[anaconda] Rework patch for GHSA-v845-jxx5-vc9f (#821)

* Rework patch for GHSA-v845-jxx5-vc9f

* Update tests

src/anaconda/.devcontainer/Dockerfile

@@ -17,7 +17,9 @@ RUN conda install \
     # https://github.com/advisories/GHSA-45c4-8wx5-qw6w
     aiohttp=3.8.5 \
     # https://github.com/advisories/GHSA-j7hp-h8jx-5ppr
-    pillow=10.0.1
+    pillow=10.0.1 \
+    # https://github.com/advisories/GHSA-v845-jxx5-vc9f
+    urllib3==1.26.18
 
 RUN python3 -m pip install --upgrade \
     # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21797
@@ -37,9 +39,7 @@ RUN python3 -m pip install --upgrade \
     # https://github.com/advisories/GHSA-282v-666c-3fvg
     transformers==4.30.0 \ 
     # https://github.com/advisories/GHSA-r726-vmfq-j9j3 
-    jupyter_server==2.7.2 \
-    # https://github.com/advisories/GHSA-v845-jxx5-vc9f
-    urllib3==1.26.17
+    jupyter_server==2.7.2
 
 # Reset and copy updated files with updated privs to keep image size down
 FROM mcr.microsoft.com/devcontainers/base:1-bullseye

src/anaconda/test-project/test.sh

@@ -45,7 +45,6 @@ checkPythonPackageVersion "transformers" "4.30.0"
 checkPythonPackageVersion "mpmath" "1.3.0"
 checkPythonPackageVersion "aiohttp" "3.8.5"
 checkPythonPackageVersion "jupyter_server" "2.7.2"
-checkPythonPackageVersion "urllib3" "1.26.17"
 
 # The `tornado` package doesn't have the `__version__` attribute so we can use the `version` attribute.
 tornado_version=$(python -c "import tornado; print(tornado.version)")
@@ -58,6 +57,7 @@ checkCondaPackageVersion "pygments" "2.15.1"
 checkCondaPackageVersion "mpmath" "1.3.0"
 checkCondaPackageVersion "aiohttp" "3.8.5"
 checkCondaPackageVersion "pillow" "10.0.1"
+checkCondaPackageVersion "urllib3" "1.26.17"
 
 check "conda-update-conda" bash -c "conda update -y conda"
 check "conda-install-tensorflow" bash -c "conda create --name test-env -c conda-forge --yes tensorflow"