Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability patch in secret-sync #3257

Merged
merged 1 commit into from
Nov 6, 2023
Merged

Vulnerability patch in secret-sync #3257

merged 1 commit into from
Nov 6, 2023

Conversation

jupyterhub-bot
Copy link
Collaborator

@jupyterhub-bot jupyterhub-bot commented Oct 23, 2023
edited
Loading

A rebuild of jupyterhub/k8s-secret-sync has been found to influence the detected vulnerabilities! This PR will trigger a rebuild because it has updated a comment in the Dockerfile.

About

This scan for known vulnerabilities has been made by aquasecurity/trivy. Trivy was configured to filter the vulnerabilities with the following settings:

  • ignore-unfixed: true

Before

Before trying to rebuild the image, the following vulnerabilities was detected in jupyterhub/k8s-secret-sync:3.1.1-0.dev.git.6356.h914b5791.

Target Vuln. ID Package Name Installed v. Fixed v.
alpine CVE-2023-5363 libcrypto3 3.1.3-r0 3.1.4-r0
alpine CVE-2023-5363 libssl3 3.1.3-r0 3.1.4-r0
python-pkg CVE-2023-45803 urllib3 1.26.17 2.0.7, 1.26.18
python-pkg CVE-2023-5752 pip 23.2.1 23.3

After

Target Vuln. ID Package Name Installed v. Fixed v.
alpine CVE-2023-5363 libcrypto3 3.1.3-r0 3.1.4-r0
alpine CVE-2023-5363 libssl3 3.1.3-r0 3.1.4-r0
python-pkg CVE-2023-5752 pip 23.2.1 23.3

@jupyterhub-bot jupyterhub-bot added the image:rebuild-to-patch-vuln Image rebuild to patch a known external vulnerability label Oct 23, 2023
@yuvipanda
Copy link
Collaborator

Let's merge this after #3254

@jupyterhub-bot jupyterhub-bot force-pushed the vuln-scan-secret-sync branch 2 times, most recently from a50ebc6 to a98e7cf Compare November 1, 2023 15:54
@consideRatio consideRatio marked this pull request as draft November 1, 2023 15:55
@yuvipanda yuvipanda marked this pull request as ready for review November 6, 2023 11:46
@yuvipanda yuvipanda merged commit 8d5fe6e into main Nov 6, 2023
15 checks passed
@yuvipanda yuvipanda deleted the vuln-scan-secret-sync branch November 6, 2023 11:46
consideRatio pushed a commit to jupyterhub/helm-chart that referenced this pull request Nov 6, 2023
[jupyterhub] Automatic update for commit 3.1.1-0.dev.git.6391.h8d5fe6eb
2302bbf 
jupyterhub/zero-to-jupyterhub-k8s#3257 Merge pull request #3257 from jupyterhub/vuln-scan-secret-sync
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@consideRatio consideRatio Awaiting requested review from consideRatio

Assignees
No one assigned
Labels
image:rebuild-to-patch-vuln Image rebuild to patch a known external vulnerability
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jupyterhub-bot @yuvipanda