[22.05] Revert "python3Packages.mistune_0_8: mark knownVulnerabilities CVE-2022-34749"

[sersorrel]

This reverts commit db8c230 (#184209/#186149).

Description of changes

Per lepture/mistune#314 (comment), Mistune 0.8.4 is not vulnerable to CVE-2022-34749, only 2.0.x versions of Mistune before 2.0.3 are. (release-22.05 now contains mistune 0.8.4 and 2.0.4, neither of which are vulnerable.)

Things done

nixpkgs-review is running, but will take a while.

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 22.11 Release Notes (or backporting 22.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
  • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
• Fits CONTRIBUTING.md.

[FRidh]

We should probably also fix on master

pkgs/top-level/python-aliases.nix:  mistune_0_8 = throw "mistune_0_8 was removed because it was outdated and insecure"; # added 2022-08-12

[nixos-discourse]

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/jupyter-broken-in-22-05/21108/5