openSUSE has issued an advisory today (August 2): https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VZGF2ZZFSQOBN7NRPXC3MMQXPLYLS2IH/ The issue is fixed upstream in 2.2.10 and 3.0.17: https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4952-p58q-6crx Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 2.2.10 and 3.0.17
3.0.17 pushed to cauldron
CC: (none) => brunoWhiteboard: MGA8TOO => (none)Status: NEW => ASSIGNEDVersion: Cauldron => 8
2.2.10 pushed as well to testing_updates for mga8 Hopefully the move from 2.1.2 to 2.2.10 won't create issues.
Assignee: python => qa-bugs
jupyter-jupyterlab-2.2.10-1.mga8 python3-jupyterlab-2.2.10-1.mga8 from python-jupyterlab-2.2.10-1.mga8.src.rpm
Status comment: Fixed upstream in 2.2.10 and 3.0.17 => (none)
mga8, x64 Installed Core components. Local documentation: /usr/share/doc/jupyter-jupyterlab-server/README.md /usr/share/doc/python3-jupyter-client/README.md /usr/share/doc/python3-jupyter-core/README.md Information only: One of these indicates that sphinx is used to handle or generate local documentation. Some sphinx components are already there but sphinx-2.3.2 can be installed. Could not locate any jupyter_core/docs - maybe that is something extra to download. Once jupyter_core/docs is established the web documentation can be generated from that folder using `make html linkcheck`. A browser would find it at e.g. file:///my/projects/jupyter\_core/docs/\_build/html/index.html Had a stab at starting python3-jupyter-client - not successful. ------------------------------------------------------------------------------ $ rpm -qa | grep jupyterlab python3-jupyterlab-2.1.2-5.mga8 jupyter-jupyterlab-filesystem-20190823-4.mga8 jupyter-jupyterlab-2.1.2-5.mga8 jupyter-jupyterlab-server-1.1.4-2.mga8 Tried to update via qarepo/MageiaUpdate but failed. $ ls <localrepo>/x86_64 jupyter-jupyterlab-2.2.10-1.mga8.noarch.rpm python3-jupyterlab-2.2.10-1.mga8.noarch.rpm $ MageiaUpdate Sorry, the following packages cannot be selected: - jupyter-jupyterlab-2.2.10-1.mga8.noarch - python3-jupyterlab-2.2.10-1.mga8.noarch (due to unsatisfied python3.8dist(jupyterlab-server)[>= 1.1.5])
CC: (none) => tarazed25
$ urpmq --provides jupyter-jupyterlab-server jupyter-jupyterlab-launcher[== 1.1.4] jupyter-jupyterlab-server[== 1.1.4-2.mga8] python3-jupyter_jupyterlab_launcher[== 1.1.4] python3-jupyter_jupyterlab_server[== 1.1.4] python3-jupyterlab-server[== 1.1.4] python3.8dist(jupyterlab-server)[== 1.1.4] python3dist(jupyterlab-server)[== 1.1.4] Looks like jupyter-jupyterlab-server will have to be updated too.
CC: (none) => davidwhodgins
Keywords: (none) => feedback
Added jupyter-jupyterlab-server-1.1.5-1.mga8.noarch Installed it with jupyter-jupyterlab 2.2.10 1.mga8 noarch python3-jupyterlab 2.2.10 1.mga8 noarch Launched jupyter-lab A new tab opens in Firefox. Opened a previously saved notebook. Opens fine.
CC: (none) => yves.brungard_mageia
Updated OK this time. Started jupyter-lab from a terminal and opened a file tab in Firefox at the suggested URL. No real idea what was going on but pasted a python script into the input panel and clicked on run. That worked - Eratosthenes sieve over the range 1-300. Saved the notebook and closed the server with Ctrl-C. Could not find the file in user directory or .local/share/jupyter. Started it again and exported the notebook page as HTML. That appeared in the Downloads directory and could be displayed in the browser directly, code and results. So, something is working but taking this any further would require rather too much time. Far from satisfactory - giving this a tentative OK.
Whiteboard: (none) => MGA8-64-OKKeywords: feedback => (none)
Nobody's come forth asking for more, so I'm validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0060.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED