Consider updating MathJax to >=3 to avoid CVE-2023-39663

## Description

Currently, `nbclassic` includes MathJax <=2.7.9. Any version <=3 of MathJax is vulnerable to a potential ReDoS attack ([CVE-2023-39663](https://github.com/advisories/GHSA-v638-q856-grg8), [issue](https://github.com/mathjax/MathJax/issues/3074)). While the vulnerability [is not easily exploitable](https://github.com/mathjax/MathJax/issues/3074#issuecomment-1658291365), it does pop up as a `high` severity CVE finding when scanning any environment that includes `nbclassic`.

## Reproduce

Use a CVE scanner (e.g., grype) to scan an environment that includes `nbclassic`.

## Expected behavior

No CVE findings for the most up-to-date version of `nbclassic`.

## Context



- Operating System and version: macOS (15.5)
- Jupyter NbClassic version: 1.3.1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Consider updating MathJax to >=3 to avoid CVE-2023-39663 #353

Description

Reproduce

Expected behavior

Context

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Consider updating MathJax to >=3 to avoid CVE-2023-39663 #353

Description

Description

Reproduce

Expected behavior

Context

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions