[universal] - Fixing multiple vulnerability issues (#1509)

* [universal] - Fixing multiple vulnerability issues

* Doing a major version bump as per suggestion.

* Updating readme file wih correct major version.

---------

Co-authored-by: Álvaro Rausell Guiard <33221237+AlvaroRausell@users.noreply.github.com>

Author: Kaniska244

src/universal/.devcontainer/devcontainer.json

@@ -11,8 +11,8 @@
         },
         "ghcr.io/devcontainers/features/dotnet:2": {
             "version": "8.0",
-            "dotnetRuntimeVersions": "7.0", 
-            "aspNetCoreRuntimeVersions": "7.0"
+            "dotnetRuntimeVersions": "9.0", 
+            "aspNetCoreRuntimeVersions": "9.0"
         },
         "ghcr.io/devcontainers/features/hugo:1": {
             "version": "latest"

src/universal/.devcontainer/local-features/patch-conda/install.sh

@@ -51,8 +51,17 @@ sudo_if /opt/conda/bin/python3 -m pip install --upgrade pip
 # Temporary: Upgrade python packages due to security vulnerabilities
 # They are installed by the conda feature and Conda distribution does not have the patches.
 
-# https://github.com/advisories/GHSA-v8gr-m533-ghj9
-update_python_package /opt/conda/bin/python3 cryptography "41.0.4"
+# https://github.com/advisories/GHSA-h4gh-qq45-vh27
+update_python_package /opt/conda/bin/python3 cryptography "43.0.1"
 
-# https://github.com/advisories/GHSA-v845-jxx5-vc9f
-update_conda_package urllib3 "1.26.18"
+# https://github.com/advisories/GHSA-34jh-p97f-mpxf
+update_conda_package urllib3 "1.26.19"
+
+# https://github.com/advisories/GHSA-9hjg-9r4m-mvj7
+update_conda_package requests "2.32.4"
+
+# https://github.com/advisories/GHSA-5rjg-fvgr-3xxf
+update_conda_package setuptools "78.1.1"
+
+# https://github.com/advisories/GHSA-g7vv-2v7x-gj9p
+update_python_package /opt/conda/bin/python3 tqdm "4.66.3"

src/universal/README.md

@@ -27,9 +27,9 @@ The container includes the `zsh` (and Oh My Zsh!) and `fish` shells that you can
 You can decide how often you want updates by referencing a [semantic version](https://semver.org/) of each image.
 For example:
 
-- `mcr.microsoft.com/devcontainers/universal:3-noble`
-- `mcr.microsoft.com/devcontainers/universal:3.0-noble`
-- `mcr.microsoft.com/devcontainers/universal:3.0.0-noble`
+- `mcr.microsoft.com/devcontainers/universal:4-noble`
+- `mcr.microsoft.com/devcontainers/universal:4.0-noble`
+- `mcr.microsoft.com/devcontainers/universal:4.0.0-noble`
 
 See [history](history) for information on the contents of each version and [here for a complete list of available tags](https://mcr.microsoft.com/v2/devcontainers/universal/tags/list).
 
@@ -47,7 +47,7 @@ Access to the Anaconda repository is covered by the [Anaconda Terms of Service](
 
 While the image itself works unmodified, you can also directly reference pre-built versions of `Dockerfile` by using the `image` property in `.devcontainer/devcontainer.json` or updating the `FROM` statement in your own `Dockerfile` to:
 
-`mcr.microsoft.com/devcontainers/universal:2-linux`
+`mcr.microsoft.com/devcontainers/universal:4-linux`
 
 Alternatively, you can use the contents of [.devcontainer](.devcontainer) to fully customize your container's contents or to build it for a container host architecture not supported by the image.
 

src/universal/manifest.json

@@ -1,5 +1,5 @@
 {
-	"version": "3.0.3",
+	"version": "4.0.0",
 	"build": {
 		"latest": true,
 		"rootDistro": "debian",