修补

universal-base/.devcontaiener/Dockerfile

@@ -1 +0,0 @@
-FROM registry.yqxpro.com/devcontainers/develop-base

universal-base/.devcontainer/devcontainer.json

@@ -10,15 +10,10 @@
     },
     "./local-features/nvs": "latest",
     "ghcr.io/devcontainers/features/python:1": {
-      "version": "3.12.1",
-      "additionalVersions": "3.11.9",
       "installJupyterlab": "true",
       "configureJupyterlabAllowOrigin": "*",
-      "useOryxIfAvailable": "false",
     },
-    "./local-features/patch-python": {},
     "ghcr.io/devcontainers/features/anaconda:1": {},
-    "./local-features/patch-conda": {},
     "ghcr.io/devcontainers/features/java:1": {
       "jdkDistro": "tem",
       "version": "21",

universal-base/.devcontainer/local-features/patch-conda/devcontainer-feature.json

@@ -1,5 +0,0 @@
-{
-  "id": "patch-conda",
-  "name": "Patch Conda Packages",
-  "installsAfter": ["ghcr.io/devcontainers/features/anaconda"]
-}

universal-base/.devcontainer/local-features/patch-conda/install.sh

@@ -1,72 +0,0 @@
-#!/usr/bin/env bash
-#-------------------------------------------------------------------------------------------------------------
-# Copyright (c) Microsoft Corporation. All rights reserved.
-# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information.
-#-------------------------------------------------------------------------------------------------------------
-
-USERNAME=${USERNAME:-"codespace"}
-
-set -eux
-
-if [ "$(id -u)" -ne 0 ]; then
-    echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
-    exit 1
-fi
-
-# Ensure that login shells get the correct path if the user updated the PATH using ENV.
-rm -f /etc/profile.d/00-restore-env.sh
-echo "export PATH=${PATH//$(sh -lc 'echo $PATH')/\$PATH}" > /etc/profile.d/00-restore-env.sh
-chmod +x /etc/profile.d/00-restore-env.sh
-
-export DEBIAN_FRONTEND=noninteractive
-
-sudo_if() {
-    COMMAND="$*"
-    if [ "$(id -u)" -eq 0 ] && [ "$USERNAME" != "root" ]; then
-        su - "$USERNAME" -c "$COMMAND"
-    else
-        "$COMMAND"
-    fi
-}
-
-update_python_package() {
-    PYTHON_PATH=$1
-    PACKAGE=$2
-    VERSION=$3
-
-    sudo_if "$PYTHON_PATH -m pip uninstall --yes $PACKAGE"
-    sudo_if "$PYTHON_PATH -m pip install --upgrade --no-cache-dir $PACKAGE==$VERSION"
-    sudo_if "$PYTHON_PATH -m pip show --no-python-version-warning $PACKAGE"
-}
-
-update_conda_package() {
-    PACKAGE=$1
-    VERSION=$2
-
-    sudo_if "conda install -y -c defaults $PACKAGE=$VERSION"
-}
-
-sudo_if /opt/conda/bin/python3 -m pip install --upgrade pip
-
-# Temporary: Upgrade python packages due to security vulnerabilities
-# They are installed by the conda feature and Conda distribution does not have the patches
-
-# https://github.com/advisories/GHSA-79v4-65xg-pq4g
-update_python_package /opt/conda/bin/python3 cryptography "44.0.1"
-
-update_conda_package pyopenssl "25.0.0"
-
-# https://github.com/advisories/GHSA-9hjg-9r4m-mvj7
-update_conda_package requests "2.32.4"
-
-# https://github.com/advisories/GHSA-5rjg-fvgr-3xxf
-update_conda_package setuptools "78.1.1"
-
-# https://github.com/advisories/GHSA-g7vv-2v7x-gj9p
-update_python_package /opt/conda/bin/python3 tqdm "4.66.3"
-
-# https://github.com/advisories/GHSA-38jv-5279-wg99
-update_conda_package urllib3 "2.6.3"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2025-6176
-update_conda_package brotli "1.2.0"

universal-base/.devcontainer/local-features/patch-python/devcontainer-feature.json

@@ -1,5 +0,0 @@
-{
-  "id": "patch-python",
-  "name": "Patch Python Packages",
-  "installsAfter": ["ghcr.io/devcontainers/features/python"]
-}

universal-base/.devcontainer/local-features/patch-python/install.sh

@@ -1,46 +0,0 @@
-#!/usr/bin/env bash
-#-------------------------------------------------------------------------------------------------------------
-# Copyright (c) Microsoft Corporation. All rights reserved.
-# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information.
-#-------------------------------------------------------------------------------------------------------------
-
-USERNAME=${USERNAME:-"codespace"}
-
-set -eux
-
-if [ "$(id -u)" -ne 0 ]; then
-    echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
-    exit 1
-fi
-
-# Ensure that login shells get the correct path if the user updated the PATH using ENV.
-rm -f /etc/profile.d/00-restore-env.sh
-echo "export PATH=${PATH//$(sh -lc 'echo $PATH')/\$PATH}" > /etc/profile.d/00-restore-env.sh
-chmod +x /etc/profile.d/00-restore-env.sh
-
-export DEBIAN_FRONTEND=noninteractive
-
-sudo_if() {
-    COMMAND="$*"
-    if [ "$(id -u)" -eq 0 ] && [ "$USERNAME" != "root" ]; then
-        su - "$USERNAME" -c "$COMMAND"
-    else
-        "$COMMAND"
-    fi
-}
-
-update_package() {
-    PYTHON_PATH=$1
-    PACKAGE=$2
-    VERSION=$3
-
-    sudo_if "$PYTHON_PATH -m pip uninstall --yes $PACKAGE"
-    sudo_if "$PYTHON_PATH -m pip install --upgrade --no-cache-dir $PACKAGE==$VERSION"
-    sudo_if "$PYTHON_PATH -m pip show --no-python-version-warning $PACKAGE"
-}
-# Updating pip version for python 3.11. Must be removed when pinned version 3.11 is updated to a different python version.
-sudo_if /usr/local/python/3.11.*/bin/python -m pip install --upgrade pip
-
-# https://github.com/advisories/GHSA-5rjg-fvgr-3xxf
-# Updating setuptools version for python 3.11. Must be removed when pinned version 3.11 is updated to a different python version.
-update_package /usr/local/python/3.11.*/bin/python setuptools "78.1.1"

universal-base/.devcontainer/local-features/setup-user/devcontainer-feature.json

@@ -21,9 +21,7 @@
     "ghcr.io/devcontainers/features/node:1",
     "./local-features/nvs",
     "ghcr.io/devcontainers/features/python:1",
-    "./local-features/patch-python",
     "ghcr.io/devcontainers/features/anaconda:1",
-    "./local-features/patch-conda",
     "ghcr.io/devcontainers/features/java:1",
     "ghcr.io/devcontainers/features/go:1",
     "ghcr.io/devcontainers/features/rust:1"