[Anaconda]-Jinja2-GHSA-h75v-3vvj-5mfj patch security vuln (devcontainers#1063)

gauravsaini04 · samruddhikhandale · web-flow · commit 97c7bf5a3498 · 2024-05-13T12:22:58.000-07:00
Co-authored-by: Samruddhi Khandale &lt;skhandale@microsoft.com&gt;
diff --git a/src/anaconda/.devcontainer/Dockerfile b/src/anaconda/.devcontainer/Dockerfile
@@ -45,7 +45,9 @@ RUN python3 -m pip install --upgrade \
     # https://github.com/advisories/GHSA-4qhp-652w-c22x
     jupyter-lsp==2.2.2 \
     # https://github.com/advisories/GHSA-jjg7-2v4v-x38h
-    idna==3.7
+    idna==3.7 \ 
+    # https://github.com/advisories/GHSA-h75v-3vvj-5mfj
+    jinja2==3.1.4
 
 # Reset and copy updated files with updated privs to keep image size down
 FROM mcr.microsoft.com/devcontainers/base:1-bullseye
diff --git a/src/anaconda/test-project/test.sh b/src/anaconda/test-project/test.sh
@@ -52,6 +52,7 @@ checkPythonPackageVersion "jupyterlab" "4.0.11"
 checkPythonPackageVersion "gitpython" "3.1.41"
 checkPythonPackageVersion "jupyter-lsp" "2.2.2"
 checkPythonPackageVersion "idna" "3.7"
+checkPythonPackageVersion "jinja2" "3.1.4"
 
 checkCondaPackageVersion "pyopenssl" "23.2.0"
 checkCondaPackageVersion "requests" "2.31.0"
