From 49d6ddc3edeb13408388c7e6a9ef36ac9856ce07 Mon Sep 17 00:00:00 2001
From: Alexander Smolyakov <v-asmoliakov@microsoft.com>
Date: Wed, 11 Oct 2023 03:18:48 +0400
Subject: [PATCH] [miniconda] Update `urllib3` package due to
 GHSA-v845-jxx5-vc9f (#802)

* Bump `urllib3` version

* Add test
---
 src/miniconda/.devcontainer/Dockerfile | 4 ++++
 src/miniconda/test-project/test.sh     | 1 +
 2 files changed, 5 insertions(+)

diff --git a/src/miniconda/.devcontainer/Dockerfile b/src/miniconda/.devcontainer/Dockerfile
index 5359a26e9..8c38834a2 100644
--- a/src/miniconda/.devcontainer/Dockerfile
+++ b/src/miniconda/.devcontainer/Dockerfile
@@ -10,6 +10,10 @@ RUN conda install \
     # https://github.com/advisories/GHSA-j8r2-6x86-q33q
     requests=2.31.0
 
+RUN python3 -m pip install --upgrade \
+    # https://github.com/advisories/GHSA-v845-jxx5-vc9f
+    urllib3==1.26.17
+
 # Reset and copy updated files with updated privs to keep image size down
 FROM mcr.microsoft.com/devcontainers/base:1-bullseye
 
diff --git a/src/miniconda/test-project/test.sh b/src/miniconda/test-project/test.sh
index 7f2aa998e..efdd7c670 100755
--- a/src/miniconda/test-project/test.sh
+++ b/src/miniconda/test-project/test.sh
@@ -21,6 +21,7 @@ check "usr-local-etc-config-does-not-exist" test ! -f "/usr/local/etc/gitconfig"
 checkPythonPackageVersion "cryptography" "41.0.3"
 checkPythonPackageVersion "setuptools" "65.5.1"
 checkPythonPackageVersion "wheel" "0.38.1"
+checkPythonPackageVersion "urllib3" "1.26.17"
 
 checkCondaPackageVersion "cryptography" "41.0.3"
 checkCondaPackageVersion "pyopenssl" "23.2.0"