From 967866e72c11cba2f8723399a68128400e580007 Mon Sep 17 00:00:00 2001 From: gauravsaini04 <147703805+gauravsaini04@users.noreply.github.com> Date: Thu, 4 Jan 2024 02:44:02 +0530 Subject: [PATCH] [Anaconda] Update transformers pkg due to GHSA-v68g-wm8c-6x7j vulnerability (#906) * [Anaconda] Update aiohttp due to GHSA-gfw2-4jvh-wgfg:aiohttp * [Anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability (#889) * [Anaconda] Update aiohttp due to GHSA-gfw2-4jvh-wgfg:aiohttp * [anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability * Update Dockerfile * [anaconda] Python (Pip) Security Update for pyarrow (GHSA-5wvp-7f3h-6wmm) (#893) * Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm * Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm * [Anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability (#889) * [Anaconda] Update aiohttp due to GHSA-gfw2-4jvh-wgfg:aiohttp * [anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability * Update Dockerfile * Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm * Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm * removed package-lock.json as its not require --------- Co-authored-by: gauravsaini04 <147703805+gauravsaini04@users.noreply.github.com> * Remove deprecated Ruby extension (#894) * Replace deprecated Ruby extension * Remove the extension since the feature is already installing it * Update devcontainer.json * [Anaconda] Address Transformers GHSA-v68g-wm8c-6x7j vulnerability --------- Co-authored-by: bhupendra-vaishnav <148317470+bhupendra-vaishnav@users.noreply.github.com> Co-authored-by: Josh Abernathy --- src/anaconda/.devcontainer/Dockerfile | 4 +++- src/anaconda/test-project/test.sh | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/anaconda/.devcontainer/Dockerfile b/src/anaconda/.devcontainer/Dockerfile index 9823b0c31..e225a0856 100644 --- a/src/anaconda/.devcontainer/Dockerfile +++ b/src/anaconda/.devcontainer/Dockerfile @@ -31,7 +31,9 @@ RUN python3 -m pip install --upgrade \ # https://github.com/advisories/GHSA-r726-vmfq-j9j3 jupyter_server==2.7.2 \ # https://github.com/advisories/GHSA-5wvp-7f3h-6wmm - pyarrow==14.0.1 + pyarrow==14.0.1 \ + # https://github.com/advisories/GHSA-v68g-wm8c-6x7j + transformers==4.36.0 # Reset and copy updated files with updated privs to keep image size down FROM mcr.microsoft.com/devcontainers/base:1-bullseye diff --git a/src/anaconda/test-project/test.sh b/src/anaconda/test-project/test.sh index 7e8890667..a5f7a19b3 100755 --- a/src/anaconda/test-project/test.sh +++ b/src/anaconda/test-project/test.sh @@ -41,7 +41,7 @@ checkPythonPackageVersion "werkzeug" "2.2.3" checkPythonPackageVersion "certifi" "2022.12.07" checkPythonPackageVersion "requests" "2.31.0" checkPythonPackageVersion "cryptography" "41.0.3" -checkPythonPackageVersion "transformers" "4.30.0" +checkPythonPackageVersion "transformers" "4.36.0" checkPythonPackageVersion "mpmath" "1.3.0" checkPythonPackageVersion "aiohttp" "3.9.0" checkPythonPackageVersion "jupyter_server" "2.7.2"