Vulnerability in tornado dependency

[yadudoc]

There's an active vulnerability in the tornado 6.1 library that's being caught and reported by the vulnerability check in our github actions. The dependency comes through funcx->parsl and through nbsphinx. The first case is being fixed and won't be a dependency in parsl 1.1.0. nbsphinx is a test-dependency and shouldn't affect the package.

This test failure also blocks container builds necessary to test deployments. I believe suspending these tests for now, and addressing this over the next couple of weeks is the best course of action.

@BenGalewsky @joshbryan-globus please let me know what you think.

[joshbryan-globus]

I think that is fine. In addition to the points you made, the vulnerability itself seems to require a proxy to be configured that keys on (or otherwise interprets) a query parameter, and we don't do that. We should resolve it eventually just to make the lights turn green, but it's certainly not critical.