Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability patch in secret-sync #3397

Merged
merged 1 commit into from May 27, 2024
Merged

Vulnerability patch in secret-sync #3397

merged 1 commit into from May 27, 2024
+1 −1

Conversation

jupyterhub-bot
Copy link
Collaborator

@jupyterhub-bot jupyterhub-bot commented Apr 15, 2024
edited

A rebuild of quay.io/jupyterhub/k8s-secret-sync has been found to influence the detected vulnerabilities! This PR will trigger a rebuild because it has updated a comment in the Dockerfile.

About

This scan for known vulnerabilities has been made by aquasecurity/trivy. Trivy was configured to filter the vulnerabilities with the following settings:

  • ignore-unfixed: true

Before

Before trying to rebuild the image, the following vulnerabilities was detected in quay.io/jupyterhub/k8s-secret-sync:4.0.0-0.dev.git.6543.ha8cb249d.

Target Vuln. ID Package Name Installed v. Fixed v.
alpine CVE-2023-42363 busybox 1.36.1-r15 1.36.1-r17
alpine CVE-2023-42363 busybox-binsh 1.36.1-r15 1.36.1-r17
alpine CVE-2023-42363 ssl_client 1.36.1-r15 1.36.1-r17
alpine CVE-2023-42366 busybox 1.36.1-r15 1.36.1-r16
alpine CVE-2023-42366 busybox-binsh 1.36.1-r15 1.36.1-r16
alpine CVE-2023-42366 ssl_client 1.36.1-r15 1.36.1-r16
alpine CVE-2024-2511 libcrypto3 3.1.4-r5 3.1.4-r6
alpine CVE-2024-2511 libssl3 3.1.4-r5 3.1.4-r6
alpine CVE-2024-4603 libcrypto3 3.1.4-r5 3.1.5-r0
alpine CVE-2024-4603 libssl3 3.1.4-r5 3.1.5-r0
python-pkg CVE-2024-35195 requests 2.31.0 2.32.0
python-pkg CVE-2024-3651 idna 3.6 3.7

After

Target Vuln. ID Package Name Installed v. Fixed v.

@jupyterhub-bot jupyterhub-bot added the image:rebuild-to-patch-vuln Image rebuild to patch a known external vulnerability label Apr 15, 2024
@jupyterhub-bot jupyterhub-bot force-pushed the vuln-scan-secret-sync branch 2 times, most recently from 3a9a43b to fb74ac4 Compare May 6, 2024 05:15
@jupyterhub-bot jupyterhub-bot force-pushed the vuln-scan-secret-sync branch 2 times, most recently from 91e3e64 to 742904a Compare May 20, 2024 05:15
@consideRatio consideRatio merged commit 1c87fe2 into main May 27, 2024
15 checks passed
@consideRatio consideRatio deleted the vuln-scan-secret-sync branch May 27, 2024 06:53
consideRatio pushed a commit to jupyterhub/helm-chart that referenced this pull request May 27, 2024
[jupyterhub] Automatic update for commit 4.0.0-0.dev.git.6619.hd126b1bd
7d45619 
jupyterhub/zero-to-jupyterhub-k8s#3397 Merge pull request #3397 from jupyterhub/vuln-scan-secret-sync
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@consideRatio consideRatio Awaiting requested review from consideRatio

Assignees
No one assigned
Labels
image:rebuild-to-patch-vuln Image rebuild to patch a known external vulnerability
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jupyterhub-bot @consideRatio