[Miniconda] - requests, urllib3 - patched for security vuln (#1107)

devcontainers · Jun 26, 2024 · 6336210 · 6336210
1 parent 953fb6f
commit 6336210
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/src/miniconda/.devcontainer/apply_security_patches.sh b/src/miniconda/.devcontainer/apply_security_patches.sh
@@ -2,7 +2,7 @@
 
 # define array of packages for pinning to the patched versions
 # vulnerable_packages=( "package1=version1" "package2=version2" "package3=version3" )
-vulnerable_packages=( "tqdm=4.66.4" )
+vulnerable_packages=( "tqdm=4.66.4" "requests=2.32.0" "urllib3=2.2.2")
 
 # Define the number of rows (based on the length of vulnerable_packages)
 rows=${#vulnerable_packages[@]}

diff --git a/src/miniconda/test-project/test.sh b/src/miniconda/test-project/test.sh
@@ -21,11 +21,12 @@ check "usr-local-etc-config-does-not-exist" test ! -f "/usr/local/etc/gitconfig"
 checkPythonPackageVersion "cryptography" "42.0.4"
 checkPythonPackageVersion "setuptools" "65.5.1"
 checkPythonPackageVersion "wheel" "0.38.1"
+checkPythonPackageVersion "urllib3" "2.2.2"
 
 checkCondaPackageVersion "cryptography" "42.0.4"
 checkCondaPackageVersion "setuptools" "65.5.1"
 checkCondaPackageVersion "wheel" "0.38.1"
-checkCondaPackageVersion "requests" "2.31.0"
+checkCondaPackageVersion "requests" "2.32.0"
 checkCondaPackageVersion "urllib3" "1.26.17"
 checkCondaPackageVersion "idna" "3.7"
 checkCondaPackageVersion "tqdm" "4.66.4"