chore(deps): update dependency jupyterlab to v4.5.7 [security]#167
Merged
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub. 1 Skipped Deployment
|
c0f0eb3 to
3b2363a
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
4.4.2→4.5.7JupyterLab LaTeX typesetter links did not enforce
noopenerattributeCVE-2025-59842 / GHSA-vvfj-2jqx-52jm
More information
Details
Links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include the
noopenerattribute.This is deemed to have no impact on the default installations. Theoretically users of third-party LaTeX-rendering extensions could find themselves vulnerable to reverse tabnabbing attacks if:
target=_blank(no such extensions are known at time of writing) andFor consistency with handling on other links, new versions of JupyterLab will enforce
noopenerandtarget=_blankon all links generated by typesetters. The former will harden the resilience of JupyterLab to extensions with lack of secure defaults in link rendering, and the latter will improve user experience by preventing accidental state loss when clicking on links rendered by LaTeX typesetters.Impact
Since the official LaTeX typesetter extensions for JupyterLab:
jupyterlab-mathjax(default),jupyterlab-mathjax2andjupyterlab-katexdo not include thetarget=_blank, there is no impact for JupyterLab users.Patches
JupyterLab 4.4.8
Workarounds
No workarounds are necessary.
References
None
Severity
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS
CVE-2026-40171 / GHSA-rch3-82jr-f9w9
More information
Details
Impact
A stored Cross-Site Scripting (XSS) vulnerability in Jupyter Notebook allows attackers to steal authentication tokens from users who open malicious notebook files and interact with elements that the attacker can make look indistinguishable from legitimate controls (single click interaction).
The vulnerability enables complete account takeover through the Jupyter REST API, allowing the attacker to:
Patches
Jupyter Notebook 7.5.6 and JupyterLab 4.5.7 include patches for this vulnerability.
Workarounds
The help extension can be disabled via CLI:
Hardening
The patched versions include a toggle to disable the command linker functionality altogether, for example via
overrides.json:{ "@​jupyterlab/apputils-extension:sanitizer": { "allowCommandLinker": false } }Resources
Acknowledgments
Reported by Daniel Teixeira - NVIDIA AI Red Team
Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request
CVE-2026-42266 / GHSA-37w4-hwhx-4rc4
More information
Details
The allow-list of extensions that can be installed from PyPI Extension Manager (
allowed_extensions_uris) is not correctly enforced by JupyterLab prior to 4.5.7. The PyPI Extension Manager was not contained to packages listed on the default PyPI index.This has security implications for deployments that:
Impact
An authenticated attacker - such as a student in a shared JupyterHub environment or a user in a multi-tenant JupyterLab deployment - can escalate their privileges. This might allow for data exfiltration, lateral movement within the network, and persistent compromise of the server infrastructure.
Patches
JupyterLab
v4.5.7contains the patch.Users of applications that depend on JupyterLab, such as Notebook v7+, should update
jupyterlabpackage too.Workarounds
Switch to read-only extension manager by adding the following command line option:
or the following traitlet:
You can confirm that the read-only manager is in use from GUI:
Note: configuration of a PyPI proxy with allow-listed packages is not sufficient to protect from this vulnerability.
References
Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content
CVE-2026-42557 / GHSA-mqcg-5x36-vfcg
More information
Details
JupyterLab's HTML sanitizer allowlists
data-commandlinker-commandanddata-commandlinker-argsonbuttonelements, whileCommandLinkerlistens for all click events ondocument.bodyand executes the named command without checking whether the element came from trusted JupyterLab UI. A notebook with a pre-saved HTML cell output containing a deceptive button can trigger arbitrary JupyterLab commands - including arbitrary code execution - on a single user click, without any code being submitted for execution by the user.Impact
An attacker who shares a notebook or a Markdown file - via email, GitHub, or a Binder link - can invoke an arbitrary command upon a single click by the victim. The button can be rendered inside the output area and be visually indistinguishable from a legitimate widget. No kernel needs to start; the HTML output is stored in the notebook file and displayed immediately on open.
Single-click impact
An attacker convincing the victim to click on a single button or link can:
The arbitrary code execution will be immediately visible to the user; and can be halted by the timely user intervention. The deletion of files can be silent and go unnoticed for some time.
Multi-click attacks
An attacker who convinces the victim to click on multiple buttons in specific order and to grant access to clipboard (or in scenarios where the user already granted keyboard access) can obtain full access to the terminal and execute arbitrary commands in the environment with access scope that might exceed that of available kernels. Only users of Chromium-based browsers are susceptible to this expanded variant of the attack.
The execution of commands in the terminal would be immediately visible to the user.
Impact of third-party extensions
The impact described above assumes a plain JupyterLab/Notebook installation. In environments with frontend extensions that contribute additional commands the attack surface is increased by the functionality covered by these commands.
Patches
JupyterLab 4.5.7
Workarounds
No workarounds are available for end-users.
Downstream applications inheriting from
JupyterFrontEndorJupyterLabcan effectively disable theCommandLinkerby passingcommandLinker: new CommandLinker({ commands: new CommandRegistry() })option in the initialization options.Hardening
The patched versions include a toggle to disable the command linker functionality altogether, for example via
overrides.json:{ "@​jupyterlab/apputils-extension:sanitizer": { "allowCommandLinker": false } }Resources
Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Release Notes
jupyterlab/jupyterlab (jupyterlab)
v4.5.7Compare Source
4.5.7
(Full Changelog)
Security patches
Bugs fixed
Maintenance and upkeep improvements
4.5.xbranch #18817 (@krassowski).jp-VariableRenderer-TrustButtonCSS rule #18762 (@Carreau).jp-Cell-PlaceholderCSS rules #18761 (@Carreau)Documentation improvements
Contributors to this release
The following people contributed discussions, new ideas, code and documentation contributions, and review.
See our definition of contributors.
(GitHub contributors page for this release)
@Carreau (activity) | @filipeoliveira05 (activity) | @flaviomartins (activity) | @itsmejay80 (activity) | @jtpio (activity) | @krassowski (activity) | @martinRenou (activity) | @MUFFANUJ (activity) | @utsav-develops (activity)
v4.5.6Compare Source
4.5.6
(Full Changelog)
Bugs fixed
fullwindowing mode #18522 (@krassowski)gettextmethods #18597 (@tmetzl)filebrowser:searchcommand #18593 (@krassowski)filebrowser:create-new-filecontext menu selector #18588 (@jtpio)codeinput inCodeConsolewhen configured #18554 (@agriyakhetarpal)Maintenance and upkeep improvements
Contributors to this release
The following people contributed discussions, new ideas, code and documentation contributions, and review.
See our definition of contributors.
(GitHub contributors page for this release)
@agriyakhetarpal (activity) | @IsabelParedes (activity) | @jtpio (activity) | @krassowski (activity) | @soniya-malviy (activity) | @tmetzl (activity)
v4.5.5Compare Source
4.5.5
(Full Changelog)
Bugs fixed
@codemirror/view, fixing slow selection when line wrapping is enabled #18479 (@krassowski)Maintenance and upkeep improvements
Contributors to this release
The following people contributed discussions, new ideas, code and documentation contributions, and review.
See our definition of contributors.
(GitHub contributors page for this release)
@apoorvdarshan (activity) | @bollwyvl (activity) | @itsmevichu (activity) | @jasongrout (activity) | @krassowski (activity)
v4.5.4Compare Source
4.5.4
(Full Changelog)
Bugs fixed
DocumentRegistry.getFileTypeForModel()#18409 (@krassowski)Maintenance and upkeep improvements
Documentation improvements
sharedModelin JupyterLab 4 #18260 (@Krish-876)contentdefault #18383 (@ceasermikes002)Contributors to this release
The following people contributed discussions, new ideas, code and documentation contributions, and review.
See our definition of contributors.
(GitHub contributors page for this release)
@brichet (activity) | @ceasermikes002 (activity) | @DeborahOlaboye (activity) | @itsmevichu (activity) | @jasongrout (activity) | @jtpio (activity) | @krassowski (activity) | @Krish-876 (activity)
v4.5.3Compare Source
4.5.3
(Full Changelog)
Bugs fixed
deferandcontentVisibilitywindowing mode #18359 (@krassowski).pyfiles, update@luminopackages tov2026.1.15#18351 (@krassowski, @aaron-seq)Maintenance and upkeep improvements
Documentation improvements
Contributors to this release
The following people contributed discussions, new ideas, code and documentation contributions, and review.
See our definition of contributors.
(GitHub contributors page for this release)
@aaron-seq (activity) | @brichet (activity) | @IsabelParedes (activity) | @jimangel (activity) | @jtpio (activity) | @krassowski (activity)
v4.5.2Compare Source
4.5.2
(Full Changelog)
Bugs fixed
defermode #18220 (@krassowski)Maintenance and upkeep improvements
nexttag for some versions of@jupyterlab/rendermime-interfaces#18217 (@jtpio)Documentation improvements
inspect_requestmessage #18234 (@Krish-876)Contributors to this release
The following people contributed discussions, new ideas, code and documentation contributions, and review.
See our definition of contributors.
(GitHub contributors page for this release)
@brichet (activity) | @Darshan808 (activity) | @i-aki-y (activity) | @JamesWrigley (activity) | @jtpio (activity) | @krassowski (activity) | @Krish-876 (activity) | @MUFFANUJ (activity) | @pranshugupta01 (activity)
v4.5.1Compare Source
4.5.1
(Full Changelog)
Deprecated features
Enhancements made
Bugs fixed
scrollPastEndfor text editors #18186 (@Meriem-BenIsmail)Maintenance and upkeep improvements
Contributors to this release
The following people contributed discussions, new ideas, code and documentation contributions, and review.
See our definition of contributors.
(GitHub contributors page for this release)
@Darshan808 (activity) | @FoSuCloud (activity) | @HaudinFlorence (activity) | @ianthomas23 (activity) | @jasongrout (activity) | @jtpio (activity) | @krassowski (activity) | @martinRenou (activity) | @meeseeksmachine (activity) | @Meriem-BenIsmail (activity) | @prajyot-porje (activity) | @xc2 (activity)
v4.5.0Compare Source
(Full Changelog)
New features added
Enhancements made
DebuggerDisplayRegistryto provide context-aware display names for debugger panels #18043 (@arjxn-py)IContentProvider#18027 (@martinRenou)Show more outputsbutton design #18021 (@andrii-i)content-visibilityapplication #18013 (@Meriem-BenIsmail)DocumentManagerdialogs customizable #17961 (@Darshan808)ContentProviderRegistry#17940 (@martinRenou)contentVisibility#17926 (@Meriem-BenIsmail)IUserAPIClientto make swappingUserManagereasier #17884 (@krassowski)toSkipfor theSettingsEditor#17834 (@jtpio)content-visibilityto render notebook cells more efficiently #17822 (@Meriem-BenIsmail)addExtraLineOnCellMergesetting #17806 (@jtpio)idwhen the user changes cell type #17731 (@afshin)shelltocontrolchannel #17684 (@krassowski)allowFileUploadssetting to the file browser #17676 (@jtpio)argsfor all commands #17649 (@jtpio)audio-extensionandvideo-extension#17636 (@jtpio)selectionChangedsignal to the file browser #17563 (@jtpio)exportAsmethod toNbConvert.IManager#17482 (@jtpio)extra_labextensions_pathto favor defaults #17476 (@peytondmurray)Configuration
📅 Schedule: (UTC)
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.