I just updated my system’s flake’s inputs, and now I’m getting a build failure due to mistune:
error: Package ‘python3.9-mistune-0.8.4’ in /nix/store/dxa8c2j2ifgzjj0pjwl35qzgcayjhg88-source/pkgs/development/python-modules/mistune/common.nix:23 is marked as insecure, refusing to evaluate.
Known issues:
- CVE-2022-34749
As far as I can tell this is because I’ve turned on services.jupyter.enable (if I comment out the import that does that, it seems to start building ok). Unfortunately I happen to like having Jupyter available so that’s not a good long-term solution.
I see a lot of recent issues and PRs about some CVE in mistune (including one or two that seem like they might make Jupyter transitively depend on mistune 2.x rather than 0.8). Is there something pending that will unbreak Jupyter on stable or am I SOL until November?