From ba498db5b8fca046764d4a3c5695aa30aecc6236 Mon Sep 17 00:00:00 2001
From: Darren Weber <dweber.consulting@gmail.com>
Date: Mon, 25 Mar 2024 19:42:50 -0700
Subject: [PATCH] Update setup.py
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bump ipywidgets >=8.0 to resolve CVEs:

```
-> Vulnerability found in ipywidgets version 7.8.1
   Vulnerability ID: 50664
   Affected spec: <8.0.0
   ADVISORY: Ipywidgets 8.0.0 sanitizes descriptions by default.https://github.com/jupyter-widgets/ipywidgets/pull/2785
   PVE-2022-50664
   For more information about this vulnerability, visit https://data.safetycli.com/v/50664/97c
   To ignore this vulnerability, use PyUp vulnerability id 50664 in safety’s ignore command-line argument or add the ignore to your safety policy file.

-> Vulnerability found in ipywidgets version 7.8.1
   Vulnerability ID: 50463
   Affected spec: <8.0.0rc2
   ADVISORY: Ipywidgets 8.0.0rc2 makes descriptions plaintext by default for security.https://github.com/jupyter-widgets/ipywidgets/pull/2785
   PVE-2022-50463
   For more information about this vulnerability, visit https://data.safetycli.com/v/50463/97c
   To ignore this vulnerability, use PyUp vulnerability id 50463 in safety’s ignore command-line argument or add the ignore to your safety policy file.
```

Signed-off-by: Darren Weber <dweber.consulting@gmail.com>
---
 bindings/kepler.gl-jupyter/setup.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bindings/kepler.gl-jupyter/setup.py b/bindings/kepler.gl-jupyter/setup.py
index 9e9628e56f..353061943b 100644
--- a/bindings/kepler.gl-jupyter/setup.py
+++ b/bindings/kepler.gl-jupyter/setup.py
@@ -64,7 +64,7 @@
     'long_description': LONG_DESCRIPTION,
     'include_package_data': True,
     'install_requires': [
-        'ipywidgets>=7.0.0,<8',
+        'ipywidgets>=8.0.0',
         'traittypes>=0.2.1',
         'geopandas>=0.5.0',
         'pandas>=0.23.0',