Skip to content

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Aug 29, 2023

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
jupyter-server ==1.15.4 -> ==2.11.2 age adoption passing confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2023-49080

Impact

Unhandled errors in API requests include traceback information, which can include path information. There is no known mechanism by which to trigger these errors without authentication, so the paths revealed are not considered particularly sensitive, given that the requesting user has arbitrary execution permissions already in the same environment.

Patches

jupyter-server PATCHED_VERSION no longer includes traceback information in JSON error responses. For compatibility, the traceback field is present, but always empty.

Workarounds

None


Release Notes

jupyter-server/jupyter_server (jupyter-server)

v2.11.2

Compare Source

(Full Changelog)

Contributors to this release

(GitHub contributors page for this release)

v2.11.1

Compare Source

(Full Changelog)

Bugs fixed
Contributors to this release

(GitHub contributors page for this release)

@​blink1073 | @​fcollonval | @​minrk | @​Wh1isper

v2.11.0

Compare Source

(Full Changelog)

Enhancements made
Maintenance and upkeep improvements
Documentation improvements
Contributors to this release

(GitHub contributors page for this release)

@​blink1073 | @​IITII | @​welcome | @​Wh1isper

v2.10.1

Compare Source

(Full Changelog)

Bugs fixed
Maintenance and upkeep improvements
Contributors to this release

(GitHub contributors page for this release)

@​blink1073 | @​bloomsa | @​pre-commit-ci

v2.10.0

Compare Source

(Full Changelog)

Enhancements made
Maintenance and upkeep improvements
Contributors to this release

(GitHub contributors page for this release)

@​blink1073

v2.9.1

Compare Source

(Full Changelog)

Bugs fixed
Contributors to this release

(GitHub contributors page for this release)

@​blink1073

v2.9.0

Compare Source

(Full Changelog)

Enhancements made
Bugs fixed
Contributors to this release

(GitHub contributors page for this release)

@​akshaychitneni | @​Carreau | @​ojarjur

v2.8.0

Compare Source

(Full Changelog)

Enhancements made
Bugs fixed
Maintenance and upkeep improvements
Contributors to this release

(GitHub contributors page for this release)

@​blink1073 | @​dependabot | @​jayeshsingh9767 | @​minrk | @​pre-commit-ci | @​welcome

v2.7.3

Compare Source

(Full Changelog)

New features added
Contributors to this release

(GitHub contributors page for this release)

@​davidbrochart

v2.7.2

Compare Source

v2.7.1

Compare Source

(Full Changelog)

Bugs fixed
Maintenance and upkeep improvements
Documentation improvements
Contributors to this release

(GitHub contributors page for this release)

@​allstrive | @​bhperry | @​blink1073 | @​emmanuel-ferdman | @​Hind-M | @​kevin-bates | @​krassowski | @​mathbunnyru | @​matthewwiese | @​minrk | @​pre-commit-ci | @​welcome | @​wqj97 | @​Zsailer

v2.7.0

Compare Source

(Full Changelog)

Bugs fixed
Maintenance and upkeep improvements
Documentation improvements
Contributors to this release

(GitHub contributors page for this release)

@​allstrive | @​blink1073 | @​fcollonval | @​kevin-bates | @​minrk | @​pre-commit-ci | @​welcome

v2.6.0

Compare Source

(Full Changelog)

New features added
Enhancements made
Bugs fixed
Maintenance and upkeep improvements
Documentation improvements
Contributors to this release

(GitHub contributors page for this release)

@​blink1073 | @​brichet | @​codecov | @​davidbrochart | @​dependabot | @​echarles | @​frenzymadness | @​hbcarlos | @​kevin-bates | @​lresende | @​minrk | @​ojarjur | @​pre-commit-ci | @​rajmusuku | @​SauravMaheshkar | @​welcome | @​yuvipanda | @​Zsailer

v2.5.0

Compare Source

(Full Changelog)

Enhancements made
Maintenance and upkeep improvements
Contributors to this release

(GitHub contributors page for this release)

@​blink1073 | @​broden-wanner | @​codecov | @​welcome | @​Zsailer

v2.4.0

Compare Source

(Full Changelog)

Enhancements made
Bugs fixed
Maintenance and upkeep improvements
Contributors to this release

(GitHub contributors page for this release)

@​blink1073 | @​Carreau | @​codecov | @​codecov-commenter | @​davidbrochart | @​dcsaba89 | @​echarles | @​kenyaachon | @​kevin-bates | @​minrk | @​vidartf | @​welcome | @​Zsailer

v2.3.0

Compare Source

(Full Changelog)

Enhancements made
Bugs fixed
  • Redact tokens, etc. in url parameters from request logs #​1212 (@​minrk)
  • Fix get_loader returning None when load_jupyter_server_extension is not found (#​1193)Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@​users.noreply.github.com> #​1193 (@​cmd-ntrf)
Maintenance and upkeep improvements
Documentation improvements
Contributors to this release

(GitHub contributors page for this release)

@​blink1073 | @​cmd-ntrf | @​codecov | @​dcsaba89 | @​meeseeksdev | @​minrk | @​pre-commit-ci | @​schnell18 | @​welcome

v2.2.1

Compare Source

(Full Changelog)

Maintenance and upkeep improvements
Contributors to this release

(GitHub contributors page for this release)

@​blink1073 | @​codecov | @​jonnygrout | @​minrk | @​welcome

v2.2.0

Compare Source

(Full Changelog)

Enhancements made
Bugs fixed
Maintenance and upkeep improvements
Contributors to this release

(GitHub contributors page for this release)

@​blink1073 | @​Carreau | @​codecov | @​kevin-bates | @​minrk | @​ojarjur | @​welcome | @​yuvipanda

v2.1.0

Compare Source

(Full Changelog)

Bugs fixed
Maintenance and upkeep improvements
Documentation improvements
Contributors to this release

(GitHub contributors page for this release)

@​blink1073 | @​codecov | @​vidartf

v2.0.7

Compare Source

(Full Changelog)

Enhancements made
Bugs fixed
Maintenance and upkeep improvements
Contributors to this release

(GitHub contributors page for this release)

@​blink1073 | @​Carreau | @​codecov | @​consideRatio | @​meeseeksdev | @​pre-commit-ci | @​vidartf | @​welcome | @​yuvipanda

v2.0.6

Compare Source

(Full Changelog)

Bugs fixed
Maintenance and upkeep improvements
Documentation improvements
Contributors to this release

(GitHub contributors page for this release)

@​blink1073 | @​codecov | @​mahendrapaipuri | @​welcome

v2.0.5

Compare Source

(Full Changelog)

Bugs fixed
Maintenance and upkeep improvements
Contributors to this release

(GitHub contributors page for this release)

@​Carreau | @​codecov | @​krassowski

v2.0.4

Compare Source

(Full Changelog)

Bugs fixed
Contributors to this release

(GitHub contributors page for this release)

@​blink1073

v2.0.3

Compare Source

(Full Changelog)

Bugs fixed
Contributors to this release

(GitHub contributors page for this release)

@​bollwyvl

v2.0.2

Compare Source

(Full Changelog)

Bugs fixed
Maintenance and upkeep improvements
Contributors to this release

(GitHub contributors page for this release)

@​blink1073 | @​bloomsa | @​codecov | @​hhuuggoo | @​kevin-bates | @​vidartf | @​vindex10 | @​welcome | @​Zsailer

v2.0.1

Compare Source

(Full Changelog)

Enhancements made
Maintenance and upkeep improvements
Contributors to this release

([GitHub c


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot force-pushed the renovate/pypi-jupyter-server-vulnerability branch from b6af04c to 6e34e33 Compare December 5, 2023 18:55
Copy link

guardrails bot commented Dec 5, 2023

⚠️ We detected 21 security issues in this pull request:

Vulnerable Libraries (21)
Severity Details
Medium pkg:pypi/flask-security@3.0.0 (t) - no patch available
High pkg:pypi/flask@2.0.3 (t) upgrade to: 2.3.2
Medium pkg:pypi/gitpython@3.1.27 (t) upgrade to: 3.1.35
High pkg:pypi/pillow@9.0.1 (t) upgrade to: 22.3.24,25.8.1,26.2.1,27.0.0-beta.2,2.88.6,10.0.1,0.2.6,0.9.3,24.8.3,0.1.8
High pkg:pypi/werkzeug@2.0.3 (t) upgrade to: 517cac5a804e8c4dc4ed038bb20dacd038e7a9f1,2.2.3
High pkg:pypi/flask@2.0.3 (t) upgrade to: 70f906c51ce49c485f1d355703e9cc3386b1cc2b,afd63b16170b7c047f5758eb910c416511e9c965,2.2.5,2.3.2
N/A pkg:pypi/gitpython@3.1.27 (t) upgrade to: ca965ecc81853bca7675261729143f54e5bf4cdd,3.1.32
High pkg:pypi/pillow@9.0.1 (t) upgrade to: 2.88.6,10.0.1,0.9.3,24.8.3,25.8.1,26.2.1,0.1.8,22.3.24,27.0.0-beta.2,0.2.6
High pkg:pypi/werkzeug@2.0.3 (t) upgrade to: 2.2.3,517cac5a804e8c4dc4ed038bb20dacd038e7a9f1
High pkg:pypi/flask@2.0.3 (t) upgrade to: 70f906c51ce49c485f1d355703e9cc3386b1cc2b,afd63b16170b7c047f5758eb910c416511e9c965,2.2.5,2.3.2
N/A pkg:pypi/gitpython@3.1.27 (t) upgrade to: ca965ecc81853bca7675261729143f54e5bf4cdd,3.1.32
High pkg:pypi/mako@1.1.6 (t) upgrade to: 925760291d6efec64fda6e9dd1fd9cfbd5be068c,1.2.2
High pkg:pypi/pillow@9.0.1 (t) upgrade to: 0.1.8,0.9.3,22.3.24,10.0.1,24.8.3,25.8.1,26.2.1,27.0.0-beta.2,2.88.6,0.2.6
High pkg:pypi/pyjwt@1.7.1 (t) upgrade to: 2.4.0
Critical pkg:pypi/werkzeug@2.0.3 (t) upgrade to: 9a3a981d70d2e9ec3344b5192f86fcaf3210cd85,2.1.1
High pkg:pypi/flask@2.0.3 (t) upgrade to: 2.3.2
N/A pkg:pypi/gitpython@3.1.27 (t) upgrade to: 3.1.32
High pkg:pypi/mako@1.1.6 (t) upgrade to: 925760291d6efec64fda6e9dd1fd9cfbd5be068c,1.2.2
High pkg:pypi/pillow@9.0.1 (t) upgrade to: 0.1.8,0.9.3,24.8.3,25.8.1,26.2.1,27.0.0-beta.2,2.88.6,22.3.24,10.0.1,0.2.6
High pkg:pypi/pyjwt@1.7.1 (t) upgrade to: 2.4.0
Critical pkg:pypi/werkzeug@2.0.3 (t) upgrade to: 9a3a981d70d2e9ec3344b5192f86fcaf3210cd85,2.1.1

More info on how to fix Vulnerable Libraries in Python.


👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

Copy link

Stale pull request message

Copy link
Author

renovate bot commented Apr 11, 2024

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 2.x releases. But if you manually upgrade to 2.x then Renovate will re-enable minor and patch updates automatically.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

@renovate renovate bot deleted the renovate/pypi-jupyter-server-vulnerability branch April 11, 2024 02:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants