From d5fad24d06f9099bd01b1d9604da36ef46a3c4f1 Mon Sep 17 00:00:00 2001 From: Gaurav Saini <147703805+gauravsaini04@users.noreply.github.com> Date: Wed, 28 Aug 2024 04:29:20 +0530 Subject: [PATCH] [anaconda] - streamlit - GHSA-rxff-vr5r-8cj5 (#1177) --- src/anaconda/.devcontainer/apply_security_patches.sh | 6 +++++- src/anaconda/test-project/test.sh | 1 + 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/anaconda/.devcontainer/apply_security_patches.sh b/src/anaconda/.devcontainer/apply_security_patches.sh index cd00c52ba..a1d07b860 100644 --- a/src/anaconda/.devcontainer/apply_security_patches.sh +++ b/src/anaconda/.devcontainer/apply_security_patches.sh @@ -1,7 +1,11 @@ #!/bin/bash +# vulnerabilities: +# streamlit - [GHSA-rxff-vr5r-8cj5] + vulnerable_packages=( "pydantic=2.5.3" "joblib=1.3.1" "mistune=3.0.1" "werkzeug=3.0.3" "transformers=4.36.0" "pillow=10.3.0" "aiohttp=3.10.2" \ - "cryptography=42.0.4" "gitpython=3.1.41" "jupyter-lsp=2.2.2" "idna=3.7" "jinja2=3.1.4" "scrapy=2.11.2" "black=24.4.2" "requests=2.32.2" "jupyter_server=2.14.1" "tornado=6.4.1" "tqdm=4.66.4" "urllib3=2.2.2" "scikit-learn=1.5.0" "zipp=3.19.1" ) + "cryptography=42.0.4" "gitpython=3.1.41" "jupyter-lsp=2.2.2" "idna=3.7" "jinja2=3.1.4" "scrapy=2.11.2" "black=24.4.2" "requests=2.32.2" \ + "jupyter_server=2.14.1" "tornado=6.4.1" "tqdm=4.66.4" "urllib3=2.2.2" "scikit-learn=1.5.0" "zipp=3.19.1" "streamlit=1.37.0" ) # Define the number of rows (based on the length of vulnerable_packages) rows=${#vulnerable_packages[@]} diff --git a/src/anaconda/test-project/test.sh b/src/anaconda/test-project/test.sh index 1c7884293..bf083263f 100755 --- a/src/anaconda/test-project/test.sh +++ b/src/anaconda/test-project/test.sh @@ -65,6 +65,7 @@ checkCondaPackageVersion "pyarrow" "14.0.1" checkCondaPackageVersion "pydantic" "2.5.3" checkCondaPackageVersion "tqdm" "4.66.4" checkCondaPackageVersion "black" "24.4.2" +checkCondaPackageVersion "streamlit" "1.37.0" check "conda-update-conda" bash -c "conda update -y conda" check "conda-install-tensorflow" bash -c "conda create --name test-env -c conda-forge --yes tensorflow"