Skip to content

[Snyk] Fix for 18 vulnerabilities #128

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 28, 2025
Merged

[Snyk] Fix for 18 vulnerabilities #128

merged 2 commits into from
Oct 28, 2025

Conversation

@jamesbhobbs
Copy link
Contributor

@jamesbhobbs jamesbhobbs commented Oct 28, 2025

snyk-top-banner

Snyk has created this PR to fix 18 vulnerabilities in the pip dependencies of this project.

Snyk changed the following file(s):

  • build/venv-test-ipywidgets8-requirements.txt
⚠️ Warning 
otebook 6.5.7 requires pyzmq, which is not installed.
matplotlib 3.5.3 requires fonttools, which is not installed.
matplotlib 3.5.3 requires pillow, which is not installed.
jupyter 1.1.1 requires jupyterlab, which is not installed.
jupyter-server 1.24.0 requires pyzmq, which is not installed.
jupyter-console 6.6.3 requires pyzmq, which is not installed.
jupyter-client 7.4.9 requires pyzmq, which is not installed.
ipympl 0.9.3 requires pillow, which is not installed.
ipykernel 6.16.2 requires pyzmq, which is not installed.

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Snyk has automatically assigned this pull request, set who gets assigned.
  • Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
👩‍💻 Set who automatically gets assigned
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Race Condition
🦉 Remote Code Execution (RCE)
🦉 Access Control Bypass
🦉 More lessons are available in Snyk Learn

@snyk-bot
fix: build/venv-test-ipywidgets8-requirements.txt to reduce vulnerabi…
7b36be6 
…lities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-ANYIO-7361842
- https://snyk.io/vuln/SNYK-PYTHON-IPYTHON-3318382
- https://snyk.io/vuln/SNYK-PYTHON-JUPYTERCORE-10300774
- https://snyk.io/vuln/SNYK-PYTHON-JUPYTERSERVER-5862881
- https://snyk.io/vuln/SNYK-PYTHON-JUPYTERSERVER-5862882
- https://snyk.io/vuln/SNYK-PYTHON-JUPYTERSERVER-6099119
- https://snyk.io/vuln/SNYK-PYTHON-JUPYTERSERVER-7217832
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-7448482
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-9964606
- https://snyk.io/vuln/SNYK-PYTHON-TORNADO-10176059
- https://snyk.io/vuln/SNYK-PYTHON-TORNADO-5537286
- https://snyk.io/vuln/SNYK-PYTHON-TORNADO-5840803
- https://snyk.io/vuln/SNYK-PYTHON-TORNADO-6041512
- https://snyk.io/vuln/SNYK-PYTHON-TORNADO-7217828
- https://snyk.io/vuln/SNYK-PYTHON-TORNADO-7217829
- https://snyk.io/vuln/SNYK-PYTHON-TORNADO-8400708
- https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899
@jamesbhobbs jamesbhobbs requested a review from a team as a code owner October 28, 2025 07:46
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Oct 28, 2025

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@codecov
Copy link

codecov bot commented Oct 28, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 72%. Comparing base (71dffde) to head (c557541).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@          Coverage Diff          @@
##            main    #128   +/-   ##
=====================================
  Coverage     72%     72%           
=====================================
  Files        539     539           
  Lines      41267   41267           
  Branches    5012    5012           
=====================================
  Hits       30001   30001           
  Misses      9592    9592           
  Partials    1674    1674
🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@Artmann Artmann enabled auto-merge (squash) October 28, 2025 16:30
@Artmann Artmann merged commit b91f134 into main Oct 28, 2025
13 checks passed
@Artmann Artmann deleted the snyk-fix-90310829e6ee5fd96a43674b86d6dc46 branch October 28, 2025 16:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Artmann Artmann Artmann approved these changes

@saltenasl saltenasl saltenasl approved these changes

Assignees

@Artmann Artmann

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@jamesbhobbs @Artmann @saltenasl @snyk-bot