Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

Fedora 42 python-jupytext Security Update 2026-793b55138d CVE Enhancements

fedora
Calendar Grey May 17, 2026
Dist Fedora Esm H88
Upgrade python-jupytext to enhance security against multiple CVEs in Fedora 42 with npm package updates.
This update contains upgrades to various npm packages used during the build to address CVEs, namely: CVE-2025-69873 (ajv) CVE-2026-0540 (DOMPurify) CVE-2026-3449 (@tootallnate/once...

Summary

Have you always wished Jupyter notebooks were plain text documents? Wished

you could edit them in your favorite IDE? And get clear and meaningful diffs

when doing version control? Then... Jupytext may well be the tool you're

looking for!

Jupytext is a plugin for Jupyter that can save Jupyter notebooks as

- Markdown files (or MyST Markdown files, or R Markdown or Quarto text

notebooks)

- Scripts in many languages.

Common use cases for Jupytext are:

- Doing version control on Jupyter Notebooks

- Editing, merging or refactoring notebooks in your favorite text editor

- Applying Q&A checks on notebooks.

Update Information:

This update contains upgrades to various npm packages used during the build to address CVEs, namely: CVE-2025-69873 (ajv) CVE-2026-0540 (DOMPurify) CVE-2026-3449 (@tootallnate/once) CVE-2026-4800 (lodash) CVE-2026-6321 (fast-uri) CVE-2026-41240 (DOMPurify) This is probably unimportant since these packages are used at build-time only. They are not shipped with python3-jupytext and therefore do not affect runtime.

Topics%20covered

Topics Covered

security advisory denial of service fedora npm python-jupytext improved security

Change Log

* Fri May 8 2026 Jerry James - 1.19.1-4 - Update various npm components used in the build - Fix CVE-2025-69873: update ajv to 6.15.0/8.20.0 - Fix CVE-2026-0540 and CVE-2026-41240: update DOMPurify to 3.4.2 - Fix CVE-2026-3449: update @tootallnate/once to 3.0.1 - Fix CVE-2026-4800: update lodash to 4.18.1 - Fix CVE-2026-6321: update fast-uri to 3.1.2 * Fri May 8 2026 Jerry James - 1.19.1-3 - Permit building with any version of nodejs * Fri May 8 2026 Jerry James - 1.19.1-2 - Adapt to nodejs24

References


[ 1 ] Bug #2439389 - CVE-2025-69873 python-jupytext: ReDoS via $data reference [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2439389 [ 2 ] Bug #2444210 - CVE-2026-3449 python-jupytext: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2444210 [ 3 ] Bug #2444288 - CVE-2026-0540 python-jupytext: DOMPurify: Cross-site scripting vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2444288 [ 4 ] Bug #2454050 - CVE-2026-4800 python-jupytext: lodash: Arbitrary code execution via untrusted input in template imports [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454050 [ 5 ] Bug #2463432 - CVE-2026-41240 python-jupytext: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2463432 [ 6 ] Bug #2466943 - CVE-2026-6321 pytho...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-793b55138d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: python-jupytext
Product: Fedora 42
Version: 1.19.1
Release: 4.fc42
URL: https://jupytext.readthedocs.io/
Summary: Save Jupyter notebooks as text documents or scripts

Topics%20covered

Topics Covered

security advisory denial of service fedora npm python-jupytext improved security

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here