[universal] - Fixing multiple image vulnerability issues

[Kaniska244]

Ref# Issue details

Dev container name:

• universal

Description:

This PR patches the following vulnerabilities:

• GHSA-79v4-65xg-pq4g - related to the cryptography package.
• GHSA-4xh5-x5gv-qwph - related to the pip.
• GHSA-5rjg-fvgr-3xxf - related to the setuptools package.
• GHSA-38jv-5279-wg99 - related to the urllib3 package.
• CVE-2025-6176 - related to the brotli package.

Changelog:

• Updated patch-conda/install.sh

  • Upgraded version for patched python package
    • cryptography - minimum package version has been set to 44.0.1
    • brotli - minimum package version has been set to 1.2.0
    • urllib3 - minimum package version has been set to 2.6.3

• Updated patch-python/install.sh

  • Upgraded version for patched python package
    • pip - upgraded to latest versionn
    • setuptools - minimum package version has been set to 78.1.1

• Added local-feature patch-python back in the image build.

• Small update in test script to test updated versions.

• Version bump.

Checklist:

• Checked that applied changes work as expected

[Copilot]

Pull request overview

This PR applies security patches to address multiple vulnerabilities in Python packages within the universal dev container image. The changes update package versions for cryptography, pip, setuptools, urllib3, and brotli to remediate reported CVEs and GitHub Security Advisories.

Changes:

• Added patch-python local feature to upgrade pip and setuptools in the Python 3.11 installation
• Updated patch-conda to upgrade cryptography, urllib3, and add brotli package updates
• Bumped manifest version from 5.1.1 to 5.1.2 (patch version) and synchronized README

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
src/universal/manifest.json	Version bump from 5.1.1 to 5.1.2
src/universal/README.md	Updated example version tag to 5.1.2-noble
src/universal/.devcontainer/devcontainer.json	Added patch-python feature to features list and install order
src/universal/.devcontainer/local-features/patch-python/install.sh	Added pip upgrade and setuptools 78.1.1 minimum version enforcement
src/universal/.devcontainer/local-features/patch-conda/install.sh	Updated cryptography to 44.0.1, urllib3 to 2.6.3, and added brotli 1.2.0
src/universal/test-project/test.sh	Added/updated version checks for patched packages
src/universal/.devcontainer/devcontainer-lock.json	Auto-updated feature dependency versions (docker-in-docker, dotnet)

Comments suppressed due to low confidence (2)

src/universal/.devcontainer/local-features/patch-python/install.sh:45

• The glob pattern /usr/local/python/3.11.*/bin/python may not expand correctly when passed to the update_package function because the sudo_if function wraps the command in quotes. This prevents shell glob expansion. Consider using the symlink path /usr/local/python/current/bin/python instead, which is the standard approach used elsewhere in the codebase (see machine-learning-packages/install.sh).

update_package /usr/local/python/3.11.*/bin/python setuptools "78.1.1"

src/universal/.devcontainer/devcontainer.json:91

• This line uses tab characters for indentation while the rest of the file uses spaces. This creates inconsistent indentation. Please change the indentation to use spaces (8 spaces) to match the surrounding code.

		"./local-features/patch-python",