[Python] - GitPython - Patch Vulnerability - GHSA-2mqj-m65w-jghx (#953)

* [Python] - GitPython - Patch Vulnerability - GHSA-2mqj-m65w-jghx

* Update src/python/.devcontainer/Dockerfile

* Update src/python/.devcontainer/Dockerfile

---------

Co-authored-by: Samruddhi Khandale <[email protected]>

Author: gauravsaini04

src/python/.devcontainer/Dockerfile

@@ -6,9 +6,11 @@ RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
     # Remove imagemagick due to https://security-tracker.debian.org/tracker/CVE-2019-10131
     && apt-get purge -y imagemagick imagemagick-6-common 
 
-# Temporary: Upgrade python packages due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40897
+# Temporary: Upgrade python packages due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40897 and https://github.com/advisories/GHSA-2mqj-m65w-jghx
 # They are installed by the base image (python) which does not have the patch.
-RUN python3 -m pip install --upgrade setuptools
+RUN python3 -m pip install --upgrade \
+    setuptools==69.0.3 \
+    gitpython==3.1.41
 
 # [Optional] If your pip requirements rarely change, uncomment this section to add them to the image.
 # COPY requirements.txt /tmp/pip-tmp/

src/python/test-project/test.sh

@@ -42,5 +42,9 @@ check "usr-local-etc-config-does-not-exist" test ! -f "/usr/local/etc/gitconfig"
 setuptools_version=$(python -c "import setuptools; print(setuptools.__version__)")
 check-version-ge "setuptools-requirement" "${setuptools_version}" "65.5.1"
 
+# https://github.com/advisories/GHSA-2mqj-m65w-jghx
+gitpython_version=$(python -c "import git; print(git.__version__)")
+check-version-ge "gitpython-requirement" "${gitpython_version}" "3.1.41"
+
 # Report result
 reportResults