This vulnerability comes from the coninuumio/anaconda3 image used upstream for the Anaconda devcontainer.
Changelog:
Updated apply_security_patches.sh
Upgraded versions for patched anaconda & python packages;
urllib3 - minimum package version has been set to 2.2.2;
scikit-learn - minimum package version has been set to 1.5.0;
Updated tests to verify urllib3 minimum version (Minimum package version set to 2.2.2 which fixes GHSA-34jh-p97f-mpxf) and scikit-learn minimum version (Minimum package version set to 1.5.0 which fixes GHSA-jw8x-6495-233v);
Dev container name:
Anaconda
Description:
This PR patches the following vulnerabilities:
GHSA-34jh-p97f-mpxf- related to the
urllib3package;GHSA-jw8x-6495-233v - related to the
scikit-learnpackage;This vulnerability comes from the coninuumio/anaconda3 image used upstream for the Anaconda devcontainer.
Changelog:
Updated
apply_security_patches.shanaconda&pythonpackages;urllib3- minimum package version has been set to2.2.2;scikit-learn- minimum package version has been set to1.5.0;Updated tests to verify
urllib3minimum version (Minimum package version set to2.2.2which fixes GHSA-34jh-p97f-mpxf) andscikit-learnminimum version (Minimum package version set to1.5.0which fixes GHSA-jw8x-6495-233v);Checklist:
[x] Checked that applied changes work as expected