[anaconda] Update cryptography package due to GHSA-jm77-qphf-c4w8 (#744)

alexander-smolyakov · web-flow · commit 1e46f1cb5917 · 2023-09-12T10:39:26.000-07:00
* Bump `cryptography` package version

* Update tests
diff --git a/src/anaconda/.devcontainer/Dockerfile b/src/anaconda/.devcontainer/Dockerfile
@@ -6,9 +6,10 @@ RUN . /etc/os-release && if [ "${VERSION_CODENAME}" != "bullseye" ]; then exit 1
 # Temporary: Upgrade python packages due to mentioned CVEs
 # They are installed by the base image (continuumio/anaconda3) which does not have the patch.
 RUN conda install \ 
-    # https://github.com/advisories/GHSA-5cpq-8wj7-hf2v
+    # pyopenssl should be updated to be compatible with latest version of cryptography
     pyopenssl=23.2.0 \ 
-    cryptography=41.0.2 \
+    # https://github.com/advisories/GHSA-jm77-qphf-c4w8
+    cryptography=41.0.3 \
     # https://github.com/advisories/GHSA-j8r2-6x86-q33q
     requests=2.31.0 \
     # https://github.com/advisories/GHSA-f865-m6cq-j9vx
diff --git a/src/anaconda/test-project/test.sh b/src/anaconda/test-project/test.sh
@@ -40,7 +40,7 @@ checkPythonPackageVersion "nbconvert" "6.5.1"
 checkPythonPackageVersion "werkzeug" "2.2.3"
 checkPythonPackageVersion "certifi" "2022.12.07"
 checkPythonPackageVersion "requests" "2.31.0"
-checkPythonPackageVersion "cryptography" "41.0.2"
+checkPythonPackageVersion "cryptography" "41.0.3"
 checkPythonPackageVersion "torch" "1.13.1"
 checkPythonPackageVersion "transformers" "4.30.0"
 checkPythonPackageVersion "mpmath" "1.3.0"
@@ -51,7 +51,7 @@ tornado_version=$(python -c "import tornado; print(tornado.version)")
 check-version-ge "tornado-requirement" "${tornado_version}" "6.3.3"
 
 checkCondaPackageVersion "pyopenssl" "23.2.0"
-checkCondaPackageVersion "cryptography" "41.0.2"
+checkCondaPackageVersion "cryptography" "41.0.3"
 checkCondaPackageVersion "requests" "2.31.0"
 checkCondaPackageVersion "pygments" "2.15.1"
 checkCondaPackageVersion "mpmath" "1.3.0"
