diff --git a/src/universal/.devcontainer/devcontainer.json b/src/universal/.devcontainer/devcontainer.json index add954124..87a55ad39 100644 --- a/src/universal/.devcontainer/devcontainer.json +++ b/src/universal/.devcontainer/devcontainer.json @@ -23,8 +23,8 @@ }, "./local-features/nvs": "latest", "ghcr.io/devcontainers/features/python:1": { - "version": "3.10.8", - "additionalVersions": "3.9.16", + "version": "3.10.13", + "additionalVersions": "3.9.18", "installJupyterlab": "true", "configureJupyterlabAllowOrigin": "*", "useOryxIfAvailable": "false" diff --git a/src/universal/.devcontainer/local-features/patch-conda/install.sh b/src/universal/.devcontainer/local-features/patch-conda/install.sh index 80b812202..c110702e3 100644 --- a/src/universal/.devcontainer/local-features/patch-conda/install.sh +++ b/src/universal/.devcontainer/local-features/patch-conda/install.sh @@ -36,6 +36,7 @@ update_python_package() { sudo_if "$PYTHON_PATH -m pip uninstall --yes $PACKAGE" sudo_if "$PYTHON_PATH -m pip install --upgrade --no-cache-dir $PACKAGE==$VERSION" + sudo_if "$PYTHON_PATH -m pip show --no-python-version-warning $PACKAGE" } update_conda_package() { @@ -50,14 +51,8 @@ sudo_if /opt/conda/bin/python3 -m pip install --upgrade pip # Temporary: Upgrade python packages due to security vulnerabilities # They are installed by the conda feature and Conda distribution does not have the patches. -# pyopenssl should be updated to be compatible with latest version of cryptography -update_conda_package pyopenssl "23.2.0" - # https://github.com/advisories/GHSA-v8gr-m533-ghj9 update_python_package /opt/conda/bin/python3 cryptography "41.0.4" -# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32681 -update_conda_package requests "2.31.0" - # https://github.com/advisories/GHSA-v845-jxx5-vc9f update_conda_package urllib3 "1.26.18" diff --git a/src/universal/.devcontainer/local-features/patch-python/install.sh b/src/universal/.devcontainer/local-features/patch-python/install.sh index d49513e98..7f788540a 100644 --- a/src/universal/.devcontainer/local-features/patch-python/install.sh +++ b/src/universal/.devcontainer/local-features/patch-python/install.sh @@ -32,17 +32,15 @@ sudo_if() { update_package() { PYTHON_PATH=$1 PACKAGE=$2 + VERSION=$3 sudo_if "$PYTHON_PATH -m pip uninstall --yes $PACKAGE" - sudo_if "$PYTHON_PATH -m pip install --upgrade --no-cache-dir $PACKAGE" + sudo_if "$PYTHON_PATH -m pip install --upgrade --no-cache-dir $PACKAGE==$VERSION" + sudo_if "$PYTHON_PATH -m pip show --no-python-version-warning $PACKAGE" } # Temporary: Upgrade python packages due to security vulnerabilities # They are installed by the base image (python) which does not have the patch. # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40897 -update_package /usr/local/python/3.9.*/bin/python setuptools==65.5.1 -update_package /usr/local/python/3.10.*/bin/python setuptools==68.0.0 - -# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32681 -update_package /usr/local/python/3.10.*/bin/python requests==2.31.0 +update_package /usr/local/python/3.9.*/bin/python setuptools 65.5.1 diff --git a/src/universal/test-project/test-utils.sh b/src/universal/test-project/test-utils.sh index 7271fb54f..c6bba0c1b 100644 --- a/src/universal/test-project/test-utils.sh +++ b/src/universal/test-project/test-utils.sh @@ -224,7 +224,7 @@ checkPythonPackageVersion() PACKAGE=$2 REQUIRED_VERSION=$3 - current_version=$(${PYTHON_PATH} -c "import ${PACKAGE}; print(${PACKAGE}.__version__)") + current_version=$(${PYTHON_PATH} -c "import importlib.metadata; print(importlib.metadata.version('${PACKAGE}'))") check-version-ge "${PACKAGE}-requirement" "${current_version}" "${REQUIRED_VERSION}" }