Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vulnerability patch in singleuser-sample #3302

Merged
merged 1 commit into from
Jan 20, 2024
Merged

Conversation

jupyterhub-bot
Copy link
Collaborator

@jupyterhub-bot jupyterhub-bot commented Dec 25, 2023

A rebuild of quay.io/jupyterhub/k8s-singleuser-sample has been found to influence the detected vulnerabilities! This PR will trigger a rebuild because it has updated a comment in the Dockerfile.

About

This scan for known vulnerabilities has been made by aquasecurity/trivy. Trivy was configured to filter the vulnerabilities with the following settings:

  • ignore-unfixed: true

Before

Before trying to rebuild the image, the following vulnerabilities was detected in quay.io/jupyterhub/k8s-singleuser-sample:3.2.2-0.dev.git.6485.h5d3ec95e.

Target Vuln. ID Package Name Installed v. Fixed v.

After

Target Vuln. ID Package Name Installed v. Fixed v.
python-pkg CVE-2023-5752 pip 23.2.1 23.3

@jupyterhub-bot jupyterhub-bot added the image:rebuild-to-patch-vuln Image rebuild to patch a known external vulnerability label Dec 25, 2023
@jupyterhub-bot jupyterhub-bot force-pushed the vuln-scan-singleuser-sample branch 3 times, most recently from cbba271 to a50507c Compare January 3, 2024 07:07
@jupyterhub-bot jupyterhub-bot force-pushed the vuln-scan-singleuser-sample branch from a50507c to 600031e Compare January 17, 2024 12:44
@yuvipanda yuvipanda merged commit 96f032d into main Jan 20, 2024
15 checks passed
@yuvipanda yuvipanda deleted the vuln-scan-singleuser-sample branch January 20, 2024 02:43
consideRatio pushed a commit to jupyterhub/helm-chart that referenced this pull request Jan 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
image:rebuild-to-patch-vuln Image rebuild to patch a known external vulnerability
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants