Upgrade Jupyter-server-proxy

[wildintellect]

A fix has been released for a vulnerability in Jupyter-server-proxy, 2i2c has mitigations in place, however it's best practices that we update to non-vulnerable versions of packages.

jupyter-server-proxy >= 4.1.1 or 3.2.3 https://github.com/jupyterhub/jupyter-server-proxy/pull/465/files

Upgrade pattern should follow #41

Tasks

Preview Give feedback

1. Upgrade Pangeo Image 2024.03.14
2. Verify and/or upgrade patched Rocker(Rstudio) image
3. Verify and/or upgrade patched QGIS image

[wildintellect]

2i2c patched QGIS and deployed already. https://github.com/2i2c-org/infrastructure/blob/7753be4874c32efad56112528091e0a979621603/config/clusters/nasa-veda/common.values.yaml#L194

[abarciauskas-bgse]

Our last procedure to upgrade the pangeo-notebook image was:

Checklist:

• Open PR (in this repo) to upgrade the pangeo-notebook image tag: https://github.com/NASA-IMPACT/veda-jh-environments/blob/main/docker-images/base/pangeo-notebook/Dockerfile#L1 to have the updated image tag pangeo/pangeo-notebook:2024.03.13 (Done in Update base image for pangeo-notebook to 2024.03.13 #47)
• Open a PR (in this repo) to upgrade the custom singleuser image that points to the new tag of the base image (output of step 1 above). NOTE: We need to do this b/c ONBUILD commands in docker are only heritable for the immediate child. And our "custom" singleuser images will include dependencies that we want to be picked up with the adjacent environment.yml
• Once you have custom image tag (from step 2 above), test it by simply pasting it into the 'bring your own image' field of the profile. Test the xarray feature mentioned as well as running through a few other notebooks to make sure the hub is working as expected.
• Once the PR to veda-jh-environments is merged, and the image is built in ECR, open a PR which updates the hash for the nasa-veda-singleuser image here: https://github.com/2i2c-org/infrastructure/blob/2a17dfb1d0fc2cfc5d6202cd2af582e090fdabce/config/clusters/nasa-veda/common.values.yaml#L70
• Request 2i2c deploy the VEDA jupyterhub with the updated nasa-veda-singleuser image tag with evidence of the working image

[wildintellect]

Best I can tell Rocker being tagged to 4.3 is also recent and likely patched https://hub.docker.com/r/rocker/binder/tags

[batpad]

PR to 2i2c infra repo to update the singleuser image at 2i2c-org/infrastructure#3823

[wildintellect]

I've confirmed in both VEDA and GHG hubs the new image is deployed - had to login and check the conda list proxy version is at 4.1.2

TODO: make it easier to tell what container image is being run, maybe there's an easy command but it's not obvious.

[batpad]

@wildintellect there will be an environment variable called JUPYTER_IMAGE that one can check in a notebook / on the container. Should we document this somewhere?