Quote associative array subscripts

Copilot · Kaniska244 · Copilot · commit 4088e28ab41d · 2026-02-17T10:01:44.000Z
Co-authored-by: Kaniska244 &lt;186041440+Kaniska244@users.noreply.github.com&gt;
diff --git a/src/anaconda/.devcontainer/apply_security_patches.sh b/src/anaconda/.devcontainer/apply_security_patches.sh
@@ -21,9 +21,9 @@ for ((i=0; i<rows; i++)); do
     # Split each element of vulnerable_packages by the '=' sign
     IFS='=' read -ra parts <<< "${vulnerable_packages[$i]}"
     # Assign the parts to the 2D array
-    packages_array[$i,0]=${parts[0]}
-    packages_array[$i,1]=${parts[1]}
-    required_versions[${parts[0]}]=${parts[1]}
+    packages_array["$i,0"]="${parts[0]}"
+    packages_array["$i,1"]="${parts[1]}"
+    required_versions["${parts[0]}"]="${parts[1]}"
 done
 
 # Add an array for packages that should always pin to the provided version, 
@@ -42,44 +42,44 @@ function is_pin_to_required_version() {
 }
 
 for ((i=0; i<rows; i++)); do
-    CURRENT_VERSION=$(pip show "${packages_array[$i,0]}" --disable-pip-version-check | grep '^Version:' | awk '{print $2}')
-    REQUIRED_VERSION="${packages_array[$i,1]}"
-    if is_pin_to_required_version "${packages_array[$i,0]}"; then
+    CURRENT_VERSION=$(pip show "${packages_array["$i,0"]}" --disable-pip-version-check | grep '^Version:' | awk '{print $2}')
+    REQUIRED_VERSION="${packages_array["$i,1"]}"
+    if is_pin_to_required_version "${packages_array["$i,0"]}"; then
         continue
     fi
     GREATER_VERSION_A=$( (echo ${REQUIRED_VERSION}; echo ${CURRENT_VERSION}) | sort -V | tail -1)
     # Check if the required_version is greater than current_version
     if [[ $CURRENT_VERSION != $GREATER_VERSION_A ]]; then
-        echo "${packages_array[$i,0]} version v${CURRENT_VERSION} installed by the base image is not greater or equal to the required: v${REQUIRED_VERSION}"
+        echo "${packages_array["$i,0"]} version v${CURRENT_VERSION} installed by the base image is not greater or equal to the required: v${REQUIRED_VERSION}"
         # Check whether conda channel has a greater or equal version available, so install from conda, otherwise use pip package manager
         channel_name="anaconda"
-        CONDA_VERSION=$(conda search "${packages_array[$i,0]}" -c "$channel_name" | \
+        CONDA_VERSION=$(conda search "${packages_array["$i,0"]}" -c "$channel_name" | \
             grep -E '^[[:alnum:]]' | \
             awk '{print $2}' | \
             sort -V | \
             uniq | \
             tail -n 2 | \
             head -n 1)
         if [[ -z "$CONDA_VERSION" ]]; then
-            echo "No version for ${packages_array[$i,0]} found in conda channel."
+            echo "No version for ${packages_array["$i,0"]} found in conda channel."
             CONDA_VERSION="0"
         fi
         GREATER_VERSION_B=$( (echo ${REQUIRED_VERSION}; echo ${CONDA_VERSION}) | sort -V | tail -1)
         if [[ $CONDA_VERSION == $GREATER_VERSION_B ]]; then        
             echo -e "Found Version v${CONDA_VERSION} in the Conda channel which is greater than or equal to the required version: v${REQUIRED_VERSION}. \n";
-            echo "Installing ${packages_array[$i,0]} from source from conda channel for v${REQUIRED_VERSION}..."
-            conda install "${packages_array[$i,0]}==${CONDA_VERSION}"        
+            echo "Installing ${packages_array["$i,0"]} from source from conda channel for v${REQUIRED_VERSION}..."
+            conda install "${packages_array["$i,0"]}==${CONDA_VERSION}"        
         elif [[ $REQUIRED_VERSION == $GREATER_VERSION_B ]]; then 
             echo -e "Required version: v${REQUIRED_VERSION} is greater than the version found in the Conda channel v${CONDA_VERSION}. \n";
-            echo "Installing ${packages_array[$i,0]} from source from pip package manager for v${REQUIRED_VERSION}..."
-            python3 -m pip install --upgrade --no-cache-dir "${packages_array[$i,0]}==${REQUIRED_VERSION}"
+            echo "Installing ${packages_array["$i,0"]} from source from pip package manager for v${REQUIRED_VERSION}..."
+            python3 -m pip install --upgrade --no-cache-dir "${packages_array["$i,0"]}==${REQUIRED_VERSION}"
         fi
     fi
 done
 
 # After the main upgrade loop, install packages from the pin_to_required_version list at their required versions to keep exact versions even if conda upgrades them as dependencies.
 for pkg in "${pin_to_required_version[@]}"; do
-    REQUIRED_VERSION="${required_versions[$pkg]}"
+    REQUIRED_VERSION="${required_versions["$pkg"]}"
     if [[ -z "${REQUIRED_VERSION}" ]]; then
         echo "WARNING: Missing required version for ${pkg}. Skipping installation."
         continue
