[anaconda] - Fix to stick to transformers version 4.49.0 (#1428)

Author: Kaniska244

src/anaconda/.devcontainer/apply_security_patches.sh

@@ -3,7 +3,7 @@
 # vulnerabilities:
 # werkzeug - [GHSA-f9vj-2wh5-fj8j]
 
-vulnerable_packages=( "mistune=3.0.1" "transformers=4.36.0" "cryptography=43.0.3" "jupyter-lsp=2.2.2" "scrapy=2.11.2" \ 
+vulnerable_packages=( "mistune=3.0.1" "transformers=4.49.0" "cryptography=43.0.3" "jupyter-lsp=2.2.2" "scrapy=2.11.2" \ 
                       "zipp=3.19.1" "tornado=6.4.2")
 
 # Define the number of rows (based on the length of vulnerable_packages)
@@ -24,6 +24,21 @@ for ((i=0; i<rows; i++)); do
     packages_array[$i,1]=${parts[1]}
 done
 
+# Add an array for packages that should always pin to the provided version, 
+# even if higher version is available in conda channel
+pin_to_required_version=( "transformers" "cryptography" ) # Add package names as needed
+
+# Function to check if a package is in the pin_to_required_version array
+function is_pin_to_required_version() {
+    local pkg="$1"
+    for item in "${pin_to_required_version[@]}"; do
+        if [[ "$item" == "$pkg" ]]; then
+            return 0
+        fi
+    done
+    return 1
+}
+
 for ((i=0; i<rows; i++)); do
     CURRENT_VERSION=$(pip show "${packages_array[$i,0]}" --disable-pip-version-check | grep '^Version:' | awk '{print $2}')
     REQUIRED_VERSION="${packages_array[$i,1]}"
@@ -45,12 +60,16 @@ for ((i=0; i<rows; i++)); do
             CONDA_VERSION="0"
         fi
         GREATER_VERSION_B=$((echo ${REQUIRED_VERSION}; echo ${CONDA_VERSION}) | sort -V | tail -1)
-        if [[ $CONDA_VERSION == $GREATER_VERSION_B && ${packages_array[$i,0]} != "cryptography" ]]; then        
+        if is_pin_to_required_version "${packages_array[$i,0]}"; then
+            echo -e "Package ${packages_array[$i,0]} is set to always use the required version: v${REQUIRED_VERSION}.\n";
+            echo "Installing ${packages_array[$i,0]} from pip for v${REQUIRED_VERSION}..."
+            python3 -m pip install --upgrade --no-cache-dir "${packages_array[$i,0]}==${REQUIRED_VERSION}"
+        elif [[ $CONDA_VERSION == $GREATER_VERSION_B ]]; then        
             echo -e "Found Version v${CONDA_VERSION} in the Conda channel which is greater than or equal to the required version: v${REQUIRED_VERSION}. \n";
             echo "Installing ${packages_array[$i,0]} from source from conda channel for v${REQUIRED_VERSION}..."
             conda install "${packages_array[$i,0]}==${CONDA_VERSION}"        
-        elif [[ $REQUIRED_VERSION == $GREATER_VERSION_B || ${packages_array[$i,0]} == "cryptography" ]]; then 
-            echo -e "Required version: v${REQUIRED_VERSION} is greater than the version found in the Conda channel v${CONDA_VERSION} or its cryptography package. \n";
+        elif [[ $REQUIRED_VERSION == $GREATER_VERSION_B ]]; then 
+            echo -e "Required version: v${REQUIRED_VERSION} is greater than the version found in the Conda channel v${CONDA_VERSION}. \n";
             echo "Installing ${packages_array[$i,0]} from source from pip package manager for v${REQUIRED_VERSION}..."
             python3 -m pip install --upgrade --no-cache-dir "${packages_array[$i,0]}==${REQUIRED_VERSION}"
         fi

src/anaconda/manifest.json

@@ -1,5 +1,5 @@
 {
-	"version": "1.2.3",
+	"version": "1.2.4",
 	"build": {
 		"latest": true,
 		"rootDistro": "debian",