[Snyk] Security upgrade nbconvert from 5.6.1 to 7.17.0

[SPH73]

Snyk has created this PR to fix 1 vulnerabilities in the pip dependencies of this project.

Snyk changed the following file(s):

• requirements.txt

⚠️ Warning

pyobjc 6.1 requires pyobjc-core, which is not installed.
pyobjc 6.1 requires pyobjc-framework-addressbook, which is not installed.
pyobjc 6.1 requires pyobjc-framework-cfnetwork, which is not installed.
pyobjc 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc 6.1 requires pyobjc-framework-coreaudio, which is not installed.
pyobjc 6.1 requires pyobjc-framework-coreaudiokit, which is not installed.
pyobjc 6.1 requires pyobjc-framework-coredata, which is not installed.
pyobjc 6.1 requires pyobjc-framework-coreservices, which is not installed.
pyobjc 6.1 requires pyobjc-framework-coretext, which is not installed.
pyobjc 6.1 requires pyobjc-framework-discrecording, which is not installed.
pyobjc 6.1 requires pyobjc-framework-quartz, which is not installed.
pyobjc 6.1 requires pyobjc-framework-screensaver, which is not installed.
pyobjc 6.1 requires pyobjc-framework-security, which is not installed.
pyobjc 6.1 requires pyobjc-framework-securityinterface, which is not installed.
pyobjc 6.1 requires pyobjc-framework-syncservices, which is not installed.
pyobjc 6.1 requires pyobjc-framework-systemconfiguration, which is not installed.
pyobjc 6.1 requires pyobjc-framework-webkit, which is not installed.
pyobjc-framework-accounts 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-accounts 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-adsupport 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-adsupport 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-applescriptkit 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-applescriptkit 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-applescriptobjc 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-applescriptobjc 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-applicationservices 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-applicationservices 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-applicationservices 6.1 requires pyobjc-framework-quartz, which is not installed.
pyobjc-framework-automator 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-automator 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-businesschat 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-businesschat 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-calendarstore 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-calendarstore 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-cloudkit 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-cloudkit 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-cloudkit 6.1 requires pyobjc-framework-coredata, which is not installed.
pyobjc-framework-cloudkit 6.1 requires pyobjc-framework-corelocation, which is not installed.
pyobjc-framework-collaboration 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-collaboration 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-colorsync 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-colorsync 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-corehaptics 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-corehaptics 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-coremotion 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-coremotion 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-dvdplayback 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-dvdplayback 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-devicecheck 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-devicecheck 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-dictionaryservices 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-dictionaryservices 6.1 requires pyobjc-framework-coreservices, which is not installed.
pyobjc-framework-discrecordingui 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-discrecordingui 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-discrecordingui 6.1 requires pyobjc-framework-discrecording, which is not installed.
pyobjc-framework-diskarbitration 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-diskarbitration 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-eventkit 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-eventkit 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-exceptionhandling 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-exceptionhandling 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-executionpolicy 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-executionpolicy 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-fileprovider 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-fileprovider 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-fileproviderui 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-findersync 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-findersync 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-gamecontroller 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-gamecontroller 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-iosurface 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-iosurface 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-installerplugins 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-installerplugins 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-instantmessage 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-instantmessage 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-instantmessage 6.1 requires pyobjc-framework-quartz, which is not installed.
pyobjc-framework-latentsemanticmapping 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-latentsemanticmapping 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-launchservices 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-launchservices 6.1 requires pyobjc-framework-coreservices, which is not installed.
pyobjc-framework-linkpresentation 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-linkpresentation 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-linkpresentation 6.1 requires pyobjc-framework-quartz, which is not installed.
pyobjc-framework-localauthentication 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-localauthentication 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-mediaaccessibility 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-mediaaccessibility 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-medialibrary 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-medialibrary 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-medialibrary 6.1 requires pyobjc-framework-quartz, which is not installed.
pyobjc-framework-mediaplayer 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-mediaplayer 6.1 requires pyobjc-framework-avfoundation, which is not installed.
pyobjc-framework-naturallanguage 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-naturallanguage 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-netfs 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-netfs 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-osakit 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-osakit 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-opendirectory 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-opendirectory 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-pencilkit 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-pencilkit 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-preferencepanes 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-preferencepanes 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-pubsub 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-pubsub 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-quicklookthumbnailing 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-quicklookthumbnailing 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-quicklookthumbnailing 6.1 requires pyobjc-framework-quartz, which is not installed.
pyobjc-framework-searchkit 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-searchkit 6.1 requires pyobjc-framework-coreservices, which is not installed.
pyobjc-framework-securityfoundation 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-securityfoundation 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-securityfoundation 6.1 requires pyobjc-framework-security, which is not installed.
pyobjc-framework-servicemanagement 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-servicemanagement 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-social 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-social 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-soundanalysis 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-soundanalysis 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-videosubscriberaccount 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-videosubscriberaccount 6.1 requires pyobjc-framework-cocoa, which is not installed.
pyobjc-framework-ituneslibrary 6.1 requires pyobjc-core, which is not installed.
pyobjc-framework-ituneslibrary 6.1 requires pyobjc-framework-cocoa, which is not installed.
flask 2.2.5 has requirement click>=8.0, but you have click 7.1.1.
flask 2.2.5 has requirement importlib-metadata>=3.6.0; python_version < "3.10", but you have importlib-metadata 1.5.0.
flask 2.2.5 has requirement itsdangerous>=2.0, but you have itsdangerous 1.1.0.
flask 2.2.5 has requirement Jinja2>=3.0, but you have jinja2 2.11.3.
flask 2.2.5 has requirement Werkzeug>=2.2.2, but you have werkzeug 0.16.0.
nbclient 0.7.4 has requirement jupyter-client>=6.1.12, but you have jupyter-client 6.0.0.
nbclient 0.7.4 has requirement jupyter-core!=5.0.*,>=4.12, but you have jupyter-core 4.6.3.
nbclient 0.7.4 has requirement nbformat>=5.1, but you have nbformat 5.0.4.
nbclient 0.7.4 has requirement traitlets>=5.3, but you have traitlets 4.3.3.
nbconvert 7.6.0 has requirement importlib-metadata>=3.6; python_version < "3.10", but you have importlib-metadata 1.5.0.
nbconvert 7.6.0 has requirement jinja2>=3.0, but you have jinja2 2.11.3.
nbconvert 7.6.0 has requirement jupyter-core>=4.7, but you have jupyter-core 4.6.3.
nbconvert 7.6.0 has requirement markupsafe>=2.0, but you have markupsafe 1.1.1.
nbconvert 7.6.0 has requirement nbformat>=5.7, but you have nbformat 5.0.4.
nbconvert 7.6.0 has requirement traitlets>=5.1, but you have traitlets 4.3.3.
notebook 6.4.12 has requirement Send2Trash>=1.8.0, but you have send2trash 1.5.0.
notebook 6.4.12 has requirement tornado>=6.1, but you have tornado 6.0.3.
pylint 2.7.0 has requirement astroid==2.5.0, but you have astroid 2.3.3.
python-jsonrpc-server 0.3.4 has requirement ujson<=1.35; platform_system != "Windows", but you have ujson 5.4.0.
python-language-server 0.31.8 has requirement ujson<=1.35; platform_system != "Windows", but you have ujson 5.4.0.
requests 2.23.0 has requirement urllib3!=1.25.0,!=1.25.1,<1.26,>=1.21.1, but you have urllib3 1.26.5.
virtualenv 20.26.6 has requirement distlib<1,>=0.3.7, but you have distlib 0.3.1.
virtualenv 20.26.6 has requirement filelock<4,>=3.12.2, but you have filelock 3.0.12.
virtualenv 20.26.6 has requirement importlib-metadata>=6.6; python_version < "3.8", but you have importlib-metadata 1.5.0.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.
• Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

---

Note

Medium Risk
Dependency-only change, but it’s a major-version upgrade of nbconvert that may require newer jinja2/jupyter-*/traitlets versions and could break notebook export workflows if the rest of the environment remains pinned.

Overview
Upgrades the pinned nbconvert dependency in requirements.txt from 5.6.1 to 7.17.0 to address a reported security vulnerability.

^{Written by Cursor Bugbot for commit a961224. This will update automatically on new commits. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

This PR is being reviewed by Cursor Bugbot

Details

You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.

To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

[cursor]

Dependency upgrade breaks due to incompatible pinned sub-dependencies

High Severity

Upgrading nbconvert to 7.17.0 without bumping its pinned dependencies causes installation failure or runtime errors. nbconvert 7.x requires Jinja2>=3.0 (pinned at 2.11.3), nbformat>=5.7 (pinned at 5.0.4), traitlets>=5.1 (pinned at 4.3.3), jupyter-core>=4.7 (pinned at 4.6.3), MarkupSafe>=2.0 (pinned at 1.1.1), and jupyter-client>=6.1.12 (pinned at 6.0.0). All of these need to be upgraded together.

Additional Locations (2)

• requirements.txt#L37-L38
• requirements.txt#L47-L48