From f53085f079181afc2aad7663bf4557197ed3041d Mon Sep 17 00:00:00 2001 From: "Mahadik, Mukul Chandrakant" Date: Fri, 6 Oct 2023 15:55:17 -0700 Subject: [PATCH 1/3] Updating fixed vulnerabilities after new observations Creating this Commit / PR to fix observed vulnerabilities after updating in earlier PR. - Cryptography vulnerability fixed and not being detected in latest image. - Certifi is also updated to recommended version but a slightly older version also exists which will be removed in this commit. - Flask still shows up as a vulnerability, but unable to find the package actually being installed when using find ~/miniconda-23.5.2/ -name flask* --- .docker/setup_config.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/.docker/setup_config.sh b/.docker/setup_config.sh index 46168e2ab..268ba1c77 100644 --- a/.docker/setup_config.sh +++ b/.docker/setup_config.sh @@ -19,6 +19,7 @@ conda install -c conda-forge cryptography=41.0.4 wheel=0.40.0 rm -rf /root/miniconda-23.1.0/pkgs/cryptography-38.0.4-py39h9ce1e76_0 rm -rf /root/miniconda-23.1.0/pkgs/wheel-0.37.1-pyhd3eb1b0_0 rm -rf /root/miniconda-23.5.2/pkgs/cryptography-39.0.1-py39h9ce1e76_2 +rm -rf /root/miniconda-23.5.2/pkgs/certifi-2023.5.7-py39h06a4308_0 # Clean up the conda install conda clean -t From 5e4550f5bcba4bd0ad5694612a2acac99be7b081 Mon Sep 17 00:00:00 2001 From: "Mahadik, Mukul Chandrakant" Date: Fri, 6 Oct 2023 17:18:32 -0700 Subject: [PATCH 2/3] Removed requirements.txt containing old flask package This vulnerability was detected as it mentioned an old version of flask 1.1.1 in the requirements.txt file. - This file is in a conda tests directory and hence should be safe to remove. --- .docker/setup_config.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/.docker/setup_config.sh b/.docker/setup_config.sh index 268ba1c77..0d9a5810e 100644 --- a/.docker/setup_config.sh +++ b/.docker/setup_config.sh @@ -20,6 +20,7 @@ rm -rf /root/miniconda-23.1.0/pkgs/cryptography-38.0.4-py39h9ce1e76_0 rm -rf /root/miniconda-23.1.0/pkgs/wheel-0.37.1-pyhd3eb1b0_0 rm -rf /root/miniconda-23.5.2/pkgs/cryptography-39.0.1-py39h9ce1e76_2 rm -rf /root/miniconda-23.5.2/pkgs/certifi-2023.5.7-py39h06a4308_0 +rm -rf /root/miniconda-23.5.2/pkgs/conda-23.5.2-py39h06a4308_0/lib/python3.9/site-packages/tests/conda_env/support/requirements.txt # Clean up the conda install conda clean -t From b1c8f1d97cced5a6f867cf56920712e023564bd3 Mon Sep 17 00:00:00 2001 From: shankari Date: Fri, 6 Oct 2023 19:40:00 -0700 Subject: [PATCH 3/3] Remove all tests, not just the requirements of the support tests --- .docker/setup_config.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.docker/setup_config.sh b/.docker/setup_config.sh index 0d9a5810e..785d7f91d 100644 --- a/.docker/setup_config.sh +++ b/.docker/setup_config.sh @@ -20,7 +20,7 @@ rm -rf /root/miniconda-23.1.0/pkgs/cryptography-38.0.4-py39h9ce1e76_0 rm -rf /root/miniconda-23.1.0/pkgs/wheel-0.37.1-pyhd3eb1b0_0 rm -rf /root/miniconda-23.5.2/pkgs/cryptography-39.0.1-py39h9ce1e76_2 rm -rf /root/miniconda-23.5.2/pkgs/certifi-2023.5.7-py39h06a4308_0 -rm -rf /root/miniconda-23.5.2/pkgs/conda-23.5.2-py39h06a4308_0/lib/python3.9/site-packages/tests/conda_env/support/requirements.txt +rm -rf /root/miniconda-23.5.2/pkgs/conda-23.5.2-py39h06a4308_0/lib/python3.9/site-packages/tests/ # Clean up the conda install conda clean -t