devcontainers · samruddhikhandale · Feb 8, 2024 · Feb 8, 2024 · Feb 8, 2024 · Feb 8, 2024
@@ -6,9 +6,11 @@ RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
     # Remove imagemagick due to https://security-tracker.debian.org/tracker/CVE-2019-10131
     && apt-get purge -y imagemagick imagemagick-6-common 
 
-# Temporary: Upgrade python packages due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40897
+# Temporary: Upgrade python package (setuptools) due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40897
 # They are installed by the base image (python) which does not have the patch.
-RUN python3 -m pip install --upgrade setuptools
+RUN python3 -m pip install --upgrade \
+    setuptools \
+    gitpython
 
 # [Optional] If your pip requirements rarely change, uncomment this section to add them to the image.
 # COPY requirements.txt /tmp/pip-tmp/

@@ -42,5 +42,9 @@ check "usr-local-etc-config-does-not-exist" test ! -f "/usr/local/etc/gitconfig"
 setuptools_version=$(python -c "import setuptools; print(setuptools.__version__)")
 check-version-ge "setuptools-requirement" "${setuptools_version}" "65.5.1"
 
+# https://github.com/advisories/GHSA-2mqj-m65w-jghx
+gitpython_version=$(python -c "import git; print(git.__version__)")
+check-version-ge "gitpython-requirement" "${gitpython_version}" "3.1.41"
+
 # Report result
 reportResults