CVE-2021-21306

Advisory

Jupyterlab 3.0.8 updates its dependency 'marked' to v2.0.0 to address a vulnerability. See also <https://github.com/jupyterlab/jupyterlab/pull/9809>.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

- `jupyterlab/rendermime`: upgraded `marked` dep past
vulnerability.
([9809](https://github.com/jupyterlab/jupyterlab/pull/9809))
- Fix Services Tests.
([9806](https://github.com/jupyterlab/jupyterlab/pull/9806))
- Enable jupyter labextension build/watch to work for custom
jupyterlab distributions.
([9697](https://github.com/jupyterlab/jupyterlab/pull/9697))
- Add hash to webpack requests to enable caching.
([9776](https://github.com/jupyterlab/jupyterlab/pull/9776))
- Update MANIFEST.in to include package_data files.
([9780](https://github.com/jupyterlab/jupyterlab/pull/9780))
- Correct synchronization of tags between metadata and tags widget.
([9773](https://github.com/jupyterlab/jupyterlab/pull/9773))
- Fix use of hyphen in module name.
([9655](https://github.com/jupyterlab/jupyterlab/pull/9655))
- Add missing default_url fields to examples.
([9731](https://github.com/jupyterlab/jupyterlab/pull/9731),
[9737](https://github.com/jupyterlab/jupyterlab/pull/9737))

Resources

• https://pypi.org/project/jupyterlab
• https://pyup.io/changelogs/jupyterlab/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21306