[anaconda] - cryptography, pyopenssl, jupyterlab, notebook - apply se…

…curity patches (#1182)
devcontainers · Sep 9, 2024 · 0432a2f · 0432a2f
1 parent de2ffa5
commit 0432a2f
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 6 deletions.
diff --git a/src/anaconda/.devcontainer/apply_security_patches.sh b/src/anaconda/.devcontainer/apply_security_patches.sh
@@ -2,10 +2,12 @@
 
 # vulnerabilities:
 # streamlit - [GHSA-rxff-vr5r-8cj5]
+# notebook, jupyterlab - [GHSA-9q39-rmj3-p4r2]
+# cryptography, pyopenssl - [GHSA-h4gh-qq45-vh27]
 
-vulnerable_packages=( "pydantic=2.5.3" "joblib=1.3.1" "mistune=3.0.1" "werkzeug=3.0.3" "transformers=4.36.0" "pillow=10.3.0" "aiohttp=3.10.2" \
-          "cryptography=42.0.4" "gitpython=3.1.41"  "jupyter-lsp=2.2.2" "idna=3.7" "jinja2=3.1.4" "scrapy=2.11.2" "black=24.4.2" "requests=2.32.2" \
-          "jupyter_server=2.14.1" "tornado=6.4.1" "tqdm=4.66.4" "urllib3=2.2.2" "scikit-learn=1.5.0" "zipp=3.19.1" "streamlit=1.37.0" )
+vulnerable_packages=( "pydantic=2.5.3" "joblib=1.3.1" "mistune=3.0.1" "werkzeug=3.0.3" "transformers=4.36.0" "pillow=10.3.0" "aiohttp=3.10.2" "pyopenssl=24.2.1" \
+          "cryptography=43.0.1" "gitpython=3.1.41"  "jupyter-lsp=2.2.2" "idna=3.7" "jinja2=3.1.4" "scrapy=2.11.2" "black=24.4.2" "requests=2.32.2" \
+          "jupyter_server=2.14.1" "tornado=6.4.1" "tqdm=4.66.4" "urllib3=2.2.2" "scikit-learn=1.5.0" "zipp=3.19.1" "streamlit=1.37.0" "notebook=7.2.2" )
 
 # Define the number of rows (based on the length of vulnerable_packages)
 rows=${#vulnerable_packages[@]}

diff --git a/src/anaconda/test-project/test.sh b/src/anaconda/test-project/test.sh
@@ -38,15 +38,16 @@ checkPythonPackageVersion "wheel" "0.38.1"
 checkPythonPackageVersion "nbconvert" "6.5.1"
 checkPythonPackageVersion "werkzeug" "3.0.3"
 checkPythonPackageVersion "certifi" "2022.12.07"
-checkPythonPackageVersion "cryptography" "42.0.4"
+checkPythonPackageVersion "cryptography" "43.0.1"
 checkPythonPackageVersion "transformers" "4.36.0"
 checkPythonPackageVersion "mpmath" "1.3.0"
 checkPythonPackageVersion "aiohttp" "3.10.2"
 checkPythonPackageVersion "tornado" "6.4.1"
 checkPythonPackageVersion "jupyter_server" "2.14.1"
 checkPythonPackageVersion "pyarrow" "14.0.1"
 checkPythonPackageVersion "pillow" "10.3.0"
-checkPythonPackageVersion "jupyterlab" "4.0.11"
+checkPythonPackageVersion "jupyterlab" "4.2.5"
+checkPythonPackageVersion "notebook" "7.2.2"
 checkPythonPackageVersion "gitpython" "3.1.41"
 checkPythonPackageVersion "jupyter-lsp" "2.2.2"
 checkPythonPackageVersion "idna" "3.7"
@@ -56,7 +57,7 @@ checkPythonPackageVersion "requests" "2.32.2"
 checkPythonPackageVersion "scikit-learn" "1.5.0"
 checkPythonPackageVersion "zipp" "3.19.1"
 
-checkCondaPackageVersion "pyopenssl" "23.2.0"
+checkCondaPackageVersion "pyopenssl" "24.2.1"
 checkCondaPackageVersion "requests" "2.32.2"
 checkCondaPackageVersion "pygments" "2.15.1"
 checkCondaPackageVersion "mpmath" "1.3.0"