Skip to content

[Snyk] Security upgrade jupyter-server from 1.24.0 to 2.20.0#21

Open
anaconda-security-bot wants to merge 1 commit into
masterfrom
snyk-fix-ec5137528a440603f49c95b32c0bdc1e
Open

[Snyk] Security upgrade jupyter-server from 1.24.0 to 2.20.0#21
anaconda-security-bot wants to merge 1 commit into
masterfrom
snyk-fix-ec5137528a440603f49c95b32c0bdc1e

Conversation

@anaconda-security-bot

Copy link
Copy Markdown

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the pip dependencies of this project.

Snyk changed the following file(s):

  • requirements.txt
⚠️ Warning
otebook 6.5.7 requires pyzmq, which is not installed.
jupyter-server 1.24.0 requires pyzmq, which is not installed.
jupyter-client 7.4.9 requires pyzmq, which is not installed.
ipykernel 6.16.2 requires pyzmq, which is not installed.

Breaking Change Risk

Merge Risk: High

Notice: This assessment is enhanced by AI.


Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-JUPYTERSERVER-17391532
@anaconda-security-bot

Copy link
Copy Markdown
Author

Merge Risk: High

The upgrade from jupyter-server v1 to v2 is a major release with significant new features and breaking changes, particularly for those who customize or extend the server.

Key Breaking Changes:

  • New ServerKernelManager: If you have custom functionality that extends the default KernelManager, you must update your code to derive from the new jupyter_server.services.kernels.kernelmanager.ServerKernelManager class. This is a mandatory change to use new server-specific features. [2]
  • New APIs for Identity and Authorization: Version 2.0 introduces new, pluggable APIs for identity and authorization. [2] While these are powerful new features, they represent a fundamental change that may require verification and configuration in multi-user or secured deployments.
  • Terminals as an Extension: The terminals service is no longer a core feature and is now shipped as a default-enabled extension. [2] This should not affect most users but is a structural change to be aware of for custom deployments.
  • Python Version Support: Support for Python 3.8 was dropped in v2.15.0, and support for Python 3.9 was dropped in v2.19.0. [1] Your environment must be using Python 3.10 or newer.

Recommendation:
This upgrade requires careful review, especially if you have custom extensions or configurations. Developers should:

  1. Verify any custom KernelManager subclasses and update them to inherit from ServerKernelManager.
  2. Review the new Identity and Authorization APIs if you have custom authentication or permission logic.
  3. Ensure your deployment environment runs a supported Python version (3.10+).

Source: Jupyter Server 2.0 Release Announcement [2], Changelog [1]

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants