This vulnerability comes from the coninuumio/anaconda3 image used upstream for the Anaconda devcontainer.
Changelog:
Updated apply_security_patches.sh
Upgraded versions for patched anaconda & python packages;
urllib3 - minimum package version has been set to 2.2.2;
scikit-learn - minimum package version has been set to 1.5.0;
Updated tests to verify urllib3 minimum version (Minimum package version set to 2.2.2 which fixes GHSA-34jh-p97f-mpxf) and scikit-learn minimum version (Minimum package version set to 1.5.0 which fixes GHSA-jw8x-6495-233v);
Dev container name:
Anaconda
Description:
This PR patches the following vulnerabilities:
GHSA-34jh-p97f-mpxf- related to the
urllib3
package;GHSA-jw8x-6495-233v - related to the
scikit-learn
package;This vulnerability comes from the coninuumio/anaconda3 image used upstream for the Anaconda devcontainer.
Changelog:
Updated
apply_security_patches.sh
anaconda
&python
packages;urllib3
- minimum package version has been set to2.2.2
;scikit-learn
- minimum package version has been set to1.5.0
;Updated tests to verify
urllib3
minimum version (Minimum package version set to2.2.2
which fixes GHSA-34jh-p97f-mpxf) andscikit-learn
minimum version (Minimum package version set to1.5.0
which fixes GHSA-jw8x-6495-233v);Checklist:
[x] Checked that applied changes work as expected