Skip to content

[anaconda]- Update vulnerable packages and increment version to 1.3.8#1722

Merged
abdurriq merged 1 commit intodevcontainers:mainfrom
sireeshajonnalagadda:anaconda-fonttools
Jan 12, 2026
Merged

[anaconda]- Update vulnerable packages and increment version to 1.3.8#1722
abdurriq merged 1 commit intodevcontainers:mainfrom
sireeshajonnalagadda:anaconda-fonttools

Conversation

@sireeshajonnalagadda
Copy link
Copy Markdown
Contributor

@sireeshajonnalagadda sireeshajonnalagadda commented Jan 5, 2026

Devcontainer image

anaconda

Changes
Adding the vulnerable package "fonttools" to the list

Updating the version of vulnerable package to 4.60.2

Changes to the apply_security_patches, test.sh and manifest.json files

Checklist
Applied changes worked as expected

@sireeshajonnalagadda sireeshajonnalagadda marked this pull request as ready for review January 12, 2026 08:15
@sireeshajonnalagadda sireeshajonnalagadda requested a review from a team as a code owner January 12, 2026 08:15
Copilot AI review requested due to automatic review settings January 12, 2026 08:15
@sireeshajonnalagadda sireeshajonnalagadda changed the title Update vulnerable packages and increment version to 1.3.8 [anaconda]- Update vulnerable packages and increment version to 1.3.8 Jan 12, 2026
Copilot AI reviewed Jan 12, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds security patching for the fonttools package in the anaconda devcontainer image and increments the version from 1.3.7 to 1.3.8 following semantic versioning guidelines for security fixes.

Changes:

  • Added fonttools version 4.60.2 to the vulnerable packages list
  • Incremented image version to 1.3.8 (patch bump for security fix)
  • Added test validation for the fonttools package version

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
src/anaconda/.devcontainer/apply_security_patches.sh Added fonttools=4.60.2 to the vulnerable_packages array for security patching
src/anaconda/test-project/test.sh Added test to verify fonttools version 4.60.2 is installed correctly
src/anaconda/manifest.json Bumped version from 1.3.7 to 1.3.8 following semantic versioning for security patches

@abdurriq abdurriq merged commit 9876f5f into devcontainers:main Jan 12, 2026
8 checks passed
This was referenced Jan 26, 2026
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@abdurriq abdurriq abdurriq approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sireeshajonnalagadda @abdurriq