Merge remote-tracking branch 'refs/remotes/origin/anaconda_tqdm_GHSA-…

…g7vv-2v7x-gj9p' into anaconda_tqdm_GHSA-g7vv-2v7x-gj9p

src/anaconda/.devcontainer/Dockerfile

@@ -5,49 +5,9 @@ RUN . /etc/os-release && if [ "${VERSION_CODENAME}" != "bullseye" ]; then exit 1
 
 # Temporary: Upgrade python packages due to mentioned CVEs
 # They are installed by the base image (continuumio/anaconda3) which does not have the patch.
-RUN conda install \
-    # https://github.com/advisories/GHSA-v845-jxx5-vc9f
-    urllib3==1.26.18 \
-    # https://github.com/advisories/GHSA-mr82-8j83-vxmv
-    pydantic==2.5.3
-
-RUN python3 -m pip install --upgrade \
-    # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21797
-    joblib==1.3.1 \
-    # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24065
-    cookiecutter==2.2.3 \
-    # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34749
-    mistune==3.0.1 \
-    # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34141
-    numpy==1.25.2 \
-    # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25577
-    werkzeug==2.3.6 \
-    # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32862
-    nbconvert==7.7.3 \
-    # https://github.com/advisories/GHSA-qppv-j76h-2rpx
-    tornado==6.3.3 \
-    # https://github.com/advisories/GHSA-r726-vmfq-j9j3 
-    jupyter_server==2.7.2 \
-    # https://github.com/advisories/GHSA-5wvp-7f3h-6wmm
-    pyarrow==14.0.1 \
-    # https://github.com/advisories/GHSA-v68g-wm8c-6x7j
-    transformers==4.36.0 \
-    # https://github.com/advisories/GHSA-44wm-f244-xhp3
-    pillow==10.3.0 \
-    # https://github.com/advisories/GHSA-44cc-43rp-5947
-    jupyterlab==4.0.11 \
-    # https://github.com/advisories/GHSA-5h86-8mv2-jq9f
-    aiohttp==3.9.4 \
-    # https://github.com/advisories/GHSA-6vqw-3v5j-54x4
-    cryptography==42.0.4 \
-    # https://github.com/advisories/GHSA-2mqj-m65w-jghx
-    gitpython==3.1.41 \
-    # https://github.com/advisories/GHSA-4qhp-652w-c22x
-    jupyter-lsp==2.2.2 \
-    # https://github.com/advisories/GHSA-jjg7-2v4v-x38h
-    idna==3.7 \
-    # https://github.com/advisories/GHSA-g7vv-2v7x-gj9p
-    tqdm==4.66.3
+COPY ./apply_security_patches.sh /tmp/apply_security_patches.sh
+RUN chmod +x /tmp/apply_security_patches.sh
+RUN /tmp/apply_security_patches.sh
 
 # Reset and copy updated files with updated privs to keep image size down
 FROM mcr.microsoft.com/devcontainers/base:1-bullseye

src/anaconda/test-project/test.sh

@@ -52,7 +52,8 @@ checkPythonPackageVersion "jupyterlab" "4.0.11"
 checkPythonPackageVersion "gitpython" "3.1.41"
 checkPythonPackageVersion "jupyter-lsp" "2.2.2"
 checkPythonPackageVersion "idna" "3.7"
-checkPythonPackageVersion "tqdm" "4.66.3"
+checkPythonPackageVersion "jinja2" "3.1.4"
+checkPythonPackageVersion "scrapy" "2.11.2"
 
 checkCondaPackageVersion "pyopenssl" "23.2.0"
 checkCondaPackageVersion "requests" "2.31.0"