[Anaconda] - Pillow - Patch security vulnerability GHSA-3f63-hfp8-52jq (

#938)

Co-authored-by: Samruddhi Khandale <[email protected]>

src/anaconda/.devcontainer/Dockerfile

@@ -8,8 +8,6 @@ RUN . /etc/os-release && if [ "${VERSION_CODENAME}" != "bullseye" ]; then exit 1
 RUN conda install \ 
     # https://github.com/advisories/GHSA-q3qx-c6g2-7pw2
     aiohttp=3.9.0 \
-    # https://github.com/advisories/GHSA-j7hp-h8jx-5ppr
-    pillow=10.0.1 \
     # https://github.com/advisories/GHSA-v845-jxx5-vc9f
     urllib3==1.26.18 \
     # https://github.com/advisories/GHSA-jfhm-5ghh-2f97
@@ -35,7 +33,9 @@ RUN python3 -m pip install --upgrade \
     # https://github.com/advisories/GHSA-5wvp-7f3h-6wmm
     pyarrow==14.0.1 \
     # https://github.com/advisories/GHSA-v68g-wm8c-6x7j
-    transformers==4.36.0
+    transformers==4.36.0 \
+    # https://github.com/advisories/GHSA-3f63-hfp8-52jq
+    pillow==10.2.0
 
 # Reset and copy updated files with updated privs to keep image size down
 FROM mcr.microsoft.com/devcontainers/base:1-bullseye

src/anaconda/test-project/test.sh

@@ -47,14 +47,14 @@ checkPythonPackageVersion "aiohttp" "3.9.0"
 checkPythonPackageVersion "jupyter_server" "2.7.2"
 checkPythonPackageVersion "tornado" "6.3.3"
 checkPythonPackageVersion "pyarrow" "14.0.1"
+checkPythonPackageVersion "pillow" "10.2.0"
 
 checkCondaPackageVersion "pyopenssl" "23.2.0"
 checkCondaPackageVersion "cryptography" "41.0.7"
 checkCondaPackageVersion "requests" "2.31.0"
 checkCondaPackageVersion "pygments" "2.15.1"
 checkCondaPackageVersion "mpmath" "1.3.0"
 checkCondaPackageVersion "aiohttp" "3.9.0"
-checkCondaPackageVersion "pillow" "10.0.1"
 checkCondaPackageVersion "urllib3" "1.26.17"
 checkCondaPackageVersion "pyarrow" "14.0.1"