[Anaconda] - tqdm - GHSA-g7vv-2v7x-gj9p security vulnerability (#1100)

* [anaconda] - tqdm - GHSA-g7vv-2v7x-gj9p patch security vuln * changes for pinning to required version * Update apply_security_patches.sh --------- Co-authored-by: Samruddhi Khandale <[email protected]>
devcontainers · Jun 24, 2024 · 29cdc89 · 29cdc89
1 parent a78989e
commit 29cdc89
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/src/anaconda/.devcontainer/apply_security_patches.sh b/src/anaconda/.devcontainer/apply_security_patches.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 vulnerable_packages=( "pydantic=2.5.3" "joblib=1.3.1" "mistune=3.0.1" "werkzeug=3.0.3" "transformers=4.36.0" "pillow=10.3.0" "aiohttp=3.9.4" \
-          "cryptography=42.0.4" "gitpython=3.1.41"  "jupyter-lsp=2.2.2" "idna=3.7" "jinja2=3.1.4" "scrapy=2.11.2" "black=24.4.2" "requests=2.32.2" "jupyter_server=2.14.1" "tornado=6.4.1")
+          "cryptography=42.0.4" "gitpython=3.1.41"  "jupyter-lsp=2.2.2" "idna=3.7" "jinja2=3.1.4" "scrapy=2.11.2" "black=24.4.2" "requests=2.32.2" "jupyter_server=2.14.1" "tornado=6.4.1" "tqdm=4.66.4")
 
 # Define the number of rows (based on the length of vulnerable_packages)
 rows=${#vulnerable_packages[@]}

diff --git a/src/anaconda/test-project/test.sh b/src/anaconda/test-project/test.sh
@@ -62,6 +62,7 @@ checkCondaPackageVersion "mpmath" "1.3.0"
 checkCondaPackageVersion "urllib3" "1.26.17"
 checkCondaPackageVersion "pyarrow" "14.0.1"
 checkCondaPackageVersion "pydantic" "2.5.3"
+checkCondaPackageVersion "tqdm" "4.66.4"
 checkCondaPackageVersion "black" "24.4.2"
 
 check "conda-update-conda" bash -c "conda update -y conda"