devcontainers · abdurriq · Jun 15, 2026 · Jun 6, 2026 · Jun 9, 2026 · Jun 10, 2026
@@ -4,7 +4,7 @@
 # werkzeug - [GHSA-f9vj-2wh5-fj8j] 
 
 patched_package_versions=( "mistune=3.0.1" "aiohttp=3.10.11" "cryptography=44.0.1" "h11=0.16.0" "jinja2=3.1.6" "jupyter_core=5.8.1" "protobuf=6.33.5" "requests=2.32.4" "setuptools=78.1.1" "transformers=4.53.0" "urllib3=2.5.0" "werkzeug=3.1.5" "jupyter-lsp=2.2.2" "scrapy=2.14.2"
-                      "zipp=3.19.1" "tornado=6.5.5" "jupyterlab=4.4.8" "imagecodecs=2024.9.22" "fonttools=4.60.2" "pyarrow=17.0.0" "brotli=1.2.0" "filelock=3.20.1" "bokeh=3.8.2" "distributed=2026.1.0" "wheel=0.46.2" "nltk=3.9.3" "black=26.3.1" "pyjwt=2.12.0" "pillow=12.1.1" "pyopenssl=26.0.0" "nbconvert=7.17.0" "markdown=3.8.1")
+                      "zipp=3.19.1" "tornado=6.5.5" "jupyterlab=4.4.8" "imagecodecs=2024.9.22" "fonttools=4.60.2" "pyarrow=17.0.0" "brotli=1.2.0" "filelock=3.20.1" "bokeh=3.8.2" "distributed=2026.1.0" "wheel=0.46.2" "nltk=3.9.3" "black=26.3.1" "pyjwt=2.12.0" "pillow=12.1.1" "pyopenssl=26.0.0" "nbconvert=7.17.1" "markdown=3.8.1" "python-dotenv=1.2.2" "lxml=6.1.0")
 
 # Define the number of rows (based on the length of patched_package_versions)
 rows=${#patched_package_versions[@]}

@@ -1,5 +1,5 @@
 {
-	"version": "1.3.15",
+	"version": "1.3.17",
 	"build": {
 		"latest": true,
 		"rootDistro": "debian",

@@ -35,7 +35,7 @@ checkPythonPackageVersion "mistune" "3.0.1"
 checkPythonPackageVersion "numpy" "1.22"
 checkPythonPackageVersion "setuptools" "78.1.1"
 checkPythonPackageVersion "wheel" "0.46.2"
-checkPythonPackageVersion "nbconvert" "7.17.0"
+checkPythonPackageVersion "nbconvert" "7.17.1"
 checkPythonPackageVersion "werkzeug" "3.1.5"
 checkPythonPackageVersion "certifi" "2022.12.07"
 checkPythonPackageVersion "cryptography" "44.0.1"
@@ -66,6 +66,8 @@ checkPythonPackageVersion "distributed" "2026.1.0"
 checkPythonPackageVersion "filelock" "3.20.1"
 checkPythonPackageVersion "bokeh" "3.8.2"
 checkPythonPackageVersion "pyjwt" "2.12.0"
+checkPythonPackageVersion "python-dotenv" "1.2.2"
+checkPythonPackageVersion "lxml" "6.1.0"
 
 checkCondaPackageVersion "pyopenssl" "26.0.0"
 checkCondaPackageVersion "requests" "2.32.4"
@@ -79,6 +81,7 @@ checkCondaPackageVersion "black" "26.3.1"
 checkCondaPackageVersion "streamlit" "1.37.0"
 checkCondaPackageVersion "nltk" "3.9.3"
 checkCondaPackageVersion "markdown" "3.8.1"
+checkCondaPackageVersion "python-dotenv" "1.2.2"
 
 check "conda-update-conda" bash -c "conda update -y conda"
 check "conda-install-tensorflow" bash -c "conda create --name test-env -c conda-forge --yes tensorflow"

@@ -5,7 +5,7 @@
 
 # define array of packages for pinning to the patched versions
 # patched_package_versions=( "package1=version1" "package2=version2" "package3=version3" )
-patched_package_versions=( "cryptography=46.0.6" "requests=2.32.4" "urllib3=2.5.0")
+patched_package_versions=( "cryptography=46.0.6" "requests=2.32.4" "urllib3=2.5.0" "python-dotenv=1.2.2")
 
 # Define the number of rows (based on the length of patched_package_versions)
 rows=${#patched_package_versions[@]}

@@ -1,5 +1,5 @@
 {
-	"version": "1.2.5",
+	"version": "1.2.6",
 	"build": {
 		"latest": true,
 		"rootDistro": "debian",

@@ -22,6 +22,7 @@ checkPythonPackageVersion "cryptography" "46.0.6"
 checkPythonPackageVersion "setuptools" "65.5.1"
 checkPythonPackageVersion "wheel" "0.38.1"
 checkPythonPackageVersion "urllib3" "2.5.0"
+checkPythonPackageVersion "python-dotenv" "1.2.2"
 
 checkCondaPackageVersion "cryptography" "46.0.6"
 checkCondaPackageVersion "setuptools" "65.5.1"
@@ -31,10 +32,13 @@ checkCondaPackageVersion "urllib3" "2.5.0"
 checkCondaPackageVersion "idna" "3.7"
 checkCondaPackageVersion "tqdm" "4.66.4"
 checkCondaPackageVersion "certifi" "2024.7.4"
+checkCondaPackageVersion "python-dotenv" "1.2.2"
 
 check "conda-update-conda" bash -c "conda update -y conda"
-check "conda-install-tensorflow" bash -c "conda create --name test-env -c conda-forge --yes tensorflow"
-check "conda-install-pytorch" bash -c "conda create --name test-env -c conda-forge --yes pytorch"
+check "conda-install-tensorflow" bash -c "conda create --name test-tensorflow -c conda-forge --yes tensorflow"
+# Clear repodata cache between heavy conda-forge solves to avoid "sqlite3 database is locked".
+check "conda-clean-index-cache" bash -c "conda clean --index-cache --yes"
+check "conda-install-pytorch" bash -c "conda create --name test-pytorch -c conda-forge --yes pytorch"
 
 checkPipWorkingCorrectly
 

@@ -10,7 +10,7 @@ RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
 # They are installed by the base image (python) which does not have the patch.
 RUN python3 -m pip install --upgrade \
     setuptools==78.1.1 \
-    gitpython==3.1.41 \
+    gitpython==3.1.47 \
     jaraco.context==6.1.0 \
     wheel==0.46.2
 

@@ -1,5 +1,5 @@
 {
-	"version": "3.1.0",
+	"version": "3.1.1",
 	"variants": [
 		"3.14-trixie",
 		"3.13-trixie",

@@ -47,9 +47,9 @@ check-version-ge "svn-requirement" "${svn_version}" "1.14.5"
 setuptools_version=$(python -c "import setuptools; print(setuptools.__version__)")
 check-version-ge "setuptools-requirement" "${setuptools_version}" "78.1.1"
 
-# https://github.com/advisories/GHSA-2mqj-m65w-jghx
+# https://github.com/advisories/GHSA-rpm5-65cw-6hj4
 gitpython_version=$(python -c "import git; print(git.__version__)")
-check-version-ge "gitpython-requirement" "${gitpython_version}" "3.1.41"
+check-version-ge "gitpython-requirement" "${gitpython_version}" "3.1.47"
 
 # GHSA-58pv-8j8x-9vj2: jaraco.context
 jaraco_context_version=$(python -c "from importlib.metadata import version; print(version('jaraco.context'))")