[anaconda]- Security Updates for pip, gitpython, mistune, twisted & ujson

src/anaconda/.devcontainer/apply_security_patches.sh

@@ -5,9 +5,11 @@
 # pyasn1 - [GHSA-jr27-m4p2-rc6r]
 # ujson - [GHSA-wgvc-ghv9-3pmm]
 
-patched_package_versions=( "mistune=3.0.1" "aiohttp=3.10.11" "cryptography=44.0.1" "h11=0.16.0" "jinja2=3.1.6" "jupyter_core=5.8.1" "protobuf=6.33.5" "requests=2.32.4" "setuptools=78.1.1" "transformers=4.53.0" "urllib3=2.5.0" "werkzeug=3.1.5" "jupyter-lsp=2.2.2" "scrapy=2.14.2"
+# Upgrading pip to fix the vulnerability (GHSA-jp4c-xjxw-mgf9)
+python3 -m pip install --upgrade --no-cache-dir "pip==26.1.2" || exit $?
+patched_package_versions=( "mistune=3.2.1" "aiohttp=3.10.11" "cryptography=44.0.1" "h11=0.16.0" "jinja2=3.1.6" "jupyter_core=5.8.1" "protobuf=6.33.5" "requests=2.32.4" "setuptools=78.1.1" "transformers=4.53.0" "urllib3=2.5.0" "werkzeug=3.1.5" "jupyter-lsp=2.2.2" "scrapy=2.14.2"
                       "zipp=3.19.1" "tornado=6.5.5" "jupyterlab=4.4.8" "imagecodecs=2024.9.22" "fonttools=4.60.2" "pyarrow=17.0.0" "brotli=1.2.0" "filelock=3.20.1" "bokeh=3.8.2" "distributed=2026.1.0" "wheel=0.46.2" "nltk=3.9.3" "black=26.3.1" "pyjwt=2.12.0" "pillow=12.1.1" "pyopenssl=26.0.0" "nbconvert=7.17.1" "markdown=3.8.1" "python-dotenv=1.2.2" "lxml=6.1.0"
-                      "pyasn1=0.6.3" "ujson=5.12.0")
+                      "pyasn1=0.6.3" "ujson=5.12.0" "twisted=26.4.0" "gitpython=3.1.50")
 
 # Define the number of rows (based on the length of patched_package_versions)
 rows=${#patched_package_versions[@]}

src/anaconda/README.md

@@ -30,7 +30,7 @@ You can decide how often you want updates by referencing a [semantic version](ht
 
 - `mcr.microsoft.com/devcontainers/anaconda:1-3`
 - `mcr.microsoft.com/devcontainers/anaconda:1.3-3`
-- `mcr.microsoft.com/devcontainers/anaconda:1.3.19-3`
+- `mcr.microsoft.com/devcontainers/anaconda:1.3.20-3`
 
 See [history](history) for information on the contents of each version and [here for a complete list of available tags](https://mcr.microsoft.com/v2/devcontainers/anaconda/tags/list).
 

src/anaconda/manifest.json

@@ -1,5 +1,5 @@
 {
-	"version": "1.3.19",
+	"version": "1.3.20",
 	"build": {
 		"latest": true,
 		"rootDistro": "debian",

src/anaconda/test-project/test.sh

@@ -31,7 +31,7 @@ check "usr-local-etc-config-does-not-exist" test ! -f "/usr/local/etc/gitconfig"
 
 checkPythonPackageVersion "joblib" "1.2.0"
 checkPythonPackageVersion "cookiecutter" "2.1.1"
-checkPythonPackageVersion "mistune" "3.0.1"
+checkPythonPackageVersion "mistune" "3.2.1"
 checkPythonPackageVersion "numpy" "1.22"
 checkPythonPackageVersion "setuptools" "78.1.1"
 checkPythonPackageVersion "wheel" "0.46.2"
@@ -50,8 +50,7 @@ checkPythonPackageVersion "jupyter_server" "2.14.1"
 checkPythonPackageVersion "pyarrow" "17.0.0"
 checkPythonPackageVersion "pillow" "12.1.1"
 checkPythonPackageVersion "jupyterlab" "4.4.8"
-checkPythonPackageVersion "notebook" "7.2.2"
-checkPythonPackageVersion "gitpython" "3.1.41"
+checkPythonPackageVersion "gitpython" "3.1.50"
 checkPythonPackageVersion "jupyter-lsp" "2.2.2"
 checkPythonPackageVersion "idna" "3.7"
 checkPythonPackageVersion "jinja2" "3.1.4"
@@ -70,6 +69,8 @@ checkPythonPackageVersion "python-dotenv" "1.2.2"
 checkPythonPackageVersion "lxml" "6.1.0"
 checkPythonPackageVersion "pyasn1" "0.6.3"
 checkPythonPackageVersion "ujson" "5.12.0"
+checkPythonPackageVersion "pip" "26.1.2"
+checkPythonPackageVersion "twisted" "26.4.0"
 
 checkCondaPackageVersion "pyopenssl" "26.0.0"
 checkCondaPackageVersion "requests" "2.32.4"