[miniconda] Update urllib3 package due to GHSA-v845-jxx5-vc9f (#802)

* Bump `urllib3` version * Add test
devcontainers · Oct 10, 2023 · 49d6ddc · 49d6ddc
1 parent e881310
commit 49d6ddc
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/src/miniconda/.devcontainer/Dockerfile b/src/miniconda/.devcontainer/Dockerfile
@@ -10,6 +10,10 @@ RUN conda install \
     # https://github.com/advisories/GHSA-j8r2-6x86-q33q
     requests=2.31.0
 
+RUN python3 -m pip install --upgrade \
+    # https://github.com/advisories/GHSA-v845-jxx5-vc9f
+    urllib3==1.26.17
+
 # Reset and copy updated files with updated privs to keep image size down
 FROM mcr.microsoft.com/devcontainers/base:1-bullseye
 

diff --git a/src/miniconda/test-project/test.sh b/src/miniconda/test-project/test.sh
@@ -21,6 +21,7 @@ check "usr-local-etc-config-does-not-exist" test ! -f "/usr/local/etc/gitconfig"
 checkPythonPackageVersion "cryptography" "41.0.3"
 checkPythonPackageVersion "setuptools" "65.5.1"
 checkPythonPackageVersion "wheel" "0.38.1"
+checkPythonPackageVersion "urllib3" "1.26.17"
 
 checkCondaPackageVersion "cryptography" "41.0.3"
 checkCondaPackageVersion "pyopenssl" "23.2.0"