chore(deps): update dependency jupyter-server to v2.11.2 [security] #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open

renovate wants to merge 1 commit into main from renovate/pypi-jupyter-server-vulnerability

renovate bot commented Apr 27, 2025 •

edited

Loading

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
jupyter-server	`==2.9.1` → `==2.11.2`

GitHub Vulnerability Alerts

CVE-2023-49080

Impact

Unhandled errors in API requests include traceback information, which can include path information. There is no known mechanism by which to trigger these errors without authentication, so the paths revealed are not considered particularly sensitive, given that the requesting user has arbitrary execution permissions already in the same environment.

Patches

jupyter-server PATCHED_VERSION no longer includes traceback information in JSON error responses. For compatibility, the traceback field is present, but always empty.

Workarounds

None

Release Notes

jupyter-server/jupyter_server (jupyter-server)

`v2.11.2`

(Full Changelog)

Contributors to this release

(GitHub contributors page for this release)

`v2.11.1`

(Full Changelog)

Bugs fixed

avoid unhandled error on some invalid paths #1369 (@minrk)
Change md5 to hash and hash_algorithm, fix incompatibility #1367 (@Wh1isper)

Contributors to this release

(GitHub contributors page for this release)

@blink1073 | @fcollonval | @minrk | @Wh1isper

`v2.11.0`

(Full Changelog)

Enhancements made

Support get file(notebook) md5 #1363 (@Wh1isper)

Maintenance and upkeep improvements

Update ruff and typings #1365 (@blink1073)

Documentation improvements

Update api docs with md5 param #1364 (@Wh1isper)
typo: ServerApp #1361 (@IITII)

Contributors to this release

(GitHub contributors page for this release)

@blink1073 | @IITII | @welcome | @Wh1isper

`v2.10.1`

(Full Changelog)

Bugs fixed

ContentsHandler return 404 rather than raise exc #1357 (@bloomsa)

Maintenance and upkeep improvements

Clean up ruff config #1358 (@blink1073)
Add more typings #1356 (@blink1073)
chore: update pre-commit hooks #1355 (@pre-commit-ci)

Contributors to this release

(GitHub contributors page for this release)

@blink1073 | @bloomsa | @pre-commit-ci

`v2.10.0`

(Full Changelog)

Enhancements made

Update kernel env to reflect changes in session #1354 (@blink1073)

Maintenance and upkeep improvements

Clean up config and address warnings #1353 (@blink1073)
Clean up lint and typing #1351 (@blink1073)
Update typing for traitlets 5.13 #1350 (@blink1073)
Update typings and fix tests #1344 (@blink1073)

Contributors to this release

(GitHub contributors page for this release)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.


          chore(deps): update dependency jupyter-server to v2.11.2 [security]

9891ed0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet