Skip to content

[anaconda]- fixing multiple vulnerabilities #1507

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
Aug 28, 2025
Merged

[anaconda]- fixing multiple vulnerabilities #1507

merged 13 commits into from
Aug 28, 2025

Conversation

@sireeshajonnalagadda
Copy link
Contributor

@sireeshajonnalagadda sireeshajonnalagadda commented Aug 21, 2025
edited
Loading

Ref: https://github.com/devcontainers/internal/issues/286

Devcontainer Image:

Anaconda

Description of changes:
The aim is to fix these vulnerabilities by patching the affected versions.

GHSA ID Vulnerability ID Action Package Installed Version Required Version Language
GHSA-8495-4g3g-x7pr: aiohttp 5001612 Y aiohttp 3.10.5 3.10.11 python
GHSA-79v4-65xg-pq4g: cryptography 5002661 Y cryptography 43.0.3 44.0.1 python
GHSA-vqfr-h8mv-ghfj: h11 5003862 Y h11 0.14.0 0.16.0 python
GHSA-cpwx-vrp4-4pq7: Jinja2 5003007 Y Jinja2 3.1.4 3.1.6 python
GHSA-33p9-3p43-82vq: jupyter_core 5004275 Y jupyter__core 5.7.2 5.8.1 python
GHSA-8qvm-5x2c-j2w7: protobuf 5004439 Y protobuf 4.25.3 4.25.8 python
GHSA-9hjg-9r4m-mvj7: requests 5004358 Y requests 2.32.3 2.32.4 python
GHSA-5rjg-fvgr-3xxf: setuptools 5004129 Y setuptools 75.1.0 78.1.1 python
52qp-3mj4: transformers 5004608 Y transformers 4.49.0 4.52.1 python
GHSA-pq67-6m6q-mj2v: urllib3 5004460 Y urllib3 2.2.3 2.5.0 python
GHSA-f9vj-2wh5-fj8j: Werkzeug 5001366 Y Werkzeug 3.0.3 3.0.6 python

Changelog:

Change in apply_security_patches.sh
Change in test script (test.sh) to validate the packages version

Checklist:

All checks are passed.

@sireeshajonnalagadda sireeshajonnalagadda changed the title updating packages versions to fix anaconda vulnerabilities [anaconda]- fixing multiple vulnerabilities Aug 22, 2025
Kaniska244
Kaniska244 requested changes Aug 22, 2025
View reviewed changes
Copy link
Contributor

@Kaniska244 Kaniska244 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @sireeshajonnalagadda ,

Left a comment. Please check and change it.

@sireeshajonnalagadda sireeshajonnalagadda marked this pull request as ready for review August 25, 2025 03:56
@sireeshajonnalagadda sireeshajonnalagadda requested a review from a team as a code owner August 25, 2025 03:56
@Kaniska244 Kaniska244 self-requested a review August 25, 2025 14:36
@AlvaroRausell AlvaroRausell merged commit 18ca164 into devcontainers:main Aug 28, 2025
2 checks passed
@AlvaroRausell AlvaroRausell mentioned this pull request Sep 3, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AlvaroRausell AlvaroRausell AlvaroRausell approved these changes

@Kaniska244 Kaniska244 Kaniska244 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sireeshajonnalagadda @AlvaroRausell @Kaniska244