From b18550c33cc4acd721fa4792b13bda005dea054b Mon Sep 17 00:00:00 2001
From: vladd-bit <vlad.a.dinu@gmail.com>
Date: Thu, 30 Oct 2025 21:32:52 +0000
Subject: [PATCH 1/7] Pinning requirements.txt

---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 9a9f5bf..85818a8 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -3,7 +3,7 @@ virtualenv==20.31.2
 ipywidgets==8.1.7
 requests>=2.32.2
 jupyter==1.1.1
-jupyterlab>=4.2.7  
+jupyterlab>=4.0.0
 jupyterlab_widgets==3.0.15
 jupyter_contrib_core==0.4.2
 jupyter_contrib_nbextensions==0.7.0

From 95b3d892a2c873b3e4a13ee1f35cf8ce7aac88b3 Mon Sep 17 00:00:00 2001
From: vladd-bit <vlad.a.dinu@gmail.com>
Date: Thu, 30 Oct 2025 21:35:57 +0000
Subject: [PATCH 2/7] Singleuser dockerfile update.

---
 Dockerfile_singleuser | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile_singleuser b/Dockerfile_singleuser
index 843106e..2aeb413 100644
--- a/Dockerfile_singleuser
+++ b/Dockerfile_singleuser
@@ -216,7 +216,7 @@ COPY ./requirements.txt /srv/jupyterhub/
 RUN if [ "$GPU_BUILD" = "true" ] && [ "$CPU_ARCHITECTURE" = "amd64" ]; then \
       uv pip install --system --no-cache-dir -r /srv/jupyterhub/requirements.txt ; \
     else \
-      uv pip install --system --no-cache-dir -r /srv/jupyterhub/requirements.txt --extra-index-url https://download.pytorch.org/whl/cpu/ ; \
+      uv pip install --system --no-cache-dir -r /srv/jupyterhub/requirements.txt ; \
     fi
 
 #######################################################################################################

From fad6756d15f4d1b27dc7dd946ec912b78efd0b54 Mon Sep 17 00:00:00 2001
From: vladd-bit <vlad.a.dinu@gmail.com>
Date: Thu, 30 Oct 2025 21:48:27 +0000
Subject: [PATCH 3/7] Docker compose update (prod).

---
 docker/docker-compose.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
index 03f1bd1..39423cf 100644
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -18,8 +18,7 @@ services:
       - jupyter-hub-shared-scratch:/home/jovyan/scratch
       - jupyter-hub-vol:/srv/jupyterhub
       # Security configs
-      - ./${DEFAULT_SECURITY_DIR:-../security/}root-ca.key:/srv/jupyterhub/root-ca.key:ro
-      - ./${DEFAULT_SECURITY_DIR:-../security/}root-ca.pem:/srv/jupyterhub/root-ca.pem:ro
+      - ./${DEFAULT_SECURITY_DIR:-../security/}:/srv/jupyterhub/security:ro
       - ../config/jupyterhub_cookie_secret:/srv/jupyterhub/jupyterhub_cookie_secret:ro
       # User list and jupyter config
       - ../config/jupyterhub_config.py:/srv/jupyterhub/jupyterhub_config.py:ro

From f0cca92c166e25952521b4fb862214278b716bd7 Mon Sep 17 00:00:00 2001
From: vladd-bit <vlad.a.dinu@gmail.com>
Date: Thu, 30 Oct 2025 22:14:00 +0000
Subject: [PATCH 4/7] Fix volume mounts for users (use fixed name (backwards
 compatibility).

---
 config/jupyterhub_config.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/jupyterhub_config.py b/config/jupyterhub_config.py
index 3998639..6dc6051 100755
--- a/config/jupyterhub_config.py
+++ b/config/jupyterhub_config.py
@@ -106,7 +106,7 @@ class LocalNativeAuthenticator(NativeAuthenticator, LocalAuthenticator):
 class DockerSpawner(dockerspawner.DockerSpawner):
     def start(self):
         # username is self.user.name
-        #self.volumes = {"jupyterhub-user-{}".format(self.user.name): NOTEBOOK_DIR}
+        self.volumes = {"jupyterhub-user-{}".format(self.user.name): NOTEBOOK_DIR}
 
         # Mount the real users Docker volume on the host to the notebook user"s
         # # notebook directory in the container

From 9230cb62ccd5a3b7f6b5d322bb364a3c518b9957 Mon Sep 17 00:00:00 2001
From: vladd-bit <vlad.a.dinu@gmail.com>
Date: Thu, 30 Oct 2025 23:54:11 +0000
Subject: [PATCH 5/7] R kernel install updates.

---
 scripts/r_kernel_install.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/scripts/r_kernel_install.sh b/scripts/r_kernel_install.sh
index 2a3c619..c10b2e7 100755
--- a/scripts/r_kernel_install.sh
+++ b/scripts/r_kernel_install.sh
@@ -33,7 +33,6 @@ install.packages(
        )
 
 install.packages("lme4")
-install.packages("survminer")
 install.packages("nloptr")
 install.packages('IRkernel')
 

From 59a0e4cf2f0133e83c752682162d948c2a1e2b7f Mon Sep 17 00:00:00 2001
From: vladd-bit <vlad.a.dinu@gmail.com>
Date: Fri, 31 Oct 2025 14:34:00 +0000
Subject: [PATCH 6/7] Requirements revert.

---
 requirements.txt | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 85818a8..f5afabd 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,9 +1,11 @@
 wheel==0.45.1
+
+
 virtualenv==20.31.2
 ipywidgets==8.1.7
 requests>=2.32.2
 jupyter==1.1.1
-jupyterlab>=4.0.0
+jupyterlab>=4.2.0
 jupyterlab_widgets==3.0.15
 jupyter_contrib_core==0.4.2
 jupyter_contrib_nbextensions==0.7.0
@@ -42,12 +44,11 @@ PyYAML==6.0.2
 opencv-python==4.11.0.86
 plotly==6.1.1
 click==8.2.1
-torchvision>=0.20.1
 traitlets==5.14.3
 xnat>=0.5.2
 
 # ES stack
-opensearch-py>=2.0.0
+opensearch-py>=2.8.0
 
 # code utils
 ruff==0.12.12

From 35c55b7482098726b89a8a66fb3c6767edf557a8 Mon Sep 17 00:00:00 2001
From: vladd-bit <vlad.a.dinu@gmail.com>
Date: Fri, 31 Oct 2025 14:37:25 +0000
Subject: [PATCH 7/7] Added workflow permissions.

---
 .github/workflows/docker-build.yml   | 3 +++
 .github/workflows/submodule_sync.yml | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
index a12d8eb..f764050 100755
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -1,5 +1,8 @@
 name: docker-jupyter-hub-all
 
+permissions:
+  contents: read
+
 on:
   push:
     branches: ['**']
diff --git a/.github/workflows/submodule_sync.yml b/.github/workflows/submodule_sync.yml
index f14dcb8..e85aab4 100755
--- a/.github/workflows/submodule_sync.yml
+++ b/.github/workflows/submodule_sync.yml
@@ -1,5 +1,8 @@
 name: submodules-sync
 
+permissions:
+  contents: read
+
 on:
   push:
     branches: ['**']