[features/conda] Address CVE-2023-0286, CVE-2023-23931, and CVE-2022-40897 vulnerabilities (#518)
* [features/conda] Address CVE-2023-0286, CVE-2023-23931, and CVE-2022-40897 vulnerabilities - Update `install.sh` to install updates for `cryptography` and `setuptools` packages - Add tests to verify `cryptography` and `setuptools` packages version * Bump feature version
This commit is contained in:
parent
74959ec149
commit
8d3e9aca9d
3 changed files with 13 additions and 2 deletions
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"id": "conda",
|
||||
"version": "1.0.8",
|
||||
"version": "1.0.9",
|
||||
"name": "Conda",
|
||||
"description": "A cross-platform, language-agnostic binary package manager",
|
||||
"documentationURL": "https://github.com/devcontainers/features/tree/main/src/conda",
|
||||
|
|
|
@ -114,8 +114,13 @@ if ! conda --version &> /dev/null ; then
|
|||
|
||||
find "${CONDA_DIR}" -type d -print0 | xargs -n 1 -0 chmod g+s
|
||||
|
||||
# Temporary due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23491
|
||||
# Temporary fixes
|
||||
# Due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23491
|
||||
install_user_package certifi
|
||||
# Due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286 and https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23931
|
||||
install_user_package cryptography
|
||||
# Due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40897
|
||||
install_user_package setuptools
|
||||
fi
|
||||
|
||||
# Display a notice on conda when not running in GitHub Codespaces
|
||||
|
|
|
@ -32,5 +32,11 @@ check-version-ge() {
|
|||
certifiVersion=$(python -c "import certifi; print(certifi.__version__)")
|
||||
check-version-ge "certifi" "${certifiVersion}" "2022.12.07"
|
||||
|
||||
cryptographyVersion=$(python -c "import cryptography; print(cryptography.__version__)")
|
||||
check-version-ge "cryptography" "${cryptographyVersion}" "39.0.1"
|
||||
|
||||
setuptoolsVersion=$(python -c "import setuptools; print(setuptools.__version__)")
|
||||
check-version-ge "setuptools" "${setuptoolsVersion}" "65.5.1"
|
||||
|
||||
# Report result
|
||||
reportResults
|
||||
|
|
Loading…
Reference in a new issue