./www/py-notebook, Web-based notebook environment for interactive computing

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 6.0.1, Package name: py37-notebook-6.0.1, Maintainer: pkgsrc-users

The Jupyter Notebook is a web application that allows you to create
and share documents that contain live code, equations, visualizations,
and explanatory text. The Notebook has support for multiple
programming languages, sharing, and interactive widgets.


Required to run:
[devel/py-setuptools] [textproc/py-jinja2] [net/py-zmq] [www/py-tornado] [devel/py-ipython_genutils] [devel/py-traitlets] [www/py-terminado] [devel/py-ipykernel] [devel/py-jupyter_core] [devel/py-jupyter_client] [www/py-nbconvert] [www/py-nbformat] [sysutils/py-Send2Trash] [lang/python37] [net/py-prometheus_client]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: b9e62e669c28c318e0fec6c7ea4cb52de7e06232
RMD160: 9c661bb817d2186e37bd27ca2acb8ec5c4699935
Filesize: 13105.273 KB

Version history: (Expand)


CVS history: (Expand)


   2019-08-22 10:23:27 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-notebook: updated to 6.0.1

6.0.1

- Attempt to re-establish websocket connection to Gateway
- Add missing react-dom js to package data

6.0

This is the first major release of the Jupyter Notebook since version 5.0 (March \ 
2017).

We encourage users to start trying JupyterLab, which has just announced it's 1.0 \ 
release in preparation
for a future transition.

- Remove Python 2.x support in favor of Python 3.5 and higher.
- Multiple accessibility enhancements and bug-fixes.
- Multiple translation enhancements and bug-fixes.
- Remove deprecated ANSI CSS styles.
- Native support to forward requests to Jupyter Gateway(s) (Embedded NB2KG).
- Use JavaScript to redirect users to notebook homepage.
- Enhanced SSL/TLS security by using PROTOCOL_TLS which selects the highest ssl/tls
  protocol version available that both the client and server support. When \ 
PROTOCOL_TLS
  is not available use PROTOCOL_SSLv23.
- Add ?no_track_activity=1 argument to allow API requests.
  to not be registered as activity (e.g. API calls by external activity monitors).
- Kernels shutting down due to an idle timeout is no longer considered
  an activity-updating event.
- Further improve compatibility with tornado 6 with improved
  checks for when websockets are closed.
- Launch the browser with a local file which redirects to the server address \ 
including
  the authentication token. This prevents another logged-in user from stealing \ 
the token
  from command line arguments and authenticating to the server.
  The single-use token previously used to mitigate this has been removed.
  Thanks to Dr. Owain Kenway for suggesting the local file approach.
- Respect nbconvert entrypoints as sources for exporters
- Update to CodeMirror to 5.37, which includes f-string syntax for Python 3.6.
- Update jquery-ui to 1.12
- Execute cells by clicking icon in input prompt.
- New "Save as" menu option.
- When serving on a loopback interface, protect against DNS rebinding by
  checking the Host header from the browser.
  This check can be disabled if necessary by setting
  NotebookApp.allow_remote_access.
  (Disabled by default while we work out some Mac issues in :ghissue:3754).
- Add kernel_info_timeout traitlet to enable restarting slow kernels.
- Add custom_display_host config option to override displayed URL.
- Add /metrics endpoint for Prometheus Metrics.
- Optimize large file uploads.
- Allow access control headers to be overriden in jupyter_notebook_config.py to \ 
support
  greater CORS and proxy configuration flexibility.
- Add support for terminals on windows.
- Add a "restart and run all" button to the toolbar.
- Frontend/extension-config: allow default json files in a .d directory.
- Allow setting token via jupyter_token env.
- Cull idle kernels using --MappingKernelManager.cull_idle_timeout.
- Allow read-only notebooks to be trusted.
- Convert JS tests to Selenium.

Security Fixes included in previous minor releases of Jupyter Notebook and also \ 
included in version 6.0.

- Fix Open Redirect vulnerability (CVE-2019-10255)
  where certain malicious URLs could redirect from the Jupyter login page
  to a malicious site after a successful login.

- Contains a security fix for a cross-site inclusion (XSSI) vulnerability \ 
(CVE-2019–9644),
  where files at a known URL could be included in a page from an unauthorized \ 
website if
  the user is logged into a Jupyter server. The fix involves setting the
  X-Content-Type-Options: nosniff header, and applying CSRF checks previously on all
  non-GET API requests to GET requests to API endpoints and the /files/ endpoint.

- Check Host header to more securely protect localhost deployments from DNS \ 
rebinding.
  This is a pre-emptive measure, not fixing a known vulnerability.
  Use .NotebookApp.allow_remote_access and .NotebookApp.local_hostnames to configure
  access.

- Upgrade bootstrap to 3.4, fixing an XSS vulnerability, which has been
  assigned CVE-2018-14041 <https://nvd.nist.gov/vuln/detail/CVE-2018-14041>_.

- Contains a security fix preventing malicious directory names
  from being able to execute javascript.

- Contains a security fix preventing nbconvert endpoints from executing \ 
javascript with
  access to the server API. CVE request pending.
   2019-07-22 10:42:50 by Nia Alarie | Files touched by this commit (5)
Log message:
Use https for jupyter.org.
   2019-04-25 15:19:48 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-notebook: updated to 5.7.8

5.7.8
- Fix regression in restarting kernels in 5.7.5.
  The restart handler would return before restart was completed.
- Further improve compatibility with tornado 6 with improved
  checks for when websockets are closed.
- Fix regression in 5.7.6 on Windows where .js files could have the wrong mime-type.
- Fix Open Redirect vulnerability (CVE-2019-10255)
  where certain malicious URLs could redirect from the Jupyter login page
  to a malicious site after a successful login.
  5.7.7 contained only a partial fix for this issue.
   2019-03-22 18:55:05 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-notebook: updated to 5.7.6

5.7.6
5.7.6 contains a security fix for a cross-site inclusion (XSSI) vulnerability,
where files at a known URL could be included in a page from an unauthorized \ 
website if the user is logged into a Jupyter server.
The fix involves setting the X-Content-Type-Options: nosniff
header, and applying CSRF checks previously on all non-GET
API requests to GET requests to API endpoints and the /files/ endpoint.

The attacking page is able to access some contents of files when using Internet \ 
Explorer through script errors,
but this has not been demonstrated with other browsers.
A CVE has been requested for this vulnerability.

5.7.5
- Fix compatibility with tornado 6
- Fix opening integer filedescriptor during startup on Python 2
- Fix compatibility with asynchronous KernelManager.restart_kernel methods
   2019-01-08 11:49:30 by Mark Davies | Files touched by this commit (1)
Log message:
py-notebook: add dependency on py-prometheus_client
   2019-01-02 16:32:41 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-notebook: updated to 5.7.4

5.7.4 fixes a bug introduced in 5.7.3, in which the list_running_servers()
function attempts to parse HTML files as JSON, and consequently crashes

5.7.3 contains one security improvement and one security fix:
- Launch the browser with a local file which redirects to the server address
  including the authentication token
  This prevents another logged-in user from stealing the token from command line
  arguments and authenticating to the server.
  The single-use token previously used to mitigate this has been removed.
  Thanks to Dr. Owain Kenway for suggesting the local file approach.
- Upgrade bootstrap to 3.4, fixing an XSS vulnerability, which has been
  assigned CVE-2018-14041
   2018-11-30 10:53:33 by Adam Ciarcinski | Files touched by this commit (1)
Log message:
py-notebook: mark as incompatible with Python 2.7
   2018-11-29 19:34:12 by Adam Ciarcinski | Files touched by this commit (4) | Package updated
Log message:
py-notebook: updated to 5.7.2

5.7.2
5.7.2 contains a security fix preventing malicious directory names
from being able to execute javascript. CVE request pending.

5.7.1
5.7.1 contains a security fix preventing nbconvert endpoints from executing \ 
javascript with access to the server API. CVE request pending.

5.7.0
New features:
- Update to CodeMirror to 5.37, which includes f-string sytax for Python 3.6
- Update jquery-ui to 1.12
- Check Host header to more securely protect localhost deployments from DNS \ 
rebinding.
  This is a pre-emptive measure, not fixing a known vulnerability
  Use .NotebookApp.allow_remote_access and .NotebookApp.local_hostnames to configure
  access.
- Allow access-control-allow-headers to be overridden
- Allow configuring max_body_size and max_buffer_size
- Allow configuring get_secure_cookie keyword-args
- Respect nbconvert entrypoints as sources for exporters
- Include translation sources in source distributions
- Various improvements to documentation

Fixing problems:
- Fix breadcrumb link when running with a base url
- Fix possible type error when closing activity stream
- Disable metadata editing for non-editable cells
- Fix some styling and alignment of prompts caused by regressions in 5.6.0.
- Enter causing page reload in shortcuts editor
- Fix uploading to the same file twice