[Anaconda] - requests - GHSA-9wx4-h78v-vm56 : Apply patch for requests (

#1078)

* [Anaconda] - requests - GHSA-9wx4-h78v-vm56 : Apply patch for requests

* Update test.sh

* pin requests to desired version

* Update apply_security_patches.sh

src/anaconda/.devcontainer/apply_security_patches.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 vulnerable_packages=( "pydantic=2.5.3" "joblib=1.3.1" "mistune=3.0.1" "werkzeug=3.0.3" "transformers=4.36.0" "pillow=10.3.0" "aiohttp=3.9.4" \
-          "cryptography=42.0.4" "gitpython=3.1.41"  "jupyter-lsp=2.2.2" "idna=3.7" "jinja2=3.1.4" "scrapy=2.11.2" "black=24.4.2")
+          "cryptography=42.0.4" "gitpython=3.1.41"  "jupyter-lsp=2.2.2" "idna=3.7" "jinja2=3.1.4" "scrapy=2.11.2" "black=24.4.2" "requests=2.32.2")
 
 # Define the number of rows (based on the length of vulnerable_packages)
 rows=${#vulnerable_packages[@]}
@@ -52,4 +52,4 @@ for ((i=0; i<rows; i++)); do
             python3 -m pip install --upgrade --no-cache-dir "${packages_array[$i,0]}==${REQUIRED_VERSION}"
         fi
     fi
-done
+done

src/anaconda/test-project/test.sh

@@ -39,7 +39,6 @@ checkPythonPackageVersion "wheel" "0.38.1"
 checkPythonPackageVersion "nbconvert" "6.5.1"
 checkPythonPackageVersion "werkzeug" "3.0.3"
 checkPythonPackageVersion "certifi" "2022.12.07"
-checkPythonPackageVersion "requests" "2.31.0"
 checkPythonPackageVersion "cryptography" "42.0.4"
 checkPythonPackageVersion "transformers" "4.36.0"
 checkPythonPackageVersion "mpmath" "1.3.0"
@@ -54,9 +53,10 @@ checkPythonPackageVersion "jupyter-lsp" "2.2.2"
 checkPythonPackageVersion "idna" "3.7"
 checkPythonPackageVersion "jinja2" "3.1.4"
 checkPythonPackageVersion "scrapy" "2.11.2"
+checkPythonPackageVersion "requests" "2.32.2"
 
 checkCondaPackageVersion "pyopenssl" "23.2.0"
-checkCondaPackageVersion "requests" "2.31.0"
+checkCondaPackageVersion "requests" "2.32.2"
 checkCondaPackageVersion "pygments" "2.15.1"
 checkCondaPackageVersion "mpmath" "1.3.0"
 checkCondaPackageVersion "urllib3" "1.26.17"