[anaconda] Python (Pip) Security Update for pyarrow (GHSA-5wvp-7f3h-6wmm

) (#893) * Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm * Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm * [Anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability (#889) * [Anaconda] Update aiohttp due to GHSA-gfw2-4jvh-wgfg:aiohttp * [anaconda] Address GHSA-q3qx-c6g2-7pw2 vulnerability * Update Dockerfile * Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm * Updated pyarrow package to fix GHSA-5wvp-7f3h-6wmm * removed package-lock.json as its not require --------- Co-authored-by: gauravsaini04 <[email protected]>
devcontainers · Dec 14, 2023 · fd61e38 · fd61e38
1 parent 5f83f06
commit fd61e38
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/src/anaconda/.devcontainer/Dockerfile b/src/anaconda/.devcontainer/Dockerfile
@@ -29,7 +29,9 @@ RUN python3 -m pip install --upgrade \
  # https://github.com/advisories/GHSA-qppv-j76h-2rpx
  tornado==6.3.3 \
  # https://github.com/advisories/GHSA-r726-vmfq-j9j3 
- jupyter_server==2.7.2
+ jupyter_server==2.7.2 \
+ # https://github.com/advisories/GHSA-5wvp-7f3h-6wmm
+ pyarrow==14.0.1
 
 # Reset and copy updated files with updated privs to keep image size down
 FROM mcr.microsoft.com/devcontainers/base:1-bullseye

diff --git a/src/anaconda/test-project/test.sh b/src/anaconda/test-project/test.sh
@@ -46,6 +46,7 @@ checkPythonPackageVersion "mpmath" "1.3.0"
 checkPythonPackageVersion "aiohttp" "3.9.0"
 checkPythonPackageVersion "jupyter_server" "2.7.2"
 checkPythonPackageVersion "tornado" "6.3.3"
+checkPythonPackageVersion "pyarrow" "14.0.1"
 
 checkCondaPackageVersion "pyopenssl" "23.2.0"
 checkCondaPackageVersion "cryptography" "41.0.3"
@@ -55,6 +56,7 @@ checkCondaPackageVersion "mpmath" "1.3.0"
 checkCondaPackageVersion "aiohttp" "3.9.0"
 checkCondaPackageVersion "pillow" "10.0.1"
 checkCondaPackageVersion "urllib3" "1.26.17"
+checkCondaPackageVersion "pyarrow" "14.0.1"
 
 check "conda-update-conda" bash -c "conda update -y conda"
 check "conda-install-tensorflow" bash -c "conda create --name test-env -c conda-forge --yes tensorflow"