Update pygments because of vulnerabilities

nornir-automation / nornir

Pluggable multi-threaded framework with inventory management to help operate collections of devices

https://nornir.readthedocs.io/

Apache License 2.0

1.4k stars 237 forks source link

Update pygments because of vulnerabilities #732

Closed ubaumann closed 3 years ago

ubaumann commented 3 years ago

Updating pygments because of two vulnerabilities

Minumum version would be 2.7.4 but I guess we can update direclty to 2.10.0?

dbarrosop commented 3 years ago

Thanks for the PR. Yes, I think updating to the latest versionwould be fine, however, we are going to have to re-run and save the notebooks as looks like the rendering is slightly different and tests are failing.

Also, note that these vulnerabilities are not exploitable as we only use pygments to render jupyter notebooks for documentation purposes and we control the code rendered.

ubaumann commented 3 years ago

Yes I saw. Forgot to run it locally. Did only make pytest. I should have time in around 5 hours to do it well

dbarrosop commented 3 years ago

No worries and no rush, thanks again :)

ubaumann commented 3 years ago

I run the jupyter notebooks and rebased the branch

ubaumann commented 3 years ago

Sorry for all the spam. I rerun them in docker. Now it should be fine.

dbarrosop commented 3 years ago

Awesome work. Thanks for this!