Subject: CVS commit: pkgsrc/www/py-notebook
From: Adam Ciarcinski
Date: 2018-11-29 19:34:12
Message id: 20181129183412.A2AD1FB1F@cvs.NetBSD.org

Log Message:
py-notebook: updated to 5.7.2

5.7.2
5.7.2 contains a security fix preventing malicious directory names
from being able to execute javascript. CVE request pending.

5.7.1
5.7.1 contains a security fix preventing nbconvert endpoints from executing \ 
javascript with access to the server API. CVE request pending.

5.7.0
New features:
- Update to CodeMirror to 5.37, which includes f-string sytax for Python 3.6
- Update jquery-ui to 1.12
- Check Host header to more securely protect localhost deployments from DNS \ 
rebinding.
  This is a pre-emptive measure, not fixing a known vulnerability
  Use .NotebookApp.allow_remote_access and .NotebookApp.local_hostnames to configure
  access.
- Allow access-control-allow-headers to be overridden
- Allow configuring max_body_size and max_buffer_size
- Allow configuring get_secure_cookie keyword-args
- Respect nbconvert entrypoints as sources for exporters
- Include translation sources in source distributions
- Various improvements to documentation

Fixing problems:
- Fix breadcrumb link when running with a base url
- Fix possible type error when closing activity stream
- Disable metadata editing for non-editable cells
- Fix some styling and alignment of prompts caused by regressions in 5.6.0.
- Enter causing page reload in shortcuts editor
- Fix uploading to the same file twice

Files:
RevisionActionfile
1.7modifypkgsrc/www/py-notebook/distinfo
1.7modifypkgsrc/www/py-notebook/PLIST
1.9modifypkgsrc/www/py-notebook/Makefile
1.3modifypkgsrc/www/py-notebook/ALTERNATIVES