Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability #889

Merged
merged 5 commits into from
Dec 14, 2023
Merged

[Anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability #889

merged 5 commits into from
Dec 14, 2023

Conversation

gauravsaini04
Copy link
Contributor

@gauravsaini04 gauravsaini04 commented Dec 12, 2023
edited
Loading

Dev container name:

  • anaconda

Description:

This PR patches the following vulnerability:

This vulnerability comes from the continuumio/anaconda3 image used upstream for the anaconda devcontainer.

Changelog:

  • Updated Dockerfile:

    • Locked version for patched Python package;
      • aiohttp - minimum package version set to 3.9.0;

  • Updated tests to verify aiohttp minimum version (Minimum package version set to 3.9.0 which fixes GHSA-q3qx-c6g2-7pw2);

Checklist:

  • Checked that applied changes work as expected

@gauravsaini04 gauravsaini04 requested a review from a team as a code owner December 12, 2023 16:17
eljog
eljog requested changes Dec 12, 2023
View reviewed changes
Copy link
Member

@eljog eljog left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please resolve merge conflicts

@gauravsaini04
Copy link
Contributor Author

Merge conflicts have been resolved

eljog
eljog requested changes Dec 13, 2023
View reviewed changes
Copy link
Member

@eljog eljog left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Resolve new merge conflicts

eljog
eljog approved these changes Dec 14, 2023
View reviewed changes
Copy link
Member

@eljog eljog left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@eljog eljog merged commit 5f83f06 into devcontainers:main Dec 14, 2023
3 checks passed
bhupendra-vaishnav pushed a commit to bhupendra-vaishnav/devcontainer_images that referenced this pull request Dec 14, 2023
@gauravsaini04 @bhupendra-vaishnav
[Anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability (devcontainers#889)
283fbaa 
* [Anaconda] Update aiohttp due to GHSA-gfw2-4jvh-wgfg:aiohttp

* [anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability

* Update Dockerfile
eljog pushed a commit that referenced this pull request Dec 14, 2023
@bhupendra-vaishnav @gauravsaini04
[anaconda] Python (Pip) Security Update for pyarrow (GHSA-5wvp-7f3h-6wmm
fd61e38 
) (#893)

* Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm

* Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm

* [Anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability (#889)

* [Anaconda] Update aiohttp due to GHSA-gfw2-4jvh-wgfg:aiohttp

* [anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability

* Update Dockerfile

* Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm

* Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm

* removed package-lock.json as its not require

---------

Co-authored-by: gauravsaini04 <147703805+gauravsaini04@users.noreply.github.com>
@gauravsaini04 gauravsaini04 deleted the anaconda_aiohttp_GHSA-q3qx-c6g2-7pw2 branch December 15, 2023 11:43
eljog pushed a commit that referenced this pull request Jan 3, 2024
@gauravsaini04 @bhupendra-vaishnav @joshaber
[Anaconda] Update transformers pkg due to GHSA-v68g-wm8c-6x7j vulnera…
967866e 
…bility (#906)

* [Anaconda] Update aiohttp due to GHSA-gfw2-4jvh-wgfg:aiohttp

* [Anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability (#889)

* [Anaconda] Update aiohttp due to GHSA-gfw2-4jvh-wgfg:aiohttp

* [anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability

* Update Dockerfile

* [anaconda] Python (Pip) Security Update for pyarrow (GHSA-5wvp-7f3h-6wmm) (#893)

* Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm

* Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm

* [Anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability (#889)

* [Anaconda] Update aiohttp due to GHSA-gfw2-4jvh-wgfg:aiohttp

* [anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability

* Update Dockerfile

* Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm

* Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm

* removed package-lock.json as its not require

---------

Co-authored-by: gauravsaini04 <147703805+gauravsaini04@users.noreply.github.com>

* Remove deprecated Ruby extension (#894)

* Replace deprecated Ruby extension

* Remove the extension since the feature is already installing it

* Update devcontainer.json

* [Anaconda] Address Transformers GHSA-v68g-wm8c-6x7j vulnerability

---------

Co-authored-by: bhupendra-vaishnav <148317470+bhupendra-vaishnav@users.noreply.github.com>
Co-authored-by: Josh Abernathy <josh@github.com>
@eljog eljog mentioned this pull request Jan 9, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eljog eljog eljog approved these changes

@alexander-smolyakov alexander-smolyakov alexander-smolyakov approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gauravsaini04 @alexander-smolyakov @eljog