Skip to content

[Anaconda] Update cryptography package due to GHSA-jfhm-5ghh-2f97 #901

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
Jan 4, 2024
Merged

[Anaconda] Update cryptography package due to GHSA-jfhm-5ghh-2f97 #901

merged 13 commits into from
Jan 4, 2024

Conversation

@gauravsaini04
Copy link
Contributor

@gauravsaini04 gauravsaini04 commented Dec 26, 2023
edited
Loading

Dev container name:

  • Anaconda

Description:

This PR patches the following vulnerability:

This vulnerability come from the continuumio/anaconda3 image used upstream for the anaconda devcontainer.

Changelog:

  • Updated Dockerfile

    • Locked version for patched Conda package;
      • cryptography - minimum package version set to 41.0.7;

  • Updated tests to verify cryptography minimum version (Minimum package version set to 41.0.7 which fixes GHSA-jfhm-5ghh-2f97);

Checklist:

  • Checked that applied changes work as expected

gauravsaini04 and others added 10 commits December 11, 2023 15:43
@gauravsaini04
[Anaconda] Update aiohttp due to GHSA-gfw2-4jvh-wgfg:aiohttp
4835ae7
@gauravsaini04
Merge branch 'devcontainers:main' into main
e8850d1
@gauravsaini04
Merge branch 'devcontainers:main' into main
03dc5fa
@gauravsaini04
[Anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability (#889)
1f9d03a 
* [Anaconda] Update aiohttp due to GHSA-gfw2-4jvh-wgfg:aiohttp

* [anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability

* Update Dockerfile
@bhupendra-vaishnav @gauravsaini04
[anaconda] Python (Pip) Security Update for pyarrow (GHSA-5wvp-7f3h-6wmm
d7bd610 
) (#893)

* Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm

* Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm

* [Anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability (#889)

* [Anaconda] Update aiohttp due to GHSA-gfw2-4jvh-wgfg:aiohttp

* [anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability

* Update Dockerfile

* Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm

* Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm

* removed package-lock.json as its not require

---------

Co-authored-by: gauravsaini04 <147703805+gauravsaini04@users.noreply.github.com>
@gauravsaini04
Merge branch 'devcontainers:main' into main
a501e13
@joshaber
Remove deprecated Ruby extension (#894)
2359bd2 
* Replace deprecated Ruby extension

* Remove the extension since the feature is already installing it

* Update devcontainer.json
@gauravsaini04
Merge branch 'devcontainers:main' into main
4c0d777
@gauravsaini04
[Anaconda] Address GHSA-jfhm-5ghh-2f97; GHSA-94vc-p8w7-5p49; GHSA-v68…
5e9f9ae 
…g-wm8c-6x7j vulnerability
@gauravsaini04
[Anaconda] Address Cryptography_GHSA-jfhm-5ghh-2f97 vulnerability
a92218e
@gauravsaini04 gauravsaini04 requested a review from a team as a code owner December 26, 2023 02:39
@gauravsaini04 gauravsaini04 changed the title [Anaconda] Update cryptography package due to [GHSA-jfhm-5ghh-2f97](https://github.com/advisories/GHSA-jfhm-5ghh-2f97) [Anaconda] Update cryptography package due to GHSA-jfhm-5ghh-2f97 Dec 26, 2023
alexander-smolyakov
alexander-smolyakov suggested changes Dec 27, 2023
View reviewed changes
eljog
eljog previously approved these changes Jan 3, 2024
View reviewed changes
@gauravsaini04 @bhupendra-vaishnav @joshaber
[Anaconda] Update transformers pkg due to GHSA-v68g-wm8c-6x7j vulnera…
a035ea9 
…bility (#906)

* [Anaconda] Update aiohttp due to GHSA-gfw2-4jvh-wgfg:aiohttp

* [Anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability (#889)

* [Anaconda] Update aiohttp due to GHSA-gfw2-4jvh-wgfg:aiohttp

* [anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability

* Update Dockerfile

* [anaconda] Python (Pip) Security Update for pyarrow (GHSA-5wvp-7f3h-6wmm) (#893)

* Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm

* Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm

* [Anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability (#889)

* [Anaconda] Update aiohttp due to GHSA-gfw2-4jvh-wgfg:aiohttp

* [anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability

* Update Dockerfile

* Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm

* Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm

* removed package-lock.json as its not require

---------

Co-authored-by: gauravsaini04 <147703805+gauravsaini04@users.noreply.github.com>

* Remove deprecated Ruby extension (#894)

* Replace deprecated Ruby extension

* Remove the extension since the feature is already installing it

* Update devcontainer.json

* [Anaconda] Address Transformers GHSA-v68g-wm8c-6x7j vulnerability

---------

Co-authored-by: bhupendra-vaishnav <148317470+bhupendra-vaishnav@users.noreply.github.com>
Co-authored-by: Josh Abernathy <josh@github.com>
@gauravsaini04
Copy link
Contributor Author

Hi @eljog, have resolved merge conflicts

@eljog eljog merged commit 5bef10a into devcontainers:main Jan 4, 2024
@gauravsaini04 gauravsaini04 deleted the anaconda_cryptography_GHSA-jfhm-5ghh-2f97 branch January 5, 2024 13:48
@eljog eljog mentioned this pull request Jan 9, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eljog eljog eljog approved these changes

+1 more reviewer

@alexander-smolyakov alexander-smolyakov alexander-smolyakov approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@gauravsaini04 @alexander-smolyakov @eljog @bhupendra-vaishnav @joshaber