PNDA-4800 Fix for known vulnerabilities for python notebook,paramiko

[janselva]

• updated the paramiko version
• Updated the notebook package, also its dependencies packages.

[trsmith2]

Would it be possible to make the necessary changes but keep the organization of the file the same, as it will then be much easier to review. I do agree that the order should be corrected, but let's do that as a separate change as we know that will be of no functional consequence and can treat it accordingly.

[janselva]

Fixed the review comments
Dependent PRs.
pndaproject/platform-salt#619
#239
pndaproject/platform-deployment-manager#93

[trsmith2]

Thanks for making the change clearer. In order to merge this and related PRs, we'll need to understand why dependencies that were previously only needed for python3 now need to be included for python2, and vice versa.

Typo

[janselva]

Jupyter extension installing "widgets extension" package in PY2 this will require a notebook package. The newer version of notebook package requires the additional dependencies, this is not resolved by py2, that's why added the additional packages into PY2.

https://github.com/pndaproject/platform-salt/blob/32ce55fc26d811d78a0f2b042c505ca454456495/salt/jupyter/templates/requirements-jupyter-extensions.txt.tpl#L4

https://github.com/pndaproject/platform-salt/blob/32ce55fc26d811d78a0f2b042c505ca454456495/salt/jupyter/extensions.sls#L43

[trsmith2]

Yes, but it seems odd that these dependencies are required for both python2 and 3, wouldn't you agree? Why can't they all be python3 for example? I'm questioning the code you're modifying, more than your change, which makes sense if they are indeed required.