[Anaconda] Update transformers pkg due to GHSA-v68g-wm8c-6x7j vulnerability (#906)

gauravsaini04 · bhupendra-vaishnav · joshaber · gauravsaini04 · commit a035ea94643c · 2024-01-04T03:17:41.000Z
* [Anaconda] Update aiohttp due to GHSA-gfw2-4jvh-wgfg:aiohttp * [Anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability (#889) * [Anaconda] Update aiohttp due to GHSA-gfw2-4jvh-wgfg:aiohttp * [anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability * Update Dockerfile * [anaconda] Python (Pip) Security Update for pyarrow (GHSA-5wvp-7f3h-6wmm) (#893) * Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm * Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm * [Anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability (#889) * [Anaconda] Update aiohttp due to GHSA-gfw2-4jvh-wgfg:aiohttp * [anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability * Update Dockerfile * Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm * Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm * removed package-lock.json as its not require --------- Co-authored-by: gauravsaini04 <147703805+gauravsaini04@users.noreply.github.com> * Remove deprecated Ruby extension (#894) * Replace deprecated Ruby extension * Remove the extension since the feature is already installing it * Update devcontainer.json * [Anaconda] Address Transformers GHSA-v68g-wm8c-6x7j vulnerability --------- Co-authored-by: bhupendra-vaishnav <148317470+bhupendra-vaishnav@users.noreply.github.com> Co-authored-by: Josh Abernathy <josh@github.com>
diff --git a/src/anaconda/.devcontainer/Dockerfile b/src/anaconda/.devcontainer/Dockerfile
@@ -33,7 +33,9 @@ RUN python3 -m pip install --upgrade \
     # https://github.com/advisories/GHSA-r726-vmfq-j9j3 
     jupyter_server==2.7.2 \
     # https://github.com/advisories/GHSA-5wvp-7f3h-6wmm
-    pyarrow==14.0.1
+    pyarrow==14.0.1 \
+    # https://github.com/advisories/GHSA-v68g-wm8c-6x7j
+    transformers==4.36.0
 
 # Reset and copy updated files with updated privs to keep image size down
 FROM mcr.microsoft.com/devcontainers/base:1-bullseye
diff --git a/src/anaconda/test-project/test.sh b/src/anaconda/test-project/test.sh
@@ -41,7 +41,7 @@ checkPythonPackageVersion "werkzeug" "2.2.3"
 checkPythonPackageVersion "certifi" "2022.12.07"
 checkPythonPackageVersion "requests" "2.31.0"
 checkPythonPackageVersion "cryptography" "41.0.7"
-checkPythonPackageVersion "transformers" "4.30.0"
+checkPythonPackageVersion "transformers" "4.36.0"
 checkPythonPackageVersion "mpmath" "1.3.0"
 checkPythonPackageVersion "aiohttp" "3.9.0"
 checkPythonPackageVersion "jupyter_server" "2.7.2"
