Skip to main content
The February 2026 release for non-web portal users highlights vulnerability bug fixes in the following:
  • Client portal image
  • JupyterHub app image
  • NexusOne deployer image
This release also highlights upgrades to JupyterHub and some dependencies in the ai-api image.

Bugs

Fixes to issues affecting apps or features on the NexusOne platform.

Client-portal image

Addressed vulnerabilities by upgrading system and npm-level dependencies, such as: 
npm@latest
tar@7.5.8
glob@11.1.0
diff@8.0.3
These upgrades do the following:
  • Resolved vulnerabilities reported in dependency scanning results
  • Ensured compatibility with the existing application build process
  • Applied necessary apk package updates to eliminate OS-level CVEs

JupyterHub

They were NexusOne customer reports of nested dependency vulnerabilities within the JupyterHub app. Nested dependencies, also known as transitive dependencies, are packages that aren’t directly installed by a project, but required by other dependencies within the dependency tree. Explicit pinning of specific npm dependencies to secure versions addresses the remaining vulnerabilities. To enforce these secure versions and ensure consistent, safe dependency resolution across the entire dependency tree, the NexusOne team added the following packages to the resolutions field of the package.json file: 
verdaccio: 6.2.9
brace-expansion: 5.0.3
path-to-regexp: 0.1.12
validator: 13.15.22
form-data: 4.0.4
@babel/runtime: 7.26.10
vega: 6.2.0
vega-functions: 6.1.1
vega-expression: ^6.1.0
tar: 7.5.7
diff: 8.0.3
html-minifier-terser: 7.2.0
lodash: 4.17.23
Indirect dependency upgrades bundled in the base JupyterHub image update address the remaining pip and JAR-related vulnerabilities reported by customers.

nx1-ai-api image

Upgraded pip and the following Python packages to secure versions: 
fastapi==0.129.0
filelock==3.20.3
setuptools==82.0.0
starlette>=0.52.1
urllib3==2.6.3
cryptography==46.0.5
pillow==12.1.1
These upgrades do the following:
  • Fixes reported CVEs affecting the app runtime and transitive dependencies
  • Ensured compatibility with the existing Python v3.12 runtime

Upgrades

Version upgrades to existing apps on the NexusOne platform.

JupyterHub

JupyterHub contains the following new releases:
  • Upgraded the Jupyter base image from v5.2 to v5.4
  • Updated the JupyterHub Dockerfile accordingly to reflect the new base image
  • Explicitly ensured the environment remains on Python v3.12, to prevent unintended upgrades to Python 3.13
  • The upgrade to JupyterHub v5.4 resolves multiple underlying dependency vulnerabilities inherited from the previous base image

nx1-deployer image

The nx1-deployer image upgrade does the following:
  • Upgraded the Terraform binary to a newer stable version
  • Updated Terraform providers to align with the upgraded Terraform binary version
  • Upgraded Helm to the latest stable version
  • Resolved all reported infrastructure tooling vulnerabilities in the image