Safety vulnerability ID: 49391
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Elyra 3.9.0 requires 'immer' versions ^9.0.7 to include security fixes.
Latest version: 3.15.0
Elyra provides AI Centric extensions to JupyterLab
- [Installation documentation](https://elyra.readthedocs.io/en/v3.9.0/getting_started/installation.html)
- [Getting help](https://elyra.readthedocs.io/en/v3.9.0/getting_started/getting-help.html)
New feature highlights
Access sensitive information in generic pipeline nodes
Jupyter notebooks, Python scripts or R scripts might require access to resources that are protected using sensitive information, such as an API key or a user id and password. If you are running pipelines on Kubeflow Pipelines or Apache Airflow you can take advantage of [Kubernetes secrets](https://kubernetes.io/docs/concepts/configuration/secret/) that are defined in your cluster. Starting with version 3.9 you can [configure pipelines to expose these secrets as environment variables](https://elyra.readthedocs.io/en/v3.9.0/user_guide/best-practices-file-based-nodes.html#handling-sensitive-information), which notebooks or scripts can access.
Pipeline CLI: identify pipeline dependencies
The [`elyra-pipeline describe`](https://elyra.readthedocs.io/en/v3.9.0/user_guide/pipelines.html#describing-a-pipeline-from-the-command-line-interface) CLI command output now includes information about the following dependencies for nodes that utilize [generic components](https://elyra.readthedocs.io/en/v3.9.0/user_guide/pipeline-components.html#generic-components): container images, data volumes, and Kubernetes secrets. The machine readable output (produced when the `--json` option is specified) is most commonly used to automate processes, such as impact analysis and dependency checking. In the example below the output of the command is piped to the [`jq` command-line processor](https://stedolan.github.io/jq/), which extracts information about the container images that the pipeline's notebooks or script are executed in:
$ elyra-pipeline describe --json my.pipeline | jq '.dependencies.container_images[]'
"tensorflow/tensorflow:2.8.0"
This information could be used to identify pipelines that use a specific container image version or to verify that the container images are available in a specific container registry.
Create code snippets from notebook cells
Create a code snippet by [selecting one or more cells in a Jupyter notebook](https://elyra.readthedocs.io/en/v3.9.0/user_guide/code-snippets.html#creating-a-code-snippet).
Documentation: Running Elyra in an air gapped environment
The new [documentation topic](https://elyra.readthedocs.io/en/v3.9.0/recipes/running-elyra-in-air-gapped-environment.html) covers considerations for running Elyra in an air gapped environment.
<!-- Release notes generated using configuration in .github/release.yml at v3.9.0 -->
What's Changed
New Features
* Add backend support for Kubernetes secrets environment variables by kiersten-stokes in https://github.com/elyra-ai/elyra/pull/2715
* Elyra pipeline describe enhancements by binayakdutta in https://github.com/elyra-ai/elyra/pull/2722
* Add 'Running Elyra in an air gapped environment' topic to documentation by ptitzler in https://github.com/elyra-ai/elyra/pull/2744
* Update 'elyra-pipeline describe' command by ptitzler in https://github.com/elyra-ai/elyra/pull/2742
* Create code snippet from whole cells (1199) by xlegs in https://github.com/elyra-ai/elyra/pull/2726
Bug Fixes
* Simplify R and Python icon svgs by ajbozarth in https://github.com/elyra-ai/elyra/pull/2705
* Prepend baseUrl to icon source by ajbozarth in https://github.com/elyra-ai/elyra/pull/2728
* Fix pipeline submit button reload bug by karlaspuldaro in https://github.com/elyra-ai/elyra/pull/2734
* Fix metadata dropdown style in dark mode by karlaspuldaro in https://github.com/elyra-ai/elyra/pull/2743
* Fix incorrect string replacement in release script by akchinSTC in https://github.com/elyra-ai/elyra/pull/2748
* Fix save as code snippet by marthacryan in https://github.com/elyra-ai/elyra/pull/2756
* Fix release script updates to schemas docs and package desc by akchinSTC in https://github.com/elyra-ai/elyra/pull/2752
* Fix tag bug by marthacryan in https://github.com/elyra-ai/elyra/pull/2761
* Fix metadata editor being able to open in multiple tabs by marthacryan in https://github.com/elyra-ai/elyra/pull/2762
* Fix missing placeholder text in metadata editor by marthacryan in https://github.com/elyra-ai/elyra/pull/2764
* Trim whitespace to prevent invalid tags in metadata editor by marthacryan in https://github.com/elyra-ai/elyra/pull/2768
Other
* Add link to new blog post to "published resources" documentation by kiersten-stokes in https://github.com/elyra-ai/elyra/pull/2707
* Update elyra individual extension package descriptions by akchinSTC in https://github.com/elyra-ai/elyra/pull/2708
* Remove dependency on ipython_genutils by kevin-bates in https://github.com/elyra-ai/elyra/pull/2710
* Update changelog header by ptitzler in https://github.com/elyra-ai/elyra/pull/2714
* Metadata tag whitespace proposed solution by JoshuaAlter in https://github.com/elyra-ai/elyra/pull/2538
* Improve github action workflow by ptitzler in https://github.com/elyra-ai/elyra/pull/2720
* Update node packages to fix security vulnerabilities by akchinSTC in https://github.com/elyra-ai/elyra/pull/2575
* Remove tensorflow 1.x sample runtime images by akchinSTC in https://github.com/elyra-ai/elyra/pull/2729
* Develop Elyra against the Jupyterlab source repo by ajbozarth in https://github.com/elyra-ai/elyra/pull/2709
* Validate runtime image environments in CI testing by kevin-bates in https://github.com/elyra-ai/elyra/pull/2721
* Bump NodeJS version requirement to v16 or higher by akchinSTC in https://github.com/elyra-ai/elyra/pull/2732
* Add elyra documentation link in elyra-metadata help by sgonsal in https://github.com/elyra-ai/elyra/pull/2731
* Update generic component operator to support python 3.7 by akchinSTC in https://github.com/elyra-ai/elyra/pull/2727
* Improve pipeline validation by ajbozarth in https://github.com/elyra-ai/elyra/pull/2698
* Fix processing of node properties for pipeline app commands by kiersten-stokes in https://github.com/elyra-ai/elyra/pull/2740
* Update installation topic in the 'getting started' documentation by ptitzler in https://github.com/elyra-ai/elyra/pull/2746
* Update metadata editor to use JupyterLab's new form editor by marthacryan in https://github.com/elyra-ai/elyra/pull/2464
* Fix scroll bug by marthacryan in https://github.com/elyra-ai/elyra/pull/2766
New Contributors
* JoshuaAlter made their first contribution in https://github.com/elyra-ai/elyra/pull/2538
* sgonsal made their first contribution in https://github.com/elyra-ai/elyra/pull/2731
* binayakdutta made their first contribution in https://github.com/elyra-ai/elyra/pull/2722
* xlegs made their first contribution in https://github.com/elyra-ai/elyra/pull/2726
**Full Changelog**: https://github.com/elyra-ai/elyra/compare/v3.8.1...v3.9.0
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application