Vulnerability patch in network-tools

[jupyterhub-bot]

A rebuild of quay.io/jupyterhub/k8s-network-tools has been found to influence the detected vulnerabilities! This PR will trigger a rebuild because it has updated a comment in the Dockerfile.

About

This scan for known vulnerabilities has been made by aquasecurity/trivy. Trivy was configured to filter the vulnerabilities with the following settings:

• ignore-unfixed: true

Before

Before trying to rebuild the image, the following vulnerabilities was detected in quay.io/jupyterhub/k8s-network-tools:4.0.0-0.dev.git.6548.h9b2dfe22.

Target	Vuln. ID	Package Name	Installed v.	Fixed v.
alpine	CVE-2023-42363	busybox	1.36.1-r5	1.36.1-r7
alpine	CVE-2023-42363	busybox-binsh	1.36.1-r5	1.36.1-r7
alpine	CVE-2023-42363	ssl_client	1.36.1-r5	1.36.1-r7
alpine	CVE-2023-42364	busybox	1.36.1-r5	1.36.1-r7
alpine	CVE-2023-42364	busybox-binsh	1.36.1-r5	1.36.1-r7
alpine	CVE-2023-42364	ssl_client	1.36.1-r5	1.36.1-r7
alpine	CVE-2023-42365	busybox	1.36.1-r5	1.36.1-r7
alpine	CVE-2023-42365	busybox-binsh	1.36.1-r5	1.36.1-r7
alpine	CVE-2023-42365	ssl_client	1.36.1-r5	1.36.1-r7
alpine	CVE-2023-42366	busybox	1.36.1-r5	1.36.1-r6
alpine	CVE-2023-42366	busybox-binsh	1.36.1-r5	1.36.1-r6
alpine	CVE-2023-42366	ssl_client	1.36.1-r5	1.36.1-r6
alpine	CVE-2024-2511	libcrypto3	3.1.4-r5	3.1.4-r6
alpine	CVE-2024-2511	libssl3	3.1.4-r5	3.1.4-r6
alpine	CVE-2024-4603	libcrypto3	3.1.4-r5	3.1.5-r0
alpine	CVE-2024-4603	libssl3	3.1.4-r5	3.1.5-r0
alpine	CVE-2024-4741	libcrypto3	3.1.4-r5	3.1.6-r0
alpine	CVE-2024-4741	libssl3	3.1.4-r5	3.1.6-r0
alpine	CVE-2024-5535	libcrypto3	3.1.4-r5	3.1.6-r0
alpine	CVE-2024-5535	libssl3	3.1.4-r5	3.1.6-r0

After

Target	Vuln. ID	Package Name	Installed v.	Fixed v.
alpine	CVE-2024-4741	libcrypto3	3.1.5-r0	3.1.6-r0
alpine	CVE-2024-4741	libssl3	3.1.5-r0	3.1.6-r0
alpine	CVE-2024-5535	libcrypto3	3.1.5-r0	3.1.6-r0
alpine	CVE-2024-5535	libssl3	3.1.5-r0	3.1.6-r0