Anaconda: Update 'cookiecutter' python package due to CVE-2022-24065 (#238)

* Anaconda: Patch

* Patch

* update utils

Author: samruddhikhandale

src/anaconda/.devcontainer/Dockerfile

@@ -56,6 +56,10 @@ RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
 # 'joblib' is installed by the base image (continuumio/anaconda3) which does not have the patch.
 RUN python3 -m pip install --upgrade joblib
 
+# Temporary: Upgrade 'cookiecutter' due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24065
+# 'cookiecutter' is installed by the base image (continuumio/anaconda3) which does not have the patch.
+RUN python3 -m pip install --upgrade cookiecutter
+
 # Copy environment.yml (if found) to a temp locaition so we update the environment. Also
 # copy "noop.txt" so the COPY instruction does not fail if no environment.yml exists.
 # COPY environment.yml* .devcontainer/noop.txt /tmp/conda-tmp/

src/anaconda/manifest.json

@@ -24,7 +24,8 @@
 			"Oh My Zsh!": "/home/vscode/.oh-my-zsh"
 		},
 		"pip": [
-			"joblib"
+			"joblib",
+			"cookiecutter"
 		],
 		"other": {
 			"conda": {

src/anaconda/test-project/test.sh

@@ -25,5 +25,9 @@ joblib_version=$(python -c "import joblib; print(joblib.__version__)")
 check "joblib" bash -c "echo ${joblib_version}" 
 check-version-ge "joblib-requirement" "${joblib_version}" "1.2.0"
 
+cookiecutter_version=$(python -c "import cookiecutter; print(cookiecutter.__version__)")
+check "cookiecutter" bash -c "echo ${cookiecutter}" 
+check-version-ge "cookiecutter-requirement" "${cookiecutter_version}" "2.1.1"
+
 # Report result
 reportResults