[anaconda] Update jupyter_server package due to GHSA-r726-vmfq-j9j3 (devcontainers#754)

alexander-smolyakov · web-flow · commit bf0a298e5e21 · 2023-09-13T09:55:57.000-07:00
* Bump `jupyter_server` package version

* Add test

* Update manifest
diff --git a/src/anaconda/.devcontainer/Dockerfile b/src/anaconda/.devcontainer/Dockerfile
@@ -33,7 +33,9 @@ RUN python3 -m pip install --upgrade \
     # https://github.com/advisories/GHSA-qppv-j76h-2rpx
     tornado==6.3.3 \
     # https://github.com/advisories/GHSA-282v-666c-3fvg
-    transformers==4.30.0
+    transformers==4.30.0 \ 
+    # https://github.com/advisories/GHSA-r726-vmfq-j9j3 
+    jupyter_server==2.7.2
 
 # Reset and copy updated files with updated privs to keep image size down
 FROM mcr.microsoft.com/devcontainers/base:1-bullseye
diff --git a/src/anaconda/manifest.json b/src/anaconda/manifest.json
@@ -39,7 +39,8 @@
 			"Werkzeug",
 			"requests",
 			"tornado",
-			"transformers"
+			"transformers",
+			"jupyter_server"
 		],
 		"other": {
 			"git": {},
diff --git a/src/anaconda/test-project/test.sh b/src/anaconda/test-project/test.sh
@@ -45,6 +45,7 @@ checkPythonPackageVersion "torch" "1.13.1"
 checkPythonPackageVersion "transformers" "4.30.0"
 checkPythonPackageVersion "mpmath" "1.3.0"
 checkPythonPackageVersion "aiohttp" "3.8.5"
+checkPythonPackageVersion "jupyter_server" "2.7.2"
 
 # The `tornado` package doesn't have the `__version__` attribute so we can use the `version` attribute.
 tornado_version=$(python -c "import tornado; print(tornado.version)")
