Revert "[universal]-fixing urllib3 vulnerability (devcontainers#1545)"

sireeshajonnalagadda · web-flow · commit fc8825ce6218 · 2025-10-13T11:56:55.000+05:30
This reverts commit 8628491.
diff --git a/src/universal/.devcontainer/local-features/patch-conda/install.sh b/src/universal/.devcontainer/local-features/patch-conda/install.sh
@@ -54,10 +54,8 @@ sudo_if /opt/conda/bin/python3 -m pip install --upgrade pip
 # https://github.com/advisories/GHSA-h4gh-qq45-vh27
 update_python_package /opt/conda/bin/python3 cryptography "43.0.1"
 
-update_conda_package pyopenssl "25.0.0"
-
-# https://github.com/advisories/GHSA-pq67-6m6q-mj2v
-update_conda_package urllib3 "2.5.0"
+# https://github.com/advisories/GHSA-34jh-p97f-mpxf
+update_conda_package urllib3 "1.26.19"
 
 # https://github.com/advisories/GHSA-9hjg-9r4m-mvj7
 update_conda_package requests "2.32.4"
@@ -66,4 +64,4 @@ update_conda_package requests "2.32.4"
 update_conda_package setuptools "78.1.1"
 
 # https://github.com/advisories/GHSA-g7vv-2v7x-gj9p
-update_python_package /opt/conda/bin/python3 tqdm "4.66.3"
+update_python_package /opt/conda/bin/python3 tqdm "4.66.3"
diff --git a/src/universal/README.md b/src/universal/README.md
@@ -28,8 +28,8 @@ You can decide how often you want updates by referencing a [semantic version](ht
 For example:
 
 - `mcr.microsoft.com/devcontainers/universal:4-noble`
-- `mcr.microsoft.com/devcontainers/universal:4.1-noble`
-- `mcr.microsoft.com/devcontainers/universal:4.1.0-noble`
+- `mcr.microsoft.com/devcontainers/universal:4.0-noble`
+- `mcr.microsoft.com/devcontainers/universal:4.0.0-noble`
 
 See [history](history) for information on the contents of each version and [here for a complete list of available tags](https://mcr.microsoft.com/v2/devcontainers/universal/tags/list).
 
@@ -47,7 +47,7 @@ Access to the Anaconda repository is covered by the [Anaconda Terms of Service](
 
 While the image itself works unmodified, you can also directly reference pre-built versions of `Dockerfile` by using the `image` property in `.devcontainer/devcontainer.json` or updating the `FROM` statement in your own `Dockerfile` to:
 
-`mcr.microsoft.com/devcontainers/universal:4.1-linux`
+`mcr.microsoft.com/devcontainers/universal:4-linux`
 
 Alternatively, you can use the contents of [.devcontainer](.devcontainer) to fully customize your container's contents or to build it for a container host architecture not supported by the image.
 
diff --git a/src/universal/manifest.json b/src/universal/manifest.json
@@ -1,5 +1,5 @@
 {
-	"version": "4.1.0",
+	"version": "4.0.1",
 	"build": {
 		"latest": true,
 		"rootDistro": "debian",
diff --git a/src/universal/test-project/test.sh b/src/universal/test-project/test.sh
@@ -186,13 +186,13 @@ ls -la /home/codespace
 ## Python - current
 checkPythonPackageVersion "python" "setuptools" "65.5.1"
 checkPythonPackageVersion "python" "requests" "2.31.0"
-checkPythonPackageVersion "python" "urllib3" "2.5.0"
+checkPythonPackageVersion "python" "urllib3" "2.0.7"
 
 ## Conda Python
 checkCondaPackageVersion "requests" "2.31.0"
 checkCondaPackageVersion "cryptography" "41.0.4"
-checkCondaPackageVersion "pyopenssl" "25.0.0"
-checkCondaPackageVersion "urllib3" "2.5.0"
+checkCondaPackageVersion "pyopenssl" "23.2.0"
+checkCondaPackageVersion "urllib3" "1.26.17"
 
 ## Test Conda
 check "conda-update-conda" bash -c "conda update -y conda"

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`{`
`2`		`- "version": "4.1.0",`
	`2`	`+ "version": "4.0.1",`
`3`	`3`	`"build": {`
`4`	`4`	`"latest": true,`
`5`	`5`	`"rootDistro": "debian",`