diff --git a/src/anaconda/.devcontainer/Dockerfile b/src/anaconda/.devcontainer/Dockerfile index 9160c63ba0..96c9e8e903 100644 --- a/src/anaconda/.devcontainer/Dockerfile +++ b/src/anaconda/.devcontainer/Dockerfile @@ -1,25 +1,27 @@ -FROM continuumio/anaconda3:2023.03-1 as upstream +FROM continuumio/anaconda3 as upstream # Verify OS version is expected one RUN . /etc/os-release && if [ "${VERSION_CODENAME}" != "bullseye" ]; then exit 1; fi # Temporary: Upgrade python packages due to mentioned CVEs # They are installed by the base image (continuumio/anaconda3) which does not have the patch. -RUN python3 -m pip install \ +RUN python3 -m pip install --upgrade \ # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21797 - --upgrade joblib \ + joblib==1.3.1 \ # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24065 - cookiecutter \ + cookiecutter==2.2.3 \ # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34749 - mistune \ + mistune==3.0.1 \ # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34141 - numpy \ + numpy==1.25.2 \ # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25577 - werkzeug \ + werkzeug==2.3.6 \ # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32862 - nbconvert \ - # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28370 - tornado + nbconvert==7.7.3 \ + # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28370 + tornado==6.3.2 \ + # https://github.com/advisories/GHSA-282v-666c-3fvg + transformers==4.30.0 RUN conda install \ # https://github.com/advisories/GHSA-5cpq-8wj7-hf2v diff --git a/src/anaconda/README.md b/src/anaconda/README.md index db199115a1..ff125c648d 100644 --- a/src/anaconda/README.md +++ b/src/anaconda/README.md @@ -37,6 +37,7 @@ See [history](history) for information on the contents of each version and [here Alternatively, you can use the contents of `Dockerfile` to fully customize your container's contents or to build it for a container host architecture not supported by the image. ### Using Conda + This dev container and its associated image includes [the `conda` package manager](https://aka.ms/vscode-remote/conda/about). Additional packages installed using Conda will be downloaded from Anaconda or another repository if you configure one. To reconfigure Conda in this container to access an alternative repository, please see information on [configuring Conda channels here](https://aka.ms/vscode-remote/conda/channel-setup). Access to the Anaconda repository is covered by the [Anaconda Terms of Service](https://aka.ms/vscode-remote/conda/terms), which may require some organizations to obtain a commercial license from Anaconda. **However**, when this dev container or its associated image is used with GitHub Codespaces or GitHub Actions, **all users are permitted** to use the Anaconda Repository through the service, including organizations normally required by Anaconda to obtain a paid license for commercial activities. Note that third-party packages may be licensed by their publishers in ways that impact your intellectual property, and are used at your own risk. @@ -51,7 +52,6 @@ By default, frameworks like Flask only listens to localhost inside the container The `appPort` property [publishes](https://docs.docker.com/config/containers/container-networking/#published-ports) rather than forwards the port, so applications need to listen to `*` or `0.0.0.0` for the application to be accessible externally. This conflicts with the defaults of some Python frameworks, but fortunately the `forwardPorts` property does not have this limitation. - #### Installing Node.js Given JavaScript front-end web client code written for use in conjunction with a Python back-end often requires the use of Node.js-based utilities to build, you can use a [Node feature](https://github.com/devcontainers/features/tree/main/src/node) to install any version of Node by adding the following to `devcontainer.json`: @@ -66,6 +66,14 @@ Given JavaScript front-end web client code written for use in conjunction with a } ``` +#### Using different Conda channels + +This image is based on the `ContinuumIO/anaconda3` docker image, which has all the `anaconda3` packages from defaults installed into the base conda's environment. It is recommended not to install packages from different channels in one environment since it could cause conflicts. When installing a package from a different channel (e.g., `conda-forge`) is required, the better approach is to create a new conda environment. + +```bash +conda create --name -c --yes +``` + #### Installing a different version of Python As covered in the [user FAQ](https://docs.anaconda.com/anaconda/user-guide/faq) for Anaconda, you can install different versions of Python than the one in this image by running the following from a terminal: diff --git a/src/anaconda/manifest.json b/src/anaconda/manifest.json index 8c6b921460..859e75caed 100644 --- a/src/anaconda/manifest.json +++ b/src/anaconda/manifest.json @@ -36,9 +36,10 @@ "nbconvert", "py", "pyOpenssl", - "werkzeug", + "Werkzeug", "requests", - "tornado" + "tornado", + "transformers" ], "other": { "git": {}, diff --git a/src/anaconda/test-project/test.sh b/src/anaconda/test-project/test.sh index f042cd60d4..4003458109 100755 --- a/src/anaconda/test-project/test.sh +++ b/src/anaconda/test-project/test.sh @@ -42,6 +42,8 @@ checkPythonPackageVersion "werkzeug" "2.2.3" checkPythonPackageVersion "certifi" "2022.12.07" checkPythonPackageVersion "requests" "2.31.0" checkPythonPackageVersion "cryptography" "41.0.2" +checkPythonPackageVersion "torch" "1.13.1" +checkPythonPackageVersion "transformers" "4.30.0" # The `tornado` package doesn't have the `__version__` attribute so we can use the `version` attribute. tornado_version=$(python -c "import tornado; print(tornado.version)") @@ -50,10 +52,11 @@ check-version-ge "tornado-requirement" "${tornado_version}" "6.3.2" checkCondaPackageVersion "pyopenssl" "23.2.0" checkCondaPackageVersion "cryptography" "41.0.2" checkCondaPackageVersion "requests" "2.31.0" +checkCondaPackageVersion "pygments" "2.15.1" check "conda-update-conda" bash -c "conda update -y conda" -check "conda-install-tensorflow" bash -c "conda install -c conda-forge --yes tensorflow" -check "conda-install-pytorch" bash -c "conda install -c conda-forge --yes pytorch" +check "conda-install-tensorflow" bash -c "conda create --name test-env -c conda-forge --yes tensorflow" +check "conda-install-pytorch" bash -c "conda create --name test-env -c conda-forge --yes pytorch" # Report result reportResults