Vulnerability management in Docker image for JupyterHub

Hello everyone, I would like to know how is the vulnerability management by the community, this because the base image I used to deploy my JupyterHub cloud environment has a number of vulnerabilities that by DevOps processes block my deployment.

I’m using as base the image of jupyterhub/k8s-singleuser-sample:3.2.1 which allowed me to solve several vulnerabilities but there are still others that are associated with the version of JupyterHub but when trying to upgrade to the latest version I am limited because the package repository of the base image does not have it. The image I was able to identify from the main repository is python:3.11-bullseye as build-stage.

I hope you can help me with more information.

jupyterhub/k8s-singleuser-sample:3.2.1 corresponds to the last full release of Z2JH. If you need a more up-to-date image I recommend looking at the
https://jupyter-docker-stacks.readthedocs.io/en/latest/
images, which are rebuilt weekly and should be directly usable with Z2JH.

jupyterhub/k8s-singleuser-sample could be used in production, but as you can probably guess from the name it’s more like an example of how to build a singleuser image from scratch, and since it contains very few packages it’s unlikely to be useful.

Thanks for the information, I will review it with my team to choose the best option, thank you very much.