[Anaconda]-Werkzeug-GHSA-2g68-c3qc-8985 patch for security vuln (devcontainers#1062)

gauravsaini04 · samruddhikhandale · web-flow · commit 4735279c5e01 · 2024-05-13T11:59:41.000-07:00
Co-authored-by: Samruddhi Khandale &lt;skhandale@microsoft.com&gt;
diff --git a/src/anaconda/.devcontainer/Dockerfile b/src/anaconda/.devcontainer/Dockerfile
@@ -20,8 +20,8 @@ RUN python3 -m pip install --upgrade \
     mistune==3.0.1 \
     # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34141
     numpy==1.25.2 \
-    # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25577
-    werkzeug==2.3.6 \
+    # https://github.com/advisories/GHSA-2g68-c3qc-8985
+    werkzeug==3.0.3 \
     # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32862
     nbconvert==7.7.3 \
     # https://github.com/advisories/GHSA-qppv-j76h-2rpx
diff --git a/src/anaconda/test-project/test.sh b/src/anaconda/test-project/test.sh
@@ -37,7 +37,7 @@ checkPythonPackageVersion "setuptools" "65.5.1"
 checkPythonPackageVersion "future" "0.18.3"
 checkPythonPackageVersion "wheel" "0.38.1"
 checkPythonPackageVersion "nbconvert" "6.5.1"
-checkPythonPackageVersion "werkzeug" "2.2.3"
+checkPythonPackageVersion "werkzeug" "3.0.3"
 checkPythonPackageVersion "certifi" "2022.12.07"
 checkPythonPackageVersion "requests" "2.31.0"
 checkPythonPackageVersion "cryptography" "42.0.4"
