Anaconda: Update 'mistune' python package due CVE-2022-34749 (#247)

* Anaconda: Patch

* Patch

* cyprography patch

* Update link

* Anaconda: Update 'mistune' python package due CVE-2022-34749

Author: samruddhikhandale

src/anaconda/.devcontainer/Dockerfile

@@ -52,17 +52,17 @@ RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
     && usermod -aG conda ${USERNAME} \
     && apt-get clean -y && rm -rf /var/lib/apt/lists/* /tmp/library-scripts/add-notice.sh
 
-# Temporary: Upgrade 'joblib' due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21797
-# 'joblib' is installed by the base image (continuumio/anaconda3) which does not have the patch.
-RUN python3 -m pip install --upgrade joblib
-
-# Temporary: Upgrade 'cookiecutter' due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24065
-# 'cookiecutter' is installed by the base image (continuumio/anaconda3) which does not have the patch.
-RUN python3 -m pip install --upgrade cookiecutter
-
-# Temporary: Upgrade 'cryptography' due to https://github.com/advisories/GHSA-39hc-v87j-747x
-# 'cryptography' is installed by the base image (continuumio/anaconda3) which does not have the patch.
-RUN python3 -m pip install --upgrade cryptography
+# Temporary: Upgrade python packages due to mentioned CVEs
+# They are installed by the base image (continuumio/anaconda3) which does not have the patch.
+RUN python3 -m pip install \
+    # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21797
+    --upgrade joblib \
+    # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24065
+    cookiecutter \
+    # https://github.com/advisories/GHSA-39hc-v87j-747x
+    cryptography \
+    # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34749
+    mistune
 
 # Copy environment.yml (if found) to a temp locaition so we update the environment. Also
 # copy "noop.txt" so the COPY instruction does not fail if no environment.yml exists.

src/anaconda/manifest.json

@@ -26,7 +26,8 @@
 		"pip": [
 			"joblib",
 			"cookiecutter",
-			"cryptography"
+			"cryptography",
+			"mistune"
 		],
 		"other": {
 			"conda": {

src/anaconda/test-project/test.sh

@@ -18,20 +18,19 @@ check "pycodestyle" pycodestyle --version
 check "nvm" bash -c ". /usr/local/share/nvm/nvm.sh && nvm --version"
 
 git_version=$(git --version)
-check "git" bash -c "echo ${git_version}" 
 check-version-ge "git-requirement" "${git_version}" "git version 2.38.1"
 
 joblib_version=$(python -c "import joblib; print(joblib.__version__)")
-check "joblib" bash -c "echo ${joblib_version}" 
 check-version-ge "joblib-requirement" "${joblib_version}" "1.2.0"
 
 cookiecutter_version=$(python -c "import cookiecutter; print(cookiecutter.__version__)")
-check "cookiecutter" bash -c "echo ${cookiecutter}" 
 check-version-ge "cookiecutter-requirement" "${cookiecutter_version}" "2.1.1"
 
 cryptography_version=$(python -c "import cryptography; print(cryptography.__version__)")
-check "cryptography" bash -c "echo ${cryptography}" 
 check-version-ge "cryptography-requirement" "${cryptography_version}" "38.0.3"
 
+mistune_version=$(python -c "import mistune; print(mistune.__version__)")
+check-version-ge "mistune-requirement" "${mistune_version}" "2.0.3"
+
 # Report result
 reportResults