CVE-2021-44906

Advisory

Jupytext 1.13.8 updates its NPM dependency 'minimist' to v1.2.6 to include a security fix.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

-------------------

**Fixed**
- Text-only notebooks are always trusted (as they don't include any output cells) ([941](https://github.com/mwouts/jupytext/issues/941))
- We made sure that our tests also work in absence of a Python kernel ([906](https://github.com/mwouts/jupytext/issues/906))
- The coverage of the `tests` folder has been restored at 100%
- Bash commands like `!{cmd}` are now correctly escaped in the `py:percent` format ([938](https://github.com/mwouts/jupytext/issues/938))

**Added**
- Added Tcl as a supported language ([930](https://github.com/mwouts/jupytext/issues/930)) - thanks to [shishitao](https://github.com/shishitao) for this contribution
- Added Maxima as a supported language ([927](https://github.com/mwouts/jupytext/issues/927)) - thanks to [Alberto Lusiani](https://github.com/alusiani) for contributing a sample Maxima notebook.

**Changed**
- The Jupytext contents manager is derived from the `LargeFileManager` imported from `jupyter_server` rathen than `notebook` ([933](https://github.com/mwouts/jupytext/issues/933))
- Allow for markdown-it-py v2 ([924](https://github.com/mwouts/jupytext/issues/924))
- We have updated the hooks used in the test pre-commits, to fix an issue on the CI ([940](https://github.com/mwouts/jupytext/issues/940), [#942](https://github.com/mwouts/jupytext/issues/942))
- We updated the `yarn.lock` file for the jupyter lab extension to address security vulnerabilities ([904](https://github.com/mwouts/jupytext/issues/904), [#925](https://github.com/mwouts/jupytext/issues/925), [#935](https://github.com/mwouts/jupytext/issues/935), [#939](https://github.com/mwouts/jupytext/issues/939))

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44906