Skip to content

Commit b1b05f7

Browse files
partheaparthea
authored
fix(nodejs): remove wheel 0.45.1 (#2161)
1 parent 1de1899 commit b1b05f7

2 files changed

Lines changed: 12 additions & 0 deletions

File tree

docker/owlbot/nodejs/Dockerfile

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -105,6 +105,12 @@ RUN rm -rf /opt/venv/synthtool/lib/python3.13/site-packages/virtualenv/seed/whee
105105
RUN rm -rf /opt/venv/synthtool/lib/python3.13/site-packages/virtualenv/seed/wheels/embed/pip-25.3-py3-none-any.whl
106106
RUN rm -rf /opt/venv/synthtool/lib/python3.13/site-packages/virtualenv/seed/wheels/embed/pip-25.0.1-py3-none-any.whl
107107

108+
# TODO: Remove this code once there is a newer version of virtualenv which does not include wheel 45.1
109+
# https://github.com/pypa/virtualenv/tree/20.36.1/src/virtualenv/seed/wheels/embed
110+
# In the interim, remove the bundled wheel 45.1
111+
# since it does not include a fix for CVE-2026-24049
112+
RUN rm -rf /opt/venv/synthtool/lib/python3.13/site-packages/virtualenv/seed/wheels/embed/wheel-0.45.1-py3-none-any.whl
113+
108114
# Set PYTHONPATH to ensure synthtool can be found by Python scripts.
109115
# Include the virtual environment's site-packages for completeness, though
110116
# the PATH modification often handles this for executables run directly.

docker/owlbot/nodejs_mono_repo/Dockerfile

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -110,6 +110,12 @@ RUN rm -rf /opt/venv/synthtool/lib/python3.13/site-packages/virtualenv/seed/whee
110110
RUN rm -rf /opt/venv/synthtool/lib/python3.13/site-packages/virtualenv/seed/wheels/embed/pip-25.3-py3-none-any.whl
111111
RUN rm -rf /opt/venv/synthtool/lib/python3.13/site-packages/virtualenv/seed/wheels/embed/pip-25.0.1-py3-none-any.whl
112112

113+
# TODO: Remove this code once there is a newer version of virtualenv which does not include wheel 45.1
114+
# https://github.com/pypa/virtualenv/tree/20.36.1/src/virtualenv/seed/wheels/embed
115+
# In the interim, remove the bundled wheel 45.1
116+
# since it does not include a fix for CVE-2026-24049
117+
RUN rm -rf /opt/venv/synthtool/lib/python3.13/site-packages/virtualenv/seed/wheels/embed/wheel-0.45.1-py3-none-any.whl
118+
113119
# Set PYTHONPATH to ensure synthtool can be found by Python scripts.
114120
# Include the virtual environment's site-packages for completeness.
115121
ENV PYTHONPATH="/synthtool:$VIRTUAL_ENV/lib/python3.13/site-packages"

0 commit comments

Comments
 (0)