Skip to content

Anaconda-vulnerabilities- GHSA-w853-jp5j-5j7f: filelock and GHSA-793v-589g-574v: bokeh #1777

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
sireeshajonnalagadda wants to merge 8 commits into from
Closed

Anaconda-vulnerabilities- GHSA-w853-jp5j-5j7f: filelock and GHSA-793v-589g-574v: bokeh #1777

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
c060e73
Remove 'protobuf' from the list of packages that should always pin to…
sireeshajonnalagadda Jan 19, 2026
4f3d062
Update vulnerable packages and versions in manifest and scripts
sireeshajonnalagadda Feb 10, 2026
cc3f94c
Merge branch 'main' into anaconda-vulnerabilities
sireeshajonnalagadda Feb 10, 2026
6cfd15f
Update vulnerable packages and versions in apply_security_patches.sh …
sireeshajonnalagadda Feb 10, 2026
fba91da
Update pinned packages in apply_security_patches.sh
sireeshajonnalagadda Feb 10, 2026
a2f16e6
Fix formatting of pin_to_required_version array
sireeshajonnalagadda Feb 10, 2026
078f25d
Add 'protobuf' to pin_to_required_version array in apply_security_pat…
sireeshajonnalagadda Feb 12, 2026
819cd4a
Fix formatting of vulnerable_packages array in apply_security_patches.sh
sireeshajonnalagadda Feb 12, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions src/anaconda/.devcontainer/apply_security_patches.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@
# vulnerabilities:
# werkzeug - [GHSA-f9vj-2wh5-fj8j]

vulnerable_packages=( "mistune=3.0.1" "aiohttp=3.10.11" "cryptography=44.0.1" "h11=0.16.0" "jinja2=3.1.6" "jupyter_core=5.8.1" "protobuf=5.29.5" "requests=2.32.4" "setuptools=78.1.1" "transformers=4.53.0" "urllib3=2.5.0" "Werkzeug=3.0.6" "jupyter-lsp=2.2.2" "scrapy=2.11.2" \
"zipp=3.19.1" "tornado=6.4.2" "jupyterlab=4.4.8" "imagecodecs=2024.9.22" "fonttools=4.60.2" "pyarrow=17.0.0" "brotli=1.2.0" )
vulnerable_packages=( "mistune=3.0.1" "aiohttp=3.10.11" "cryptography=44.0.1" "h11=0.16.0" "jinja2=3.1.6" "jupyter_core=5.8.1" "protobuf=5.29.5" "requests=2.32.4" "setuptools=78.1.1" "transformers=4.53.0" "urllib3=2.5.0" "Werkzeug=3.0.6" "jupyter-lsp=2.2.2" "scrapy=2.11.2" \
"zipp=3.19.1" "tornado=6.4.2" "jupyterlab=4.4.8" "imagecodecs=2024.9.22" "fonttools=4.60.2" "pyarrow=17.0.0" "brotli=1.2.0" "filelock=3.20.1" "bokeh=3.8.2")

# Define the number of rows (based on the length of vulnerable_packages)
rows=${#vulnerable_packages[@]}
Expand All @@ -26,7 +26,7 @@ done

# Add an array for packages that should always pin to the provided version,
# even if higher version is available in conda channel
pin_to_required_version=("transformers" "imagecodecs" "brotli")
pin_to_required_version=("transformers" "imagecodecs" "brotli" "protobuf")

# Function to check if a package is in the pin_to_required_version array
function is_pin_to_required_version() {
Expand Down
2 changes: 1 addition & 1 deletion src/anaconda/manifest.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"version": "1.3.10",
"version": "1.3.11",
"build": {
"latest": true,
"rootDistro": "debian",
Expand Down
2 changes: 2 additions & 0 deletions src/anaconda/test-project/test.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,8 @@ checkPythonPackageVersion "zipp" "3.19.1"
checkPythonPackageVersion "imagecodecs" "2023.9.18"
checkPythonPackageVersion "brotli" "1.2.0"
checkPythonPackageVersion "fonttools" "4.60.2"
checkPythonPackageVersion "filelock" "3.20.1"
checkPythonPackageVersion "bokeh" "3.8.2"

checkCondaPackageVersion "pyopenssl" "24.2.1"
checkCondaPackageVersion "requests" "2.32.4"
Expand Down
Loading