Skip to content

Vulnerability patch in secret-sync #3700

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 15, 2025
Merged

Vulnerability patch in secret-sync #3700

merged 1 commit into from
Jul 15, 2025

Conversation

@jupyterhub-bot
Copy link
Collaborator

@jupyterhub-bot jupyterhub-bot commented Jun 23, 2025
edited
Loading

A rebuild of quay.io/jupyterhub/k8s-secret-sync has been found to influence the detected vulnerabilities! This PR will trigger a rebuild because it has updated a comment in the Dockerfile.

About

This scan for known vulnerabilities has been made by aquasecurity/trivy. Trivy was configured to filter the vulnerabilities with the following settings:

  • ignore-unfixed: true

Before

Before trying to rebuild the image, the following vulnerabilities was detected in quay.io/jupyterhub/k8s-secret-sync:4.2.1-0.dev.git.7076.h0ff9036c.

Target Vuln. ID Package Name Installed v. Fixed v.
alpine CVE-2025-4575 libcrypto3 3.5.0-r0 3.5.1-r0
alpine CVE-2025-4575 libssl3 3.5.0-r0 3.5.1-r0
python-pkg CVE-2025-50181 urllib3 2.4.0 2.5.0
python-pkg CVE-2025-50182 urllib3 2.4.0 2.5.0

After

Target Vuln. ID Package Name Installed v. Fixed v.
alpine CVE-2025-4575 libcrypto3 3.5.0-r0 3.5.1-r0
alpine CVE-2025-4575 libssl3 3.5.0-r0 3.5.1-r0

@jupyterhub-bot jupyterhub-bot added the image:rebuild-to-patch-vuln Image rebuild to patch a known external vulnerability label Jun 23, 2025
@manics
Copy link
Member

manics commented Jun 23, 2025
edited
Loading

Prettier is failing even though nothing relevant has changed:

pyupgrade................................................................Passed
black....................................................................Passed
isort....................................................................Passed
beautysh.................................................................Passed
prettier.................................................................Failed
- hook id: prettier
- files were modified by this hook

RELEASE.md
docs/source/jupyterhub/installation.md
docs/source/jupyterhub/uninstall.md
docs/source/kubernetes/amazon/step-zero-aws-eks.md
docs/source/kubernetes/amazon/step-zero-aws.md
docs/source/kubernetes/ibm/step-zero-ibm.md
docs/source/kubernetes/google/step-zero-gcp.md
docs/source/kubernetes/microsoft/step-zero-azure.md
docs/source/repo2docker.md
docs/source/administrator/optimization.md
docs/source/changelog.md
docs/source/kubernetes/digital-ocean/step-zero-digital-ocean.md

chartpress --reset.......................................................Passed
flake8...................................................................Passed
Shellcheck Bash Linter...................................................Passed

@jupyterhub-bot jupyterhub-bot force-pushed the vuln-scan-secret-sync branch 2 times, most recently from 237dd51 to 977dc1f Compare July 1, 2025 08:05
@jupyterhub-bot jupyterhub-bot force-pushed the vuln-scan-secret-sync branch from 977dc1f to e217306 Compare July 7, 2025 05:07
@jupyterhub-bot jupyterhub-bot force-pushed the vuln-scan-secret-sync branch from e217306 to 4c2cdd8 Compare July 14, 2025 05:09
@manics manics merged commit 7b3600f into main Jul 15, 2025
16 checks passed
@manics manics deleted the vuln-scan-secret-sync branch July 15, 2025 10:39
consideRatio pushed a commit to jupyterhub/helm-chart that referenced this pull request Jul 15, 2025
[jupyterhub] Automatic update for commit 4.2.1-0.dev.git.7102.h7b3600fb
403ea1b 
jupyterhub/zero-to-jupyterhub-k8s#3700 Merge pull request #3700 from jupyterhub/vuln-scan-secret-sync
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@consideRatio consideRatio Awaiting requested review from consideRatio

Assignees

No one assigned

Labels

image:rebuild-to-patch-vuln Image rebuild to patch a known external vulnerability

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jupyterhub-bot @manics