Skip to content

Vulnerability patch in singleuser-sample #3643

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 14, 2025
Merged

Vulnerability patch in singleuser-sample #3643

merged 1 commit into from
Apr 14, 2025

Conversation

@jupyterhub-bot
Copy link
Collaborator

@jupyterhub-bot jupyterhub-bot commented Apr 7, 2025
edited
Loading

A rebuild of quay.io/jupyterhub/k8s-singleuser-sample has been found to influence the detected vulnerabilities! This PR will trigger a rebuild because it has updated a comment in the Dockerfile.

About

This scan for known vulnerabilities has been made by aquasecurity/trivy. Trivy was configured to filter the vulnerabilities with the following settings:

  • ignore-unfixed: true

Before

Before trying to rebuild the image, the following vulnerabilities was detected in quay.io/jupyterhub/k8s-singleuser-sample:4.1.1-0.dev.git.6988.hc5e9d168.

Target Vuln. ID Package Name Installed v. Fixed v.
debian CVE-2024-56406 libperl5.36 5.36.0-7+deb12u1 5.36.0-7+deb12u2
debian CVE-2024-56406 perl 5.36.0-7+deb12u1 5.36.0-7+deb12u2
debian CVE-2024-56406 perl-base 5.36.0-7+deb12u1 5.36.0-7+deb12u2
debian CVE-2024-56406 perl-modules-5.36 5.36.0-7+deb12u1 5.36.0-7+deb12u2

After

Target Vuln. ID Package Name Installed v. Fixed v.

@jupyterhub-bot jupyterhub-bot added the image:rebuild-to-patch-vuln Image rebuild to patch a known external vulnerability label Apr 7, 2025
@jupyterhub-bot jupyterhub-bot force-pushed the vuln-scan-singleuser-sample branch from 0ed7272 to 2bceff4 Compare April 14, 2025 05:07
@minrk minrk merged commit c63ba56 into main Apr 14, 2025
14 checks passed
@minrk minrk deleted the vuln-scan-singleuser-sample branch April 14, 2025 13:40
consideRatio pushed a commit to jupyterhub/helm-chart that referenced this pull request Apr 14, 2025
[jupyterhub] Automatic update for commit 4.1.1-0.dev.git.6999.hc63ba569
684370c 
jupyterhub/zero-to-jupyterhub-k8s#3643 Merge pull request #3643 from jupyterhub/vuln-scan-singleuser-sample
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@consideRatio consideRatio Awaiting requested review from consideRatio

Assignees

No one assigned

Labels

image:rebuild-to-patch-vuln Image rebuild to patch a known external vulnerability

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jupyterhub-bot @minrk