[anaconda]-Update vulnerable packages and versions in security patch script and test files (#1805)

* Update vulnerable packages and versions in security patch script and test files

* Remove analysis file for Anaconda critical and high vulnerabilities

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <[email protected]>

* Update mistune package version to 3.0.1

* Update script to use patched package versions

---------

Co-authored-by: Copilot Autofix powered by AI <[email protected]>
Co-authored-by: Abdurrahmaan Iqbal <[email protected]>

Author: 3 people

src/anaconda/.devcontainer/apply_security_patches.sh

@@ -3,11 +3,11 @@
 # vulnerabilities:
 # werkzeug - [GHSA-f9vj-2wh5-fj8j] 
 
-vulnerable_packages=( "mistune=3.0.1" "aiohttp=3.10.11" "cryptography=44.0.1" "h11=0.16.0" "jinja2=3.1.6" "jupyter_core=5.8.1" "protobuf=5.29.5" "requests=2.32.4" "setuptools=78.1.1" "transformers=4.53.0" "urllib3=2.5.0" "werkzeug=3.1.5" "jupyter-lsp=2.2.2" "scrapy=2.11.2" \ 
-                      "zipp=3.19.1" "tornado=6.4.2" "jupyterlab=4.4.8" "imagecodecs=2024.9.22" "fonttools=4.60.2" "pyarrow=17.0.0" "brotli=1.2.0" "filelock=3.20.1" "bokeh=3.8.2" "distributed=2026.1.0" "wheel=0.46.2" )
+patched_package_versions=( "mistune=3.0.1" "aiohttp=3.10.11" "cryptography=44.0.1" "h11=0.16.0" "jinja2=3.1.6" "jupyter_core=5.8.1" "protobuf=6.33.5" "requests=2.32.4" "setuptools=78.1.1" "transformers=4.53.0" "urllib3=2.5.0" "werkzeug=3.1.5" "jupyter-lsp=2.2.2" "scrapy=2.14.2"
+                      "zipp=3.19.1" "tornado=6.5.5" "jupyterlab=4.4.8" "imagecodecs=2024.9.22" "fonttools=4.60.2" "pyarrow=17.0.0" "brotli=1.2.0" "filelock=3.20.1" "bokeh=3.8.2" "distributed=2026.1.0" "wheel=0.46.2" "nltk=3.9.3" "black=26.3.1" "pyjwt=2.12.0" "pillow=12.1.1" "pyopenssl=26.0.0" "nbconvert=7.17.0" )
 
-# Define the number of rows (based on the length of vulnerable_packages)
-rows=${#vulnerable_packages[@]}
+# Define the number of rows (based on the length of patched_package_versions)
+rows=${#patched_package_versions[@]}
 
 # Define the number of columns
 cols=2
@@ -18,8 +18,8 @@ declare -A required_versions
 
 # Fill the 2D array
 for ((i=0; i<rows; i++)); do
-    # Split each element of vulnerable_packages by the '=' sign
-    IFS='=' read -ra parts <<< "${vulnerable_packages[$i]}"
+    # Split each element of patched_package_versions by the '=' sign
+    IFS='=' read -ra parts <<< "${patched_package_versions[$i]}"
     # Assign the parts to the 2D array
     packages_array["$i,0"]="${parts[0]}"
     packages_array["$i,1"]="${parts[1]}"
@@ -28,7 +28,7 @@ done
 
 # Add an array for packages that should always pin to the provided version, 
 # even if higher version is available in conda channel
-pin_to_required_version=("transformers" "imagecodecs" "brotli" "protobuf" "distributed")
+pin_to_required_version=("transformers" "imagecodecs" "brotli" "distributed")
 
 # Function to check if a package is in the pin_to_required_version array
 function is_pin_to_required_version() {

src/anaconda/test-project/test.sh

@@ -31,31 +31,31 @@ check "usr-local-etc-config-does-not-exist" test ! -f "/usr/local/etc/gitconfig"
 
 checkPythonPackageVersion "joblib" "1.2.0"
 checkPythonPackageVersion "cookiecutter" "2.1.1"
-checkPythonPackageVersion "mistune" "2.0.3"
+checkPythonPackageVersion "mistune" "3.0.1"
 checkPythonPackageVersion "numpy" "1.22"
 checkPythonPackageVersion "setuptools" "78.1.1"
 checkPythonPackageVersion "wheel" "0.46.2"
-checkPythonPackageVersion "nbconvert" "6.5.1"
+checkPythonPackageVersion "nbconvert" "7.17.0"
 checkPythonPackageVersion "werkzeug" "3.1.5"
 checkPythonPackageVersion "certifi" "2022.12.07"
 checkPythonPackageVersion "cryptography" "44.0.1"
 checkPythonPackageVersion "h11" "0.16.0"
 checkPythonPackageVersion "jupyter_core" "5.8.1"
-checkPythonPackageVersion "protobuf" "5.29.5"
+checkPythonPackageVersion "protobuf" "6.33.5"
 checkPythonPackageVersion "transformers" "4.53.0"
 checkPythonPackageVersion "mpmath" "1.3.0"
 checkPythonPackageVersion "aiohttp" "3.10.2"
-checkPythonPackageVersion "tornado" "6.4.2"
+checkPythonPackageVersion "tornado" "6.5.5"
 checkPythonPackageVersion "jupyter_server" "2.14.1"
 checkPythonPackageVersion "pyarrow" "17.0.0"
-checkPythonPackageVersion "pillow" "10.3.0"
+checkPythonPackageVersion "pillow" "12.1.1"
 checkPythonPackageVersion "jupyterlab" "4.4.8"
 checkPythonPackageVersion "notebook" "7.2.2"
 checkPythonPackageVersion "gitpython" "3.1.41"
 checkPythonPackageVersion "jupyter-lsp" "2.2.2"
 checkPythonPackageVersion "idna" "3.7"
 checkPythonPackageVersion "jinja2" "3.1.4"
-checkPythonPackageVersion "scrapy" "2.11.2"
+checkPythonPackageVersion "scrapy" "2.14.2"
 checkPythonPackageVersion "requests" "2.32.4"
 checkPythonPackageVersion "scikit-learn" "1.5.0"
 checkPythonPackageVersion "zipp" "3.19.1"
@@ -65,18 +65,19 @@ checkPythonPackageVersion "fonttools" "4.60.2"
 checkPythonPackageVersion "distributed" "2026.1.0"
 checkPythonPackageVersion "filelock" "3.20.1"
 checkPythonPackageVersion "bokeh" "3.8.2"
+checkPythonPackageVersion "pyjwt" "2.12.0"
 
-checkCondaPackageVersion "pyopenssl" "24.2.1"
+checkCondaPackageVersion "pyopenssl" "26.0.0"
 checkCondaPackageVersion "requests" "2.32.4"
 checkCondaPackageVersion "pygments" "2.15.1"
 checkCondaPackageVersion "mpmath" "1.3.0"
 checkCondaPackageVersion "urllib3" "2.5.0"
 checkCondaPackageVersion "pyarrow" "17.0.0"
 checkCondaPackageVersion "pydantic" "2.5.3"
 checkCondaPackageVersion "tqdm" "4.66.4"
-checkCondaPackageVersion "black" "24.4.2"
+checkCondaPackageVersion "black" "26.3.1"
 checkCondaPackageVersion "streamlit" "1.37.0"
-checkCondaPackageVersion "nltk" "3.9"
+checkCondaPackageVersion "nltk" "3.9.3"
 
 check "conda-update-conda" bash -c "conda update -y conda"
 check "conda-install-tensorflow" bash -c "conda create --name test-env -c conda-forge --yes tensorflow"