From 7d3d80f1859c66008bad6bf1246045c92e272785 Mon Sep 17 00:00:00 2001
From: Alexander Smolyakov <v-asmoliakov@microsoft.com>
Date: Fri, 3 Nov 2023 19:50:06 +0400
Subject: [PATCH 1/6] Bump Python SDKs versions

- v3.10: 3.10.8 -> 3.10.13
- v3.9: 3.9.16 -> 3.9.18
---
 src/universal/.devcontainer/devcontainer.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/universal/.devcontainer/devcontainer.json b/src/universal/.devcontainer/devcontainer.json
index add954124..87a55ad39 100644
--- a/src/universal/.devcontainer/devcontainer.json
+++ b/src/universal/.devcontainer/devcontainer.json
@@ -23,8 +23,8 @@
         },
         "./local-features/nvs": "latest",
         "ghcr.io/devcontainers/features/python:1": {
-            "version": "3.10.8",
-            "additionalVersions": "3.9.16",
+            "version": "3.10.13",
+            "additionalVersions": "3.9.18",
             "installJupyterlab": "true",
             "configureJupyterlabAllowOrigin": "*",
             "useOryxIfAvailable": "false"

From 3de14dfade286334dc854823a0b504fe5b6e3f4b Mon Sep 17 00:00:00 2001
From: Alexander Smolyakov <v-asmoliakov@microsoft.com>
Date: Fri, 3 Nov 2023 19:51:39 +0400
Subject: [PATCH 2/6] [patch-conda] Remove outdated patches

---
 .../.devcontainer/local-features/patch-conda/install.sh     | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/src/universal/.devcontainer/local-features/patch-conda/install.sh b/src/universal/.devcontainer/local-features/patch-conda/install.sh
index 80b812202..ba41b5445 100644
--- a/src/universal/.devcontainer/local-features/patch-conda/install.sh
+++ b/src/universal/.devcontainer/local-features/patch-conda/install.sh
@@ -50,14 +50,8 @@ sudo_if /opt/conda/bin/python3 -m pip install --upgrade pip
 # Temporary: Upgrade python packages due to security vulnerabilities
 # They are installed by the conda feature and Conda distribution does not have the patches.
 
-# pyopenssl should be updated to be compatible with latest version of cryptography
-update_conda_package pyopenssl "23.2.0"
-
 # https://github.com/advisories/GHSA-v8gr-m533-ghj9
 update_python_package /opt/conda/bin/python3 cryptography "41.0.4"
 
-# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32681
-update_conda_package requests "2.31.0"
-
 # https://github.com/advisories/GHSA-v845-jxx5-vc9f
 update_conda_package urllib3 "1.26.18"

From 013b423e0065628c46f855159a56ff40f7027a67 Mon Sep 17 00:00:00 2001
From: Alexander Smolyakov <v-asmoliakov@microsoft.com>
Date: Fri, 3 Nov 2023 19:52:18 +0400
Subject: [PATCH 3/6] [patch-python] Remove outdated patches

---
 .../.devcontainer/local-features/patch-python/install.sh      | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/src/universal/.devcontainer/local-features/patch-python/install.sh b/src/universal/.devcontainer/local-features/patch-python/install.sh
index d49513e98..2a53da3c0 100644
--- a/src/universal/.devcontainer/local-features/patch-python/install.sh
+++ b/src/universal/.devcontainer/local-features/patch-python/install.sh
@@ -42,7 +42,3 @@ update_package() {
 
 # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40897
 update_package /usr/local/python/3.9.*/bin/python setuptools==65.5.1
-update_package /usr/local/python/3.10.*/bin/python setuptools==68.0.0
-
-# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32681
-update_package /usr/local/python/3.10.*/bin/python requests==2.31.0

From 236928a8a768b1061061847fa785e989eb153af7 Mon Sep 17 00:00:00 2001
From: Alexander Smolyakov <v-asmoliakov@microsoft.com>
Date: Mon, 6 Nov 2023 19:24:13 +0400
Subject: [PATCH 4/6] [patch-python/patch-conda] Add `pip show` command

---
 .../.devcontainer/local-features/patch-conda/install.sh          | 1 +
 .../.devcontainer/local-features/patch-python/install.sh         | 1 +
 2 files changed, 2 insertions(+)

diff --git a/src/universal/.devcontainer/local-features/patch-conda/install.sh b/src/universal/.devcontainer/local-features/patch-conda/install.sh
index ba41b5445..c110702e3 100644
--- a/src/universal/.devcontainer/local-features/patch-conda/install.sh
+++ b/src/universal/.devcontainer/local-features/patch-conda/install.sh
@@ -36,6 +36,7 @@ update_python_package() {
 
     sudo_if "$PYTHON_PATH -m pip uninstall --yes $PACKAGE"
     sudo_if "$PYTHON_PATH -m pip install --upgrade --no-cache-dir $PACKAGE==$VERSION"
+    sudo_if "$PYTHON_PATH -m pip show --no-python-version-warning $PACKAGE"
 }
 
 update_conda_package() {
diff --git a/src/universal/.devcontainer/local-features/patch-python/install.sh b/src/universal/.devcontainer/local-features/patch-python/install.sh
index 2a53da3c0..b103c816c 100644
--- a/src/universal/.devcontainer/local-features/patch-python/install.sh
+++ b/src/universal/.devcontainer/local-features/patch-python/install.sh
@@ -35,6 +35,7 @@ update_package() {
 
     sudo_if "$PYTHON_PATH -m pip uninstall --yes $PACKAGE"
     sudo_if "$PYTHON_PATH -m pip install --upgrade --no-cache-dir $PACKAGE"
+    sudo_if "$PYTHON_PATH -m pip show --no-python-version-warning $PACKAGE"
 }
 
 # Temporary: Upgrade python packages due to security vulnerabilities

From 72645b5d67f9710a6653824b4593196e808bbe51 Mon Sep 17 00:00:00 2001
From: Alexander Smolyakov <v-asmoliakov@microsoft.com>
Date: Mon, 6 Nov 2023 19:25:42 +0400
Subject: [PATCH 5/6] [test-utils] Update `checkPythonPackageVersion` function
 to make it generic

---
 src/universal/test-project/test-utils.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/universal/test-project/test-utils.sh b/src/universal/test-project/test-utils.sh
index 7271fb54f..c6bba0c1b 100644
--- a/src/universal/test-project/test-utils.sh
+++ b/src/universal/test-project/test-utils.sh
@@ -224,7 +224,7 @@ checkPythonPackageVersion()
     PACKAGE=$2
     REQUIRED_VERSION=$3
 
-    current_version=$(${PYTHON_PATH} -c "import ${PACKAGE}; print(${PACKAGE}.__version__)")
+    current_version=$(${PYTHON_PATH} -c "import importlib.metadata; print(importlib.metadata.version('${PACKAGE}'))")
     check-version-ge "${PACKAGE}-requirement" "${current_version}" "${REQUIRED_VERSION}"
 }
 

From de805d3d2c8e0217cb81b7a95bb3d7d53067a48f Mon Sep 17 00:00:00 2001
From: Alexander Smolyakov <v-asmoliakov@microsoft.com>
Date: Mon, 6 Nov 2023 19:49:51 +0400
Subject: [PATCH 6/6] [patch-python] Rework `update_package` feature

---
 .../.devcontainer/local-features/patch-python/install.sh     | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/universal/.devcontainer/local-features/patch-python/install.sh b/src/universal/.devcontainer/local-features/patch-python/install.sh
index b103c816c..7f788540a 100644
--- a/src/universal/.devcontainer/local-features/patch-python/install.sh
+++ b/src/universal/.devcontainer/local-features/patch-python/install.sh
@@ -32,9 +32,10 @@ sudo_if() {
 update_package() {
     PYTHON_PATH=$1
     PACKAGE=$2
+    VERSION=$3
 
     sudo_if "$PYTHON_PATH -m pip uninstall --yes $PACKAGE"
-    sudo_if "$PYTHON_PATH -m pip install --upgrade --no-cache-dir $PACKAGE"
+    sudo_if "$PYTHON_PATH -m pip install --upgrade --no-cache-dir $PACKAGE==$VERSION"
     sudo_if "$PYTHON_PATH -m pip show --no-python-version-warning $PACKAGE"
 }
 
@@ -42,4 +43,4 @@ update_package() {
 # They are installed by the base image (python) which does not have the patch.
 
 # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40897
-update_package /usr/local/python/3.9.*/bin/python setuptools==65.5.1
+update_package /usr/local/python/3.9.*/bin/python setuptools 65.5.1