./www/py-notebook, Web-based notebook environment for interactive computing

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 5.7.6, Package name: py37-notebook-5.7.6, Maintainer: pkgsrc-users

The Jupyter Notebook is a web application that allows you to create
and share documents that contain live code, equations, visualizations,
and explanatory text. The Notebook has support for multiple
programming languages, sharing, and interactive widgets.


Required to run:
[devel/py-setuptools] [textproc/py-jinja2] [net/py-zmq] [www/py-tornado] [devel/py-ipython_genutils] [devel/py-traitlets] [www/py-terminado] [devel/py-ipykernel] [devel/py-jupyter_core] [devel/py-jupyter_client] [www/py-nbconvert] [www/py-nbformat] [sysutils/py-Send2Trash] [lang/python37] [net/py-prometheus_client]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: f6d31d620b2817ca99e9e0f6685543effdc4185f
RMD160: bfe058dcc54e0be016df47ca8f3837a09f89c54f
Filesize: 13056.295 KB

Version history: (Expand)


CVS history: (Expand)


   2019-03-22 18:55:05 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-notebook: updated to 5.7.6

5.7.6
5.7.6 contains a security fix for a cross-site inclusion (XSSI) vulnerability,
where files at a known URL could be included in a page from an unauthorized \ 
website if the user is logged into a Jupyter server.
The fix involves setting the X-Content-Type-Options: nosniff
header, and applying CSRF checks previously on all non-GET
API requests to GET requests to API endpoints and the /files/ endpoint.

The attacking page is able to access some contents of files when using Internet \ 
Explorer through script errors,
but this has not been demonstrated with other browsers.
A CVE has been requested for this vulnerability.

5.7.5
- Fix compatibility with tornado 6
- Fix opening integer filedescriptor during startup on Python 2
- Fix compatibility with asynchronous KernelManager.restart_kernel methods
   2019-01-08 11:49:30 by Mark Davies | Files touched by this commit (1)
Log message:
py-notebook: add dependency on py-prometheus_client
   2019-01-02 16:32:41 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-notebook: updated to 5.7.4

5.7.4 fixes a bug introduced in 5.7.3, in which the list_running_servers()
function attempts to parse HTML files as JSON, and consequently crashes

5.7.3 contains one security improvement and one security fix:
- Launch the browser with a local file which redirects to the server address
  including the authentication token
  This prevents another logged-in user from stealing the token from command line
  arguments and authenticating to the server.
  The single-use token previously used to mitigate this has been removed.
  Thanks to Dr. Owain Kenway for suggesting the local file approach.
- Upgrade bootstrap to 3.4, fixing an XSS vulnerability, which has been
  assigned CVE-2018-14041
   2018-11-30 10:53:33 by Adam Ciarcinski | Files touched by this commit (1)
Log message:
py-notebook: mark as incompatible with Python 2.7
   2018-11-29 19:34:12 by Adam Ciarcinski | Files touched by this commit (4) | Package updated
Log message:
py-notebook: updated to 5.7.2

5.7.2
5.7.2 contains a security fix preventing malicious directory names
from being able to execute javascript. CVE request pending.

5.7.1
5.7.1 contains a security fix preventing nbconvert endpoints from executing \ 
javascript with access to the server API. CVE request pending.

5.7.0
New features:
- Update to CodeMirror to 5.37, which includes f-string sytax for Python 3.6
- Update jquery-ui to 1.12
- Check Host header to more securely protect localhost deployments from DNS \ 
rebinding.
  This is a pre-emptive measure, not fixing a known vulnerability
  Use .NotebookApp.allow_remote_access and .NotebookApp.local_hostnames to configure
  access.
- Allow access-control-allow-headers to be overridden
- Allow configuring max_body_size and max_buffer_size
- Allow configuring get_secure_cookie keyword-args
- Respect nbconvert entrypoints as sources for exporters
- Include translation sources in source distributions
- Various improvements to documentation

Fixing problems:
- Fix breadcrumb link when running with a base url
- Fix possible type error when closing activity stream
- Disable metadata editing for non-editable cells
- Fix some styling and alignment of prompts caused by regressions in 5.6.0.
- Enter causing page reload in shortcuts editor
- Fix uploading to the same file twice
   2018-05-11 21:46:36 by Min Sik Kim | Files touched by this commit (2)
Log message:
www/py-notebook: Use PLIST.py3x instead of defining new one

Suggested by leot@.
   2018-05-11 21:24:58 by Min Sik Kim | Files touched by this commit (2)
Log message:
www/py-notebook: Fix PLIST with python27
   2018-05-11 12:09:55 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-notebook: updated to 5.5.0

5.5.0

New features:
The files list now shows file sizes
Add a quit button in the dashboard
Display hostname in the terminal when running remotely
Add slides exportation/download to the menu
Add any extra installed nbconvert exporters to the “Download as” menu
Editor: warning when overwriting a file that is modified on disk
Display a warning message if cookies are not enabled
Basic __version__ reporting for extensions
Add NotebookApp.terminals_enabled config option
Make buffer time between last modified on disk and last modified on last save \ 
configurable
Allow binding custom shortcuts for ‘close and halt’
Add description for ‘Trusted’ notification
Add settings['activity_sources']
Add an output_updated.OutputArea event

Fixing problems:
Fixes to improve web accessibility
Fixed color contrast issue in tree.less
Allow cancelling upload of large files
Don’t clear login cookie on requests without cookie
Don’t trash files on different device to home dir on Linux
Clear waiting asterisks when restarting kernel
Fix output prompt when execution_count missing
Make the ‘changed on disk’ dialog work when displayed twice
Fix going back to root directory with history in notebook list
Allow defining keyboard shortcuts for missing actions
Prevent default on pageup/pagedown when completer is active
Prevent default event handling on new terminal
ConfigManager should not write out default values found in the .d directory
Fix leak of iopub object in activity monitoring
Javascript lint in notebooklist.js
Some Javascript syntax fixes
Convert native for loop to Array.forEach()
Disable cache when downloading nbconvert output
Add missing digestmod arg to HMAC
Log OSErrors failing to create less-critical files during startup
Use powershell on Windows
API spec improvements, API handler improvements
Set notebook to dirty state after change to kernel metadata
Use CSP header to treat served files as belonging to a separate origin
Don’t install gettext into builtins
Add missing import _
Write notebook.json file atomically
Fix clicking with modifiers, page title updates
Upgrade jQuery to version 2.2
Upgrade xterm.js to 3.1.0
Upgrade moment.js to 2.19.3
Upgrade CodeMirror to 5.35
“Require” pyzmq>=17