[Anaconda] Update transformers pkg due to GHSA-v68g-wm8c-6x7j vulnera…

…bility (#906) * [Anaconda] Update aiohttp due to GHSA-gfw2-4jvh-wgfg:aiohttp * [Anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability (#889) * [Anaconda] Update aiohttp due to GHSA-gfw2-4jvh-wgfg:aiohttp * [anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability * Update Dockerfile * [anaconda] Python (Pip) Security Update for pyarrow (GHSA-5wvp-7f3h-6wmm) (#893) * Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm * Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm * [Anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability (#889) * [Anaconda] Update aiohttp due to GHSA-gfw2-4jvh-wgfg:aiohttp * [anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability * Update Dockerfile * Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm * Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm * removed package-lock.json as its not require --------- Co-authored-by: gauravsaini04 <[email protected]> * Remove deprecated Ruby extension (#894) * Replace deprecated Ruby extension * Remove the extension since the feature is already installing it * Update devcontainer.json * [Anaconda] Address Transformers GHSA-v68g-wm8c-6x7j vulnerability --------- Co-authored-by: bhupendra-vaishnav <[email protected]> Co-authored-by: Josh Abernathy <[email protected]>
devcontainers · Jan 3, 2024 · 967866e · 967866e
1 parent a3ade01
commit 967866e
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/src/anaconda/.devcontainer/Dockerfile b/src/anaconda/.devcontainer/Dockerfile
@@ -31,7 +31,9 @@ RUN python3 -m pip install --upgrade \
  # https://github.com/advisories/GHSA-r726-vmfq-j9j3 
  jupyter_server==2.7.2 \
  # https://github.com/advisories/GHSA-5wvp-7f3h-6wmm
- pyarrow==14.0.1
+ pyarrow==14.0.1 \
+ # https://github.com/advisories/GHSA-v68g-wm8c-6x7j
+ transformers==4.36.0
 
 # Reset and copy updated files with updated privs to keep image size down
 FROM mcr.microsoft.com/devcontainers/base:1-bullseye

diff --git a/src/anaconda/test-project/test.sh b/src/anaconda/test-project/test.sh
@@ -41,7 +41,7 @@ checkPythonPackageVersion "werkzeug" "2.2.3"
 checkPythonPackageVersion "certifi" "2022.12.07"
 checkPythonPackageVersion "requests" "2.31.0"
 checkPythonPackageVersion "cryptography" "41.0.3"
-checkPythonPackageVersion "transformers" "4.30.0"
+checkPythonPackageVersion "transformers" "4.36.0"
 checkPythonPackageVersion "mpmath" "1.3.0"
 checkPythonPackageVersion "aiohttp" "3.9.0"
 checkPythonPackageVersion "jupyter_server" "2.7.2"