Skip to content

[anaconda] Update Conda packages due to GHSA-45c4-8wx5-qw6w, GHSA-f865-m6cq-j9vx #707

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 17, 2023
Merged

[anaconda] Update Conda packages due to GHSA-45c4-8wx5-qw6w, GHSA-f865-m6cq-j9vx #707

merged 2 commits into from
Aug 17, 2023

Conversation

alexander-smolyakov
Copy link
Contributor

Dev container name:

  • anaconda

Description:

This PR patches the following vulnerabilities:

These vulnerabilities come from the continuumio/anaconda3 image used upstream for the anaconda devcontainer.

Changelog:

  • Updated Dockerfile:

    • Steps in Dockerfile were reorganized to avoid conflicts in Conda's base environment;
    • Added patch to install updated versions of aiohttp and mpmath packages;

  • Added tests to verify minimum versions of the following packages:

    • aiohttp - minimum package version set to 3.8.5;
    • mpmath - minimum package version set to 1.3.0;

Checklist:

  • Checked that applied changes work as expected

@alexander-smolyakov
Patch vulnerabilities: GHSA-45c4-8wx5-qw6w, GHSA-f865-m6cq-j9vx
5377073 
- Bump version for `aiohttp` and `mpmath` packages;
- Reorg steps in Dockerfile to avoid conflicts in Conda's base environment.
@alexander-smolyakov
Add tests to verify patches
bdd3ed4
@alexander-smolyakov alexander-smolyakov requested a review from a team as a code owner August 17, 2023 13:22
@samruddhikhandale samruddhikhandale merged commit 4bd0142 into devcontainers:main Aug 17, 2023
@samruddhikhandale samruddhikhandale mentioned this pull request Aug 18, 2023
Merged
@alexander-smolyakov alexander-smolyakov deleted the anaconda-patch-GHSA-45c4-8wx5-qw6w_GHSA-f865-m6cq-j9vx branch August 25, 2023 11:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@samruddhikhandale samruddhikhandale samruddhikhandale approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alexander-smolyakov @samruddhikhandale