Skip to content

Update jupyter_core to >=5.8.1 to fix security vulnerability #24

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
bernalde merged 2 commits into from
Aug 6, 2025
Merged

Update jupyter_core to >=5.8.1 to fix security vulnerability #24

bernalde merged 2 commits into from
Aug 6, 2025

Conversation

Copy link
Contributor

Copilot AI commented Aug 5, 2025
edited
Loading

This PR addresses a security vulnerability in jupyter_core by upgrading from version 5.7.2 to >=5.8.1.

Security Issue

The previous version (5.7.2) contains a Local Privilege Escalation Vulnerability on Windows systems due to an "Uncontrolled Search Path Element" issue. This vulnerability could allow attackers to execute malicious code with elevated privileges.

Changes Made

  • Updated venv_requirements.txt line 34: jupyter_core==5.7.2jupyter_core>=5.8.1

Testing

All existing functionality has been verified to work correctly with the updated dependency:

  • ✅ All structure tests pass
  • ✅ All build tests pass
  • ✅ All notebook validation tests pass
  • ✅ Jupyter Book builds successfully and generates all HTML files correctly
  • ✅ No breaking changes or regressions detected

The change is minimal and surgical, updating only the version constraint for the vulnerable dependency while maintaining full compatibility with the existing codebase.

Security Impact

This update ensures that users of the Pyomo Jupyter Book are protected from the known security vulnerability when working on Windows systems.

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

Copilot AI changed the title [WIP] Dependency jupyter_core Version< 5.8.0 Upgrade to ~> 5.8.1 Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability Make sure that all the tests pass and that the book is correctly generated Update jupyter_core to >=5.8.1 to fix security vulnerability Aug 5, 2025
Copilot AI requested a review from bernalde August 5, 2025 23:52
@bernalde bernalde marked this pull request as ready for review August 6, 2025 00:23
@bernalde bernalde merged commit fe613d8 into main Aug 6, 2025
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@bernalde bernalde bernalde approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@bernalde bernalde

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bernalde