine CVE-2024-4741 libssl3 3.3.0-r2 3.3.0-r3

After

Target Vuln. ID Package Name Installed v. Fixed v.
alpine CVE-2023-42364 busybox 1.36.1-r28 1.36.1-r29
alpine CVE-2023-42364 busybox-binsh 1.36.1-r28 1.36.1-r29
alpine CVE-2023-42364 ssl_client 1.36.1-r28 1.36.1-r29
alpine CVE-2023-42365 busybox 1.36.1-r28 1.36.1-r29
alpine CVE-2023-42365 busybox-binsh 1.36.1-r28 1.36.1-r29
alpine CVE-2023-42365 ssl_client 1.36.1-r28 1.36.1-r29