updating packages versions to fix anaconda vulnerabilities

sireeshajonnalagadda · web-flow · commit c579bcf7912f · 2025-08-21T12:20:01.000Z
diff --git a/src/anaconda/.devcontainer/apply_security_patches.sh b/src/anaconda/.devcontainer/apply_security_patches.sh
@@ -3,7 +3,7 @@
 # vulnerabilities:
 # werkzeug - [GHSA-f9vj-2wh5-fj8j]
 
-vulnerable_packages=( "mistune=3.0.1" "transformers=4.49.0" "cryptography=43.0.3" "jupyter-lsp=2.2.2" "scrapy=2.11.2" \ 
+vulnerable_packages=( "mistune=3.0.1" "aiohttp=3.10.11" "cryptography=44.0.1" "h11=0.16.0" "imagecodecs=2023.9.18" "jinja2=3.1.6" "jupyter-core=5.8.1" "protobuf=4.25.8" "requests=2.32.4" "setuptools=78.1.1" "transformers=4.52.1" "urllib3=2.5.0" "Werkzeug=3.0.6" "jupyter-lsp=2.2.2" "scrapy=2.11.2" \ 
                       "zipp=3.19.1" "tornado=6.4.2")
 
 # Define the number of rows (based on the length of vulnerable_packages)
@@ -26,7 +26,7 @@ done
 
 # Add an array for packages that should always pin to the provided version, 
 # even if higher version is available in conda channel
-pin_to_required_version=( "transformers" "cryptography" ) # Add package names as needed
+pin_to_required_version=( "aiohttp" "Werkzeug" "cryptography" "h11" "imagecodecs" "jinja2" "jupyter-core" "protobuf" "requests" "setuptools" "transformers" "urllib3") # Add package names as needed
 
 # Function to check if a package is in the pin_to_required_version array
 function is_pin_to_required_version() {
diff --git a/src/anaconda/manifest.json b/src/anaconda/manifest.json
@@ -1,5 +1,5 @@
 {
-	"version": "1.2.7",
+	"version": "2.0.0",
 	"build": {
 		"latest": true,
 		"rootDistro": "debian",
diff --git a/src/anaconda/test-project/test.sh b/src/anaconda/test-project/test.sh
@@ -33,13 +33,17 @@ checkPythonPackageVersion "joblib" "1.2.0"
 checkPythonPackageVersion "cookiecutter" "2.1.1"
 checkPythonPackageVersion "mistune" "2.0.3"
 checkPythonPackageVersion "numpy" "1.22"
-checkPythonPackageVersion "setuptools" "70.0.0"
+checkPythonPackageVersion "setuptools" "78.1.1"
 checkPythonPackageVersion "wheel" "0.38.1"
 checkPythonPackageVersion "nbconvert" "6.5.1"
-checkPythonPackageVersion "werkzeug" "3.0.3"
+checkPythonPackageVersion "werkzeug" "3.0.6"
 checkPythonPackageVersion "certifi" "2022.12.07"
-checkPythonPackageVersion "cryptography" "43.0.1"
-checkPythonPackageVersion "transformers" "4.36.0"
+checkPythonPackageVersion "cryptography" "44.0.1"
+checkPythonPackageVersion "h11" "0.16.0"
+checkPythonPackageVersion "imagecodecs" "2023.9.18"
+checkPythonPackageVersion "jupyter_core" "5.8.1"
+checkPythonPackageVersion "protobuf" "4.25.8"
+checkPythonPackageVersion "transformers" "4.52.1"
 checkPythonPackageVersion "mpmath" "1.3.0"
 checkPythonPackageVersion "aiohttp" "3.10.2"
 checkPythonPackageVersion "tornado" "6.4.2"
@@ -53,15 +57,15 @@ checkPythonPackageVersion "jupyter-lsp" "2.2.2"
 checkPythonPackageVersion "idna" "3.7"
 checkPythonPackageVersion "jinja2" "3.1.4"
 checkPythonPackageVersion "scrapy" "2.11.2"
-checkPythonPackageVersion "requests" "2.32.2"
+checkPythonPackageVersion "requests" "2.32.4"
 checkPythonPackageVersion "scikit-learn" "1.5.0"
 checkPythonPackageVersion "zipp" "3.19.1"
 
 checkCondaPackageVersion "pyopenssl" "24.2.1"
 checkCondaPackageVersion "requests" "2.32.2"
 checkCondaPackageVersion "pygments" "2.15.1"
 checkCondaPackageVersion "mpmath" "1.3.0"
-checkCondaPackageVersion "urllib3" "2.2.2"
+checkCondaPackageVersion "urllib3" "2.5.0"
 checkCondaPackageVersion "pyarrow" "14.0.1"
 checkCondaPackageVersion "pydantic" "2.5.3"
 checkCondaPackageVersion "tqdm" "4.66.4"

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`{`
`2`		`- "version": "1.2.7",`
	`2`	`+ "version": "2.0.0",`
`3`	`3`	`"build": {`
`4`	`4`	`"latest": true,`
`5`	`5`	`"rootDistro": "debian",`