Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[anaconda] - cryptography, pyopenssl, jupyterlab, notebook - apply security patches #1182

Merged
merged 1 commit into from
Sep 9, 2024
Merged

[anaconda] - cryptography, pyopenssl, jupyterlab, notebook - apply security patches #1182

merged 1 commit into from
Sep 9, 2024

Conversation

gauravsaini04
Copy link
Contributor

@gauravsaini04 gauravsaini04 commented Sep 9, 2024
edited
Loading

Dev container name:

  • Anaconda

Description:

This PR patches the following vulnerability:

This vulnerability comes from the coninuumio/anaconda3 image used upstream for the Anaconda devcontainer.

Changelog:

  • Updated Dockerfile

    • Upgraded version for patched python package;
      • cryptography - minimum package version has been set to 43.0.1;
      • pyopenssl - minimum package version has been set to 24.2.1 for compatibility with cryptography v43.0.1_;
      • notebook - minimum package version has been set to 7.2.2;

  • Updated tests to verify cryptography minimum version (Minimum package version set to 43.0.1 which fixes GHSA-h4gh-qq45-vh27);

  • Updated tests to verify notebook minimum version (Minimum package version set to 7.2.2 which fixes GHSA-9q39-rmj3-p4r2);

  • Updated tests to verify pyopenssl minimum version (Minimum package version set to 24.2.1 which resolves compatibility issues with cryptography v43.0.1 installation;

Checklist:

  • Checked that applied changes work as expected

@gauravsaini04 gauravsaini04 requested a review from a team as a code owner September 9, 2024 15:50
@gauravsaini04 gauravsaini04 changed the title [anaconda] - cryptography, pyopenssl, jupyterlab, notebook - apply se… [anaconda] - cryptography, pyopenssl, jupyterlab, notebook - apply security patches Sep 9, 2024
samruddhikhandale
samruddhikhandale approved these changes Sep 9, 2024
View reviewed changes
Copy link
Member

@samruddhikhandale samruddhikhandale left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@samruddhikhandale samruddhikhandale merged commit 0432a2f into devcontainers:main Sep 9, 2024
2 checks passed
@gauravsaini04 gauravsaini04 deleted the anaconda_cryptography-pyopenssl-notebook-jupyterlab_security_patches branch September 10, 2024 01:48
@samruddhikhandale samruddhikhandale mentioned this pull request Sep 12, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@samruddhikhandale samruddhikhandale samruddhikhandale approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@gauravsaini04 @samruddhikhandale