Subject: CVS commit: pkgsrc/www/py-notebook
From: Adam Ciarcinski
Date: 2019-01-02 16:32:41
Message id:

Log Message:
py-notebook: updated to 5.7.4

5.7.4 fixes a bug introduced in 5.7.3, in which the list_running_servers()
function attempts to parse HTML files as JSON, and consequently crashes

5.7.3 contains one security improvement and one security fix:
- Launch the browser with a local file which redirects to the server address
  including the authentication token
  This prevents another logged-in user from stealing the token from command line
  arguments and authenticating to the server.
  The single-use token previously used to mitigate this has been removed.
  Thanks to Dr. Owain Kenway for suggesting the local file approach.
- Upgrade bootstrap to 3.4, fixing an XSS vulnerability, which has been
  assigned CVE-2018-14041