CVE-2021-3807

Advisory

Jupytext version 1.13.0 updates its jupyterlab extension's dependencies (especially "ansi-regex") to handle security vulnerabilities. See CVE-2021-3807.
https://github.com/mwouts/jupytext/issues/857

Affected package

Affected versions

Fixed versions

Vulnerability changelog

-------------------

**Added**
- The Jupytext CLI has a new `--diff` command to show the differences between two notebooks (and if you want to see the changes in a file being updated by Jupytext, use `--show-changes`) ([799](https://github.com/mwouts/jupytext/issues/799))
- Jupyter will show the diff between text and `ipynb` paired notebooks when it cannot open a paired notebook because the `ipynb` version is more recent. Also, if the inputs in the two files are identical then the notebook will open with no error ([799](https://github.com/mwouts/jupytext/issues/799))
- The `py:percent` format will use raw strings when encoding Markdown cells as string, if they contain backslash characters ([836](https://github.com/mwouts/jupytext/issues/836))

**Fixed**
- We have upgraded the jupyterlab extension dependencies and especially `ansi-regex` to fix a security vulnerability ([857](https://github.com/mwouts/jupytext/issues/857))

**Changed**
- The Jupytext configuration file is reloaded only when a notebook is opened, saved, or when a different folder is explored ([797](https://github.com/mwouts/jupytext/issues/797))

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3807