From bf0a298e5e213886ae4003002487c7c76b64417a Mon Sep 17 00:00:00 2001 From: Alexander Smolyakov Date: Wed, 13 Sep 2023 20:55:57 +0400 Subject: [PATCH] [anaconda] Update `jupyter_server` package due to GHSA-r726-vmfq-j9j3 (#754) * Bump `jupyter_server` package version * Add test * Update manifest --- src/anaconda/.devcontainer/Dockerfile | 4 +++- src/anaconda/manifest.json | 3 ++- src/anaconda/test-project/test.sh | 1 + 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/anaconda/.devcontainer/Dockerfile b/src/anaconda/.devcontainer/Dockerfile index 3d347e8ea..ffa8de2b3 100644 --- a/src/anaconda/.devcontainer/Dockerfile +++ b/src/anaconda/.devcontainer/Dockerfile @@ -33,7 +33,9 @@ RUN python3 -m pip install --upgrade \ # https://github.com/advisories/GHSA-qppv-j76h-2rpx tornado==6.3.3 \ # https://github.com/advisories/GHSA-282v-666c-3fvg - transformers==4.30.0 + transformers==4.30.0 \ + # https://github.com/advisories/GHSA-r726-vmfq-j9j3 + jupyter_server==2.7.2 # Reset and copy updated files with updated privs to keep image size down FROM mcr.microsoft.com/devcontainers/base:1-bullseye diff --git a/src/anaconda/manifest.json b/src/anaconda/manifest.json index 9c72bab0e..f23c45f42 100644 --- a/src/anaconda/manifest.json +++ b/src/anaconda/manifest.json @@ -39,7 +39,8 @@ "Werkzeug", "requests", "tornado", - "transformers" + "transformers", + "jupyter_server" ], "other": { "git": {}, diff --git a/src/anaconda/test-project/test.sh b/src/anaconda/test-project/test.sh index ad1d5b153..4f885388c 100755 --- a/src/anaconda/test-project/test.sh +++ b/src/anaconda/test-project/test.sh @@ -45,6 +45,7 @@ checkPythonPackageVersion "torch" "1.13.1" checkPythonPackageVersion "transformers" "4.30.0" checkPythonPackageVersion "mpmath" "1.3.0" checkPythonPackageVersion "aiohttp" "3.8.5" +checkPythonPackageVersion "jupyter_server" "2.7.2" # The `tornado` package doesn't have the `__version__` attribute so we can use the `version` attribute. tornado_version=$(python -c "import tornado; print(tornado.version)")