Rework patch

devcontainers · samruddhikhandale · Jul 26, 2023 · Jun 20, 2023 · Jun 20, 2023 · Jun 20, 2023
commit dbd4048a3b050832fe91251bba150419312b6170
@@ -41,16 +41,10 @@ RUN if [ -f "/tmp/conda-tmp/environment.yml" ]; then umask 0002 && /opt/conda/bi
 
 # Temporary: Upgrade python packages due to mentioned CVEs
 # They are installed by the base image (continuumio/miniconda3) which does not have the patch.
-RUN conda config --set pip_interop_enabled True \
-    # uninstall vulnerable packages 
-    && python3 -m pip uninstall --yes \
-    cryptography \
-    && python3 -m pip install --upgrade \
-    # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32681
-    requests \
+RUN conda install \ 
     # https://github.com/pyca/cryptography/security/advisories/GHSA-5cpq-8wj7-hf2v
-    pyopenssl \
-    cryptography
+    pyopenssl=23.2.0 \ 
+    cryptography==41.0.2
 
 # [Optional] Uncomment this section to install additional OS packages.
 # RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \

@@ -27,7 +27,6 @@ checkCondaPackageVersion "cryptography" "41.0.0"
 checkCondaPackageVersion "pyopenssl" "23.2.0"
 checkCondaPackageVersion "setuptools" "65.5.1"
 checkCondaPackageVersion "wheel" "0.38.1"
-checkCondaPackageVersion "requests" "2.31.0"
 
 check "conda-update-conda" bash -c "conda update -y conda"
 check "conda-install" bash -c "conda install -c conda-forge --yes tensorflow"