Vulnerability patch in image-awaiter

[jupyterhub-bot]

A rebuild of quay.io/jupyterhub/k8s-image-awaiter has been found to influence the detected vulnerabilities! This PR will trigger a rebuild because it has updated a comment in the Dockerfile.

About

This scan for known vulnerabilities has been made by aquasecurity/trivy. Trivy was configured to filter the vulnerabilities with the following settings:

• ignore-unfixed: true

Before

Before trying to rebuild the image, the following vulnerabilities was detected in quay.io/jupyterhub/k8s-image-awaiter:4.0.0-beta.4.

Target	Vuln. ID	Package Name	Installed v.	Fixed v.

After

Target	Vuln. ID	Package Name	Installed v.	Fixed v.
gobinary	CVE-2022-41722	stdlib	1.18.10	1.19.6, 1.20.1
gobinary	CVE-2022-41723	stdlib	1.18.10	1.19.6, 1.20.1
gobinary	CVE-2022-41724	stdlib	1.18.10	1.19.6, 1.20.1
gobinary	CVE-2022-41725	stdlib	1.18.10	1.19.6, 1.20.1
gobinary	CVE-2023-24532	stdlib	1.18.10	1.19.7, 1.20.2
gobinary	CVE-2023-24534	stdlib	1.18.10	1.19.8, 1.20.3
gobinary	CVE-2023-24536	stdlib	1.18.10	1.19.8, 1.20.3
gobinary	CVE-2023-24537	stdlib	1.18.10	1.19.8, 1.20.3
gobinary	CVE-2023-24538	stdlib	1.18.10	1.19.8, 1.20.3
gobinary	CVE-2023-24539	stdlib	1.18.10	1.19.9, 1.20.4
gobinary	CVE-2023-24540	stdlib	1.18.10	1.19.9, 1.20.4
gobinary	CVE-2023-29400	stdlib	1.18.10	1.19.9, 1.20.4
gobinary	CVE-2023-29403	stdlib	1.18.10	1.19.10, 1.20.5
gobinary	CVE-2023-29406	stdlib	1.18.10	1.19.11, 1.20.6
gobinary	CVE-2023-29409	stdlib	1.18.10	1.19.12, 1.20.7, 1.21.0-rc.4
gobinary	CVE-2023-39318	stdlib	1.18.10	1.20.8, 1.21.1
gobinary	CVE-2023-39319	stdlib	1.18.10	1.20.8, 1.21.1
gobinary	CVE-2023-39325	stdlib	1.18.10	1.20.10, 1.21.3
gobinary	CVE-2023-39326	stdlib	1.18.10	1.20.12, 1.21.5
gobinary	CVE-2023-45283	stdlib	1.18.10	1.20.11, 1.21.4, 1.20.12, 1.21.5
gobinary	CVE-2023-45284	stdlib	1.18.10	1.20.11, 1.21.4
gobinary	CVE-2023-45287	stdlib	1.18.10	1.20.0
gobinary	CVE-2023-45288	stdlib	1.18.10	1.21.9, 1.22.2
gobinary	CVE-2023-45289	stdlib	1.18.10	1.21.8, 1.22.1
gobinary	CVE-2023-45290	stdlib	1.18.10	1.21.8, 1.22.1
gobinary	CVE-2024-24783	stdlib	1.18.10	1.21.8, 1.22.1
gobinary	CVE-2024-24784	stdlib	1.18.10	1.21.8, 1.22.1
gobinary	CVE-2024-24785	stdlib	1.18.10	1.21.8, 1.22.1
gobinary	CVE-2024-24789	stdlib	1.18.10	1.21.11, 1.22.4
gobinary	CVE-2024-24790	stdlib	1.18.10	1.21.11, 1.22.4
gobinary	CVE-2024-24791	stdlib	1.18.10	1.21.12, 1.22.5
gobinary	CVE-2024-34155	stdlib	1.18.10	1.22.7, 1.23.1
gobinary	CVE-2024-34156	stdlib	1.18.10	1.22.7, 1.23.1
gobinary	CVE-2024-34158	stdlib	1.18.10	1.22.7, 1.23.1

[minrk]

base image was super out of date, updated to 1.23. Not sure how to trigger a new scan, but local trivy image awaiter reports no vulnerabilities