Skip to content

[Snyk] Security upgrade nbconvert from 5.4.0 to 7.17.1#213

Open
snyk-io[bot] wants to merge 2 commits into
mainfrom
snyk-fix-af38cdecd2cc40856321a8d292a919a9
Open

[Snyk] Security upgrade nbconvert from 5.4.0 to 7.17.1#213
snyk-io[bot] wants to merge 2 commits into
mainfrom
snyk-fix-af38cdecd2cc40856321a8d292a919a9

Conversation

@snyk-io
Copy link
Copy Markdown

@snyk-io snyk-io Bot commented Apr 22, 2026

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the pip dependencies of this project.

Snyk changed the following file(s):

  • sample-python/requirements.txt
⚠️ Warning 
otebook 5.7.0 requires pyzmq, which is not installed.
nbconvert 7.6.0 has requirement mistune<4,>=2.0.3, but you have mistune 0.8.3.
nbconvert 7.6.0 has requirement jupyter-core>=4.7, but you have jupyter-core 4.4.0.
nbconvert 7.6.0 has requirement traitlets>=5.1, but you have traitlets 4.3.2.
nbconvert 7.6.0 has requirement nbformat>=5.7, but you have nbformat 4.4.0.
nbclient 0.7.4 has requirement nbformat>=5.1, but you have nbformat 4.4.0.
nbclient 0.7.4 has requirement traitlets>=5.3, but you have traitlets 4.3.2.
nbclient 0.7.4 has requirement jupyter-client>=6.1.12, but you have jupyter-client 5.2.3.
nbclient 0.7.4 has requirement jupyter-core!=5.0.*,>=4.12, but you have jupyter-core 4.4.0.
jupyter-console 6.6.3 requires pyzmq, which is not installed.
jupyter-console 6.6.3 has requirement ipykernel>=6.14, but you have ipykernel 5.0.0.
jupyter-console 6.6.3 has requirement jupyter-client>=7.0.0, but you have jupyter-client 5.2.3.
jupyter-console 6.6.3 has requirement traitlets>=5.4, but you have traitlets 4.3.2.
jupyter-console 6.6.3 has requirement jupyter-core!=5.0.*,>=4.12, but you have jupyter-core 4.4.0.
jupyter-client 5.2.3 requires pyzmq, which is not installed.
ipython 7.34.0 has requirement jedi>=0.16, but you have jedi 0.12.1.

Breaking Change Risk

Merge Risk: High

Notice: This assessment is enhanced by AI.

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Directory Traversal

@snyk-io
fix: sample-python/requirements.txt to reduce vulnerabilities
2b33e52 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-NBCONVERT-16115368
@snyk-io
Copy link
Copy Markdown
Author

snyk-io Bot commented Apr 22, 2026

Merge Risk: High

This is a major upgrade across two major versions (v5 to v7) that introduces significant breaking changes requiring developer action.

Key Breaking Changes in v6.0:

  • Python Support: Support for Python 2 was completely dropped. Support for Python 3.6 was also removed in v6.1.
  • Template Configuration: The configuration key template_path has been renamed to template_paths. Any scripts or configurations using the old key must be updated.
  • Template System: The system for custom templates was reworked. While some backward compatibility exists, custom templates may require migration.
  • Execute Preprocessor: The logic for executing notebooks was moved to a new, separate package called nbclient.
  • Slideshows: The Reveal.js slideshow template was upgraded to version 4, which may affect custom slide decks.

Key Breaking Changes in v7.0:

  • Markdown Rendering: The underlying markdown parser was updated to Mistune 2.0, which may cause changes in how markdown is rendered.
  • Python Support: Later versions in the 7.x series drop support for Python 3.8.

Recommendation:

  • Update any configuration files or scripts changing template_path to template_paths.
  • Verify that your environment is running a supported version of Python (3.9+ is recommended for the latest versions).
  • Thoroughly test notebook conversions, especially if you use custom templates or have complex markdown, to check for any visual or functional regressions.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

@thavelock
Copy link
Copy Markdown
Collaborator

thavelock commented Apr 22, 2026
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@snyk-io
Copy link
Copy Markdown
Author

snyk-io Bot commented Apr 22, 2026
edited
Loading

Snyk checks have failed. 2 issues have been found so far.

Status Scan Engine Critical High Medium Low Total (2)
Open Source Security 0 0 2 0 2 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@thavelock
Copy link
Copy Markdown
Collaborator

thavelock commented Apr 22, 2026
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@thavelock
Copy link
Copy Markdown
Collaborator

thavelock commented Apr 22, 2026
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@snyk-io
Copy link
Copy Markdown
Author

snyk-io Bot commented Apr 22, 2026
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@snyk-io-us
Copy link
Copy Markdown

snyk-io-us Bot commented Apr 22, 2026
edited
Loading

Snyk checks have failed. 2 issues have been found so far.

Status Scan Engine Critical High Medium Low Total (2)
Open Source Security 0 0 2 0 2 issues
Licenses 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@snyk-io
Copy link
Copy Markdown
Author

snyk-io Bot commented Apr 22, 2026
edited
Loading

Snyk checks have failed. 2 issues have been found so far.

Status Scan Engine Critical High Medium Low Total (2)
Open Source Security 0 0 2 0 2 issues
Licenses 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@snyk-io-us
fix: sample-python/requirements.txt to reduce vulnerabilities
e54a078 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-NBCONVERT-16115368
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@thavelock