-
-
Notifications
You must be signed in to change notification settings - Fork 401
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add defusedxml as a new standard package #27110
Comments
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
comment:2
If anyone is curious, this new dependency of nbconvert was added in |
comment:3
Do you plan to write a branch ? |
Branch: u/slelievre/t/27110 |
comment:5
Branch added. This is my first time adding an spkg from scratch unsupervised. I tried to follow the developer manual carefully, specifically this section: Please review. New commits:
|
This comment has been minimized.
This comment has been minimized.
Commit: |
comment:6
Does the file Currently it just has
Compare to the following, found in
|
comment:7
Replying to @slel:
Thanks for having added the package! After a pull of your branch + download of the tarball in the |
Author: Samuel Lelièvre |
comment:9
Replying to @slel:
I think it's best to do this, yes. |
Reviewer: Eric Gourgoulhon, Jeroen Demeyer |
Branch pushed to git repo; I updated commit sha1. New commits:
|
comment:11
Update nbconvert dependencies using those in |
This comment has been minimized.
This comment has been minimized.
comment:13
I just noticed that the version is hardcoded in the file |
Changed branch from u/slelievre/t/27110 to u/jhpalmieri/t/27110 |
comment:15
This should fix it. New commits:
|
comment:16
Thanks for catching this. |
Changed author from Samuel Lelièvre to Samuel Lelièvre, John Palmieri |
comment:17
I don't know that I really deserve authorship credit for that. |
Changed author from Samuel Lelièvre, John Palmieri to Samuel Lelièvre |
Changed reviewer from Eric Gourgoulhon, Jeroen Demeyer to Eric Gourgoulhon, Jeroen Demeyer, John Palmieri |
Changed branch from u/jhpalmieri/t/27110 to |
The Python package defusedxml
addresses some vulnerabilities of XML parsers.
It is a new dependency of the nbconvert
standard spkg, starting from nbconvert 5.4, to which we upgraded in #26969.
In this ticket, we therefore
Tarball:
https://files.pythonhosted.org/packages/74/ba/4ba4e89e21b5a2e267d80736ea674609a0a33cc4435a6d748ef04f1f9374/defusedxml-0.5.0.tar.gz
As reported in
this sage-devel post, the absence of defusedxml breaks the Jupyter notebook in Sage 8.7.beta0: opening a notebook file (either a new one or a pre-existing one) results in
the reason being
Note that anyone using Sage 8.7.beta0 can run
as a simple workaround which will make Jupyter notebooks work again.
CC: @slel
Component: packages: standard
Keywords: jupyter defusedxml
Author: Samuel Lelièvre
Branch/Commit:
6693a6c
Reviewer: Eric Gourgoulhon, Jeroen Demeyer, John Palmieri
Issue created by migration from https://trac.sagemath.org/ticket/27110
The text was updated successfully, but these errors were encountered: