From 85b0834a6ce96dae398d76d7690404d6c6b132c3 Mon Sep 17 00:00:00 2001 From: Will <22566733+WilliamHoltam@users.noreply.github.com> Date: Fri, 24 Nov 2023 14:43:32 +0000 Subject: [PATCH 01/88] update openshift documentation --- docs/source/kubernetes/redhat/step-zero-openshift.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/docs/source/kubernetes/redhat/step-zero-openshift.md b/docs/source/kubernetes/redhat/step-zero-openshift.md index 816d8f7c8b..00531c48ab 100644 --- a/docs/source/kubernetes/redhat/step-zero-openshift.md +++ b/docs/source/kubernetes/redhat/step-zero-openshift.md @@ -4,10 +4,12 @@ [OpenShift](https://www.okd.io/) from RedHat is a cluster manager based on Kubernetes. -For setting up JupyterHub on OpenShift, check out the [JupyterHub on OpenShift](https://github.com/jupyter-on-openshift/jupyterhub-quickstart) -project. It provides an OpenShift template based JupyterHub deployment. Zero to JupyterHub uses -[helm](https://helm.sh) which is currently usable with OpenShift; yet deploying helm on OpenShift -is somewhat complicated (see RedHat's blog post on [Getting Started with Helm on OpenShift](https://cloud.redhat.com/blog/getting-started-helm-openshift)). +For running Z2JH on openshift, check out the [z2jh-openshift](https://github.com/gembaadvantage/z2jh-openshift) project. It customizes the provided helm chart with security configuration required by OpenShift, and makes minor alterations to network policies to enable networking with the weave NPC and openshift-dns. + +Otherwise for setting up alternative notebook environments, checkout: + +- [RedHat OpenShift Data Science](https://www.redhat.com/en/technologies/cloud-computing/openshift/openshift-data-science) or the OpenShift +- [OpenDataHub](https://opendatahub.io/) operator. ## Additional resources about Jupyter on OpenShift From 0c4386edf3051d153483c2e2dac21c2e42f84e04 Mon Sep 17 00:00:00 2001 From: Will <22566733+WilliamHoltam@users.noreply.github.com> Date: Fri, 24 Nov 2023 15:32:42 +0000 Subject: [PATCH 02/88] update openshift docs --- docs/source/kubernetes/redhat/step-zero-openshift.md | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/docs/source/kubernetes/redhat/step-zero-openshift.md b/docs/source/kubernetes/redhat/step-zero-openshift.md index 00531c48ab..558273d031 100644 --- a/docs/source/kubernetes/redhat/step-zero-openshift.md +++ b/docs/source/kubernetes/redhat/step-zero-openshift.md @@ -4,15 +4,9 @@ [OpenShift](https://www.okd.io/) from RedHat is a cluster manager based on Kubernetes. -For running Z2JH on openshift, check out the [z2jh-openshift](https://github.com/gembaadvantage/z2jh-openshift) project. It customizes the provided helm chart with security configuration required by OpenShift, and makes minor alterations to network policies to enable networking with the weave NPC and openshift-dns. +For running Z2JH on openshift, check out the [z2jh-openshift](https://github.com/gembaadvantage/z2jh-openshift) project. It customizes the containers used by the helm chart with security configuration required by OpenShift, and makes minor alterations to network policies to enable networking with the Weave NPC and the default OpenShift DNS. Otherwise for setting up alternative notebook environments, checkout: -- [RedHat OpenShift Data Science](https://www.redhat.com/en/technologies/cloud-computing/openshift/openshift-data-science) or the OpenShift +- [RedHat OpenShift Data Science](https://www.redhat.com/en/technologies/cloud-computing/openshift/openshift-data-science) operator. - [OpenDataHub](https://opendatahub.io/) operator. - -## Additional resources about Jupyter on OpenShift - -- An excellent series of OpenShift blog posts on Jupyter and OpenShift - authored by Red Hat developer, Graham Dumpleton, are - available on the [OpenShift blog](https://cloud.redhat.com/blog/jupyter-openshift-using-openshift-data-analytics). From 8ee2752da7ca23b068483decd24d97e8ec3086c9 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 27 Nov 2023 18:47:31 +0100 Subject: [PATCH 03/88] Bump to 3.2.2-0.dev --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index 6739be75b0..f0e2636352 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "3.2.1" + baseVersion: "3.2.2-0.dev" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index 560f5d28af..e02f95a6a9 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "3.2.1" +current = "3.2.2-0.dev" # match our prerelease prefixes # -alpha.1 From 333effa8ae41cb75ab5d51c319ab670c26a33eb4 Mon Sep 17 00:00:00 2001 From: Will <22566733+WilliamHoltam@users.noreply.github.com> Date: Tue, 28 Nov 2023 09:33:47 +0000 Subject: [PATCH 04/88] update openshift docs --- docs/source/kubernetes/redhat/step-zero-openshift.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/docs/source/kubernetes/redhat/step-zero-openshift.md b/docs/source/kubernetes/redhat/step-zero-openshift.md index 558273d031..c4cd6fd0ee 100644 --- a/docs/source/kubernetes/redhat/step-zero-openshift.md +++ b/docs/source/kubernetes/redhat/step-zero-openshift.md @@ -6,7 +6,4 @@ For running Z2JH on openshift, check out the [z2jh-openshift](https://github.com/gembaadvantage/z2jh-openshift) project. It customizes the containers used by the helm chart with security configuration required by OpenShift, and makes minor alterations to network policies to enable networking with the Weave NPC and the default OpenShift DNS. -Otherwise for setting up alternative notebook environments, checkout: - -- [RedHat OpenShift Data Science](https://www.redhat.com/en/technologies/cloud-computing/openshift/openshift-data-science) operator. -- [OpenDataHub](https://opendatahub.io/) operator. +For more information please see the [ongoing discourse discussion](https://discourse.jupyter.org/t/zero-to-jupyterhub-and-red-hat-openshift/12656). From 9fd01bbf7804c7bc2e2bdaad8aaaef425bd709bf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Nov 2023 00:34:58 +0000 Subject: [PATCH 05/88] build(deps): bump cryptography from 41.0.5 to 41.0.6 in /images/hub Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.5 to 41.0.6. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/41.0.5...41.0.6) --- updated-dependencies: - dependency-name: cryptography dependency-type: indirect ... Signed-off-by: dependabot[bot] --- images/hub/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 6013770ca5..6dffea6cf2 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -31,7 +31,7 @@ cffi==1.16.0 # via cryptography charset-normalizer==3.3.2 # via requests -cryptography==41.0.5 +cryptography==41.0.6 # via # pyjwt # pyopenssl From 1e7610ea0fc5b8a9bb90625354be342bea78db3c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Dec 2023 05:30:57 +0000 Subject: [PATCH 06/88] build(deps): bump aquasecurity/trivy-action from 0.13.1 to 0.14.0 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.13.1 to 0.14.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/f78e9ecf42a1271402d4f484518b9313235990e1...2b6a709cf9c4025c5438138008beaddbb02086f0) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/vuln-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/vuln-scan.yaml b/.github/workflows/vuln-scan.yaml index c7acb67b33..f4c2aeca32 100644 --- a/.github/workflows/vuln-scan.yaml +++ b/.github/workflows/vuln-scan.yaml @@ -87,7 +87,7 @@ jobs: # Action reference: https://github.com/aquasecurity/trivy-action - name: Scan latest published image id: scan_1 - uses: aquasecurity/trivy-action@f78e9ecf42a1271402d4f484518b9313235990e1 + uses: aquasecurity/trivy-action@2b6a709cf9c4025c5438138008beaddbb02086f0 with: image-ref: ${{ steps.image.outputs.spec }} format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -112,7 +112,7 @@ jobs: - name: Scan rebuilt image id: scan_2 if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@f78e9ecf42a1271402d4f484518b9313235990e1 + uses: aquasecurity/trivy-action@2b6a709cf9c4025c5438138008beaddbb02086f0 with: image-ref: rebuilt-image format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -171,7 +171,7 @@ jobs: - name: Describe vulnerabilities if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@f78e9ecf42a1271402d4f484518b9313235990e1 + uses: aquasecurity/trivy-action@2b6a709cf9c4025c5438138008beaddbb02086f0 with: image-ref: rebuilt-image format: table From 53c9daa1fa6706d8dd5781fc1977b4c22ece0591 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Dec 2023 05:31:02 +0000 Subject: [PATCH 07/88] build(deps): bump actions/github-script from 6 to 7 Bumps [actions/github-script](https://github.com/actions/github-script) from 6 to 7. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/release-tag.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml index 4327831409..a5b6869705 100644 --- a/.github/workflows/release-tag.yml +++ b/.github/workflows/release-tag.yml @@ -15,7 +15,7 @@ jobs: steps: # https://github.com/actions/github-script # https://octokit.github.io/rest.js/v18#repos-create-release - - uses: actions/github-script@v6 + - uses: actions/github-script@v7 with: script: | if (!context.ref.startsWith('refs/tags/')) { From a4ddd508d082104ec2d71ad0d170daa1ea64516b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Dec 2023 05:31:06 +0000 Subject: [PATCH 08/88] build(deps): bump dessant/support-requests from 3 to 4 Bumps [dessant/support-requests](https://github.com/dessant/support-requests) from 3 to 4. - [Release notes](https://github.com/dessant/support-requests/releases) - [Changelog](https://github.com/dessant/support-requests/blob/main/CHANGELOG.md) - [Commits](https://github.com/dessant/support-requests/compare/v3...v4) --- updated-dependencies: - dependency-name: dessant/support-requests dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/support-bot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/support-bot.yml b/.github/workflows/support-bot.yml index a65552ea36..5f76c578e4 100644 --- a/.github/workflows/support-bot.yml +++ b/.github/workflows/support-bot.yml @@ -12,7 +12,7 @@ jobs: action: runs-on: ubuntu-22.04 steps: - - uses: dessant/support-requests@v3 + - uses: dessant/support-requests@v4 with: github-token: ${{ github.token }} support-label: "support" From e52b81006a869eac0e18ba31e5abebdf4d3b0c11 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 4 Dec 2023 05:13:11 +0000 Subject: [PATCH 09/88] Patch known vulnerability in network-tools --- images/network-tools/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/network-tools/Dockerfile b/images/network-tools/Dockerfile index bfe4aae199..de4ecf5bcb 100644 --- a/images/network-tools/Dockerfile +++ b/images/network-tools/Dockerfile @@ -1,5 +1,5 @@ FROM alpine:3 -# VULN_SCAN_TIME=2023-06-19_05:12:47 +# VULN_SCAN_TIME=2023-12-04_05:13:09 RUN apk add --no-cache iptables From c191feebf9560c907649fccd04a6e4eb791a1c09 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 4 Dec 2023 05:13:19 +0000 Subject: [PATCH 10/88] Patch known vulnerability in secret-sync --- images/secret-sync/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/secret-sync/Dockerfile b/images/secret-sync/Dockerfile index 09f8398867..38d0ee52c9 100644 --- a/images/secret-sync/Dockerfile +++ b/images/secret-sync/Dockerfile @@ -1,6 +1,6 @@ FROM python:3.11-alpine -# VULN_SCAN_TIME=2023-11-06_05:12:59 +# VULN_SCAN_TIME=2023-12-04_05:13:17 # Note that we use tini-static, it embeds dependencies missing in alpine RUN ARCH=`uname -m`; \ From 406a5632c7f5cb2e0b125cf88c65ab303671c01b Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 4 Dec 2023 05:14:00 +0000 Subject: [PATCH 11/88] Patch known vulnerability in hub --- images/hub/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/Dockerfile b/images/hub/Dockerfile index 7b9376c75c..d1f30e00b3 100644 --- a/images/hub/Dockerfile +++ b/images/hub/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2023-10-16_05:13:59 +# VULN_SCAN_TIME=2023-12-04_05:13:59 # The build stage From a0e48deea44accc4905e782b056673f30d07c9e2 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 4 Dec 2023 05:14:07 +0000 Subject: [PATCH 12/88] Patch known vulnerability in singleuser-sample --- images/singleuser-sample/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/Dockerfile b/images/singleuser-sample/Dockerfile index 9c7e73850c..74d67067b6 100644 --- a/images/singleuser-sample/Dockerfile +++ b/images/singleuser-sample/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2023-10-16_05:14:00 +# VULN_SCAN_TIME=2023-12-04_05:14:05 # The build stage From d8725bbec3f230bf0fcb29ae8fd05115836956fb Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Tue, 5 Dec 2023 05:09:39 +0000 Subject: [PATCH 13/88] Update library/traefik version from v2.10.5 to v2.10.6 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 4f361470d8..51d4eb7bb8 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -258,7 +258,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v2.10.5" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v2.10.6" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: From a6a5b8c6f551e875c2d07ef867805b8b05c6955b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Dec 2023 18:38:55 +0000 Subject: [PATCH 14/88] build(deps): bump jupyter-server in /images/singleuser-sample Bumps [jupyter-server](https://github.com/jupyter-server/jupyter_server) from 2.10.1 to 2.11.2. - [Release notes](https://github.com/jupyter-server/jupyter_server/releases) - [Changelog](https://github.com/jupyter-server/jupyter_server/blob/main/CHANGELOG.md) - [Commits](https://github.com/jupyter-server/jupyter_server/compare/v2.10.1...v2.11.2) --- updated-dependencies: - dependency-name: jupyter-server dependency-type: indirect ... Signed-off-by: dependabot[bot] --- images/singleuser-sample/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index efbd361c7d..bfa9939acf 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -117,7 +117,7 @@ jupyter-events==0.9.0 # via jupyter-server jupyter-lsp==2.2.1 # via jupyterlab -jupyter-server==2.10.1 +jupyter-server==2.11.2 # via # jupyter-lsp # jupyterlab From ec928a750a148af335e847c163dcdcaaca29f390 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 6 Dec 2023 12:47:00 +0000 Subject: [PATCH 15/88] Patch known vulnerability in singleuser-sample --- images/singleuser-sample/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/Dockerfile b/images/singleuser-sample/Dockerfile index 74d67067b6..4aeb136412 100644 --- a/images/singleuser-sample/Dockerfile +++ b/images/singleuser-sample/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2023-12-04_05:14:05 +# VULN_SCAN_TIME=2023-12-06_12:46:58 # The build stage From 5a982c873074c587bbe45bf5e4f11dd9ee150c07 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 6 Dec 2023 12:50:23 +0000 Subject: [PATCH 16/88] build(deps): bump cryptography in /images/singleuser-sample Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.5 to 41.0.6. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/41.0.5...41.0.6) --- updated-dependencies: - dependency-name: cryptography dependency-type: indirect ... Signed-off-by: dependabot[bot] --- images/singleuser-sample/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index bfa9939acf..626c20c174 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -44,7 +44,7 @@ charset-normalizer==3.3.2 # via requests comm==0.2.0 # via ipykernel -cryptography==41.0.5 +cryptography==41.0.6 # via pyopenssl debugpy==1.8.0 # via ipykernel From 7ff50bc2b1bc26faa9bb37a1aa282666d001b3cb Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 7 Dec 2023 05:09:56 +0000 Subject: [PATCH 17/88] Update library/traefik version from v2.10.6 to v2.10.7 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 51d4eb7bb8..bd15296607 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -258,7 +258,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v2.10.6" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v2.10.7" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: From 7ee57520dc6595fc3c4a94f30ee3a80a8b3d86e4 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 21 Dec 2023 05:09:32 +0000 Subject: [PATCH 18/88] Update kube-scheduler version from v1.26.11 to v1.26.12 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index bd15296607..e29a15134c 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -519,7 +519,7 @@ scheduling: # here. We aim to stay around 1 minor version behind the latest k8s # version. # - tag: "v1.26.11" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG + tag: "v1.26.12" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG pullPolicy: pullSecrets: [] nodeSelector: {} From 7fcc42df9e3f56a08ba5e53ccfb21720da4437cf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jan 2024 05:20:03 +0000 Subject: [PATCH 19/88] build(deps): bump actions/setup-python from 4 to 5 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/publish.yml | 2 +- .github/workflows/test-chart.yaml | 8 ++++---- .github/workflows/test-docker-build.yaml | 2 +- .github/workflows/test-docs.yaml | 2 +- .github/workflows/vuln-scan.yaml | 2 +- .github/workflows/watch-dependencies.yaml | 2 +- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 2fb2b73f54..0859daaf25 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -42,7 +42,7 @@ jobs: # correctly fetch-depth: 0 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: "3.11" diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index 8b489f1201..e85850dd30 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -31,7 +31,7 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: "3.11" @@ -45,7 +45,7 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: "3.11" @@ -78,7 +78,7 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: "3.11" @@ -230,7 +230,7 @@ jobs: traefik-enabled: false docker-enabled: true - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: "3.11" diff --git a/.github/workflows/test-docker-build.yaml b/.github/workflows/test-docker-build.yaml index 366dfdfe19..b8001b1bf2 100644 --- a/.github/workflows/test-docker-build.yaml +++ b/.github/workflows/test-docker-build.yaml @@ -37,7 +37,7 @@ jobs: # correctly fetch-depth: 0 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: "3.11" diff --git a/.github/workflows/test-docs.yaml b/.github/workflows/test-docs.yaml index 4986b5d065..b5e5662a73 100644 --- a/.github/workflows/test-docs.yaml +++ b/.github/workflows/test-docs.yaml @@ -32,7 +32,7 @@ jobs: # chartpress, used by docs/conf.py, requires git history to set # chart version and image tags correctly fetch-depth: 0 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: "3.11" diff --git a/.github/workflows/vuln-scan.yaml b/.github/workflows/vuln-scan.yaml index f4c2aeca32..54a5e313ef 100644 --- a/.github/workflows/vuln-scan.yaml +++ b/.github/workflows/vuln-scan.yaml @@ -57,7 +57,7 @@ jobs: # correctly fetch-depth: 0 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: "3.11" diff --git a/.github/workflows/watch-dependencies.yaml b/.github/workflows/watch-dependencies.yaml index 635acc360c..8a7057b3e5 100644 --- a/.github/workflows/watch-dependencies.yaml +++ b/.github/workflows/watch-dependencies.yaml @@ -135,7 +135,7 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: "3.11" From a1ab3450e7e7f595b418a1132099ccb3f5f91a94 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jan 2024 05:20:09 +0000 Subject: [PATCH 20/88] build(deps): bump aquasecurity/trivy-action from 0.14.0 to 0.16.0 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.14.0 to 0.16.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/2b6a709cf9c4025c5438138008beaddbb02086f0...91713af97dc80187565512baba96e4364e983601) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/vuln-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/vuln-scan.yaml b/.github/workflows/vuln-scan.yaml index f4c2aeca32..eb23599105 100644 --- a/.github/workflows/vuln-scan.yaml +++ b/.github/workflows/vuln-scan.yaml @@ -87,7 +87,7 @@ jobs: # Action reference: https://github.com/aquasecurity/trivy-action - name: Scan latest published image id: scan_1 - uses: aquasecurity/trivy-action@2b6a709cf9c4025c5438138008beaddbb02086f0 + uses: aquasecurity/trivy-action@91713af97dc80187565512baba96e4364e983601 with: image-ref: ${{ steps.image.outputs.spec }} format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -112,7 +112,7 @@ jobs: - name: Scan rebuilt image id: scan_2 if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@2b6a709cf9c4025c5438138008beaddbb02086f0 + uses: aquasecurity/trivy-action@91713af97dc80187565512baba96e4364e983601 with: image-ref: rebuilt-image format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -171,7 +171,7 @@ jobs: - name: Describe vulnerabilities if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@2b6a709cf9c4025c5438138008beaddbb02086f0 + uses: aquasecurity/trivy-action@91713af97dc80187565512baba96e4364e983601 with: image-ref: rebuilt-image format: table From 6cd5b091df461d81f79630acbaaa9ac908876687 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jan 2024 05:20:15 +0000 Subject: [PATCH 21/88] build(deps): bump actions/upload-artifact from 3 to 4 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 2fb2b73f54..da404c6d0f 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -144,7 +144,7 @@ jobs: run: helm package jupyterhub # ref: https://github.com/actions/upload-artifact - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 if: steps.publishing.outputs.publishing == '' with: name: jupyterhub-${{ github.sha }} From a88818e971ee9fe3924e9907d917722703a5fa58 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 1 Jan 2024 20:23:00 +0000 Subject: [PATCH 22/88] [pre-commit.ci] pre-commit autoupdate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/psf/black: 23.10.1 → 23.12.1](https://github.com/psf/black/compare/23.10.1...23.12.1) - [github.com/pycqa/isort: 5.12.0 → 5.13.2](https://github.com/pycqa/isort/compare/5.12.0...5.13.2) - [github.com/pre-commit/mirrors-prettier: v3.0.3 → v4.0.0-alpha.8](https://github.com/pre-commit/mirrors-prettier/compare/v3.0.3...v4.0.0-alpha.8) - [github.com/gruntwork-io/pre-commit: v0.1.22 → v0.1.23](https://github.com/gruntwork-io/pre-commit/compare/v0.1.22...v0.1.23) --- .pre-commit-config.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index f4c3222be2..f9b4447a86 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -29,7 +29,7 @@ repos: # Autoformat: Python code - repo: https://github.com/psf/black - rev: 23.10.1 + rev: 23.12.1 hooks: - id: black args: @@ -41,7 +41,7 @@ repos: # Autoformat: Python code - repo: https://github.com/pycqa/isort - rev: 5.12.0 + rev: 5.13.2 hooks: - id: isort args: @@ -55,7 +55,7 @@ repos: # Autoformat: markdown, yaml (but not helm templates) - repo: https://github.com/pre-commit/mirrors-prettier - rev: v3.0.3 + rev: v4.0.0-alpha.8 hooks: - id: prettier @@ -72,7 +72,7 @@ repos: - id: flake8 - repo: https://github.com/gruntwork-io/pre-commit - rev: v0.1.22 + rev: v0.1.23 hooks: # This requires shellcheck to be installed manually so is disabled by default - id: shellcheck From 2c582f3fb38c07d2d213cff6d33655f4c8fb7f85 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 3 Jan 2024 07:06:27 +0000 Subject: [PATCH 23/88] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 28 ++++++------ images/singleuser-sample/requirements.txt | 54 +++++++++++------------ 2 files changed, 41 insertions(+), 41 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 6dffea6cf2..e738672e05 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -8,16 +8,16 @@ aiohttp==3.9.1 # via kubernetes-asyncio aiosignal==1.3.1 # via aiohttp -alembic==1.12.1 +alembic==1.13.1 # via jupyterhub async-generator==1.10 # via jupyterhub -attrs==23.1.0 +attrs==23.2.0 # via # aiohttp # jsonschema # referencing -bcrypt==4.0.1 +bcrypt==4.1.2 # via # jupyterhub-firstuseauthenticator # jupyterhub-nativeauthenticator @@ -31,7 +31,7 @@ cffi==1.16.0 # via cryptography charset-normalizer==3.3.2 # via requests -cryptography==41.0.6 +cryptography==41.0.7 # via # pyjwt # pyopenssl @@ -39,11 +39,11 @@ escapism==1.0.1 # via # jupyterhub-kubespawner # jupyterhub-ltiauthenticator -frozenlist==1.4.0 +frozenlist==1.4.1 # via # aiohttp # aiosignal -greenlet==3.0.1 +greenlet==3.0.3 # via sqlalchemy idna==3.6 # via @@ -57,7 +57,7 @@ jsonschema==4.20.0 # via # jupyter-telemetry # oauthenticator -jsonschema-specifications==2023.11.1 +jsonschema-specifications==2023.12.1 # via jsonschema jupyter-telemetry==0.1.0 # via jupyterhub @@ -151,7 +151,7 @@ pyyaml==6.0.1 # via # jupyterhub-kubespawner # kubernetes-asyncio -referencing==0.31.0 +referencing==0.32.0 # via # jsonschema # jsonschema-specifications @@ -163,7 +163,7 @@ requests==2.31.0 # requests-oauthlib requests-oauthlib==1.3.1 # via mwoauth -rpds-py==0.13.1 +rpds-py==0.16.2 # via # jsonschema # referencing @@ -178,7 +178,7 @@ six==1.16.0 # kubernetes-asyncio # onetimepass # python-dateutil -sqlalchemy==2.0.23 +sqlalchemy==2.0.25 # via # alembic # jupyterhub @@ -189,13 +189,13 @@ statsd==4.0.1 # via -r requirements.in text-unidecode==1.3 # via python-slugify -tornado==6.3.3 +tornado==6.4 # via # jupyterhub # jupyterhub-idle-culler # jupyterhub-ldapauthenticator # oauthenticator -traitlets==5.13.0 +traitlets==5.14.1 # via # jupyter-telemetry # jupyterhub @@ -203,7 +203,7 @@ traitlets==5.13.0 # jupyterhub-ldapauthenticator # jupyterhub-ltiauthenticator # oauthenticator -typing-extensions==4.8.0 +typing-extensions==4.9.0 # via # alembic # sqlalchemy @@ -212,7 +212,7 @@ urllib3==2.1.0 # jupyterhub-kubespawner # kubernetes-asyncio # requests -yarl==1.9.3 +yarl==1.9.4 # via aiohttp # The following packages are considered to be unsafe in a requirements file: diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 626c20c174..907bc9b25d 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -4,9 +4,9 @@ # # Use the "Run workflow" button at https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml # -alembic==1.12.1 +alembic==1.13.1 # via jupyterhub -anyio==4.1.0 +anyio==4.2.0 # via jupyter-server argon2-cffi==23.1.0 # via @@ -22,11 +22,11 @@ async-generator==1.10 # via jupyterhub async-lru==2.0.4 # via jupyterlab -attrs==23.1.0 +attrs==23.2.0 # via # jsonschema # referencing -babel==2.13.1 +babel==2.14.0 # via jupyterlab-server beautifulsoup4==4.12.2 # via nbconvert @@ -42,9 +42,9 @@ cffi==1.16.0 # cryptography charset-normalizer==3.3.2 # via requests -comm==0.2.0 +comm==0.2.1 # via ipykernel -cryptography==41.0.6 +cryptography==41.0.7 # via pyopenssl debugpy==1.8.0 # via ipykernel @@ -54,22 +54,22 @@ defusedxml==0.7.1 # via nbconvert executing==2.0.1 # via stack-data -fastjsonschema==2.19.0 +fastjsonschema==2.19.1 # via nbformat fqdn==1.5.1 # via jsonschema -greenlet==3.0.1 +greenlet==3.0.3 # via sqlalchemy idna==3.6 # via # anyio # jsonschema # requests -ipykernel==6.26.0 +ipykernel==6.28.0 # via # jupyterlab # nbclassic -ipython==8.18.1 +ipython==8.19.0 # via ipykernel ipython-genutils==0.2.0 # via nbclassic @@ -95,7 +95,7 @@ jsonschema[format-nongpl]==4.20.0 # jupyter-telemetry # jupyterlab-server # nbformat -jsonschema-specifications==2023.11.1 +jsonschema-specifications==2023.12.1 # via jsonschema jupyter-client==8.6.0 # via @@ -103,7 +103,7 @@ jupyter-client==8.6.0 # jupyter-server # nbclassic # nbclient -jupyter-core==5.5.0 +jupyter-core==5.6.1 # via # ipykernel # jupyter-client @@ -117,7 +117,7 @@ jupyter-events==0.9.0 # via jupyter-server jupyter-lsp==2.2.1 # via jupyterlab -jupyter-server==2.11.2 +jupyter-server==2.12.1 # via # jupyter-lsp # jupyterlab @@ -125,13 +125,13 @@ jupyter-server==2.11.2 # nbclassic # nbgitpuller # notebook-shim -jupyter-server-terminals==0.4.4 +jupyter-server-terminals==0.5.1 # via jupyter-server jupyter-telemetry==0.1.0 # via jupyterhub jupyterhub==4.0.2 # via -r requirements.in -jupyterlab==4.0.9 +jupyterlab==4.0.10 # via -r requirements.in jupyterlab-pygments==0.3.0 # via nbconvert @@ -154,7 +154,7 @@ nbclassic==1.0.0 # via -r requirements.in nbclient==0.9.0 # via nbconvert -nbconvert==7.11.0 +nbconvert==7.14.0 # via # jupyter-server # nbclassic @@ -194,16 +194,16 @@ parso==0.8.3 # via jedi pexpect==4.9.0 # via ipython -platformdirs==4.0.0 +platformdirs==4.1.0 # via jupyter-core prometheus-client==0.19.0 # via # jupyter-server # jupyterhub # nbclassic -prompt-toolkit==3.0.41 +prompt-toolkit==3.0.43 # via ipython -psutil==5.9.6 +psutil==5.9.7 # via ipykernel ptyprocess==0.7.0 # via @@ -230,13 +230,13 @@ python-json-logger==2.0.7 # jupyter-telemetry pyyaml==6.0.1 # via jupyter-events -pyzmq==25.1.1 +pyzmq==25.1.2 # via # ipykernel # jupyter-client # jupyter-server # nbclassic -referencing==0.31.0 +referencing==0.32.0 # via # jsonschema # jsonschema-specifications @@ -253,7 +253,7 @@ rfc3986-validator==0.1.1 # via # jsonschema # jupyter-events -rpds-py==0.13.1 +rpds-py==0.16.2 # via # jsonschema # referencing @@ -275,7 +275,7 @@ sniffio==1.3.0 # via anyio soupsieve==2.5 # via beautifulsoup4 -sqlalchemy==2.0.23 +sqlalchemy==2.0.25 # via # alembic # jupyterhub @@ -288,7 +288,7 @@ terminado==0.18.0 # nbclassic tinycss2==1.2.1 # via nbconvert -tornado==6.3.3 +tornado==6.4 # via # ipykernel # jupyter-client @@ -298,7 +298,7 @@ tornado==6.3.3 # nbclassic # nbgitpuller # terminado -traitlets==5.13.0 +traitlets==5.14.1 # via # comm # ipykernel @@ -317,7 +317,7 @@ traitlets==5.13.0 # nbformat types-python-dateutil==2.8.19.14 # via arrow -typing-extensions==4.8.0 +typing-extensions==4.9.0 # via # alembic # sqlalchemy @@ -333,5 +333,5 @@ webencodings==0.5.1 # via # bleach # tinycss2 -websocket-client==1.6.4 +websocket-client==1.7.0 # via jupyter-server From 45917cc2045287922974c2db9a21aea57d8a3c00 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 9 Jan 2024 14:37:52 +0100 Subject: [PATCH 24/88] ci: update circleci workflow for arm64, test with latest k3s --- .circleci/config.yml | 65 +++++++++++++++++++++++++------------------- 1 file changed, 37 insertions(+), 28 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index a664182417..d0914df3de 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,62 +1,60 @@ +# We use CircleCI to run a basic test for arm64. +# +# To reduce the complexity, we let this test verify our built images works with +# arm64, but doesn't test the acquisition of HTTPS certificates (because it +# requires a ACME server) or enforcement of the chart's NetworkPolicy resources +# (because it requires Calico or similar to do it robustly). +# version: 2.1 orbs: - python: circleci/python@0.2.1 + python: circleci/python@2.1.1 jobs: - # Testing on ARM64 - # https://circleci.com/docs/2.0/arm-resources/#using-arm-resources + # Testing on arm64 + # https://circleci.com/docs/using-arm/#using-arm-resources test-arm: machine: - image: ubuntu-2004:2022.04.1 + image: ubuntu-2204:current resource_class: arm.medium steps: - checkout + # The k3s setup should be kept similar to how we do it in + # https://github.com/jupyterhub/action-k3s-helm. - run: - command: uname -a - name: Check architecture - - - run: - # NOTE: we can't use k3s 1.24 and --docker unless we also install for - # example cri-dockerd as done in - # https://github.com/jupyterhub/action-k3s-helm. - # - # NOTE: we declare --egress-selector-mode=disabled to workaround - # intermittent issues in k3s introduced as a regression in k3s - # 1.22.10, 1.23.7, and 1.24.0. This is tracked in - # https://github.com/k3s-io/k3s/issues/5633. - # + name: Setup k3s command: >- curl -sfL https://get.k3s.io | - INSTALL_K3S_CHANNEL=v1.23 sh -s - + INSTALL_K3S_CHANNEL=latest sh -s - --disable metrics-server --disable traefik + --disable-network-policy --docker --egress-selector-mode=disabled - name: Install K3S - run: + name: Prepare a kubeconfig in ~/.kube/config command: | mkdir -p ~/.kube sudo cat /etc/rancher/k3s/k3s.yaml > "$HOME/.kube/config" chmod 600 "$HOME/.kube/config" - name: Prepare a kubeconfig in ~/.kube/config - run: + name: Install dependencies command: | . ci/common setup_helm pip3 install --no-cache-dir -r dev-requirements.txt - name: Install dependencies - run: + name: Run chartpress command: | export DOCKER_BUILDKIT=1 chartpress - name: Run chartpress - run: + name: Install local chart command: | export KUBECONFIG="$HOME/.kube/config" helm upgrade --install jupyterhub ./jupyterhub \ @@ -64,9 +62,9 @@ jobs: --values dev-config.yaml \ --values dev-config-arm.yaml \ --values dev-config-local-chart-extra-config.yaml - name: Install local chart - run: + name: Run tests command: | export KUBECONFIG="$HOME/.kube/config" export HUB_URL=http://localhost:30080 @@ -80,19 +78,30 @@ jobs: kubectl describe {} && \ kubectl logs --all-containers {} && \ echo --------------------------------" - name: Run tests - run: - name: k8s namespace report + name: k3s.service status when: on_fail command: | - export KUBECONFIG="$HOME/.kube/config" - wget https://raw.githubusercontent.com/jupyterhub/action-k8s-namespace-report/v1.1.0/k8s-namespace-report - bash k8s-namespace-report + systemctl status --no-pager --full k3s.service || true + + - run: + name: k3s.service logs + when: on_fail + command: | + journalctl --no-pager -xu k3s.service + + - run: + name: k8s namespace report + when: on_fail environment: NAMESPACE: "" POD_SELECTOR: "" IMPORTANT_WORKLOADS: "" + command: | + export KUBECONFIG="$HOME/.kube/config" + wget https://raw.githubusercontent.com/jupyterhub/action-k8s-namespace-report/v1.1.0/k8s-namespace-report + bash k8s-namespace-report workflows: main: From b503bcac9c2397f280c64e63a6e14335e3a86c8b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 11 Jan 2024 19:49:31 +0000 Subject: [PATCH 25/88] build(deps): bump jinja2 from 3.1.2 to 3.1.3 in /images/hub Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/jinja/compare/3.1.2...3.1.3) --- updated-dependencies: - dependency-name: jinja2 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- images/hub/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index e738672e05..94bf5c89c2 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -49,7 +49,7 @@ idna==3.6 # via # requests # yarl -jinja2==3.1.2 +jinja2==3.1.3 # via # jupyterhub # jupyterhub-kubespawner From ca50d805d57e4dd955bea61618541f5156d75fe1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 11 Jan 2024 20:04:06 +0000 Subject: [PATCH 26/88] build(deps): bump jinja2 in /images/singleuser-sample Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/jinja/compare/3.1.2...3.1.3) --- updated-dependencies: - dependency-name: jinja2 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- images/singleuser-sample/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 907bc9b25d..4e11ac1f28 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -77,7 +77,7 @@ isoduration==20.11.0 # via jsonschema jedi==0.19.1 # via ipython -jinja2==3.1.2 +jinja2==3.1.3 # via # jupyter-server # jupyterhub From ec8e3e8712bbfc7fad6db9b2779f74adf24ab504 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 9 Jan 2024 13:32:28 +0100 Subject: [PATCH 27/88] user-scheduler: update to use kube-scheduler 1.28, from 1.26 --- .github/workflows/test-chart.yaml | 6 ++--- jupyterhub/Chart.yaml | 2 +- .../scheduling/user-scheduler/configmap.yaml | 14 +---------- .../scheduling/user-scheduler/deployment.yaml | 10 -------- .../scheduling/user-scheduler/rbac.yaml | 24 +++++-------------- jupyterhub/values.yaml | 6 ++--- 6 files changed, 14 insertions(+), 48 deletions(-) diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index e85850dd30..21742620d4 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -160,7 +160,7 @@ jobs: # information from # https://hub.jupyter.org/helm-chart/info.json # - - k3s-channel: v1.25 + - k3s-channel: v1.26 test: upgrade upgrade-from: stable upgrade-from-extra-args: >- @@ -173,7 +173,7 @@ jobs: --set hub.db.type=sqlite-pvc --set singleuser.storage.type=dynamic create-k8s-test-resources: true - - k3s-channel: v1.24 + - k3s-channel: v1.25 test: upgrade upgrade-from: dev upgrade-from-extra-args: >- @@ -183,7 +183,7 @@ jobs: local-chart-extra-args: >- --set hub.db.type=sqlite-pvc --set singleuser.storage.type=dynamic - - k3s-channel: v1.23 + - k3s-channel: v1.24 test: upgrade # We're testing hub.db.upgrade with PostgreSQL so this version must be old # enough to require a DB upgrade diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index 4e3180edde..e481b4f224 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -8,7 +8,7 @@ keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org sources: [https://github.com/jupyterhub/zero-to-jupyterhub-k8s] icon: https://hub.jupyter.org/helm-chart/images/hublogo.svg -kubeVersion: ">=1.23.0-0" +kubeVersion: ">=1.24.0-0" maintainers: # Since it is a requirement of Artifact Hub to have specific maintainers # listed, we have added some below, but in practice the entire JupyterHub team diff --git a/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml b/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml index 0f142b01ff..a96acb8cb1 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml @@ -10,26 +10,14 @@ data: This is configuration of a k8s official kube-scheduler binary running in the user-scheduler. - The config version and kube-scheduler binary version has a fallback for k8s - clusters versioned v1.23 or lower because: - - - v1 / v1beta3 config requires kube-scheduler binary >=1.25 / >=1.23 - - kube-scheduler binary >=1.25 requires storage.k8s.io/v1/CSIStorageCapacity - available first in k8s >=1.24 - ref: https://kubernetes.io/docs/reference/scheduling/config/ ref: https://kubernetes.io/docs/reference/config-api/kube-scheduler-config.v1/ - ref: https://kubernetes.io/docs/reference/config-api/kube-scheduler-config.v1beta3/ */}} config.yaml: | - {{- if semverCompare ">=1.24.0-0" .Capabilities.KubeVersion.Version }} apiVersion: kubescheduler.config.k8s.io/v1 - {{- else }} - apiVersion: kubescheduler.config.k8s.io/v1beta3 - {{- end }} kind: KubeSchedulerConfiguration leaderElection: - resourceLock: endpointsleases + resourceLock: leases resourceName: {{ include "jupyterhub.user-scheduler-lock.fullname" . }} resourceNamespace: "{{ .Release.Namespace }}" profiles: diff --git a/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml b/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml index 5baf4f4e8d..b021c17de8 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml @@ -50,17 +50,7 @@ spec: {{- end }} containers: - name: kube-scheduler - {{- if semverCompare ">=1.24.0-0" .Capabilities.KubeVersion.Version }} image: {{ .Values.scheduling.userScheduler.image.name }}:{{ .Values.scheduling.userScheduler.image.tag }} - {{- else }} - # WARNING: The tag of this image is hardcoded, and the - # "scheduling.userScheduler.image.tag" configuration of the - # Helm chart that generated this resource manifest isn't - # respected. If you install the Helm chart in a k8s cluster - # versioned 1.24 or higher, your configuration will be - # respected. - image: {{ .Values.scheduling.userScheduler.image.name }}:v1.23.14 - {{- end }} {{- with .Values.scheduling.userScheduler.image.pullPolicy }} imagePullPolicy: {{ . }} {{- end }} diff --git a/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml b/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml index 7e188c742d..52cd7a1c85 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml @@ -20,8 +20,11 @@ rules: # - changed in 1.21: get/list/watch permission for namespace, # csidrivers, csistoragecapacities was added. # - unchanged between 1.22 and 1.27 + # - changed in 1.28: permissions to get/update lock endpoint resource + # removed + # - unchanged between 1.28 and 1.29 # - # ref: https://github.com/kubernetes/kubernetes/blob/v1.27.0/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml#L736-L892 + # ref: https://github.com/kubernetes/kubernetes/blob/v1.29.0/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml#L721-L862 - apiGroups: - "" - events.k8s.io @@ -46,21 +49,6 @@ rules: verbs: - get - update - - apiGroups: - - "" - resources: - - endpoints - verbs: - - create - - apiGroups: - - "" - resourceNames: - - {{ include "jupyterhub.user-scheduler-lock.fullname" . }} - resources: - - endpoints - verbs: - - get - - update - apiGroups: - "" resources: @@ -183,9 +171,9 @@ rules: # Copied from the system:volume-scheduler ClusterRole of the k8s version # matching the kube-scheduler binary we use. # - # NOTE: These rules have not changed between 1.12 and 1.27. + # NOTE: These rules have not changed between 1.12 and 1.29. # - # ref: https://github.com/kubernetes/kubernetes/blob/v1.27.0/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml#L1311-L1338 + # ref: https://github.com/kubernetes/kubernetes/blob/v1.29.0/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml#L1283-L1310 - apiGroups: - "" resources: diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index e29a15134c..173eb46848 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -485,8 +485,8 @@ scheduling: allowPrivilegeEscalation: false image: # IMPORTANT: Bumping the minor version of this binary should go hand in - # hand with an inspection of the user-scheduelrs RBAC resources - # that we have forked in + # hand with an inspection of the user-scheduelr's RBAC + # resources that we have forked in # templates/scheduling/user-scheduler/rbac.yaml. # # Debugging advice: @@ -519,7 +519,7 @@ scheduling: # here. We aim to stay around 1 minor version behind the latest k8s # version. # - tag: "v1.26.12" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG + tag: "v1.28.5" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG pullPolicy: pullSecrets: [] nodeSelector: {} From 96df159cb3daa8297cdd34d0b03d284e38c55504 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 15 Jan 2024 05:13:38 +0000 Subject: [PATCH 28/88] Patch known vulnerability in network-tools --- images/network-tools/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/network-tools/Dockerfile b/images/network-tools/Dockerfile index de4ecf5bcb..040146aa7a 100644 --- a/images/network-tools/Dockerfile +++ b/images/network-tools/Dockerfile @@ -1,5 +1,5 @@ FROM alpine:3 -# VULN_SCAN_TIME=2023-12-04_05:13:09 +# VULN_SCAN_TIME=2024-01-15_05:13:37 RUN apk add --no-cache iptables From b1b09d35bd213903da4381a6581ab01211ec84d6 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 15 Jan 2024 05:13:51 +0000 Subject: [PATCH 29/88] Patch known vulnerability in secret-sync --- images/secret-sync/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/secret-sync/Dockerfile b/images/secret-sync/Dockerfile index 38d0ee52c9..0017cfad23 100644 --- a/images/secret-sync/Dockerfile +++ b/images/secret-sync/Dockerfile @@ -1,6 +1,6 @@ FROM python:3.11-alpine -# VULN_SCAN_TIME=2023-12-04_05:13:17 +# VULN_SCAN_TIME=2024-01-15_05:13:49 # Note that we use tini-static, it embeds dependencies missing in alpine RUN ARCH=`uname -m`; \ From d87893371f0c3e2e5e259c894a942c26b88095e3 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 17 Jan 2024 13:18:12 +0100 Subject: [PATCH 30/88] Require k8s 1.25+ --- .github/workflows/test-chart.yaml | 10 +++++----- docs/source/changelog.md | 2 ++ jupyterhub/Chart.yaml | 2 +- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index 21742620d4..a48cb408a4 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -137,7 +137,7 @@ jobs: --set hub.image.name=quay.io/jupyterhub/k8s-hub-slim --set prePuller.hook.enabled=true --set prePuller.hook.pullOnlyOnChanges=true - - k3s-channel: v1.26 # also test hub.existingSecret + - k3s-channel: v1.28 # also test hub.existingSecret test: install local-chart-extra-args: >- --set hub.existingSecret=test-hub-existing-secret @@ -160,7 +160,7 @@ jobs: # information from # https://hub.jupyter.org/helm-chart/info.json # - - k3s-channel: v1.26 + - k3s-channel: v1.27 test: upgrade upgrade-from: stable upgrade-from-extra-args: >- @@ -173,7 +173,7 @@ jobs: --set hub.db.type=sqlite-pvc --set singleuser.storage.type=dynamic create-k8s-test-resources: true - - k3s-channel: v1.25 + - k3s-channel: v1.26 test: upgrade upgrade-from: dev upgrade-from-extra-args: >- @@ -183,7 +183,7 @@ jobs: local-chart-extra-args: >- --set hub.db.type=sqlite-pvc --set singleuser.storage.type=dynamic - - k3s-channel: v1.24 + - k3s-channel: v1.25 test: upgrade # We're testing hub.db.upgrade with PostgreSQL so this version must be old # enough to require a DB upgrade @@ -223,7 +223,7 @@ jobs: # kubectl and helm # # ref: https://github.com/jupyterhub/action-k3s-helm/ - - uses: jupyterhub/action-k3s-helm@v3 + - uses: jupyterhub/action-k3s-helm@v4 with: k3s-channel: ${{ matrix.k3s-channel }} metrics-enabled: false diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 2a7fc07d23..5f4079fcbd 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -12,6 +12,8 @@ changes in pull requests], this list should be updated. [development releases]: https://hub.jupyter.org/helm-chart/#development-releases-jupyterhub [breaking changes in pull requests]: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pulls?q=is%3Apr+is%3Aclosed+label%3Abreaking +- K8s 1.25 is now required. + ## 3.2 ### 3.2.1 - 2023-11-27 diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index e481b4f224..a2de7ae90f 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -8,7 +8,7 @@ keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org sources: [https://github.com/jupyterhub/zero-to-jupyterhub-k8s] icon: https://hub.jupyter.org/helm-chart/images/hublogo.svg -kubeVersion: ">=1.24.0-0" +kubeVersion: ">=1.25.0-0" maintainers: # Since it is a requirement of Artifact Hub to have specific maintainers # listed, we have added some below, but in practice the entire JupyterHub team From 22a342bbce217bb17d95ea0b55554c28d91fdee6 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 17 Jan 2024 13:30:20 +0100 Subject: [PATCH 31/88] docs: fix storageclass link's anchor --- docs/source/jupyterhub/customizing/user-storage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/jupyterhub/customizing/user-storage.md b/docs/source/jupyterhub/customizing/user-storage.md index 100faaf1c4..af10449922 100644 --- a/docs/source/jupyterhub/customizing/user-storage.md +++ b/docs/source/jupyterhub/customizing/user-storage.md @@ -149,7 +149,7 @@ Replace `` with the Zone in which you created your cluster (y this with `gcloud container clusters list`). Next, create this object by running `kubectl apply -f storageclass.yaml` -from the commandline. The [Kubernetes Docs](https://kubernetes.io/docs/concepts/storage/storage-classes#the-storageclass-resource) +from the commandline. The [Kubernetes Docs](https://kubernetes.io/docs/concepts/storage/storage-classes/) have more information on what the various fields mean. The most important field is `parameters.type`, which specifies the type of storage you wish to use. The two options are: From 794ac1a5e586b77ac42df477539da4ee53391c82 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 17 Jan 2024 13:31:59 +0100 Subject: [PATCH 32/88] ci: update kube-scheduler binary's minor version to bump --- .github/workflows/watch-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/watch-dependencies.yaml b/.github/workflows/watch-dependencies.yaml index 8a7057b3e5..5dfd0a0fee 100644 --- a/.github/workflows/watch-dependencies.yaml +++ b/.github/workflows/watch-dependencies.yaml @@ -68,7 +68,7 @@ jobs: registry: registry.k8s.io repository: kube-scheduler values_path: scheduling.userScheduler.image.tag - version_startswith: "v1.26" + version_startswith: "v1.28" version_patch_regexp_group_suffix: "" - name: pause From 5d3ec95e517dad934ec67952407f50f78b09c772 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 17 Jan 2024 12:34:34 +0000 Subject: [PATCH 33/88] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 10 +++++----- images/singleuser-sample/requirements.txt | 22 +++++++++++----------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 94bf5c89c2..ddc4fc40ac 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -53,7 +53,7 @@ jinja2==3.1.3 # via # jupyterhub # jupyterhub-kubespawner -jsonschema==4.20.0 +jsonschema==4.21.0 # via # jupyter-telemetry # oauthenticator @@ -81,7 +81,7 @@ jupyterhub-kubespawner==6.2.0 # via -r requirements.in jupyterhub-ldapauthenticator==1.3.2 # via -r requirements.in -jupyterhub-ltiauthenticator==1.6.1 +jupyterhub-ltiauthenticator==1.6.2 # via -r requirements.in jupyterhub-nativeauthenticator==1.2.0 # via -r requirements.in @@ -151,7 +151,7 @@ pyyaml==6.0.1 # via # jupyterhub-kubespawner # kubernetes-asyncio -referencing==0.32.0 +referencing==0.32.1 # via # jsonschema # jsonschema-specifications @@ -163,7 +163,7 @@ requests==2.31.0 # requests-oauthlib requests-oauthlib==1.3.1 # via mwoauth -rpds-py==0.16.2 +rpds-py==0.17.1 # via # jsonschema # referencing @@ -183,7 +183,7 @@ sqlalchemy==2.0.25 # alembic # jupyterhub # sqlalchemy-cockroachdb -sqlalchemy-cockroachdb==2.0.1 +sqlalchemy-cockroachdb==2.0.2 # via -r requirements.in statsd==4.0.1 # via -r requirements.in diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 4e11ac1f28..7cdf58cab6 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -65,11 +65,11 @@ idna==3.6 # anyio # jsonschema # requests -ipykernel==6.28.0 +ipykernel==6.29.0 # via # jupyterlab # nbclassic -ipython==8.19.0 +ipython==8.20.0 # via ipykernel ipython-genutils==0.2.0 # via nbclassic @@ -89,7 +89,7 @@ json5==0.9.14 # via jupyterlab-server jsonpointer==2.4 # via jsonschema -jsonschema[format-nongpl]==4.20.0 +jsonschema[format-nongpl]==4.21.0 # via # jupyter-events # jupyter-telemetry @@ -103,7 +103,7 @@ jupyter-client==8.6.0 # jupyter-server # nbclassic # nbclient -jupyter-core==5.6.1 +jupyter-core==5.7.1 # via # ipykernel # jupyter-client @@ -117,7 +117,7 @@ jupyter-events==0.9.0 # via jupyter-server jupyter-lsp==2.2.1 # via jupyterlab -jupyter-server==2.12.1 +jupyter-server==2.12.5 # via # jupyter-lsp # jupyterlab @@ -154,7 +154,7 @@ nbclassic==1.0.0 # via -r requirements.in nbclient==0.9.0 # via nbconvert -nbconvert==7.14.0 +nbconvert==7.14.2 # via # jupyter-server # nbclassic @@ -166,7 +166,7 @@ nbformat==5.9.2 # nbconvert nbgitpuller==1.2.0 # via -r requirements.in -nest-asyncio==1.5.8 +nest-asyncio==1.5.9 # via # ipykernel # nbclassic @@ -236,7 +236,7 @@ pyzmq==25.1.2 # jupyter-client # jupyter-server # nbclassic -referencing==0.32.0 +referencing==0.32.1 # via # jsonschema # jsonschema-specifications @@ -253,7 +253,7 @@ rfc3986-validator==0.1.1 # via # jsonschema # jupyter-events -rpds-py==0.16.2 +rpds-py==0.17.1 # via # jsonschema # referencing @@ -315,7 +315,7 @@ traitlets==5.14.1 # nbclient # nbconvert # nbformat -types-python-dateutil==2.8.19.14 +types-python-dateutil==2.8.19.20240106 # via arrow typing-extensions==4.9.0 # via @@ -325,7 +325,7 @@ uri-template==1.3.0 # via jsonschema urllib3==2.1.0 # via requests -wcwidth==0.2.12 +wcwidth==0.2.13 # via prompt-toolkit webcolors==1.13 # via jsonschema From 600031ea9ff1e661f903be5aa5211976df3fcc3e Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 17 Jan 2024 12:44:14 +0000 Subject: [PATCH 34/88] Patch known vulnerability in singleuser-sample --- images/singleuser-sample/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/Dockerfile b/images/singleuser-sample/Dockerfile index 4aeb136412..480d911d74 100644 --- a/images/singleuser-sample/Dockerfile +++ b/images/singleuser-sample/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2023-12-06_12:46:58 +# VULN_SCAN_TIME=2024-01-17_12:44:13 # The build stage From d76c7cedb11a3636caba13a557748576f1247192 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 17 Jan 2024 12:44:20 +0000 Subject: [PATCH 35/88] Patch known vulnerability in hub --- images/hub/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/Dockerfile b/images/hub/Dockerfile index d1f30e00b3..779c5e73c5 100644 --- a/images/hub/Dockerfile +++ b/images/hub/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2023-12-04_05:13:59 +# VULN_SCAN_TIME=2024-01-17_12:44:18 # The build stage From 6abf167911c7fd376da113ba32a4d0be3d52f320 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 18 Jan 2024 05:09:58 +0000 Subject: [PATCH 36/88] Update kube-scheduler version from v1.28.5 to v1.28.6 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 173eb46848..a71fca5b73 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -519,7 +519,7 @@ scheduling: # here. We aim to stay around 1 minor version behind the latest k8s # version. # - tag: "v1.28.5" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG + tag: "v1.28.6" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG pullPolicy: pullSecrets: [] nodeSelector: {} From 831e610f8cb7f534bf2cdfddea671173defa3cad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 18 Jan 2024 16:32:31 +0000 Subject: [PATCH 37/88] build(deps): bump jupyter-lsp in /images/singleuser-sample Bumps [jupyter-lsp](https://github.com/jupyter-lsp/jupyterlab-lsp) from 2.2.1 to 2.2.2. - [Release notes](https://github.com/jupyter-lsp/jupyterlab-lsp/releases) - [Changelog](https://github.com/jupyter-lsp/jupyterlab-lsp/blob/main/CHANGELOG.md) - [Commits](https://github.com/jupyter-lsp/jupyterlab-lsp/commits) --- updated-dependencies: - dependency-name: jupyter-lsp dependency-type: indirect ... Signed-off-by: dependabot[bot] --- images/singleuser-sample/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 7cdf58cab6..3f7a917210 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -115,7 +115,7 @@ jupyter-core==5.7.1 # nbformat jupyter-events==0.9.0 # via jupyter-server -jupyter-lsp==2.2.1 +jupyter-lsp==2.2.2 # via jupyterlab jupyter-server==2.12.5 # via From 56813834fb04f7e2d6b0096874135c3094052c48 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Jan 2024 20:34:17 +0000 Subject: [PATCH 38/88] build(deps): bump jupyterlab in /images/singleuser-sample Bumps [jupyterlab](https://github.com/jupyterlab/jupyterlab) from 4.0.10 to 4.0.11. - [Release notes](https://github.com/jupyterlab/jupyterlab/releases) - [Changelog](https://github.com/jupyterlab/jupyterlab/blob/@jupyterlab/lsp@4.0.11/CHANGELOG.md) - [Commits](https://github.com/jupyterlab/jupyterlab/compare/@jupyterlab/lsp@4.0.10...@jupyterlab/lsp@4.0.11) --- updated-dependencies: - dependency-name: jupyterlab dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- images/singleuser-sample/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 3f7a917210..6dc3b82344 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -131,7 +131,7 @@ jupyter-telemetry==0.1.0 # via jupyterhub jupyterhub==4.0.2 # via -r requirements.in -jupyterlab==4.0.10 +jupyterlab==4.0.11 # via -r requirements.in jupyterlab-pygments==0.3.0 # via nbconvert From cea97c310b665285417eeb63d184e9a74df3f92a Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 29 Jan 2024 05:13:23 +0000 Subject: [PATCH 39/88] Patch known vulnerability in secret-sync --- images/secret-sync/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/secret-sync/Dockerfile b/images/secret-sync/Dockerfile index 0017cfad23..ac5feff21b 100644 --- a/images/secret-sync/Dockerfile +++ b/images/secret-sync/Dockerfile @@ -1,6 +1,6 @@ FROM python:3.11-alpine -# VULN_SCAN_TIME=2024-01-15_05:13:49 +# VULN_SCAN_TIME=2024-01-29_05:13:21 # Note that we use tini-static, it embeds dependencies missing in alpine RUN ARCH=`uname -m`; \ From f14f2f54959e929e836cf0d3c78b61a9db29b3b9 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 29 Jan 2024 05:13:24 +0000 Subject: [PATCH 40/88] Patch known vulnerability in network-tools --- images/network-tools/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/network-tools/Dockerfile b/images/network-tools/Dockerfile index 040146aa7a..a9247cd0f0 100644 --- a/images/network-tools/Dockerfile +++ b/images/network-tools/Dockerfile @@ -1,5 +1,5 @@ FROM alpine:3 -# VULN_SCAN_TIME=2024-01-15_05:13:37 +# VULN_SCAN_TIME=2024-01-29_05:13:22 RUN apk add --no-cache iptables From e072ce42bddc15932686238934e8cb8f71c31676 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Tue, 30 Jan 2024 01:43:35 +0000 Subject: [PATCH 41/88] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 16 ++++++++-------- images/singleuser-sample/requirements.txt | 22 +++++++++++----------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index ddc4fc40ac..845178c876 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -4,7 +4,7 @@ # # Use the "Run workflow" button at https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml # -aiohttp==3.9.1 +aiohttp==3.9.3 # via kubernetes-asyncio aiosignal==1.3.1 # via aiohttp @@ -31,7 +31,7 @@ cffi==1.16.0 # via cryptography charset-normalizer==3.3.2 # via requests -cryptography==41.0.7 +cryptography==42.0.1 # via # pyjwt # pyopenssl @@ -53,7 +53,7 @@ jinja2==3.1.3 # via # jupyterhub # jupyterhub-kubespawner -jsonschema==4.21.0 +jsonschema==4.21.1 # via # jupyter-telemetry # oauthenticator @@ -87,13 +87,13 @@ jupyterhub-nativeauthenticator==1.2.0 # via -r requirements.in jupyterhub-tmpauthenticator==1.0.0 # via -r requirements.in -kubernetes-asyncio==28.2.1 +kubernetes-asyncio==29.0.0 # via jupyterhub-kubespawner ldap3==2.9.1 # via jupyterhub-ldapauthenticator mako==1.3.0 # via alembic -markupsafe==2.1.3 +markupsafe==2.1.4 # via # jinja2 # mako @@ -136,7 +136,7 @@ pyjwt[crypto]==2.8.0 # mwoauth pymysql==1.1.0 # via -r requirements.in -pyopenssl==23.3.0 +pyopenssl==24.0.0 # via certipy python-dateutil==2.8.2 # via @@ -145,13 +145,13 @@ python-dateutil==2.8.2 # kubernetes-asyncio python-json-logger==2.0.7 # via jupyter-telemetry -python-slugify==8.0.1 +python-slugify==8.0.2 # via jupyterhub-kubespawner pyyaml==6.0.1 # via # jupyterhub-kubespawner # kubernetes-asyncio -referencing==0.32.1 +referencing==0.33.0 # via # jsonschema # jsonschema-specifications diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 6dc3b82344..ac6a4fa324 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -28,7 +28,7 @@ attrs==23.2.0 # referencing babel==2.14.0 # via jupyterlab-server -beautifulsoup4==4.12.2 +beautifulsoup4==4.12.3 # via nbconvert bleach==6.1.0 # via nbconvert @@ -44,7 +44,7 @@ charset-normalizer==3.3.2 # via requests comm==0.2.1 # via ipykernel -cryptography==41.0.7 +cryptography==42.0.1 # via pyopenssl debugpy==1.8.0 # via ipykernel @@ -89,7 +89,7 @@ json5==0.9.14 # via jupyterlab-server jsonpointer==2.4 # via jsonschema -jsonschema[format-nongpl]==4.21.0 +jsonschema[format-nongpl]==4.21.1 # via # jupyter-events # jupyter-telemetry @@ -125,7 +125,7 @@ jupyter-server==2.12.5 # nbclassic # nbgitpuller # notebook-shim -jupyter-server-terminals==0.5.1 +jupyter-server-terminals==0.5.2 # via jupyter-server jupyter-telemetry==0.1.0 # via jupyterhub @@ -139,7 +139,7 @@ jupyterlab-server==2.25.2 # via jupyterlab mako==1.3.0 # via alembic -markupsafe==2.1.3 +markupsafe==2.1.4 # via # jinja2 # mako @@ -166,7 +166,7 @@ nbformat==5.9.2 # nbconvert nbgitpuller==1.2.0 # via -r requirements.in -nest-asyncio==1.5.9 +nest-asyncio==1.6.0 # via # ipykernel # nbclassic @@ -176,7 +176,7 @@ notebook-shim==0.2.3 # nbclassic oauthlib==3.2.2 # via jupyterhub -overrides==7.4.0 +overrides==7.7.0 # via jupyter-server packaging==23.2 # via @@ -188,7 +188,7 @@ packaging==23.2 # nbconvert pamela==1.1.0 # via jupyterhub -pandocfilters==1.5.0 +pandocfilters==1.5.1 # via nbconvert parso==0.8.3 # via jedi @@ -203,7 +203,7 @@ prometheus-client==0.19.0 # nbclassic prompt-toolkit==3.0.43 # via ipython -psutil==5.9.7 +psutil==5.9.8 # via ipykernel ptyprocess==0.7.0 # via @@ -217,7 +217,7 @@ pygments==2.17.2 # via # ipython # nbconvert -pyopenssl==23.3.0 +pyopenssl==24.0.0 # via certipy python-dateutil==2.8.2 # via @@ -236,7 +236,7 @@ pyzmq==25.1.2 # jupyter-client # jupyter-server # nbclassic -referencing==0.32.1 +referencing==0.33.0 # via # jsonschema # jsonschema-specifications From ede7511e6ba0caa55cac0072e7d73edf059b90d9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Feb 2024 05:57:56 +0000 Subject: [PATCH 42/88] build(deps): bump aquasecurity/trivy-action from 0.16.0 to 0.16.1 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.16.0 to 0.16.1. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/91713af97dc80187565512baba96e4364e983601...d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/vuln-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/vuln-scan.yaml b/.github/workflows/vuln-scan.yaml index 0232874f9b..fb1050fafb 100644 --- a/.github/workflows/vuln-scan.yaml +++ b/.github/workflows/vuln-scan.yaml @@ -87,7 +87,7 @@ jobs: # Action reference: https://github.com/aquasecurity/trivy-action - name: Scan latest published image id: scan_1 - uses: aquasecurity/trivy-action@91713af97dc80187565512baba96e4364e983601 + uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca with: image-ref: ${{ steps.image.outputs.spec }} format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -112,7 +112,7 @@ jobs: - name: Scan rebuilt image id: scan_2 if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@91713af97dc80187565512baba96e4364e983601 + uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca with: image-ref: rebuilt-image format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -171,7 +171,7 @@ jobs: - name: Describe vulnerabilities if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@91713af97dc80187565512baba96e4364e983601 + uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca with: image-ref: rebuilt-image format: table From bc783a04acf4dcd34580ebb8450ba32c9c0ac6c1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Feb 2024 05:58:00 +0000 Subject: [PATCH 43/88] build(deps): bump peter-evans/create-pull-request from 5 to 6 Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 5 to 6. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/v5...v6) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/vuln-scan.yaml | 2 +- .github/workflows/watch-dependencies.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/vuln-scan.yaml b/.github/workflows/vuln-scan.yaml index 0232874f9b..0a8c134b39 100644 --- a/.github/workflows/vuln-scan.yaml +++ b/.github/workflows/vuln-scan.yaml @@ -205,7 +205,7 @@ jobs: # ref: https://github.com/peter-evans/create-pull-request - name: Create or update a PR if: steps.analyze.outputs.proceed == 'yes' && github.event_name != 'pull_request' - uses: peter-evans/create-pull-request@v5 + uses: peter-evans/create-pull-request@v6 with: token: "${{ secrets.jupyterhub_bot_pat }}" author: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> diff --git a/.github/workflows/watch-dependencies.yaml b/.github/workflows/watch-dependencies.yaml index 5dfd0a0fee..67fb69b9b5 100644 --- a/.github/workflows/watch-dependencies.yaml +++ b/.github/workflows/watch-dependencies.yaml @@ -114,7 +114,7 @@ jobs: # ref: https://github.com/peter-evans/create-pull-request - name: Create a PR if: steps.local.outputs.tag != steps.latest.outputs.tag - uses: peter-evans/create-pull-request@v5 + uses: peter-evans/create-pull-request@v6 with: token: "${{ secrets.jupyterhub_bot_pat }}" author: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> @@ -183,7 +183,7 @@ jobs: # ref: https://github.com/peter-evans/create-pull-request - name: Create a PR if: steps.local.outputs.version != steps.latest.outputs.version - uses: peter-evans/create-pull-request@v5 + uses: peter-evans/create-pull-request@v6 with: token: "${{ secrets.jupyterhub_bot_pat }}" author: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> @@ -216,7 +216,7 @@ jobs: # ref: https://github.com/peter-evans/create-pull-request - name: Create a PR - uses: peter-evans/create-pull-request@v5 + uses: peter-evans/create-pull-request@v6 with: token: "${{ secrets.jupyterhub_bot_pat }}" author: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> From 23fd6095c31d5be5407a88bd0bededdeb4378bbc Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 1 Feb 2024 10:02:22 +0000 Subject: [PATCH 44/88] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 8 ++++---- images/singleuser-sample/requirements.txt | 12 ++++++------ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 845178c876..3911ff1cf5 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -31,7 +31,7 @@ cffi==1.16.0 # via cryptography charset-normalizer==3.3.2 # via requests -cryptography==42.0.1 +cryptography==42.0.2 # via # pyjwt # pyopenssl @@ -91,7 +91,7 @@ kubernetes-asyncio==29.0.0 # via jupyterhub-kubespawner ldap3==2.9.1 # via jupyterhub-ldapauthenticator -mako==1.3.0 +mako==1.3.2 # via alembic markupsafe==2.1.4 # via @@ -145,7 +145,7 @@ python-dateutil==2.8.2 # kubernetes-asyncio python-json-logger==2.0.7 # via jupyter-telemetry -python-slugify==8.0.2 +python-slugify==8.0.3 # via jupyterhub-kubespawner pyyaml==6.0.1 # via @@ -207,7 +207,7 @@ typing-extensions==4.9.0 # via # alembic # sqlalchemy -urllib3==2.1.0 +urllib3==2.2.0 # via # jupyterhub-kubespawner # kubernetes-asyncio diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index ac6a4fa324..0953ac188b 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -44,7 +44,7 @@ charset-normalizer==3.3.2 # via requests comm==0.2.1 # via ipykernel -cryptography==42.0.1 +cryptography==42.0.2 # via pyopenssl debugpy==1.8.0 # via ipykernel @@ -69,7 +69,7 @@ ipykernel==6.29.0 # via # jupyterlab # nbclassic -ipython==8.20.0 +ipython==8.21.0 # via ipykernel ipython-genutils==0.2.0 # via nbclassic @@ -131,13 +131,13 @@ jupyter-telemetry==0.1.0 # via jupyterhub jupyterhub==4.0.2 # via -r requirements.in -jupyterlab==4.0.11 +jupyterlab==4.0.12 # via -r requirements.in jupyterlab-pygments==0.3.0 # via nbconvert jupyterlab-server==2.25.2 # via jupyterlab -mako==1.3.0 +mako==1.3.2 # via alembic markupsafe==2.1.4 # via @@ -194,7 +194,7 @@ parso==0.8.3 # via jedi pexpect==4.9.0 # via ipython -platformdirs==4.1.0 +platformdirs==4.2.0 # via jupyter-core prometheus-client==0.19.0 # via @@ -323,7 +323,7 @@ typing-extensions==4.9.0 # sqlalchemy uri-template==1.3.0 # via jsonschema -urllib3==2.1.0 +urllib3==2.2.0 # via requests wcwidth==0.2.13 # via prompt-toolkit From 373767869c6353392ee8e9c93fe3de16aabfa352 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sat, 3 Feb 2024 11:24:58 +0100 Subject: [PATCH 45/88] Fix documented example for proxy.chp.extraCommandLineFlags --- jupyterhub/values.schema.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.schema.yaml b/jupyterhub/values.schema.yaml index 69c13a83c0..1375a536bb 100644 --- a/jupyterhub/values.schema.yaml +++ b/jupyterhub/values.schema.yaml @@ -1559,7 +1559,7 @@ properties: chp: extraCommandLineFlags: - "--auto-rewrite" - - "--custom-header {{ .Values.myCustomStuff }}" + - "--custom-header={{ .Values.custom.myStuff }}" ``` Note that these will be appended last, and if you provide the same From d7c40ddd0d47eae7e8afb3ab971ff696f8c6419d Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 5 Feb 2024 20:27:25 +0000 Subject: [PATCH 46/88] [pre-commit.ci] pre-commit autoupdate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/psf/black: 23.12.1 → 24.1.1](https://github.com/psf/black/compare/23.12.1...24.1.1) - [github.com/jupyterhub/chartpress: 2.1.0 → 2.2.0](https://github.com/jupyterhub/chartpress/compare/2.1.0...2.2.0) - [github.com/PyCQA/flake8: 6.1.0 → 7.0.0](https://github.com/PyCQA/flake8/compare/6.1.0...7.0.0) --- .pre-commit-config.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index f9b4447a86..96e9c00926 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -29,7 +29,7 @@ repos: # Autoformat: Python code - repo: https://github.com/psf/black - rev: 23.12.1 + rev: 24.1.1 hooks: - id: black args: @@ -61,13 +61,13 @@ repos: # Reset Chart.yaml version and values.yaml image tags - repo: https://github.com/jupyterhub/chartpress - rev: 2.1.0 + rev: 2.2.0 hooks: - id: chartpress # Linting: Python code (see the file .flake8) - repo: https://github.com/PyCQA/flake8 - rev: "6.1.0" + rev: "7.0.0" hooks: - id: flake8 From 9b48b6d4d10ae840d3db17c780b4abbf4cf8acf6 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 5 Feb 2024 20:29:48 +0000 Subject: [PATCH 47/88] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- jupyterhub/files/hub/z2jh.py | 1 + 1 file changed, 1 insertion(+) diff --git a/jupyterhub/files/hub/z2jh.py b/jupyterhub/files/hub/z2jh.py index 3735169b2b..f4d7be699e 100644 --- a/jupyterhub/files/hub/z2jh.py +++ b/jupyterhub/files/hub/z2jh.py @@ -3,6 +3,7 @@ Methods here can be imported by extraConfig in values.yaml """ + import os from collections.abc import Mapping from functools import lru_cache From dc2647ee16d78b2176a390371fbe4cfef6338f4c Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Tue, 13 Feb 2024 05:09:35 +0000 Subject: [PATCH 48/88] Update library/traefik version from v2.10.7 to v2.11.0 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index a71fca5b73..f19a47683e 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -258,7 +258,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v2.10.7" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v2.11.0" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: From 6975ed6a3eab1e56cf49d309c896ffeb4f967994 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 15 Feb 2024 05:09:58 +0000 Subject: [PATCH 49/88] Update kube-scheduler version from v1.28.6 to v1.28.7 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index f19a47683e..93ba87b473 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -519,7 +519,7 @@ scheduling: # here. We aim to stay around 1 minor version behind the latest k8s # version. # - tag: "v1.28.6" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG + tag: "v1.28.7" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG pullPolicy: pullSecrets: [] nodeSelector: {} From b92321c44a79ad22076c129a6783f7008d70ac31 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 21 Feb 2024 20:41:37 +0000 Subject: [PATCH 50/88] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 22 +++++----- images/singleuser-sample/requirements.txt | 52 ++++++++++++++--------- 2 files changed, 44 insertions(+), 30 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 3911ff1cf5..9b38dd07e1 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -21,7 +21,7 @@ bcrypt==4.1.2 # via # jupyterhub-firstuseauthenticator # jupyterhub-nativeauthenticator -certifi==2023.11.17 +certifi==2024.2.2 # via # kubernetes-asyncio # requests @@ -31,7 +31,7 @@ cffi==1.16.0 # via cryptography charset-normalizer==3.3.2 # via requests -cryptography==42.0.2 +cryptography==42.0.4 # via # pyjwt # pyopenssl @@ -93,11 +93,11 @@ ldap3==2.9.1 # via jupyterhub-ldapauthenticator mako==1.3.2 # via alembic -markupsafe==2.1.4 +markupsafe==2.1.5 # via # jinja2 # mako -multidict==6.0.4 +multidict==6.0.5 # via # aiohttp # yarl @@ -119,7 +119,7 @@ packaging==23.2 # via jupyterhub pamela==1.1.0 # via jupyterhub -prometheus-client==0.19.0 +prometheus-client==0.20.0 # via jupyterhub psycopg2==2.9.9 # via -r requirements.in @@ -127,7 +127,7 @@ pyasn1==0.5.1 # via ldap3 pycparser==2.21 # via cffi -pycurl==7.45.2 +pycurl==7.45.3 # via -r requirements.in pyjwt[crypto]==2.8.0 # via @@ -145,7 +145,7 @@ python-dateutil==2.8.2 # kubernetes-asyncio python-json-logger==2.0.7 # via jupyter-telemetry -python-slugify==8.0.3 +python-slugify==8.0.4 # via jupyterhub-kubespawner pyyaml==6.0.1 # via @@ -163,11 +163,11 @@ requests==2.31.0 # requests-oauthlib requests-oauthlib==1.3.1 # via mwoauth -rpds-py==0.17.1 +rpds-py==0.18.0 # via # jsonschema # referencing -ruamel-yaml==0.18.5 +ruamel-yaml==0.18.6 # via # jupyter-telemetry # oauthenticator @@ -178,7 +178,7 @@ six==1.16.0 # kubernetes-asyncio # onetimepass # python-dateutil -sqlalchemy==2.0.25 +sqlalchemy==2.0.27 # via # alembic # jupyterhub @@ -207,7 +207,7 @@ typing-extensions==4.9.0 # via # alembic # sqlalchemy -urllib3==2.2.0 +urllib3==2.2.1 # via # jupyterhub-kubespawner # kubernetes-asyncio diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 0953ac188b..3737c66e64 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -6,8 +6,10 @@ # alembic==1.13.1 # via jupyterhub -anyio==4.2.0 - # via jupyter-server +anyio==4.3.0 + # via + # httpx + # jupyter-server argon2-cffi==23.1.0 # via # jupyter-server @@ -32,8 +34,11 @@ beautifulsoup4==4.12.3 # via nbconvert bleach==6.1.0 # via nbconvert -certifi==2023.11.17 - # via requests +certifi==2024.2.2 + # via + # httpcore + # httpx + # requests certipy==0.1.3 # via jupyterhub cffi==1.16.0 @@ -44,9 +49,9 @@ charset-normalizer==3.3.2 # via requests comm==0.2.1 # via ipykernel -cryptography==42.0.2 +cryptography==42.0.4 # via pyopenssl -debugpy==1.8.0 +debugpy==1.8.1 # via ipykernel decorator==5.1.1 # via ipython @@ -60,12 +65,19 @@ fqdn==1.5.1 # via jsonschema greenlet==3.0.3 # via sqlalchemy +h11==0.14.0 + # via httpcore +httpcore==1.0.4 + # via httpx +httpx==0.27.0 + # via jupyterlab idna==3.6 # via # anyio + # httpx # jsonschema # requests -ipykernel==6.29.0 +ipykernel==6.29.2 # via # jupyterlab # nbclassic @@ -85,7 +97,7 @@ jinja2==3.1.3 # jupyterlab-server # nbclassic # nbconvert -json5==0.9.14 +json5==0.9.17 # via jupyterlab-server jsonpointer==2.4 # via jsonschema @@ -131,15 +143,15 @@ jupyter-telemetry==0.1.0 # via jupyterhub jupyterhub==4.0.2 # via -r requirements.in -jupyterlab==4.0.12 +jupyterlab==4.1.2 # via -r requirements.in jupyterlab-pygments==0.3.0 # via nbconvert -jupyterlab-server==2.25.2 +jupyterlab-server==2.25.3 # via jupyterlab mako==1.3.2 # via alembic -markupsafe==2.1.4 +markupsafe==2.1.5 # via # jinja2 # mako @@ -154,7 +166,7 @@ nbclassic==1.0.0 # via -r requirements.in nbclient==0.9.0 # via nbconvert -nbconvert==7.14.2 +nbconvert==7.16.1 # via # jupyter-server # nbclassic @@ -170,7 +182,7 @@ nest-asyncio==1.6.0 # via # ipykernel # nbclassic -notebook-shim==0.2.3 +notebook-shim==0.2.4 # via # jupyterlab # nbclassic @@ -196,7 +208,7 @@ pexpect==4.9.0 # via ipython platformdirs==4.2.0 # via jupyter-core -prometheus-client==0.19.0 +prometheus-client==0.20.0 # via # jupyter-server # jupyterhub @@ -253,11 +265,11 @@ rfc3986-validator==0.1.1 # via # jsonschema # jupyter-events -rpds-py==0.17.1 +rpds-py==0.18.0 # via # jsonschema # referencing -ruamel-yaml==0.18.5 +ruamel-yaml==0.18.6 # via jupyter-telemetry ruamel-yaml-clib==0.2.8 # via ruamel-yaml @@ -272,10 +284,12 @@ six==1.16.0 # python-dateutil # rfc3339-validator sniffio==1.3.0 - # via anyio + # via + # anyio + # httpx soupsieve==2.5 # via beautifulsoup4 -sqlalchemy==2.0.25 +sqlalchemy==2.0.27 # via # alembic # jupyterhub @@ -323,7 +337,7 @@ typing-extensions==4.9.0 # sqlalchemy uri-template==1.3.0 # via jsonschema -urllib3==2.2.0 +urllib3==2.2.1 # via requests wcwidth==0.2.13 # via prompt-toolkit From c71df752fb8f2ee2a3bc68bfa3dca34e4e13a62c Mon Sep 17 00:00:00 2001 From: Hongbo <12580159+ya0guang@users.noreply.github.com> Date: Mon, 26 Feb 2024 14:56:40 -0500 Subject: [PATCH 51/88] Remove additional comma in compare-values-schema-content.py --- tools/compare-values-schema-content.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/compare-values-schema-content.py b/tools/compare-values-schema-content.py index 57ba41a721..fb4df10754 100755 --- a/tools/compare-values-schema-content.py +++ b/tools/compare-values-schema-content.py @@ -104,7 +104,7 @@ def run(): lint_values_yaml, schema, schema_wildcards ) if lint_schema_values_diff: - print("values.schema.yaml entries not found in lint-and-validate-values.yaml:"), + print("values.schema.yaml entries not found in lint-and-validate-values.yaml:") for l in sorted(lint_schema_values_diff): print(f"- {l}") From 2a46b024cdf6725c8c831ed93c1b3a1693a1b9ee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Mar 2024 05:01:19 +0000 Subject: [PATCH 52/88] build(deps): bump jupyterhub/action-k8s-await-workloads from 2 to 3 Bumps [jupyterhub/action-k8s-await-workloads](https://github.com/jupyterhub/action-k8s-await-workloads) from 2 to 3. - [Release notes](https://github.com/jupyterhub/action-k8s-await-workloads/releases) - [Changelog](https://github.com/jupyterhub/action-k8s-await-workloads/blob/main/CHANGELOG.md) - [Commits](https://github.com/jupyterhub/action-k8s-await-workloads/compare/v2...v3) --- updated-dependencies: - dependency-name: jupyterhub/action-k8s-await-workloads dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/test-chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index a48cb408a4..319e1d315c 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -263,7 +263,7 @@ jobs: # jupyterhub and the autohttps pod is about to start, so for CI # performance we delayed this until now and did other things in between. - name: Await local ACME server - uses: jupyterhub/action-k8s-await-workloads@v2 + uses: jupyterhub/action-k8s-await-workloads@v3 with: timeout: 150 max-restarts: 1 @@ -329,7 +329,7 @@ jobs: - name: "(Upgrade) Await ${{ matrix.upgrade-from }} chart" if: matrix.test == 'upgrade' - uses: jupyterhub/action-k8s-await-workloads@v2 + uses: jupyterhub/action-k8s-await-workloads@v3 with: timeout: 150 max-restarts: 1 @@ -354,7 +354,7 @@ jobs: ${{ matrix.local-chart-extra-args }} - name: "Await local chart" - uses: jupyterhub/action-k8s-await-workloads@v2 + uses: jupyterhub/action-k8s-await-workloads@v3 with: timeout: 150 max-restarts: 1 From 840d14a75f1905c0c1d893cc2da764847dda4667 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Mar 2024 05:01:21 +0000 Subject: [PATCH 53/88] build(deps): bump aquasecurity/trivy-action from 0.16.1 to 0.18.0 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.16.1 to 0.18.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca...062f2592684a31eb3aa050cc61e7ca1451cecd3d) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/vuln-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/vuln-scan.yaml b/.github/workflows/vuln-scan.yaml index 8faf94c2f3..bab1dd3acc 100644 --- a/.github/workflows/vuln-scan.yaml +++ b/.github/workflows/vuln-scan.yaml @@ -87,7 +87,7 @@ jobs: # Action reference: https://github.com/aquasecurity/trivy-action - name: Scan latest published image id: scan_1 - uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca + uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d with: image-ref: ${{ steps.image.outputs.spec }} format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -112,7 +112,7 @@ jobs: - name: Scan rebuilt image id: scan_2 if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca + uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d with: image-ref: rebuilt-image format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -171,7 +171,7 @@ jobs: - name: Describe vulnerabilities if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca + uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d with: image-ref: rebuilt-image format: table From 377e69e769cb0908a874bb30a489a41537be8eb2 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 4 Mar 2024 09:11:15 +0000 Subject: [PATCH 54/88] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 12 +++++++----- images/singleuser-sample/requirements.txt | 16 ++++++++-------- 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 9b38dd07e1..e1cc668efe 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -31,7 +31,7 @@ cffi==1.16.0 # via cryptography charset-normalizer==3.3.2 # via requests -cryptography==42.0.4 +cryptography==42.0.5 # via # pyjwt # pyopenssl @@ -75,7 +75,7 @@ jupyterhub-firstuseauthenticator==1.0.0 # via -r requirements.in jupyterhub-hmacauthenticator==1.0 # via -r requirements.in -jupyterhub-idle-culler==1.2.1 +jupyterhub-idle-culler==1.3.1 # via -r requirements.in jupyterhub-kubespawner==6.2.0 # via -r requirements.in @@ -116,7 +116,9 @@ oauthlib==3.2.2 onetimepass==1.0.1 # via jupyterhub-nativeauthenticator packaging==23.2 - # via jupyterhub + # via + # jupyterhub + # jupyterhub-idle-culler pamela==1.1.0 # via jupyterhub prometheus-client==0.20.0 @@ -138,7 +140,7 @@ pymysql==1.1.0 # via -r requirements.in pyopenssl==24.0.0 # via certipy -python-dateutil==2.8.2 +python-dateutil==2.9.0.post0 # via # jupyterhub # jupyterhub-idle-culler @@ -203,7 +205,7 @@ traitlets==5.14.1 # jupyterhub-ldapauthenticator # jupyterhub-ltiauthenticator # oauthenticator -typing-extensions==4.9.0 +typing-extensions==4.10.0 # via # alembic # sqlalchemy diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 3737c66e64..ae03a27f0b 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -49,7 +49,7 @@ charset-normalizer==3.3.2 # via requests comm==0.2.1 # via ipykernel -cryptography==42.0.4 +cryptography==42.0.5 # via pyopenssl debugpy==1.8.1 # via ipykernel @@ -77,11 +77,11 @@ idna==3.6 # httpx # jsonschema # requests -ipykernel==6.29.2 +ipykernel==6.29.3 # via # jupyterlab # nbclassic -ipython==8.21.0 +ipython==8.22.1 # via ipykernel ipython-genutils==0.2.0 # via nbclassic @@ -97,7 +97,7 @@ jinja2==3.1.3 # jupyterlab-server # nbclassic # nbconvert -json5==0.9.17 +json5==0.9.20 # via jupyterlab-server jsonpointer==2.4 # via jsonschema @@ -127,7 +127,7 @@ jupyter-core==5.7.1 # nbformat jupyter-events==0.9.0 # via jupyter-server -jupyter-lsp==2.2.2 +jupyter-lsp==2.2.3 # via jupyterlab jupyter-server==2.12.5 # via @@ -231,7 +231,7 @@ pygments==2.17.2 # nbconvert pyopenssl==24.0.0 # via certipy -python-dateutil==2.8.2 +python-dateutil==2.9.0.post0 # via # arrow # jupyter-client @@ -283,7 +283,7 @@ six==1.16.0 # bleach # python-dateutil # rfc3339-validator -sniffio==1.3.0 +sniffio==1.3.1 # via # anyio # httpx @@ -331,7 +331,7 @@ traitlets==5.14.1 # nbformat types-python-dateutil==2.8.19.20240106 # via arrow -typing-extensions==4.9.0 +typing-extensions==4.10.0 # via # alembic # sqlalchemy From 1b1fd3520564f4b4831656326328fe298048b96f Mon Sep 17 00:00:00 2001 From: SchutteJan <4732389+SchutteJan@users.noreply.github.com> Date: Thu, 7 Mar 2024 10:27:42 +0100 Subject: [PATCH 55/88] Replace revisionHistoryLimit type check Sometimes Helm reports type float64 for integer numbers set in values.yaml. This fix replaces the type check with a nil check. --- jupyterhub/templates/hub/deployment.yaml | 2 +- jupyterhub/templates/image-puller/_helpers-daemonset.tpl | 2 +- jupyterhub/templates/proxy/autohttps/deployment.yaml | 2 +- jupyterhub/templates/proxy/deployment.yaml | 2 +- .../templates/scheduling/user-placeholder/statefulset.yaml | 2 +- jupyterhub/templates/scheduling/user-scheduler/deployment.yaml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/jupyterhub/templates/hub/deployment.yaml b/jupyterhub/templates/hub/deployment.yaml index d6e1c63ed8..d7a46bbb00 100644 --- a/jupyterhub/templates/hub/deployment.yaml +++ b/jupyterhub/templates/hub/deployment.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: - {{- if typeIs "int" .Values.hub.revisionHistoryLimit }} + {{- if not (typeIs "" .Values.hub.revisionHistoryLimit) }} revisionHistoryLimit: {{ .Values.hub.revisionHistoryLimit }} {{- end }} replicas: 1 diff --git a/jupyterhub/templates/image-puller/_helpers-daemonset.tpl b/jupyterhub/templates/image-puller/_helpers-daemonset.tpl index 610f8bde92..16213b09be 100644 --- a/jupyterhub/templates/image-puller/_helpers-daemonset.tpl +++ b/jupyterhub/templates/image-puller/_helpers-daemonset.tpl @@ -34,7 +34,7 @@ spec: type: RollingUpdate rollingUpdate: maxUnavailable: 100% - {{- if typeIs "int" .Values.prePuller.revisionHistoryLimit }} + {{- if not (typeIs "" .Values.prePuller.revisionHistoryLimit) }} revisionHistoryLimit: {{ .Values.prePuller.revisionHistoryLimit }} {{- end }} template: diff --git a/jupyterhub/templates/proxy/autohttps/deployment.yaml b/jupyterhub/templates/proxy/autohttps/deployment.yaml index f76f3efbfa..90feedd767 100644 --- a/jupyterhub/templates/proxy/autohttps/deployment.yaml +++ b/jupyterhub/templates/proxy/autohttps/deployment.yaml @@ -8,7 +8,7 @@ metadata: labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: - {{- if typeIs "int" .Values.proxy.traefik.revisionHistoryLimit }} + {{- if not (typeIs "" .Values.proxy.traefik.revisionHistoryLimit) }} revisionHistoryLimit: {{ .Values.proxy.traefik.revisionHistoryLimit }} {{- end }} replicas: 1 diff --git a/jupyterhub/templates/proxy/deployment.yaml b/jupyterhub/templates/proxy/deployment.yaml index 2b35382446..85220a86ef 100644 --- a/jupyterhub/templates/proxy/deployment.yaml +++ b/jupyterhub/templates/proxy/deployment.yaml @@ -7,7 +7,7 @@ metadata: labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: - {{- if typeIs "int" .Values.proxy.chp.revisionHistoryLimit }} + {{- if not (typeIs "" .Values.proxy.chp.revisionHistoryLimit) }} revisionHistoryLimit: {{ .Values.proxy.chp.revisionHistoryLimit }} {{- end }} replicas: 1 diff --git a/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml b/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml index e0f6f5958c..7f2c785b99 100644 --- a/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml +++ b/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml @@ -16,7 +16,7 @@ metadata: {{- include "jupyterhub.labels" . | nindent 4 }} spec: podManagementPolicy: Parallel - {{- if typeIs "int" .Values.scheduling.userPlaceholder.revisionHistoryLimit }} + {{- if not (typeIs "" .Values.scheduling.userPlaceholder.revisionHistoryLimit) }} revisionHistoryLimit: {{ .Values.scheduling.userPlaceholder.revisionHistoryLimit }} {{- end }} replicas: {{ .Values.scheduling.userPlaceholder.replicas }} diff --git a/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml b/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml index b021c17de8..e73c8ac688 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml @@ -6,7 +6,7 @@ metadata: labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: - {{- if typeIs "int" .Values.scheduling.userScheduler.revisionHistoryLimit }} + {{- if not (typeIs "" .Values.scheduling.userScheduler.revisionHistoryLimit) }} revisionHistoryLimit: {{ .Values.scheduling.userScheduler.revisionHistoryLimit }} {{- end }} replicas: {{ .Values.scheduling.userScheduler.replicas }} From c6303b567dc8ed02a0d010d603439465a93d9151 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Sat, 16 Mar 2024 05:10:01 +0000 Subject: [PATCH 56/88] Update kube-scheduler version from v1.28.7 to v1.28.8 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 93ba87b473..20c630807c 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -519,7 +519,7 @@ scheduling: # here. We aim to stay around 1 minor version behind the latest k8s # version. # - tag: "v1.28.7" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG + tag: "v1.28.8" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG pullPolicy: pullSecrets: [] nodeSelector: {} From 517a40127a28dc43a0ecaf2d832f20d9b6a5c507 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 20 Mar 2024 08:33:55 +0000 Subject: [PATCH 57/88] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 12 +++---- images/singleuser-sample/requirements.txt | 42 +++++++++++------------ 2 files changed, 27 insertions(+), 27 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index e1cc668efe..8d52df3c6c 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -115,7 +115,7 @@ oauthlib==3.2.2 # requests-oauthlib onetimepass==1.0.1 # via jupyterhub-nativeauthenticator -packaging==23.2 +packaging==24.0 # via # jupyterhub # jupyterhub-idle-culler @@ -138,7 +138,7 @@ pyjwt[crypto]==2.8.0 # mwoauth pymysql==1.1.0 # via -r requirements.in -pyopenssl==24.0.0 +pyopenssl==24.1.0 # via certipy python-dateutil==2.9.0.post0 # via @@ -153,7 +153,7 @@ pyyaml==6.0.1 # via # jupyterhub-kubespawner # kubernetes-asyncio -referencing==0.33.0 +referencing==0.34.0 # via # jsonschema # jsonschema-specifications @@ -163,7 +163,7 @@ requests==2.31.0 # mwoauth # oauthenticator # requests-oauthlib -requests-oauthlib==1.3.1 +requests-oauthlib==1.4.0 # via mwoauth rpds-py==0.18.0 # via @@ -180,7 +180,7 @@ six==1.16.0 # kubernetes-asyncio # onetimepass # python-dateutil -sqlalchemy==2.0.27 +sqlalchemy==2.0.28 # via # alembic # jupyterhub @@ -197,7 +197,7 @@ tornado==6.4 # jupyterhub-idle-culler # jupyterhub-ldapauthenticator # oauthenticator -traitlets==5.14.1 +traitlets==5.14.2 # via # jupyter-telemetry # jupyterhub diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index ae03a27f0b..59125a76ba 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -47,7 +47,7 @@ cffi==1.16.0 # cryptography charset-normalizer==3.3.2 # via requests -comm==0.2.1 +comm==0.2.2 # via ipykernel cryptography==42.0.5 # via pyopenssl @@ -81,7 +81,7 @@ ipykernel==6.29.3 # via # jupyterlab # nbclassic -ipython==8.22.1 +ipython==8.22.2 # via ipykernel ipython-genutils==0.2.0 # via nbclassic @@ -97,7 +97,7 @@ jinja2==3.1.3 # jupyterlab-server # nbclassic # nbconvert -json5==0.9.20 +json5==0.9.24 # via jupyterlab-server jsonpointer==2.4 # via jsonschema @@ -109,13 +109,13 @@ jsonschema[format-nongpl]==4.21.1 # nbformat jsonschema-specifications==2023.12.1 # via jsonschema -jupyter-client==8.6.0 +jupyter-client==8.6.1 # via # ipykernel # jupyter-server # nbclassic # nbclient -jupyter-core==5.7.1 +jupyter-core==5.7.2 # via # ipykernel # jupyter-client @@ -125,11 +125,11 @@ jupyter-core==5.7.1 # nbclient # nbconvert # nbformat -jupyter-events==0.9.0 +jupyter-events==0.10.0 # via jupyter-server -jupyter-lsp==2.2.3 +jupyter-lsp==2.2.4 # via jupyterlab -jupyter-server==2.12.5 +jupyter-server==2.13.0 # via # jupyter-lsp # jupyterlab @@ -137,17 +137,17 @@ jupyter-server==2.12.5 # nbclassic # nbgitpuller # notebook-shim -jupyter-server-terminals==0.5.2 +jupyter-server-terminals==0.5.3 # via jupyter-server jupyter-telemetry==0.1.0 # via jupyterhub jupyterhub==4.0.2 # via -r requirements.in -jupyterlab==4.1.2 +jupyterlab==4.1.5 # via -r requirements.in jupyterlab-pygments==0.3.0 # via nbconvert -jupyterlab-server==2.25.3 +jupyterlab-server==2.25.4 # via jupyterlab mako==1.3.2 # via alembic @@ -164,13 +164,13 @@ mistune==3.0.2 # via nbconvert nbclassic==1.0.0 # via -r requirements.in -nbclient==0.9.0 +nbclient==0.10.0 # via nbconvert -nbconvert==7.16.1 +nbconvert==7.16.2 # via # jupyter-server # nbclassic -nbformat==5.9.2 +nbformat==5.10.3 # via # jupyter-server # nbclassic @@ -190,7 +190,7 @@ oauthlib==3.2.2 # via jupyterhub overrides==7.7.0 # via jupyter-server -packaging==23.2 +packaging==24.0 # via # ipykernel # jupyter-server @@ -229,7 +229,7 @@ pygments==2.17.2 # via # ipython # nbconvert -pyopenssl==24.0.0 +pyopenssl==24.1.0 # via certipy python-dateutil==2.9.0.post0 # via @@ -248,7 +248,7 @@ pyzmq==25.1.2 # jupyter-client # jupyter-server # nbclassic -referencing==0.33.0 +referencing==0.34.0 # via # jsonschema # jsonschema-specifications @@ -289,13 +289,13 @@ sniffio==1.3.1 # httpx soupsieve==2.5 # via beautifulsoup4 -sqlalchemy==2.0.27 +sqlalchemy==2.0.28 # via # alembic # jupyterhub stack-data==0.6.3 # via ipython -terminado==0.18.0 +terminado==0.18.1 # via # jupyter-server # jupyter-server-terminals @@ -312,7 +312,7 @@ tornado==6.4 # nbclassic # nbgitpuller # terminado -traitlets==5.14.1 +traitlets==5.14.2 # via # comm # ipykernel @@ -329,7 +329,7 @@ traitlets==5.14.1 # nbclient # nbconvert # nbformat -types-python-dateutil==2.8.19.20240106 +types-python-dateutil==2.9.0.20240316 # via arrow typing-extensions==4.10.0 # via From a5ebf43c9871f9db1b434e1bd936f9049e9d14bc Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 20 Mar 2024 12:50:40 +0000 Subject: [PATCH 58/88] Update jupyterhub from 4.0.2 to 4.1.0 --- images/hub/requirements.in | 2 +- images/hub/requirements.txt | 2 +- images/singleuser-sample/requirements.in | 2 +- images/singleuser-sample/requirements.txt | 2 +- jupyterhub/Chart.yaml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index a40c90a731..93d6591969 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.0.2 +jupyterhub==4.1.0 ## Authenticators jupyterhub-firstuseauthenticator>=1 diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 8d52df3c6c..cd6278096d 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -61,7 +61,7 @@ jsonschema-specifications==2023.12.1 # via jsonschema jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.0.2 +jupyterhub==4.1.0 # via # -r requirements.in # jupyterhub-firstuseauthenticator diff --git a/images/singleuser-sample/requirements.in b/images/singleuser-sample/requirements.in index 4666759bf0..1ceed410a1 100644 --- a/images/singleuser-sample/requirements.in +++ b/images/singleuser-sample/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.0.2 +jupyterhub==4.1.0 # UI jupyterlab diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 59125a76ba..92b533156d 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -141,7 +141,7 @@ jupyter-server-terminals==0.5.3 # via jupyter-server jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.0.2 +jupyterhub==4.1.0 # via -r requirements.in jupyterlab==4.1.5 # via -r requirements.in diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index a2de7ae90f..f9ba9160f5 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: jupyterhub version: 0.0.1-set.by.chartpress -appVersion: "4.0.2" +appVersion: "4.1.0" description: Multi-user Jupyter installation keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org From c8b6155f10d101a55a329db3744671cc67e36487 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 20 Mar 2024 13:57:27 +0000 Subject: [PATCH 59/88] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index cd6278096d..e8e115f7fb 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -105,7 +105,7 @@ mwoauth==0.4.0 # via -r requirements.in nullauthenticator==1.0.0 # via -r requirements.in -oauthenticator==16.2.1 +oauthenticator==16.3.0 # via -r requirements.in oauthlib==3.2.2 # via @@ -136,6 +136,7 @@ pyjwt[crypto]==2.8.0 # -r requirements.in # jupyterhub-ltiauthenticator # mwoauth + # oauthenticator pymysql==1.1.0 # via -r requirements.in pyopenssl==24.1.0 From cab372692b654afffe53709c9afd801e15ad6704 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 20 Mar 2024 09:39:30 +0100 Subject: [PATCH 60/88] 3.x branch is from here decoupled from main branch This branch were forked from the main branch 2024-03-20 that had latest released 3.2.1 but included breaking changes from two PRs. The idea is that instead of forking from 3.2.1 and backporting a lot of separate PRs except the breaking PRs, we'd instead revert the breaking changes from the tip of main. From b7e92950d67a497a4bb701b7a368bae5c80bac40 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 20 Mar 2024 09:00:01 +0100 Subject: [PATCH 61/88] Revert "Merge pull request #3319 from consideRatio/pr/require-k8s-1.25" This reverts commit 0e679558234ad6c5b0122bec7f9e59aae586cdd8, reversing changes made to f47d9677a04c532e2fc84c7092985e90ff63e189. --- .github/workflows/test-chart.yaml | 10 +++++----- docs/source/changelog.md | 2 -- jupyterhub/Chart.yaml | 2 +- 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index 319e1d315c..8209564a6b 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -137,7 +137,7 @@ jobs: --set hub.image.name=quay.io/jupyterhub/k8s-hub-slim --set prePuller.hook.enabled=true --set prePuller.hook.pullOnlyOnChanges=true - - k3s-channel: v1.28 # also test hub.existingSecret + - k3s-channel: v1.26 # also test hub.existingSecret test: install local-chart-extra-args: >- --set hub.existingSecret=test-hub-existing-secret @@ -160,7 +160,7 @@ jobs: # information from # https://hub.jupyter.org/helm-chart/info.json # - - k3s-channel: v1.27 + - k3s-channel: v1.26 test: upgrade upgrade-from: stable upgrade-from-extra-args: >- @@ -173,7 +173,7 @@ jobs: --set hub.db.type=sqlite-pvc --set singleuser.storage.type=dynamic create-k8s-test-resources: true - - k3s-channel: v1.26 + - k3s-channel: v1.25 test: upgrade upgrade-from: dev upgrade-from-extra-args: >- @@ -183,7 +183,7 @@ jobs: local-chart-extra-args: >- --set hub.db.type=sqlite-pvc --set singleuser.storage.type=dynamic - - k3s-channel: v1.25 + - k3s-channel: v1.24 test: upgrade # We're testing hub.db.upgrade with PostgreSQL so this version must be old # enough to require a DB upgrade @@ -223,7 +223,7 @@ jobs: # kubectl and helm # # ref: https://github.com/jupyterhub/action-k3s-helm/ - - uses: jupyterhub/action-k3s-helm@v4 + - uses: jupyterhub/action-k3s-helm@v3 with: k3s-channel: ${{ matrix.k3s-channel }} metrics-enabled: false diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 5f4079fcbd..2a7fc07d23 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -12,8 +12,6 @@ changes in pull requests], this list should be updated. [development releases]: https://hub.jupyter.org/helm-chart/#development-releases-jupyterhub [breaking changes in pull requests]: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pulls?q=is%3Apr+is%3Aclosed+label%3Abreaking -- K8s 1.25 is now required. - ## 3.2 ### 3.2.1 - 2023-11-27 diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index f9ba9160f5..0ac8c2267d 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -8,7 +8,7 @@ keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org sources: [https://github.com/jupyterhub/zero-to-jupyterhub-k8s] icon: https://hub.jupyter.org/helm-chart/images/hublogo.svg -kubeVersion: ">=1.25.0-0" +kubeVersion: ">=1.24.0-0" maintainers: # Since it is a requirement of Artifact Hub to have specific maintainers # listed, we have added some below, but in practice the entire JupyterHub team From d83ae04b5111cf2968d07f0f38db082589e28cd3 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 20 Mar 2024 09:04:11 +0100 Subject: [PATCH 62/88] Revert "Merge pull request #3312 from consideRatio/pr/test-upgrade-kube-scheduler" This reverts commit 30a68f15a6c8f2f3968c4acee5afb487f26b23bb, reversing changes made to fe1251c4af263cea8bc22d69330a30aa21460170. --- .github/workflows/test-chart.yaml | 6 ++--- jupyterhub/Chart.yaml | 2 +- .../scheduling/user-scheduler/configmap.yaml | 14 ++++++++++- .../scheduling/user-scheduler/deployment.yaml | 10 ++++++++ .../scheduling/user-scheduler/rbac.yaml | 24 ++++++++++++++----- jupyterhub/values.yaml | 6 ++--- 6 files changed, 48 insertions(+), 14 deletions(-) diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index 8209564a6b..056dd220b6 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -160,7 +160,7 @@ jobs: # information from # https://hub.jupyter.org/helm-chart/info.json # - - k3s-channel: v1.26 + - k3s-channel: v1.25 test: upgrade upgrade-from: stable upgrade-from-extra-args: >- @@ -173,7 +173,7 @@ jobs: --set hub.db.type=sqlite-pvc --set singleuser.storage.type=dynamic create-k8s-test-resources: true - - k3s-channel: v1.25 + - k3s-channel: v1.24 test: upgrade upgrade-from: dev upgrade-from-extra-args: >- @@ -183,7 +183,7 @@ jobs: local-chart-extra-args: >- --set hub.db.type=sqlite-pvc --set singleuser.storage.type=dynamic - - k3s-channel: v1.24 + - k3s-channel: v1.23 test: upgrade # We're testing hub.db.upgrade with PostgreSQL so this version must be old # enough to require a DB upgrade diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index 0ac8c2267d..5cd3ffa531 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -8,7 +8,7 @@ keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org sources: [https://github.com/jupyterhub/zero-to-jupyterhub-k8s] icon: https://hub.jupyter.org/helm-chart/images/hublogo.svg -kubeVersion: ">=1.24.0-0" +kubeVersion: ">=1.23.0-0" maintainers: # Since it is a requirement of Artifact Hub to have specific maintainers # listed, we have added some below, but in practice the entire JupyterHub team diff --git a/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml b/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml index a96acb8cb1..0f142b01ff 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml @@ -10,14 +10,26 @@ data: This is configuration of a k8s official kube-scheduler binary running in the user-scheduler. + The config version and kube-scheduler binary version has a fallback for k8s + clusters versioned v1.23 or lower because: + + - v1 / v1beta3 config requires kube-scheduler binary >=1.25 / >=1.23 + - kube-scheduler binary >=1.25 requires storage.k8s.io/v1/CSIStorageCapacity + available first in k8s >=1.24 + ref: https://kubernetes.io/docs/reference/scheduling/config/ ref: https://kubernetes.io/docs/reference/config-api/kube-scheduler-config.v1/ + ref: https://kubernetes.io/docs/reference/config-api/kube-scheduler-config.v1beta3/ */}} config.yaml: | + {{- if semverCompare ">=1.24.0-0" .Capabilities.KubeVersion.Version }} apiVersion: kubescheduler.config.k8s.io/v1 + {{- else }} + apiVersion: kubescheduler.config.k8s.io/v1beta3 + {{- end }} kind: KubeSchedulerConfiguration leaderElection: - resourceLock: leases + resourceLock: endpointsleases resourceName: {{ include "jupyterhub.user-scheduler-lock.fullname" . }} resourceNamespace: "{{ .Release.Namespace }}" profiles: diff --git a/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml b/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml index e73c8ac688..c3174c47d3 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml @@ -50,7 +50,17 @@ spec: {{- end }} containers: - name: kube-scheduler + {{- if semverCompare ">=1.24.0-0" .Capabilities.KubeVersion.Version }} image: {{ .Values.scheduling.userScheduler.image.name }}:{{ .Values.scheduling.userScheduler.image.tag }} + {{- else }} + # WARNING: The tag of this image is hardcoded, and the + # "scheduling.userScheduler.image.tag" configuration of the + # Helm chart that generated this resource manifest isn't + # respected. If you install the Helm chart in a k8s cluster + # versioned 1.24 or higher, your configuration will be + # respected. + image: {{ .Values.scheduling.userScheduler.image.name }}:v1.23.14 + {{- end }} {{- with .Values.scheduling.userScheduler.image.pullPolicy }} imagePullPolicy: {{ . }} {{- end }} diff --git a/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml b/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml index 52cd7a1c85..7e188c742d 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml @@ -20,11 +20,8 @@ rules: # - changed in 1.21: get/list/watch permission for namespace, # csidrivers, csistoragecapacities was added. # - unchanged between 1.22 and 1.27 - # - changed in 1.28: permissions to get/update lock endpoint resource - # removed - # - unchanged between 1.28 and 1.29 # - # ref: https://github.com/kubernetes/kubernetes/blob/v1.29.0/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml#L721-L862 + # ref: https://github.com/kubernetes/kubernetes/blob/v1.27.0/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml#L736-L892 - apiGroups: - "" - events.k8s.io @@ -49,6 +46,21 @@ rules: verbs: - get - update + - apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - apiGroups: + - "" + resourceNames: + - {{ include "jupyterhub.user-scheduler-lock.fullname" . }} + resources: + - endpoints + verbs: + - get + - update - apiGroups: - "" resources: @@ -171,9 +183,9 @@ rules: # Copied from the system:volume-scheduler ClusterRole of the k8s version # matching the kube-scheduler binary we use. # - # NOTE: These rules have not changed between 1.12 and 1.29. + # NOTE: These rules have not changed between 1.12 and 1.27. # - # ref: https://github.com/kubernetes/kubernetes/blob/v1.29.0/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml#L1283-L1310 + # ref: https://github.com/kubernetes/kubernetes/blob/v1.27.0/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml#L1311-L1338 - apiGroups: - "" resources: diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 20c630807c..2b36ef2f21 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -485,8 +485,8 @@ scheduling: allowPrivilegeEscalation: false image: # IMPORTANT: Bumping the minor version of this binary should go hand in - # hand with an inspection of the user-scheduelr's RBAC - # resources that we have forked in + # hand with an inspection of the user-scheduelrs RBAC resources + # that we have forked in # templates/scheduling/user-scheduler/rbac.yaml. # # Debugging advice: @@ -519,7 +519,7 @@ scheduling: # here. We aim to stay around 1 minor version behind the latest k8s # version. # - tag: "v1.28.8" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG + tag: "v1.26.15" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG pullPolicy: pullSecrets: [] nodeSelector: {} From 0aea8394c0f4f93da00fd47abf0d68a050197413 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 20 Mar 2024 09:27:54 +0100 Subject: [PATCH 63/88] Add changelog for 3.3.0 --- docs/source/changelog.md | 49 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 2a7fc07d23..e234caf685 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -12,6 +12,55 @@ changes in pull requests], this list should be updated. [development releases]: https://hub.jupyter.org/helm-chart/#development-releases-jupyterhub [breaking changes in pull requests]: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pulls?q=is%3Apr+is%3Aclosed+label%3Abreaking +- Drop support for k8s 1.24, require k8s 1.25+ [#3319](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3319) ([@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) +- user-scheduler: update to use kube-scheduler 1.28, from 1.26 - require k8s 1.24+ [#3312](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3312) ([@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) + +## 3.3 + +### 3.3.0 - 2024-03-20 + +This release updates JupyterHub from 4.0.2 to 4.1.0 and OAuthenticator from +16.2.1 to 16.3.0. Both updates provide security patches. For more information, +see [JupyterHub's changelog] and [OAuthenticator's changelog]. + +[JupyterHub's changelog]: https://jupyterhub.readthedocs.io/en/stable/reference/changelog.html + +[OAuthenticator's changelog]: https://oauthenticator.readthedocs.io/en/latest/reference/changelog.html + +([full changelog](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/compare/3.2.1...3.3.0)) + +#### Bugs fixed + +- Fix previously ignored revisionHistoryLimit config [#3357](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3357) ([@SchutteJan](https://github.com/SchutteJan), [@consideRatio](https://github.com/consideRatio)) + +#### Maintenance and upkeep improvements + +- Update oauthenticator from 16.2.1 to 16.3.0 [#3363](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3363) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) +- Update jupyterhub from 4.0.2 to 4.1.0 [#3362](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3362) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@minrk](https://github.com/minrk)) +- Remove additional comma in compare-values-schema-content.py [#3350](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3350) ([@ya0guang](https://github.com/ya0guang), [@consideRatio](https://github.com/consideRatio)) +- Update kube-scheduler version from v1.26.11 to v1.26.15 [#3301](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3301),[#3312](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3312),[#3324](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3324),[#3344](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3344),[#3359](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3359),[d83ae04b](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/commit/d83ae04b5111cf2968d07f0f38db082589e28cd3) ([@consideRatio](https://github.com/consideRatio), [@jupyterhub-bot](https://github.com/jupyterhub-bot), [@manics](https://github.com/manics)) +- Update library/traefik version from v2.10.5 to v2.11.0 [#3283](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3283),[#3295](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3295),[#3343](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3343) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) + +#### Documentation improvements + +- Fix documented example for proxy.chp.extraCommandLineFlags [#3337](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3337) ([@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) +- docs: fix storageclass link's anchor [#3322](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3322) ([@consideRatio](https://github.com/consideRatio)) +- update openshift documentation [#3273](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3273) ([@WilliamHoltam](https://github.com/WilliamHoltam), [@manics](https://github.com/manics)) + +#### Continuous integration improvements + +- ci: update kube-scheduler binary's minor version to bump [#3323](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3323) ([@consideRatio](https://github.com/consideRatio)) +- ci: update circleci workflow for arm64, test with latest k3s [#3313](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3313) ([@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) + +#### Contributors to this release + +The following people contributed discussions, new ideas, code and documentation contributions, and review. +See [our definition of contributors](https://github-activity.readthedocs.io/en/latest/#how-does-this-tool-define-contributions-in-the-reports). + +([GitHub contributors page for this release](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/graphs/contributors?from=2023-11-27&to=2024-03-20&type=c)) + +@consideRatio ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AconsideRatio+updated%3A2023-11-27..2024-03-20&type=Issues)) | @jupyterhub-bot ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ajupyterhub-bot+updated%3A2023-11-27..2024-03-20&type=Issues)) | @Kyrremann ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AKyrremann+updated%3A2023-11-27..2024-03-20&type=Issues)) | @manics ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Amanics+updated%3A2023-11-27..2024-03-20&type=Issues)) | @minrk ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aminrk+updated%3A2023-11-27..2024-03-20&type=Issues)) | @SchutteJan ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3ASchutteJan+updated%3A2023-11-27..2024-03-20&type=Issues)) | @StefanVanDyck ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AStefanVanDyck+updated%3A2023-11-27..2024-03-20&type=Issues)) | @WilliamHoltam ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AWilliamHoltam+updated%3A2023-11-27..2024-03-20&type=Issues)) | @ya0guang ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aya0guang+updated%3A2023-11-27..2024-03-20&type=Issues)) | @yuvipanda ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ayuvipanda+updated%3A2023-11-27..2024-03-20&type=Issues)) + ## 3.2 ### 3.2.1 - 2023-11-27 From 282523ece1ac43db07c144d514fc9f79d7a38dbc Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 20 Mar 2024 16:29:33 +0100 Subject: [PATCH 64/88] Bump to 3.3.0 --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index f0e2636352..a3ae5cedac 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "3.2.2-0.dev" + baseVersion: "3.3.0" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index e02f95a6a9..727ce413c2 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "3.2.2-0.dev" +current = "3.3.0" # match our prerelease prefixes # -alpha.1 From 2c15b3d5a65dbc742e95e9eacb62710ed6634f27 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 20 Mar 2024 17:17:40 +0100 Subject: [PATCH 65/88] hub image: avoid pycurl with known bug in wheel --- images/hub/requirements.in | 3 ++- images/hub/requirements.txt | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index 93d6591969..8b348045d8 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -29,7 +29,8 @@ jupyterhub-kubespawner ## Other optional dependencies for additional features pymysql # mysql psycopg2 # postgres -pycurl # internal http requests handle more load with pycurl +# pycurl 7.45.3 is avoided because https://github.com/pycurl/pycurl/issues/834 +pycurl!=7.45.3 # internal http requests handle more load with pycurl sqlalchemy-cockroachdb # cocroachdb statsd # statsd metrics collection (TODO: remove soon, since folks use prometheus) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index e8e115f7fb..d96c4a120a 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -129,7 +129,7 @@ pyasn1==0.5.1 # via ldap3 pycparser==2.21 # via cffi -pycurl==7.45.3 +pycurl==7.45.2 # via -r requirements.in pyjwt[crypto]==2.8.0 # via From ed219b0b2b7e5699da76431c4f1352c0a2af1722 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 20 Mar 2024 18:25:23 +0100 Subject: [PATCH 66/88] Add changelog for 3.3.1 --- docs/source/changelog.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index e234caf685..dc8ef9b7d9 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -17,6 +17,12 @@ changes in pull requests], this list should be updated. ## 3.3 +### 3.3.1 - 2023-03-20 + +#### Bugs fixed + +- hub image: downgrade to use pycurl with functional wheel [#3365](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3365) ([@consideRatio](https://github.com/consideRatio)) + ### 3.3.0 - 2024-03-20 This release updates JupyterHub from 4.0.2 to 4.1.0 and OAuthenticator from From 73b8c74b3f630ffc8f2cf7fac62ab664865553c7 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 20 Mar 2024 18:28:05 +0100 Subject: [PATCH 67/88] Bump to 3.3.1 --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index a3ae5cedac..d0961f9873 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "3.3.0" + baseVersion: "3.3.1" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index 727ce413c2..a00cef451c 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "3.3.0" +current = "3.3.1" # match our prerelease prefixes # -alpha.1 From b93204facf88de1f311994a5dea507ea6fae0b2b Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 20 Mar 2024 23:13:55 +0100 Subject: [PATCH 68/88] network-tools image: pin alpine 3.18 for legacy iptables --- images/network-tools/Dockerfile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/images/network-tools/Dockerfile b/images/network-tools/Dockerfile index a9247cd0f0..8072c088de 100644 --- a/images/network-tools/Dockerfile +++ b/images/network-tools/Dockerfile @@ -1,4 +1,9 @@ -FROM alpine:3 +# FIXME: use of alpine:3.19 makes iptables work in "nf_tables" mode instead of +# "legacy" mode, and then our init container breaks. +# +# ref: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/issues/3368 +# +FROM alpine:3.18 # VULN_SCAN_TIME=2024-01-29_05:13:22 From b2bde397a444bedf95dc0081d8b5274f2c58642c Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 20 Mar 2024 23:17:40 +0100 Subject: [PATCH 69/88] Add changelog for 3.3.2 --- docs/source/changelog.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index dc8ef9b7d9..515a6a107d 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -17,7 +17,13 @@ changes in pull requests], this list should be updated. ## 3.3 -### 3.3.1 - 2023-03-20 +### 3.3.2 - 2024-03-20 + +#### Bugs fixed + +- network-tools image: pin alpine 3.18 for legacy iptables [#3369](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3369) ([@consideRatio](https://github.com/consideRatio)) + +### 3.3.1 - 2024-03-20 #### Bugs fixed From bea21be5257865d8810306de6dbbea40c7124d42 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 20 Mar 2024 23:20:51 +0100 Subject: [PATCH 70/88] Bump to 3.3.2 --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index d0961f9873..352681718d 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "3.3.1" + baseVersion: "3.3.2" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index a00cef451c..ca55b59153 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "3.3.1" +current = "3.3.2" # match our prerelease prefixes # -alpha.1 From 61e5cd31a512eb2a035b45c1ce87e06372c1e5c7 Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 21 Mar 2024 09:39:58 +0100 Subject: [PATCH 71/88] unpin pycurl make sure to use build-stage wheels by adding --no-index to pip install avoids installing higher-priority wheels from PyPI instead of what we built (i.e. pycurl) --- images/hub/Dockerfile | 9 +++++++-- images/hub/requirements.in | 3 +-- images/hub/requirements.txt | 2 +- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/images/hub/Dockerfile b/images/hub/Dockerfile index 779c5e73c5..ab8a9f00f9 100644 --- a/images/hub/Dockerfile +++ b/images/hub/Dockerfile @@ -21,9 +21,11 @@ FROM python:3.11-bullseye as build-stage COPY requirements.txt requirements.txt ARG PIP_CACHE_DIR=/tmp/pip-cache RUN --mount=type=cache,target=${PIP_CACHE_DIR} \ - pip install build \ - && pip wheel \ + pip wheel \ --wheel-dir=/tmp/wheels \ + # pycurl 7.45.3 has wheels, but they aren't portable + # https://github.com/pycurl/pycurl/issues/834 + --no-binary pycurl \ -r requirements.txt \ # Additional wheels for default-stage. Updates below should be repeated # in default-stage. @@ -63,11 +65,13 @@ RUN apt-get update \ && rm -rf /var/lib/apt/lists/* # install wheels built in the build stage +# --no-index ensures _only_ wheels from the build stage are installed COPY requirements.txt /tmp/requirements.txt ARG PIP_CACHE_DIR=/tmp/pip-cache RUN --mount=type=cache,target=${PIP_CACHE_DIR} \ --mount=type=cache,from=build-stage,source=/tmp/wheels,target=/tmp/wheels \ pip install \ + --no-index \ --find-links=/tmp/wheels/ \ -r /tmp/requirements.txt @@ -93,6 +97,7 @@ ARG PIP_CACHE_DIR=/tmp/pip-cache RUN --mount=type=cache,target=${PIP_CACHE_DIR} \ --mount=type=cache,from=build-stage,source=/tmp/wheels,target=/tmp/wheels \ pip install \ + --no-index \ --find-links=/tmp/wheels/ \ # Updates below should be repeated in build-stage. # diff --git a/images/hub/requirements.in b/images/hub/requirements.in index 8b348045d8..93d6591969 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -29,8 +29,7 @@ jupyterhub-kubespawner ## Other optional dependencies for additional features pymysql # mysql psycopg2 # postgres -# pycurl 7.45.3 is avoided because https://github.com/pycurl/pycurl/issues/834 -pycurl!=7.45.3 # internal http requests handle more load with pycurl +pycurl # internal http requests handle more load with pycurl sqlalchemy-cockroachdb # cocroachdb statsd # statsd metrics collection (TODO: remove soon, since folks use prometheus) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index d96c4a120a..e8e115f7fb 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -129,7 +129,7 @@ pyasn1==0.5.1 # via ldap3 pycparser==2.21 # via cffi -pycurl==7.45.2 +pycurl==7.45.3 # via -r requirements.in pyjwt[crypto]==2.8.0 # via From 71c2806142e7d0334d0390b0c6540f189b7f615a Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Sat, 23 Mar 2024 16:26:18 +0000 Subject: [PATCH 72/88] Update jupyterhub from 4.1.0 to 4.1.1 --- images/hub/requirements.in | 2 +- images/hub/requirements.txt | 4 ++-- images/singleuser-sample/requirements.in | 2 +- images/singleuser-sample/requirements.txt | 4 ++-- jupyterhub/Chart.yaml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index 93d6591969..f25fdb23af 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.1.0 +jupyterhub==4.1.1 ## Authenticators jupyterhub-firstuseauthenticator>=1 diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index e8e115f7fb..1f8665fc36 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -61,7 +61,7 @@ jsonschema-specifications==2023.12.1 # via jsonschema jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.1.0 +jupyterhub==4.1.1 # via # -r requirements.in # jupyterhub-firstuseauthenticator @@ -164,7 +164,7 @@ requests==2.31.0 # mwoauth # oauthenticator # requests-oauthlib -requests-oauthlib==1.4.0 +requests-oauthlib==2.0.0 # via mwoauth rpds-py==0.18.0 # via diff --git a/images/singleuser-sample/requirements.in b/images/singleuser-sample/requirements.in index 1ceed410a1..c146f7e373 100644 --- a/images/singleuser-sample/requirements.in +++ b/images/singleuser-sample/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.1.0 +jupyterhub==4.1.1 # UI jupyterlab diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 92b533156d..f6dc204ee2 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -141,7 +141,7 @@ jupyter-server-terminals==0.5.3 # via jupyter-server jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.1.0 +jupyterhub==4.1.1 # via -r requirements.in jupyterlab==4.1.5 # via -r requirements.in @@ -166,7 +166,7 @@ nbclassic==1.0.0 # via -r requirements.in nbclient==0.10.0 # via nbconvert -nbconvert==7.16.2 +nbconvert==7.16.3 # via # jupyter-server # nbclassic diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index 5cd3ffa531..843aa0beda 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: jupyterhub version: 0.0.1-set.by.chartpress -appVersion: "4.1.0" +appVersion: "4.1.1" description: Multi-user Jupyter installation keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org From e8d804c11310e410c62f505cefac9243ec4c49da Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sat, 23 Mar 2024 17:47:48 +0100 Subject: [PATCH 73/88] Add changelog for 3.3.3 --- docs/source/changelog.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 515a6a107d..c65a2c18c5 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -17,6 +17,13 @@ changes in pull requests], this list should be updated. ## 3.3 +### 3.3.3 - 2024-03-23 + +#### Maintenance and upkeep improvements + +- Update jupyterhub from 4.1.0 to 4.1.1 [#3375](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3375) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) +- unpin pycurl [#3371](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3371) ([@minrk](https://github.com/minrk), [@consideRatio](https://github.com/consideRatio)) + ### 3.3.2 - 2024-03-20 #### Bugs fixed From afc7fdbcecb5b224eb85f9cade77fa15871505dc Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sat, 23 Mar 2024 18:08:20 +0100 Subject: [PATCH 74/88] Bump to 3.3.3 --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index 352681718d..d28e5b7824 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "3.3.2" + baseVersion: "3.3.3" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index ca55b59153..cba6e97c53 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "3.3.2" +current = "3.3.3" # match our prerelease prefixes # -alpha.1 From 1e0b9298c7eee6d0eb65cca9b54c66774acab6a9 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 25 Mar 2024 19:55:09 +0000 Subject: [PATCH 75/88] Update jupyterhub from 4.1.1 to 4.1.2 --- images/hub/requirements.in | 2 +- images/hub/requirements.txt | 4 ++-- images/singleuser-sample/requirements.in | 2 +- images/singleuser-sample/requirements.txt | 4 ++-- jupyterhub/Chart.yaml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index f25fdb23af..d4058145e3 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.1.1 +jupyterhub==4.1.2 ## Authenticators jupyterhub-firstuseauthenticator>=1 diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 1f8665fc36..82ded976fc 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -61,7 +61,7 @@ jsonschema-specifications==2023.12.1 # via jsonschema jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.1.1 +jupyterhub==4.1.2 # via # -r requirements.in # jupyterhub-firstuseauthenticator @@ -181,7 +181,7 @@ six==1.16.0 # kubernetes-asyncio # onetimepass # python-dateutil -sqlalchemy==2.0.28 +sqlalchemy==2.0.29 # via # alembic # jupyterhub diff --git a/images/singleuser-sample/requirements.in b/images/singleuser-sample/requirements.in index c146f7e373..909477811c 100644 --- a/images/singleuser-sample/requirements.in +++ b/images/singleuser-sample/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.1.1 +jupyterhub==4.1.2 # UI jupyterlab diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index f6dc204ee2..bac51d0131 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -141,7 +141,7 @@ jupyter-server-terminals==0.5.3 # via jupyter-server jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.1.1 +jupyterhub==4.1.2 # via -r requirements.in jupyterlab==4.1.5 # via -r requirements.in @@ -289,7 +289,7 @@ sniffio==1.3.1 # httpx soupsieve==2.5 # via beautifulsoup4 -sqlalchemy==2.0.28 +sqlalchemy==2.0.29 # via # alembic # jupyterhub diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index 843aa0beda..5cfbdbc28f 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: jupyterhub version: 0.0.1-set.by.chartpress -appVersion: "4.1.1" +appVersion: "4.1.2" description: Multi-user Jupyter installation keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org From 7ecc38fe1a7b74ee86055650328d2282c124cb71 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 25 Mar 2024 20:57:58 +0100 Subject: [PATCH 76/88] Add changelog for 3.3.4 --- docs/source/changelog.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index c65a2c18c5..4c0e259e70 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -17,6 +17,12 @@ changes in pull requests], this list should be updated. ## 3.3 +### 3.3.4 - 2024-03-25 + +#### Maintenance and upkeep improvements + +- Update jupyterhub from 4.1.1 to 4.1.2 [#3378](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3378) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) + ### 3.3.3 - 2024-03-23 #### Maintenance and upkeep improvements From 70c2e425c194487c620bc10488d6838dc13cc7c1 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 25 Mar 2024 21:03:50 +0100 Subject: [PATCH 77/88] Bump to 3.3.4 --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index d28e5b7824..e06a994a2f 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "3.3.3" + baseVersion: "3.3.4" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index cba6e97c53..e08a6705de 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "3.3.3" +current = "3.3.4" # match our prerelease prefixes # -alpha.1 From a8352b24cfc302ba43e574afbe468e0b6dc67e70 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Tue, 26 Mar 2024 09:21:58 +0000 Subject: [PATCH 78/88] Update jupyterhub from 4.1.2 to 4.1.3 --- images/hub/requirements.in | 2 +- images/hub/requirements.txt | 2 +- images/singleuser-sample/requirements.in | 2 +- images/singleuser-sample/requirements.txt | 2 +- jupyterhub/Chart.yaml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index d4058145e3..5bda93bb94 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.1.2 +jupyterhub==4.1.3 ## Authenticators jupyterhub-firstuseauthenticator>=1 diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 82ded976fc..3ae0b4ce2d 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -61,7 +61,7 @@ jsonschema-specifications==2023.12.1 # via jsonschema jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.1.2 +jupyterhub==4.1.3 # via # -r requirements.in # jupyterhub-firstuseauthenticator diff --git a/images/singleuser-sample/requirements.in b/images/singleuser-sample/requirements.in index 909477811c..5fa1ade4d7 100644 --- a/images/singleuser-sample/requirements.in +++ b/images/singleuser-sample/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.1.2 +jupyterhub==4.1.3 # UI jupyterlab diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index bac51d0131..21489ec613 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -141,7 +141,7 @@ jupyter-server-terminals==0.5.3 # via jupyter-server jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.1.2 +jupyterhub==4.1.3 # via -r requirements.in jupyterlab==4.1.5 # via -r requirements.in diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index 5cfbdbc28f..87271fd6a2 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: jupyterhub version: 0.0.1-set.by.chartpress -appVersion: "4.1.2" +appVersion: "4.1.3" description: Multi-user Jupyter installation keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org From e7d42148f41b08cbf4a9574dc89e0199fd3579fe Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 26 Mar 2024 10:36:27 +0100 Subject: [PATCH 79/88] Add changelog for 3.3.5 --- docs/source/changelog.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 4c0e259e70..6b6840e3a5 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -17,6 +17,12 @@ changes in pull requests], this list should be updated. ## 3.3 +### 3.3.5 - 2024-03-26 + +#### Maintenance and upkeep improvements + +- Update jupyterhub from 4.1.2 to 4.1.3 [#3381](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3381) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) + ### 3.3.4 - 2024-03-25 #### Maintenance and upkeep improvements From 79e2c9a1517b550c0c8c398d1c018358ba1fa480 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 26 Mar 2024 10:40:33 +0100 Subject: [PATCH 80/88] Fix broken link and repeat 3.0.x post-upgrade action in 3.3.0 --- docs/source/changelog.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 6b6840e3a5..aea77745d1 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -50,6 +50,16 @@ changes in pull requests], this list should be updated. ### 3.3.0 - 2024-03-20 +```{warning} If you are upgrading from 3.0.x +A bug in KubeSpawner 5.0-6.0 present in z2jh 3.0.0-3.0.3 made user server pods +risk be orphaned by JupyterHub, making them run indefinitely and cause +unnecessary cloud costs. + +Read more about how to clean up these user server pods in [this forum post]. + +[this forum post]: https://discourse.jupyter.org/t/how-to-cleanup-orphaned-user-pods-after-bug-in-z2jh-3-0-and-kubespawner-6-0/21677 +``` + This release updates JupyterHub from 4.0.2 to 4.1.0 and OAuthenticator from 16.2.1 to 16.3.0. Both updates provide security patches. For more information, see [JupyterHub's changelog] and [OAuthenticator's changelog]. @@ -108,6 +118,8 @@ risk be orphaned by JupyterHub, making them run indefinitely and cause unnecessary cloud costs. Read more about how to clean up these user server pods in [this forum post]. + +[this forum post]: https://discourse.jupyter.org/t/how-to-cleanup-orphaned-user-pods-after-bug-in-z2jh-3-0-and-kubespawner-6-0/21677 ``` #### Default image registry changed to Quay.io From 6f646002a9abe22227ce3500b3d84030c6e08352 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 26 Mar 2024 10:47:52 +0100 Subject: [PATCH 81/88] docs: fix misc warnings that should be admonitions --- docs/source/administrator/security.md | 4 +++- docs/source/changelog.md | 22 +++++++++++++--------- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/docs/source/administrator/security.md b/docs/source/administrator/security.md index 9b34b041e7..e25c5b4b33 100644 --- a/docs/source/administrator/security.md +++ b/docs/source/administrator/security.md @@ -367,7 +367,9 @@ some extent. | `autohttps` | From pods labelled `hub.jupyter.org/network-access-proxy-http=true` (http(s) proxy ports) | | `singleuser` | From pods labelled `hub.jupyter.org/network-access-singleuser=true` (notebook-port) | -````{warning} Not all functionality summarized above +````{admonition} Not all functionality summarized above +:class: warning + It has been tricky to document the full behavior of these network policies. For in depth details, please for now refer to inspecting the Helm chart's templates and the rendered result given your configuration. diff --git a/docs/source/changelog.md b/docs/source/changelog.md index aea77745d1..fdc03af049 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -50,14 +50,14 @@ changes in pull requests], this list should be updated. ### 3.3.0 - 2024-03-20 -```{warning} If you are upgrading from 3.0.x +```{admonition} If you are upgrading from 3.0.x +:class: warning + A bug in KubeSpawner 5.0-6.0 present in z2jh 3.0.0-3.0.3 made user server pods risk be orphaned by JupyterHub, making them run indefinitely and cause unnecessary cloud costs. Read more about how to clean up these user server pods in [this forum post]. - -[this forum post]: https://discourse.jupyter.org/t/how-to-cleanup-orphaned-user-pods-after-bug-in-z2jh-3-0-and-kubespawner-6-0/21677 ``` This release updates JupyterHub from 4.0.2 to 4.1.0 and OAuthenticator from @@ -112,14 +112,14 @@ See [our definition of contributors](https://github-activity.readthedocs.io/en/l ### 3.2.0 - 2023-11-27 -```{warning} If you are upgrading from 3.0.x +```{admonition} If you are upgrading from 3.0.x +:class: warning + A bug in KubeSpawner 5.0-6.0 present in z2jh 3.0.0-3.0.3 made user server pods risk be orphaned by JupyterHub, making them run indefinitely and cause unnecessary cloud costs. Read more about how to clean up these user server pods in [this forum post]. - -[this forum post]: https://discourse.jupyter.org/t/how-to-cleanup-orphaned-user-pods-after-bug-in-z2jh-3-0-and-kubespawner-6-0/21677 ``` #### Default image registry changed to Quay.io @@ -173,15 +173,17 @@ See [our definition of contributors](https://github-activity.readthedocs.io/en/l ### 3.1.0 - 2023-09-29 -```{warning} Post-upgrade action recommended +```{admonition} Post-upgrade action recommended +:class: warning + A bug in KubeSpawner 5.0-6.0 present in z2jh 3.0.0-3.0.3 made user server pods risk be orphaned by JupyterHub, making them run indefinitely and cause unnecessary cloud costs. Read more about how to clean up these user server pods in [this forum post]. +``` [this forum post]: https://discourse.jupyter.org/t/how-to-cleanup-orphaned-user-pods-after-bug-in-z2jh-3-0-and-kubespawner-6-0/21677 -``` #### Notable dependencies updated @@ -258,7 +260,9 @@ See [our definition of contributors](https://github-activity.readthedocs.io/en/l This release updates JupyterHub itself and several dependencies to a new major version, please read the breaking changes below before upgrading. -```{warning} Breaking changes since beta releases +```{admonition} Breaking changes since beta releases +:class: warning + Since 3.0.0-beta.1 OAuthenticator was upgraded, and since 3.0.0-beta.3 default networking rules related to establishing connections to DNS ports changed slightly. From e2661d6146de2900af775c4f87cd75e38d7806fd Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 26 Mar 2024 11:02:06 +0100 Subject: [PATCH 82/88] Bump to 3.3.5 --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index e06a994a2f..941f2fd8b3 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "3.3.4" + baseVersion: "3.3.5" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index e08a6705de..4d532cd7f4 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "3.3.4" +current = "3.3.5" # match our prerelease prefixes # -alpha.1 From b059fc7eb8ba93850fa741545e2510ef124164ca Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Sat, 30 Mar 2024 09:27:52 +0000 Subject: [PATCH 83/88] Update jupyterhub from 4.1.3 to 4.1.4 --- images/hub/requirements.in | 2 +- images/hub/requirements.txt | 4 ++-- images/singleuser-sample/requirements.in | 2 +- images/singleuser-sample/requirements.txt | 8 ++++---- jupyterhub/Chart.yaml | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index 5bda93bb94..38688a6203 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.1.3 +jupyterhub==4.1.4 ## Authenticators jupyterhub-firstuseauthenticator>=1 diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 3ae0b4ce2d..058aab105e 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -61,7 +61,7 @@ jsonschema-specifications==2023.12.1 # via jsonschema jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.1.3 +jupyterhub==4.1.4 # via # -r requirements.in # jupyterhub-firstuseauthenticator @@ -125,7 +125,7 @@ prometheus-client==0.20.0 # via jupyterhub psycopg2==2.9.9 # via -r requirements.in -pyasn1==0.5.1 +pyasn1==0.6.0 # via ldap3 pycparser==2.21 # via cffi diff --git a/images/singleuser-sample/requirements.in b/images/singleuser-sample/requirements.in index 5fa1ade4d7..213d6601e7 100644 --- a/images/singleuser-sample/requirements.in +++ b/images/singleuser-sample/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.1.3 +jupyterhub==4.1.4 # UI jupyterlab diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 21489ec613..1a199ca355 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -67,7 +67,7 @@ greenlet==3.0.3 # via sqlalchemy h11==0.14.0 # via httpcore -httpcore==1.0.4 +httpcore==1.0.5 # via httpx httpx==0.27.0 # via jupyterlab @@ -77,7 +77,7 @@ idna==3.6 # httpx # jsonschema # requests -ipykernel==6.29.3 +ipykernel==6.29.4 # via # jupyterlab # nbclassic @@ -141,7 +141,7 @@ jupyter-server-terminals==0.5.3 # via jupyter-server jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.1.3 +jupyterhub==4.1.4 # via -r requirements.in jupyterlab==4.1.5 # via -r requirements.in @@ -176,7 +176,7 @@ nbformat==5.10.3 # nbclassic # nbclient # nbconvert -nbgitpuller==1.2.0 +nbgitpuller==1.2.1 # via -r requirements.in nest-asyncio==1.6.0 # via diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index 87271fd6a2..180ccf9646 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: jupyterhub version: 0.0.1-set.by.chartpress -appVersion: "4.1.3" +appVersion: "4.1.4" description: Multi-user Jupyter installation keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org From 419e3bc4fd6d54a0b04b78afa68a13556b08dd10 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sat, 30 Mar 2024 10:39:42 +0100 Subject: [PATCH 84/88] Add changelog for 3.3.6 --- docs/source/changelog.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index fdc03af049..8784bb8ecc 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -17,6 +17,10 @@ changes in pull requests], this list should be updated. ## 3.3 +### 3.3.6 - 2024-03-30 + +- Update jupyterhub from 4.1.3 to 4.1.4 [#3384](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3384) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) + ### 3.3.5 - 2024-03-26 #### Maintenance and upkeep improvements From 8b01f56d5471ad4b98c4878d6d414447f3ba8dc4 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sat, 30 Mar 2024 10:44:42 +0100 Subject: [PATCH 85/88] Bump to 3.3.6 --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index 941f2fd8b3..feea0e834a 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "3.3.5" + baseVersion: "3.3.6" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index 4d532cd7f4..81f54b2059 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "3.3.5" +current = "3.3.6" # match our prerelease prefixes # -alpha.1 From b5bbc93a001a1913693826c2f62b3c9059649011 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Fri, 5 Apr 2024 05:10:15 +0000 Subject: [PATCH 86/88] Update jupyterhub from 4.1.4 to 4.1.5 --- images/hub/requirements.in | 2 +- images/hub/requirements.txt | 4 ++-- images/singleuser-sample/requirements.in | 2 +- images/singleuser-sample/requirements.txt | 9 +++++---- jupyterhub/Chart.yaml | 2 +- 5 files changed, 10 insertions(+), 9 deletions(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index 38688a6203..41ef707070 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.1.4 +jupyterhub==4.1.5 ## Authenticators jupyterhub-firstuseauthenticator>=1 diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 058aab105e..ea50d526f9 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -61,7 +61,7 @@ jsonschema-specifications==2023.12.1 # via jsonschema jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.1.4 +jupyterhub==4.1.5 # via # -r requirements.in # jupyterhub-firstuseauthenticator @@ -127,7 +127,7 @@ psycopg2==2.9.9 # via -r requirements.in pyasn1==0.6.0 # via ldap3 -pycparser==2.21 +pycparser==2.22 # via cffi pycurl==7.45.3 # via -r requirements.in diff --git a/images/singleuser-sample/requirements.in b/images/singleuser-sample/requirements.in index 213d6601e7..482ca69598 100644 --- a/images/singleuser-sample/requirements.in +++ b/images/singleuser-sample/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.1.4 +jupyterhub==4.1.5 # UI jupyterlab diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 1a199ca355..9f8249e52d 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -81,7 +81,7 @@ ipykernel==6.29.4 # via # jupyterlab # nbclassic -ipython==8.22.2 +ipython==8.23.0 # via ipykernel ipython-genutils==0.2.0 # via nbclassic @@ -141,7 +141,7 @@ jupyter-server-terminals==0.5.3 # via jupyter-server jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.1.4 +jupyterhub==4.1.5 # via -r requirements.in jupyterlab==4.1.5 # via -r requirements.in @@ -170,7 +170,7 @@ nbconvert==7.16.3 # via # jupyter-server # nbclassic -nbformat==5.10.3 +nbformat==5.10.4 # via # jupyter-server # nbclassic @@ -223,7 +223,7 @@ ptyprocess==0.7.0 # terminado pure-eval==0.2.2 # via stack-data -pycparser==2.21 +pycparser==2.22 # via cffi pygments==2.17.2 # via @@ -334,6 +334,7 @@ types-python-dateutil==2.9.0.20240316 typing-extensions==4.10.0 # via # alembic + # ipython # sqlalchemy uri-template==1.3.0 # via jsonschema diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index 180ccf9646..566ea37abf 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: jupyterhub version: 0.0.1-set.by.chartpress -appVersion: "4.1.4" +appVersion: "4.1.5" description: Multi-user Jupyter installation keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org From bb4df6a19b7f42c634e0103eb163a99bae635700 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 9 Apr 2024 07:13:42 +0200 Subject: [PATCH 87/88] Add changelog for 3.3.7 --- docs/source/changelog.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 8784bb8ecc..02cf5d9e97 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -17,6 +17,10 @@ changes in pull requests], this list should be updated. ## 3.3 +### 3.3.7 - 2024-04-09 + +- Update jupyterhub from 4.1.4 to 4.1.5 [#3390](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3390) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) + ### 3.3.6 - 2024-03-30 - Update jupyterhub from 4.1.3 to 4.1.4 [#3384](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3384) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) From 71ecf69f2f04ae5426ab7602c2844499b36bfc66 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 9 Apr 2024 07:16:12 +0200 Subject: [PATCH 88/88] Bump to 3.3.7 --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index feea0e834a..3585b56cc0 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "3.3.6" + baseVersion: "3.3.7" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index 81f54b2059..3d02494da0 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "3.3.6" +current = "3.3.7" # match our prerelease prefixes # -alpha.1