From fd61e38f19ed8a72c286e74ffb951a342b1d322f Mon Sep 17 00:00:00 2001 From: bhupendra-vaishnav <148317470+bhupendra-vaishnav@users.noreply.github.com> Date: Thu, 14 Dec 2023 14:47:22 -0700 Subject: [PATCH] [anaconda] Python (Pip) Security Update for pyarrow (GHSA-5wvp-7f3h-6wmm) (#893) * Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm * Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm * [Anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability (#889) * [Anaconda] Update aiohttp due to GHSA-gfw2-4jvh-wgfg:aiohttp * [anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability * Update Dockerfile * Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm * Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm * removed package-lock.json as its not require --------- Co-authored-by: gauravsaini04 <147703805+gauravsaini04@users.noreply.github.com> --- src/anaconda/.devcontainer/Dockerfile | 4 +++- src/anaconda/test-project/test.sh | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/anaconda/.devcontainer/Dockerfile b/src/anaconda/.devcontainer/Dockerfile index 8b6853516..9823b0c31 100644 --- a/src/anaconda/.devcontainer/Dockerfile +++ b/src/anaconda/.devcontainer/Dockerfile @@ -29,7 +29,9 @@ RUN python3 -m pip install --upgrade \ # https://github.com/advisories/GHSA-qppv-j76h-2rpx tornado==6.3.3 \ # https://github.com/advisories/GHSA-r726-vmfq-j9j3 - jupyter_server==2.7.2 + jupyter_server==2.7.2 \ + # https://github.com/advisories/GHSA-5wvp-7f3h-6wmm + pyarrow==14.0.1 # Reset and copy updated files with updated privs to keep image size down FROM mcr.microsoft.com/devcontainers/base:1-bullseye diff --git a/src/anaconda/test-project/test.sh b/src/anaconda/test-project/test.sh index fb46158d9..7e8890667 100755 --- a/src/anaconda/test-project/test.sh +++ b/src/anaconda/test-project/test.sh @@ -46,6 +46,7 @@ checkPythonPackageVersion "mpmath" "1.3.0" checkPythonPackageVersion "aiohttp" "3.9.0" checkPythonPackageVersion "jupyter_server" "2.7.2" checkPythonPackageVersion "tornado" "6.3.3" +checkPythonPackageVersion "pyarrow" "14.0.1" checkCondaPackageVersion "pyopenssl" "23.2.0" checkCondaPackageVersion "cryptography" "41.0.3" @@ -55,6 +56,7 @@ checkCondaPackageVersion "mpmath" "1.3.0" checkCondaPackageVersion "aiohttp" "3.9.0" checkCondaPackageVersion "pillow" "10.0.1" checkCondaPackageVersion "urllib3" "1.26.17" +checkCondaPackageVersion "pyarrow" "14.0.1" check "conda-update-conda" bash -c "conda update -y conda" check "conda-install-tensorflow" bash -c "conda create --name test-env -c conda-forge --yes tensorflow"