[Miniconda] - idna - GHSA-jjg7-2v4v-x38h security patch for vulnerabi…

…lity (#1047)
devcontainers · May 2, 2024 · fe8f30e · fe8f30e
1 parent beb6f57
commit fe8f30e
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/src/miniconda/.devcontainer/Dockerfile b/src/miniconda/.devcontainer/Dockerfile
@@ -2,15 +2,15 @@ FROM continuumio/miniconda3 as upstream
 
 # Temporary: Upgrade python packages due to mentioned CVEs
 # They are installed by the base image (continuumio/miniconda3) which does not have the patch.
-# RUN conda install \ 
-    # https://github.com/advisories/<CVE_ID>
-    # <package_name> = <version>
+RUN conda install \ 
+    # https://github.com/advisories/GHSA-jjg7-2v4v-x38h
+    idna==3.7
 
 RUN python3 -m pip install --upgrade \
     # https://github.com/advisories/GHSA-6vqw-3v5j-54x4
     cryptography==42.0.4 \
     # installed for compatibility with cryptography v42.0.4
-    pyopenssl==24.0.0 
+    pyopenssl==24.0.0
 
 # Reset and copy updated files with updated privs to keep image size down
 FROM mcr.microsoft.com/devcontainers/base:1-bullseye

diff --git a/src/miniconda/test-project/test.sh b/src/miniconda/test-project/test.sh
@@ -28,6 +28,7 @@ checkCondaPackageVersion "setuptools" "65.5.1"
 checkCondaPackageVersion "wheel" "0.38.1"
 checkCondaPackageVersion "requests" "2.31.0"
 checkCondaPackageVersion "urllib3" "1.26.17"
+checkCondaPackageVersion "idna" "3.7"
 
 check "conda-update-conda" bash -c "conda update -y conda"
 check "conda-install-tensorflow" bash -c "conda create --name test-env -c conda-forge --yes tensorflow"