> ## Documentation Index
> Fetch the complete documentation index at: https://docs.nx1cloud.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Non-web portal users

> nx1-deployer `v1.10.x` release notes for non-web portal users, covering security fixes and dependency upgrades across platform images.

<Note>nx1-deployer image `v1.10.x`</Note>

The February 2026 release for non-web portal users highlights vulnerability bug fixes in the following:

* Client portal image
* JupyterHub app image
* NexusOne deployer image

This release also highlights upgrades to JupyterHub and some dependencies in the ai-api image.

## Bug fixes

Fixes to issues affecting apps or features on the NexusOne platform.

### Client-portal image

Addressed vulnerabilities by upgrading system and npm-level dependencies, such as:

```yaml theme={null}
npm@latest
tar@7.5.8
glob@11.1.0
diff@8.0.3
```

These upgrades do the following:

* Resolved vulnerabilities reported in dependency scanning results
* Ensured compatibility with the existing application build process
* Applied necessary `apk` package updates to eliminate OS-level CVEs

### JupyterHub

They were NexusOne customer reports of nested dependency vulnerabilities within the JupyterHub
app. Nested dependencies, also known as transitive dependencies, are packages that aren't directly
installed by a project, but required by other dependencies within the dependency tree.

Explicit pinning of specific npm dependencies to secure versions addresses the remaining vulnerabilities.

To enforce these secure versions and ensure consistent, safe dependency resolution across the
entire dependency tree, the NexusOne team added the following packages to the `resolutions` field of the
`package.json` file:

```yaml theme={null}
verdaccio: 6.2.9
brace-expansion: 5.0.3
path-to-regexp: 0.1.12
validator: 13.15.22
form-data: 4.0.4
@babel/runtime: 7.26.10
vega: 6.2.0
vega-functions: 6.1.1
vega-expression: ^6.1.0
tar: 7.5.7
diff: 8.0.3
html-minifier-terser: 7.2.0
lodash: 4.17.23
```

Indirect dependency upgrades bundled in the base JupyterHub image update address the remaining pip
and JAR-related vulnerabilities reported by customers.

### nx1-ai-api image

Upgraded `pip` and the following Python packages to secure versions:

```yaml theme={null}
fastapi==0.129.0
filelock==3.20.3
setuptools==82.0.0
starlette>=0.52.1
urllib3==2.6.3
cryptography==46.0.5
pillow==12.1.1
```

These upgrades do the following:

* Fixes reported CVEs affecting the app runtime and transitive dependencies
* Ensured compatibility with the existing Python `v3.12` runtime

## Upgrades

Version upgrades to existing apps on the NexusOne platform.

### JupyterHub

JupyterHub contains the following new releases:

* Upgraded the Jupyter base image from `v5.2` to `v5.4`
* Updated the JupyterHub Dockerfile accordingly to reflect the new base image
* Explicitly ensured the environment remains on Python `v3.12`, to prevent unintended
  upgrades to Python 3.13
* The upgrade to JupyterHub `v5.4` resolves multiple underlying dependency vulnerabilities
  inherited from the previous base image

### nx1-deployer image

The nx1-deployer image upgrade does the following:

* Upgraded the Terraform binary to a newer stable version
* Updated Terraform providers to align with the upgraded Terraform binary version
* Upgraded Helm to the latest stable version
* Resolved all reported infrastructure tooling vulnerabilities in the image
