[Anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability (#889)

* [Anaconda] Update aiohttp due to GHSA-gfw2-4jvh-wgfg:aiohttp * [anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability * Update Dockerfile
devcontainers · Dec 14, 2023 · 5f83f06 · 5f83f06
1 parent 022e494
commit 5f83f06
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/src/anaconda/.devcontainer/Dockerfile b/src/anaconda/.devcontainer/Dockerfile
@@ -5,9 +5,9 @@ RUN . /etc/os-release && if [ "${VERSION_CODENAME}" != "bullseye" ]; then exit 1
 
 # Temporary: Upgrade python packages due to mentioned CVEs
 # They are installed by the base image (continuumio/anaconda3) which does not have the patch.
-RUN conda install \
-    # https://github.com/advisories/GHSA-gfw2-4jvh-wgfg
-    aiohttp=3.8.6 \
+RUN conda install \ 
+    # https://github.com/advisories/GHSA-q3qx-c6g2-7pw2
+    aiohttp=3.9.0 \
     # https://github.com/advisories/GHSA-j7hp-h8jx-5ppr
     pillow=10.0.1 \
     # https://github.com/advisories/GHSA-v845-jxx5-vc9f

diff --git a/src/anaconda/test-project/test.sh b/src/anaconda/test-project/test.sh
@@ -43,7 +43,7 @@ checkPythonPackageVersion "requests" "2.31.0"
 checkPythonPackageVersion "cryptography" "41.0.3"
 checkPythonPackageVersion "transformers" "4.30.0"
 checkPythonPackageVersion "mpmath" "1.3.0"
-checkPythonPackageVersion "aiohttp" "3.8.6"
+checkPythonPackageVersion "aiohttp" "3.9.0"
 checkPythonPackageVersion "jupyter_server" "2.7.2"
 checkPythonPackageVersion "tornado" "6.3.3"
 
@@ -52,7 +52,7 @@ checkCondaPackageVersion "cryptography" "41.0.3"
 checkCondaPackageVersion "requests" "2.31.0"
 checkCondaPackageVersion "pygments" "2.15.1"
 checkCondaPackageVersion "mpmath" "1.3.0"
-checkCondaPackageVersion "aiohttp" "3.8.6"
+checkCondaPackageVersion "aiohttp" "3.9.0"
 checkCondaPackageVersion "pillow" "10.0.1"
 checkCondaPackageVersion "urllib3" "1.26.17"