[Miniconda] Address cryptography - GHSA-jfhm-5ghh-2f97 vulnerability (devcontainers#918)

gauravsaini04 · web-flow · commit e90f2bee2537 · 2024-01-16T11:32:41.000-08:00
diff --git a/src/miniconda/.devcontainer/Dockerfile b/src/miniconda/.devcontainer/Dockerfile
@@ -6,6 +6,10 @@ FROM continuumio/miniconda3 as upstream
     # https://github.com/advisories/<CVE_ID>
     # <package_name> = <version>
 
+RUN conda install \
+    # https://github.com/advisories/GHSA-jfhm-5ghh-2f97
+    cryptography==41.0.7
+
 # Reset and copy updated files with updated privs to keep image size down
 FROM mcr.microsoft.com/devcontainers/base:1-bullseye
 
diff --git a/src/miniconda/test-project/test.sh b/src/miniconda/test-project/test.sh
@@ -18,11 +18,11 @@ check "gitconfig-contains-name" sh -c "cat /etc/gitconfig | grep 'name = devcont
 
 check "usr-local-etc-config-does-not-exist" test ! -f "/usr/local/etc/gitconfig"
 
-checkPythonPackageVersion "cryptography" "41.0.3"
+checkPythonPackageVersion "cryptography" "41.0.7"
 checkPythonPackageVersion "setuptools" "65.5.1"
 checkPythonPackageVersion "wheel" "0.38.1"
 
-checkCondaPackageVersion "cryptography" "41.0.3"
+checkCondaPackageVersion "cryptography" "41.0.7"
 checkCondaPackageVersion "pyopenssl" "23.2.0"
 checkCondaPackageVersion "setuptools" "65.5.1"
 checkCondaPackageVersion "wheel" "0.38.1"
