[Anaconda] Update cryptography package due to GHSA-jfhm-5ghh-2f97 (#901)

gauravsaini04 · web-flow · commit 5bef10a5d473 · 2024-01-04T09:23:03.000-08:00
diff --git a/src/anaconda/.devcontainer/Dockerfile b/src/anaconda/.devcontainer/Dockerfile
@@ -11,7 +11,9 @@ RUN conda install \
     # https://github.com/advisories/GHSA-j7hp-h8jx-5ppr
     pillow=10.0.1 \
     # https://github.com/advisories/GHSA-v845-jxx5-vc9f
-    urllib3==1.26.18
+    urllib3==1.26.18 \
+    # https://github.com/advisories/GHSA-jfhm-5ghh-2f97
+    cryptography==41.0.7
 
 RUN python3 -m pip install --upgrade \
     # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21797
diff --git a/src/anaconda/test-project/test.sh b/src/anaconda/test-project/test.sh
@@ -40,7 +40,7 @@ checkPythonPackageVersion "nbconvert" "6.5.1"
 checkPythonPackageVersion "werkzeug" "2.2.3"
 checkPythonPackageVersion "certifi" "2022.12.07"
 checkPythonPackageVersion "requests" "2.31.0"
-checkPythonPackageVersion "cryptography" "41.0.3"
+checkPythonPackageVersion "cryptography" "41.0.7"
 checkPythonPackageVersion "transformers" "4.36.0"
 checkPythonPackageVersion "mpmath" "1.3.0"
 checkPythonPackageVersion "aiohttp" "3.9.0"
@@ -49,7 +49,7 @@ checkPythonPackageVersion "tornado" "6.3.3"
 checkPythonPackageVersion "pyarrow" "14.0.1"
 
 checkCondaPackageVersion "pyopenssl" "23.2.0"
-checkCondaPackageVersion "cryptography" "41.0.3"
+checkCondaPackageVersion "cryptography" "41.0.7"
 checkCondaPackageVersion "requests" "2.31.0"
 checkCondaPackageVersion "pygments" "2.15.1"
 checkCondaPackageVersion "mpmath" "1.3.0"
