2019-05-28 17:28:52 +02:00
-------------------------------------------------------------------
Tue May 28 06:21:40 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Use noun phrase in summary.
2019-05-24 14:03:33 +02:00
-------------------------------------------------------------------
Fri May 24 03:33:21 UTC 2019 - Todd R <toddrme2178@gmail.com>
- Add a jupyter-specific language package
2019-05-22 22:11:08 +02:00
-------------------------------------------------------------------
Wed May 22 18:59:10 UTC 2019 - Todd R <toddrme2178@gmail.com>
- Split directories and macros into separate package.
- Make lang subpackage python version-specific
2019-05-15 18:10:53 +02:00
-------------------------------------------------------------------
Wed May 15 15:56:00 UTC 2019 - Todd R <toddrme2178@gmail.com>
- Add conflicts to jupyter subpackage to more explicitly handle
file overlaps with old naming scheme.
Accepting request 697875 from home:TheBlackCat:branches:devel:languages:python:jupyter
- Update to 5.7.8
* Fix regression in restarting kernels in 5.7.5.
The restart handler would return before restart was completed.
* Further improve compatibility with tornado 6 with improved
checks for when websockets are closed.
* Fix regression in 5.7.6 on Windows where .js files could have the wrong mime-type.
* Fix Open Redirect vulnerability (CVE-2019-10255)
where certain malicious URLs could redirect from the Jupyter login page
to a malicious site after a successful login.
5.7.7 contained only a partial fix for this issue.
- Rename to to match python package naming guidelines.
- Split jupyter components into own subpackage.
- Add rpm macros.
- Fix doc url
- update to version 5.7.7:
* Fix regression in restarting kernels in 5.7.5. The restart handler
would return before restart was completed.
* Further improve compatibility with tornado 6 with improved checks
for when websockets are closed.
* Fix regression in 5.7.6 on Windows where .js files could have the
wrong mime-type.
* Fix Open Redirect vulnerability where certain malicious URLs could
redirect from the Jupyter login page to a malicious site after a
successful login. A CVE has been requested for this vulnerability.
- update to version 5.7.6:
* 5.7.6 contains a security fix for a cross-site inclusion (XSSI)
vulnerability, where files at a known URL could be included in a
page from an unauthorized website if the user is logged into a
Jupyter server. The fix involves setting the
X-Content-Type-Options: nosniff header, and applying CSRF checks
previously on all non-GET API requests to GET requests to API
endpoints and the /files/ endpoint.
The attacking page is able to access some contents of files when
using Internet Explorer through script errors, but this has not
been demonstrated with other browsers. A CVE has been requested
for this vulnerability.
- update to version 5.7.5:
* Fix compatibility with tornado 6 (:ghpull:`4392`, :ghpull:`4449`).
* Fix opening integer filedescriptor during startup on Python 2
(:ghpull:`4349`)
* Fix compatibility with asynchronous KernelManager.restart_kernel
methods (:ghpull:`4412`)
- Update requirements: python-jupyter_core >= 4.4.0, python-terminado >= 0.8.1.
- Fix {name} -> %{name}
- Update to 5.7.4
* fixes a bug introduced in 5.7.3, in which the ``list_running_servers()``
function attempts to parse HTML files as JSON, and consequently crashes
(:ghpull:`4284`).
- Update to 5.7.3
* Launch the browser with a local file which redirects to the server address
including the authentication token (:ghpull:`4260`).
This prevents another logged-in user from stealing the token from command line
arguments and authenticating to the server.
The single-use token previously used to mitigate this has been removed.
Thanks to Dr. Owain Kenway for suggesting the local file approach.
* Upgrade bootstrap to 3.4, fixing an XSS vulnerability, which has been
assigned `CVE-2018-14041 <https://nvd.nist.gov/vuln/detail/CVE-2018-14041>`_
(:ghpull:`4271`).
- update to version 5.7.2:
* 5.7.2 contains a security fix preventing malicious directory names
from being able to execute javascript. CVE request pending.
- changes from version 5.7.1:
* 5.7.1 contains a security fix preventing nbconvert endpoints from
executing javascript with access to the server API. CVE request
pending.
- Update to version 5.7.0
+ New features:
* Update to CodeMirror to 5.37, which includes f-string sytax for Python 3.6 (:ghpull:`3816`)
* Update jquery-ui to 1.12 (:ghpull:`3836`)
* Check Host header to more securely protect localhost deployments from DNS rebinding.
This is a pre-emptive measure, not fixing a known vulnerability (:ghpull:`3766`).
Use ``.NotebookApp.allow_remote_access`` and ``.NotebookApp.local_hostnames`` to configure
access.
* Allow access-control-allow-headers to be overridden (:ghpull:`3886`)
* Allow configuring max_body_size and max_buffer_size (:ghpull:`3829`)
* Allow configuring get_secure_cookie keyword-args (:ghpull:`3778`)
* Respect nbconvert entrypoints as sources for exporters (:ghpull:`3879`)
* Include translation sources in source distributions (:ghpull:`3925`, :ghpull:`3931`)
* Various improvements to documentation (:ghpull:`3799`, :ghpull:`3800`,
:ghpull:`3806`, :ghpull:`3883`, :ghpull:`3908`)
+ Fixing problems:
* Fix breadcrumb link when running with a base url (:ghpull:`3905`)
* Fix possible type error when closing activity stream (:ghpull:`3907`)
* Disable metadata editing for non-editable cells (:ghpull:`3744`)
* Fix some styling and alignment of prompts caused by regressions in 5.6.0.
* Enter causing page reload in shortcuts editor (:ghpull:`3871`)
* Fix uploading to the same file twice (:ghpull:`3712`)
* Drop -doc subpackage. Use pre-built upstream docs instead.
- Update to version 5.6.0
+ New features:
* Execute cells by clicking icon in input prompt (:ghpull:`3535`, :ghpull:`3687`)
* New "Save as" menu option (:ghpull:`3289`)
* When serving on a loopback interface, protect against DNS rebinding by
checking the ``Host`` header from the browser (:ghpull:`3714`).
This check can be disabled if necessary by setting
``NotebookApp.allow_remote_access``.
(Disabled by default while we work out some Mac issues in :ghissue:`3754`).
* Add kernel_info_timeout traitlet to enable restarting slow kernels (:ghpull:`3665`)
* Add ``custom_display_host`` config option to override displayed URL (:ghpull:`3668`)
* Add /metrics endpoint for Prometheus Metrics (:ghpull:`3490`)
* Update to MathJax 2.7.4 (:ghpull:`3751`)
* Update to jQuery 3.3 (:ghpull:`3655`)
* Update marked to 0.4 (:ghpull:`3686`)
+ Fixing problems:
* Don't duplicate token in displayed URL (:ghpull:`3656`)
* Clarify displayed URL when listening on all interfaces (:ghpull:`3703`)
* Don't trash non-empty directories on Windows (:ghpull:`3673`)
* Include LICENSE file in wheels (:ghpull:`3671`)
- Don't show "0 active kernels" when starting the notebook (:ghpull:`3696`)
+ Testing:
* Add find replace test (:ghpull:`3630`)
* Selenium test for deleting all cells (:ghpull:`3601`)
* Make creating a new notebook more robust (:ghpull:`3726`)
- Update to version 5.5.0
+ New features:
* The files list now shows file sizes (:ghpull:`3539`)
* Add a quit button in the dashboard (:ghpull:`3004`)
* Display hostname in the terminal when running remotely (:ghpull:`3356`, :ghpull:`3593`)
* Add slides exportation/download to the menu (:ghpull:`3287`)
* Add any extra installed nbconvert exporters to the "Download as" menu (:ghpull:`3323`)
* Editor: warning when overwriting a file that is modified on disk (:ghpull:`2783`)
* Display a warning message if cookies are not enabled (:ghpull:`3511`)
* Basic ``__version__`` reporting for extensions (:ghpull:`3541`)
* Add ``NotebookApp.terminals_enabled`` config option (:ghpull:`3478`)
* Make buffer time between last modified on disk and last modified on last save configurable (:ghpull:`3273`)
* Allow binding custom shortcuts for 'close and halt' (:ghpull:`3314`)
* Add description for 'Trusted' notification (:ghpull:`3386`)
* Add ``settings['activity_sources']`` (:ghpull:`3401`)
* Add an ``output_updated.OutputArea`` event (:ghpull:`3560`)
+ Fixing problems:
* Fixes to improve web accessibility (:ghpull:`3507`)
There is more to do on this! See :ghissue:`1801`.
* Fixed color contrast issue in tree.less (:ghpull:`3336`)
* Allow cancelling upload of large files (:ghpull:`3373`)
* Don't clear login cookie on requests without cookie (:ghpull:`3380`)
* Don't trash files on different device to home dir on Linux (:ghpull:`3304`)
* Clear waiting asterisks when restarting kernel (:ghpull:`3494`)
* Fix output prompt when ``execution_count`` missing (:ghpull:`3236`)
* Make the 'changed on disk' dialog work when displayed twice (:ghpull:`3589`)
* Fix going back to root directory with history in notebook list (:ghpull:`3411`)
* Allow defining keyboard shortcuts for missing actions (:ghpull:`3561`)
* Prevent default on pageup/pagedown when completer is active (:ghpull:`3500`)
* Prevent default event handling on new terminal (:ghpull:`3497`)
* ConfigManager should not write out default values found in the .d directory (:ghpull:`3485`)
* Fix leak of iopub object in activity monitoring (:ghpull:`3424`)
* Javascript lint in notebooklist.js (:ghpull:`3409`)
* Some Javascript syntax fixes (:ghpull:`3294`)
* Convert native for loop to ``Array.forEach()`` (:ghpull:`3477`)
* Disable cache when downloading nbconvert output (:ghpull:`3484`)
* Add missing digestmod arg to HMAC (:ghpull:`3399`)
* Log OSErrors failing to create less-critical files during startup (:ghpull:`3384`)
* Use powershell on Windows (:ghpull:`3379`)
* API spec improvements, API handler improvements (:ghpull:`3368`)
* Set notebook to dirty state after change to kernel metadata (:ghpull:`3350`)
* Use CSP header to treat served files as belonging to a separate origin (:ghpull:`3341`)
* Don't install gettext into builtins (:ghpull:`3330`)
* Add missing ``import _`` (:ghpull:`3316`, :ghpull:`3326`)
* Write ``notebook.json`` file atomically (:ghpull:`3305`)
* Fix clicking with modifiers, page title updates (:ghpull:`3282`)
* Upgrade jQuery to version 2.2 (:ghpull:`3428`)
* Upgrade xterm.js to 3.1.0 (:ghpull:`3189`)
* Upgrade moment.js to 2.19.3 (:ghpull:`3562`)
* Upgrade CodeMirror to 5.35 (:ghpull:`3372`)
* "Require" pyzmq>=17 (:ghpull:`3586`)
+ Documentation:
* Documentation updates and organisation (:ghpull:`3584`)
* Add section in docs about privacy (:ghpull:`3571`)
* Add explanation on how to change the type of a cell to Markdown (:ghpull:`3377`)
* Update docs with confd implementation details (:ghpull:`3520`)
* Add more information for where ``jupyter_notebook_config.py`` is located (:ghpull:`3346`)
* Document options to enable nbextensions in specific sections (:ghpull:`3525`)
* jQuery attribute selector value MUST be surrounded by quotes (:ghpull:`3527`)
* Do not execute special notebooks with nbsphinx (:ghpull:`3360`)
* Other minor fixes in :ghpull:`3288`, :ghpull:`3528`, :ghpull:`3293`, :ghpull:`3367`
+ Testing:
* Testing with Selenium & Sauce labs (:ghpull:`3321`)
* Selenium utils + markdown rendering tests (:ghpull:`3458`)
* Convert insert cell tests to Selenium (:ghpull:`3508`)
* Convert prompt numbers tests to Selenium (:ghpull:`3554`)
* Convert delete cells tests to Selenium (:ghpull:`3465`)
* Convert undelete cell tests to Selenium (:ghpull:`3475`)
* More selenium testing utilities (:ghpull:`3412`)
* Only check links when build is trigger by Travis Cron job (:ghpull:`3493`)
* Fix Appveyor build errors (:ghpull:`3430`)
* Undo patches in teardown before attempting to delete files (:ghpull:`3459`)
* Get tests running with tornado 5 (:ghpull:`3398`)
* Unpin ipykernel version on Travis (:ghpull:`3223`)
- Update to version 5.4.1
* A security release to fix CVE-2018-8768.
- Package directory needed by jupyterlab
- Package additional directories.
- update to version 5.4.0
* Fix creating files and folders after navigating directories in the dashboard
(:ghpull:`3264`).
* Enable printing notebooks in colour, removing the CSS that made everything
black and white (:ghpull:`3212`).
* Limit the completion options displayed in the notebook to 1000, to avoid
performance issues with very long lists (:ghpull:`3195`).
* Accessibility improvements in ``tree.html`` (:ghpull:`3271`).
* Added alt-text to the kernel logo image in the notebook UI (:ghpull:`3228`).
* Added a test on Travis CI to flag if symlinks are accidentally introduced
in the future. This should prevent the issue that necessitated
:ref:`release-5.3.1` (:ghpull:`3227`).
* Use lowercase letters for random IDs generated in our Javascript
(:ghpull:`3264`).
* Removed duplicate code setting ``TextCell.notebook`` (:ghpull:`3256`).
- update to version 5.3.1
* Add support for terminals on windows (:ghpull:`3087`).
* Add a "restart and run all" button to the toolbar (:ghpull:`2965`).
* Send files to os trash mechanism on delete (:ghpull:`1968`).
* Allow programmatic copy to clipboard (:ghpull:`3088`).
* Use DOM History API for navigating between directories in the file browser (:ghpull:`3115`).
* Add translated files to folder(docs-translations) (:ghpull:`3065`).
* Allow non empty dirs to be deleted (:ghpull:`3108`).
* Set cookie on base_url (:ghpull:`2959`).
* Allow token-authenticated requests cross-origin by default (:ghpull:`2920`).
* Change cull_idle_timeout_minimum to 1 from 300 (:ghpull:`2910`).
* Config option to shut down server after n seconds with no kernels (:ghpull:`2963`).
* Display a "close" button on load notebook error (:ghpull:`3176`).
* Add action to command pallette to run CodeMirror's "indentAuto" on selection (:ghpull:`3175`).
* Add option to specify extra services (:ghpull:`3158`).
* Warn_bad_name should not use global name (:ghpull:`3160`).
* Avoid overflow of hidden form (:ghpull:`3148`).
* Fix shutdown trans loss (:ghpull:`3147`).
* Find available kernelspecs more efficiently (:ghpull:`3136`).
* Don\'t try to translate missing help strings (:ghpull:`3122`).
* Frontend/extension-config: allow default json files in a .d directory (:ghpull:`3116`).
* Use `requirejs` vs. `require` (:ghpull:`3097`).
* Fixes some ui bugs in firefox #3044 (:ghpull:`3058`).
* Compare non-specific language code when choosing to use arabic numerals (:ghpull:`3055`).
* Fix save-script deprecation (:ghpull:`3053`).
* Include moment locales in package_data (:ghpull:`3051`).
* Fix moment locale loading in bidi support (:ghpull:`3048`).
* Tornado 5: periodiccallback loop arg will be removed (:ghpull:`3034`).
* Use `/files` prefix for pdf-like files (:ghpull:`3031`).
* Add folder for document translation (:ghpull:`3022`).
* When login-in via token, let a chance for user to set the password (:ghpull:`3008`).
* Switch to jupyter_core implementation of ensure_dir_exists (:ghpull:`3002`).
* Send http shutdown request on \'stop\' subcommand (:ghpull:`3000`).
* Work on loading ui translations (:ghpull:`2969`).
* Fix ansi inverse (:ghpull:`2967`).
* Add send2trash to requirements for building docs (:ghpull:`2964`).
* I18n readme.md improvement (:ghpull:`2962`).
* Add \'reason\' field to json error responses (:ghpull:`2958`).
* Add some padding for stream outputs (:ghpull:`3194`).
* Always use setuptools in ``setup.py`` (:ghpull:`3206`).
* Fix clearing cookies on logout when ``base_url`` is configured (:ghpull:`3207`).
- update to version 5.2.2:
* set cookie on base_urls (:ghpull:`2959`).
- update to version 5.2.1:
* Fix invisible CodeMirror cursor at specific browser zoom levels
(:ghpull:`2983`).
* Fix nbconvert handler causing broken export to PDF
(:ghpull:`2981`).
* Fix the prompt_area argument of the output area
constructor. (:ghpull:`2961`).
* Handle a compound extension in new_untitled (:ghpull:`2949`).
* Allow disabling offline message buffering (:ghpull:`2916`).
- Update to 5.2.0
* Make all files in the dashboard editable by default and provide
a whitelist of viewable file extensions (:ghpull:`2911`).
* Ensure that the root directory is not hidden (:ghpull:`2907`).
* Fix CodeMirror styling issue (:ghpull:`2880`).
* Update error handling on ``APIHandlers`` (:ghpull:`2853`).
* Upgrade xterm.js to 2.9.2 (:ghpull:`2849`).
* Add Chinese translations (depends on upcoming UI implementation)
(:ghpull:`2804`).
* Allow for simpler customization of ``output_prompt`` in
custom.js (:ghpull:`2774`).
* Use RFC5987 encoding for filenames (:ghpull:`2767`).
* Add path to the resources metadata (:ghpull:`2753`).
* Make ``extraKeys`` consistent between notebook and editor views
(:ghpull:`2745`).
* Add RTL (right-to-left) support (:ghpull:`2357`).
- Update to 5.1.0
* Preliminary i18n implementation
* Expose URL with auth token in notebook UI
* Fix search background style
* List running notebooks without requiring ``--allow-root``
* Allow session of type other than notebook
* Fix search background style
* Fix some Markdown styling issues
* Remove keymaps that conflict with non-English keyboards
* Add session-specific favicons (notebook, terminal, file)
* Add /api/shutdown handler
* Include metadata when copying a cell
* Stop notebook server from command line
* Improve "View" and "Edit" file handling in dashboard
* Provide a promise to replace use of the ``app_initialized.NotebookApp`` event
* Fix disabled collapse/expand output button
* Cull idle kernels using ``--MappingKernelManager.cull_idle_timeout``
* Allow read-only notebooks to be trusted
- All python versions can share the empty extension directories
without conflicting.
- Implement single-spec version.
- Update to version 5.0.0
* Files in the dashboard may now be sorted by last modified date or name (:ghpull:`943`):
* There is a new cell toolbar for adding *cell tags* (:ghpull:`2048`):
* The default styling for tables in the notebook has been updated (:ghpull:`1776`).
* You can now edit keyboard shortcuts for *Command Mode* within the UI
* You can copy and paste cells between notebooks, using :kbd:`Ctrl-C` and
:kbd:`Ctrl-V` (:kbd:`Cmd-C` and :kbd:`Cmd-V` on Mac).
* It's easier to configure a password for the notebook with the new
``jupyter notebook password`` command (:ghpull:`2007`).
* The file list can now be ordered by *last modified* or by *name*
(:ghpull:`943`).
* Markdown cells now support attachments. Simply drag and drop an image from
your desktop to a markdown cell to add it. Unlike relative links that you
enter manually, attachments are embedded in the notebook itself. An
unreferenced attachment will be automatically scrubbed from the notebook on
save (:ghpull:`621`).
* Undoing cell deletion now supports undeleting multiple cells. Cells may not be
in the same order as before their deletion, depending on the actions you did
on the meantime, but this should should help reduce the impact of
accidentally deleting code.
* The file browser now has *Edit* and *View* buttons.
* The file browser now supports moving multiple files at once
(:ghpull:`1088`).
* The Notebook will refuse to run as root unless the ``--allow-root`` flag is
given (:ghpull:`1115`).
* Keyboard shortcuts are now declarative (:ghpull:`1234`).
* Toggling line numbers can now affect all cells (:ghpull:`1312`).
* Add more visible *Trusted* and *Untrusted* notifications (:ghpull:`1658`).
* The favicon (browser shortcut icon) now changes to indicate when the kernel is busy
(:ghpull:`1837`).
* Header and toolbar visibility is now persisted in nbconfig and across sessions
(:ghpull:`1769`).
* Load server extensions with ConfigManager so that merge happens recursively,
unlike normal config values, to make it load more consistently with frontend
extensions(:ghpull:`2108`).
* The notebook server now supports the `bundler API
<http://jupyter-notebook.readthedocs.io/en/latest/extending/bundler_extensions.html>`__
from the `jupyter_cms incubator project
<https://github.com/jupyter-incubator/contentmanagement>`__ (:ghpull:`1579`).
* The notebook server now provides information about kernel activity in
its kernel resource API (:ghpull:`1827`).
- Update to 4.4.0
* Allow override of output callbacks to redirect output messages. This is used to implement the ipywidgets Output widget, for example.
* Fix an async bug in message handling by allowing comm message handlers to return a promise which halts message processing until the promise resolves.
- Update to 4.3.2
* Monkey-patch for CodeMirror that resolves `#2037 <https://github.com/jupyter/notebook/issues/2037>`__ without breaking `#1967 <https://github.com/jupyter/notebook/issues/1967>`__
* Read-only (``"editable": false``) cells can be executed but cannot be split, merged, or deleted
- Update to 4.3.1
* CVE-2016-9971. Fix CSRF vulnerability,
where malicious forms could create untitled files and start kernels
(no remote execution or modification of existing files)
for users of certain browsers (Firefox, Internet Explorer / Edge).
All previous notebook releases are affected.
- Bug fixes:
* Fix carriage return handling
* Make the font size more robust against fickle browsers
* Ignore resize events that bubbled up and didn't come from window
* Add Authorization to allowed CORS headers
* Downgrade CodeMirror to 5.16 while we figure out issues in Safari
- Other improvements:
* Better docs for token-based authentication
* Further highlight token info in log output when autogenerated
- Update to 4.3.0
- Highlights:
* API for creating mime-type based renderer extensions using :code:`OutputArea.register_mime_type` and :code:`Notebook.render_cell_output` methods. See `mimerender-cookiecutter <https://github.com/jupyterlab/mimerender-cookiecutter>`__ for reference implementations and cookiecutter.
* Enable token authentication by default. See :ref:`server_security` for more details.
* Update security docs to reflect new signature system
* Switched from term.js to xterm.js
- Bug fixes:
* Ensure variable is set if exc_info is falsey
* Catch and log handler exceptions in :code:`events.trigger`
* Add debug log for static file paths
* Don't check origin on token-authenticated requests
* Remove leftover print statement
* Fix highlighting of Python code blocks
* :code:`json_errors` should be outermost decorator on API handlers
* Fix remove old nbserver info files
* Fix notebook mime type on download links
* Fix carriage symbol bahvior
* Fix terminal styles
* Update dead links in docs
* If kernel is broken, start a new session
* Include cross-origin check when allowing login URL redirects
- Other improvements:
* Allow JSON output data with mime type "application/*+json"
* Allow kernelspecs to have spaces in them for backward compat
* Allow websocket connections from scripts
* Allow :code:`None` for post_save_hook
* Upgrade CodeMirror to 5.21
* Upgrade xterm to 2.1.0
* Docs for using comms
* Set :code:`dirty` flag when output arrives
* Set :code:`ws-url` data attribute when accessing a notebook terminal
* Add base aliases for nbextensions
* Include :code:`@` operator in CodeMirror IPython mode
* Extend mathjax_url docstring
* Load nbextension in predictable order
* Improve the error messages for nbextensions
* Include cross-origin check when allowing login URL redirects
- Update to 4.2.3
* Fix regression in 4.2.2 that delayed loading custom.js
until after ``notebook_loaded`` and ``app_initialized`` events have fired.
* Fix some outdated docs and links.
- Update to 4.2.2
* **Security fix**: CVE-2016-6524, where untrusted latex output
could be added to the page in a way that could execute javascript.
* Fix missing POST in OPTIONS responses.
* Fix for downloading non-ascii filenames.
* Avoid clobbering ssl_options, so that users can specify more detailed SSL configuration.
* Fix inverted load order in nbconfig, so user config has highest priority.
* Improved error messages here and there.
- Update to 4.2.1
* Compatibility fixes for some versions of ipywidgets
* Fix for ignored CSS on Windows
* Fix specifying destination when installing nbextensions
- Update to 4.2.0
* Upgrade MathJax to 2.6 to fix vertical-bar appearing on some equations.
* Restore ability for notebook directory to be root (4.1 regression)
* Large outputs are now throttled, reducing the ability of output floods to
kill the browser.
* Fix the notebook ignoring cell executions while a kernel is starting by queueing the messages.
* Fix handling of url prefixes (e.g. JupyterHub) in terminal and edit pages.
* Support nested SVGs in output.
- Create doc subpackage
- Update to 4.1.0
+ Bug fixes:
- Properly reap zombie subprocesses
- Fix cross-origin problems
- Fix double-escaping of the base URL prefix
- Handle invalid unicode filenames more gracefully
- Fix ANSI color-processing
- Send keepalive messages for web terminals
- Fix bugs in the notebook tour
+ UI changes:
- Moved the cell toolbar selector into the *View* menu. Added
a button that triggers a "hint" animation to the main toolbar
so users can find the new location.
- Added *Restart & Run All* to the *Kernel* menu. Users can
also bind it to a keyboard shortcut on action
``restart-kernel-and-run-all-cells``.
- Added multiple-cell selection. Users press ``Shift-Up/Down``
or ``Shift-K/J`` to extend selection in command mode.
Various actions such as cut/copy/paste, execute, and cell
type conversions apply to all selected cells.
- Added a command palette for executing Jupyter actions by
name. Users press ``Cmd/Ctrl-Shift-P`` or click the new
command palette icon on the toolbar.
- Added a *Find and Replace* dialog to the *Edit* menu.
Users can also press ``F`` in command mode to show the
dialog.
+ Other improvements:
- Custom KernelManager methods can be Tornado coroutines,
allowing async operations.
- Make clearing output optional when rewriting input with
``set_next_input(replace=True)``.
- Added support for TLS client authentication via
``--NotebookApp.client-ca``.
- Added tags to ``jupyter/notebook`` releases on DockerHub.
``latest`` continues to track the master branch.
- update to version 4.0.6:
* fix installation of mathjax support files
* fix some double-escape regressions in 4.0.5
* fix a couple of cases where errors could prevent opening a notebook
- specfile:
* filename change: tgz->tar.gz
- Build documentation
- Update to 4.0.5
* Fix launching the notebook on Windows
* Fix the path searched for frontend config
- Initial version
OBS-URL: https://build.opensuse.org/request/show/697875
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:jupyter/python-notebook?expand=0&rev=1
2019-04-25 17:50:53 +02:00
-------------------------------------------------------------------
Thu Apr 25 01:59:57 UTC 2019 - Todd R <toddrme2178@gmail.com>
- Update to 5.7.8
* Fix regression in restarting kernels in 5.7.5.
The restart handler would return before restart was completed.
* Further improve compatibility with tornado 6 with improved
checks for when websockets are closed.
* Fix regression in 5.7.6 on Windows where .js files could have the wrong mime-type.
* Fix Open Redirect vulnerability (CVE-2019-10255)
where certain malicious URLs could redirect from the Jupyter login page
to a malicious site after a successful login.
5.7.7 contained only a partial fix for this issue.
- Rename to to match python package naming guidelines.
- Split jupyter components into own subpackage.
- Add rpm macros.
-------------------------------------------------------------------
Mon Apr 1 15:20:25 UTC 2019 - Todd R <toddrme2178@gmail.com>
- Fix doc url
-------------------------------------------------------------------
Sat Mar 30 16:47:07 UTC 2019 - Arun Persaud <arun@gmx.de>
- update to version 5.7.7:
* Fix regression in restarting kernels in 5.7.5. The restart handler
would return before restart was completed.
* Further improve compatibility with tornado 6 with improved checks
for when websockets are closed.
* Fix regression in 5.7.6 on Windows where .js files could have the
wrong mime-type.
* Fix Open Redirect vulnerability where certain malicious URLs could
redirect from the Jupyter login page to a malicious site after a
successful login. A CVE has been requested for this vulnerability.
-------------------------------------------------------------------
Sun Mar 10 16:48:18 UTC 2019 - Arun Persaud <arun@gmx.de>
- update to version 5.7.6:
* 5.7.6 contains a security fix for a cross-site inclusion (XSSI)
vulnerability, where files at a known URL could be included in a
page from an unauthorized website if the user is logged into a
Jupyter server. The fix involves setting the
X-Content-Type-Options: nosniff header, and applying CSRF checks
previously on all non-GET API requests to GET requests to API
endpoints and the /files/ endpoint.
The attacking page is able to access some contents of files when
using Internet Explorer through script errors, but this has not
been demonstrated with other browsers. A CVE has been requested
for this vulnerability.
-------------------------------------------------------------------
Sat Mar 9 16:09:30 UTC 2019 - Arun Persaud <arun@gmx.de>
- update to version 5.7.5:
* Fix compatibility with tornado 6 (:ghpull:`4392`, :ghpull:`4449`).
* Fix opening integer filedescriptor during startup on Python 2
(:ghpull:`4349`)
* Fix compatibility with asynchronous KernelManager.restart_kernel
methods (:ghpull:`4412`)
-------------------------------------------------------------------
Fri Jan 11 13:00:13 UTC 2019 - rolf@rotkraut.de
- Update requirements: python-jupyter_core >= 4.4.0, python-terminado >= 0.8.1.
-------------------------------------------------------------------
Wed Jan 9 02:17:01 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Fix {name} -> %{name}
-------------------------------------------------------------------
Fri Jan 4 16:35:02 UTC 2019 - Todd R <toddrme2178@gmail.com>
- Update to 5.7.4
* fixes a bug introduced in 5.7.3, in which the ``list_running_servers()``
function attempts to parse HTML files as JSON, and consequently crashes
(:ghpull:`4284`).
- Update to 5.7.3
* Launch the browser with a local file which redirects to the server address
including the authentication token (:ghpull:`4260`).
This prevents another logged-in user from stealing the token from command line
arguments and authenticating to the server.
The single-use token previously used to mitigate this has been removed.
Thanks to Dr. Owain Kenway for suggesting the local file approach.
* Upgrade bootstrap to 3.4, fixing an XSS vulnerability, which has been
assigned `CVE-2018-14041 <https://nvd.nist.gov/vuln/detail/CVE-2018-14041>`_
(:ghpull:`4271`).
-------------------------------------------------------------------
Sat Nov 24 20:05:29 UTC 2018 - Arun Persaud <arun@gmx.de>
- update to version 5.7.2:
* 5.7.2 contains a security fix preventing malicious directory names
from being able to execute javascript. CVE request pending.
- changes from version 5.7.1:
* 5.7.1 contains a security fix preventing nbconvert endpoints from
executing javascript with access to the server API. CVE request
pending.
-------------------------------------------------------------------
Fri Sep 28 03:58:22 UTC 2018 - Todd R <toddrme2178@gmail.com>
- Update to version 5.7.0
+ New features:
* Update to CodeMirror to 5.37, which includes f-string sytax for Python 3.6 (:ghpull:`3816`)
* Update jquery-ui to 1.12 (:ghpull:`3836`)
* Check Host header to more securely protect localhost deployments from DNS rebinding.
This is a pre-emptive measure, not fixing a known vulnerability (:ghpull:`3766`).
Use ``.NotebookApp.allow_remote_access`` and ``.NotebookApp.local_hostnames`` to configure
access.
* Allow access-control-allow-headers to be overridden (:ghpull:`3886`)
* Allow configuring max_body_size and max_buffer_size (:ghpull:`3829`)
* Allow configuring get_secure_cookie keyword-args (:ghpull:`3778`)
* Respect nbconvert entrypoints as sources for exporters (:ghpull:`3879`)
* Include translation sources in source distributions (:ghpull:`3925`, :ghpull:`3931`)
* Various improvements to documentation (:ghpull:`3799`, :ghpull:`3800`,
:ghpull:`3806`, :ghpull:`3883`, :ghpull:`3908`)
+ Fixing problems:
* Fix breadcrumb link when running with a base url (:ghpull:`3905`)
* Fix possible type error when closing activity stream (:ghpull:`3907`)
* Disable metadata editing for non-editable cells (:ghpull:`3744`)
* Fix some styling and alignment of prompts caused by regressions in 5.6.0.
* Enter causing page reload in shortcuts editor (:ghpull:`3871`)
* Fix uploading to the same file twice (:ghpull:`3712`)
* Drop -doc subpackage. Use pre-built upstream docs instead.
-------------------------------------------------------------------
Thu Aug 2 17:21:43 UTC 2018 - toddrme2178@gmail.com
- Update to version 5.6.0
+ New features:
* Execute cells by clicking icon in input prompt (:ghpull:`3535`, :ghpull:`3687`)
* New "Save as" menu option (:ghpull:`3289`)
* When serving on a loopback interface, protect against DNS rebinding by
checking the ``Host`` header from the browser (:ghpull:`3714`).
This check can be disabled if necessary by setting
``NotebookApp.allow_remote_access``.
(Disabled by default while we work out some Mac issues in :ghissue:`3754`).
* Add kernel_info_timeout traitlet to enable restarting slow kernels (:ghpull:`3665`)
* Add ``custom_display_host`` config option to override displayed URL (:ghpull:`3668`)
* Add /metrics endpoint for Prometheus Metrics (:ghpull:`3490`)
* Update to MathJax 2.7.4 (:ghpull:`3751`)
* Update to jQuery 3.3 (:ghpull:`3655`)
* Update marked to 0.4 (:ghpull:`3686`)
+ Fixing problems:
* Don't duplicate token in displayed URL (:ghpull:`3656`)
* Clarify displayed URL when listening on all interfaces (:ghpull:`3703`)
* Don't trash non-empty directories on Windows (:ghpull:`3673`)
* Include LICENSE file in wheels (:ghpull:`3671`)
- Don't show "0 active kernels" when starting the notebook (:ghpull:`3696`)
+ Testing:
* Add find replace test (:ghpull:`3630`)
* Selenium test for deleting all cells (:ghpull:`3601`)
* Make creating a new notebook more robust (:ghpull:`3726`)
-------------------------------------------------------------------
Tue May 29 19:24:31 UTC 2018 - toddrme2178@gmail.com
- Update to version 5.5.0
+ New features:
* The files list now shows file sizes (:ghpull:`3539`)
* Add a quit button in the dashboard (:ghpull:`3004`)
* Display hostname in the terminal when running remotely (:ghpull:`3356`, :ghpull:`3593`)
* Add slides exportation/download to the menu (:ghpull:`3287`)
* Add any extra installed nbconvert exporters to the "Download as" menu (:ghpull:`3323`)
* Editor: warning when overwriting a file that is modified on disk (:ghpull:`2783`)
* Display a warning message if cookies are not enabled (:ghpull:`3511`)
* Basic ``__version__`` reporting for extensions (:ghpull:`3541`)
* Add ``NotebookApp.terminals_enabled`` config option (:ghpull:`3478`)
* Make buffer time between last modified on disk and last modified on last save configurable (:ghpull:`3273`)
* Allow binding custom shortcuts for 'close and halt' (:ghpull:`3314`)
* Add description for 'Trusted' notification (:ghpull:`3386`)
* Add ``settings['activity_sources']`` (:ghpull:`3401`)
* Add an ``output_updated.OutputArea`` event (:ghpull:`3560`)
+ Fixing problems:
* Fixes to improve web accessibility (:ghpull:`3507`)
There is more to do on this! See :ghissue:`1801`.
* Fixed color contrast issue in tree.less (:ghpull:`3336`)
* Allow cancelling upload of large files (:ghpull:`3373`)
* Don't clear login cookie on requests without cookie (:ghpull:`3380`)
* Don't trash files on different device to home dir on Linux (:ghpull:`3304`)
* Clear waiting asterisks when restarting kernel (:ghpull:`3494`)
* Fix output prompt when ``execution_count`` missing (:ghpull:`3236`)
* Make the 'changed on disk' dialog work when displayed twice (:ghpull:`3589`)
* Fix going back to root directory with history in notebook list (:ghpull:`3411`)
* Allow defining keyboard shortcuts for missing actions (:ghpull:`3561`)
* Prevent default on pageup/pagedown when completer is active (:ghpull:`3500`)
* Prevent default event handling on new terminal (:ghpull:`3497`)
* ConfigManager should not write out default values found in the .d directory (:ghpull:`3485`)
* Fix leak of iopub object in activity monitoring (:ghpull:`3424`)
* Javascript lint in notebooklist.js (:ghpull:`3409`)
* Some Javascript syntax fixes (:ghpull:`3294`)
* Convert native for loop to ``Array.forEach()`` (:ghpull:`3477`)
* Disable cache when downloading nbconvert output (:ghpull:`3484`)
* Add missing digestmod arg to HMAC (:ghpull:`3399`)
* Log OSErrors failing to create less-critical files during startup (:ghpull:`3384`)
* Use powershell on Windows (:ghpull:`3379`)
* API spec improvements, API handler improvements (:ghpull:`3368`)
* Set notebook to dirty state after change to kernel metadata (:ghpull:`3350`)
* Use CSP header to treat served files as belonging to a separate origin (:ghpull:`3341`)
* Don't install gettext into builtins (:ghpull:`3330`)
* Add missing ``import _`` (:ghpull:`3316`, :ghpull:`3326`)
* Write ``notebook.json`` file atomically (:ghpull:`3305`)
* Fix clicking with modifiers, page title updates (:ghpull:`3282`)
* Upgrade jQuery to version 2.2 (:ghpull:`3428`)
* Upgrade xterm.js to 3.1.0 (:ghpull:`3189`)
* Upgrade moment.js to 2.19.3 (:ghpull:`3562`)
* Upgrade CodeMirror to 5.35 (:ghpull:`3372`)
* "Require" pyzmq>=17 (:ghpull:`3586`)
+ Documentation:
* Documentation updates and organisation (:ghpull:`3584`)
* Add section in docs about privacy (:ghpull:`3571`)
* Add explanation on how to change the type of a cell to Markdown (:ghpull:`3377`)
* Update docs with confd implementation details (:ghpull:`3520`)
* Add more information for where ``jupyter_notebook_config.py`` is located (:ghpull:`3346`)
* Document options to enable nbextensions in specific sections (:ghpull:`3525`)
* jQuery attribute selector value MUST be surrounded by quotes (:ghpull:`3527`)
* Do not execute special notebooks with nbsphinx (:ghpull:`3360`)
* Other minor fixes in :ghpull:`3288`, :ghpull:`3528`, :ghpull:`3293`, :ghpull:`3367`
+ Testing:
* Testing with Selenium & Sauce labs (:ghpull:`3321`)
* Selenium utils + markdown rendering tests (:ghpull:`3458`)
* Convert insert cell tests to Selenium (:ghpull:`3508`)
* Convert prompt numbers tests to Selenium (:ghpull:`3554`)
* Convert delete cells tests to Selenium (:ghpull:`3465`)
* Convert undelete cell tests to Selenium (:ghpull:`3475`)
* More selenium testing utilities (:ghpull:`3412`)
* Only check links when build is trigger by Travis Cron job (:ghpull:`3493`)
* Fix Appveyor build errors (:ghpull:`3430`)
* Undo patches in teardown before attempting to delete files (:ghpull:`3459`)
* Get tests running with tornado 5 (:ghpull:`3398`)
* Unpin ipykernel version on Travis (:ghpull:`3223`)
-------------------------------------------------------------------
Thu Apr 19 14:58:53 UTC 2018 - toddrme2178@gmail.com
- Update to version 5.4.1
* A security release to fix CVE-2018-8768.
-------------------------------------------------------------------
Wed Feb 28 17:43:33 UTC 2018 - toddrme2178@gmail.com
- Package directory needed by jupyterlab
-------------------------------------------------------------------
Thu Feb 15 16:38:14 UTC 2018 - toddrme2178@gmail.com
- Package additional directories.
-------------------------------------------------------------------
Thu Feb 15 15:56:49 UTC 2018 - toddrme2178@gmail.com
- update to version 5.4.0
* Fix creating files and folders after navigating directories in the dashboard
(:ghpull:`3264`).
* Enable printing notebooks in colour, removing the CSS that made everything
black and white (:ghpull:`3212`).
* Limit the completion options displayed in the notebook to 1000, to avoid
performance issues with very long lists (:ghpull:`3195`).
* Accessibility improvements in ``tree.html`` (:ghpull:`3271`).
* Added alt-text to the kernel logo image in the notebook UI (:ghpull:`3228`).
* Added a test on Travis CI to flag if symlinks are accidentally introduced
in the future. This should prevent the issue that necessitated
:ref:`release-5.3.1` (:ghpull:`3227`).
* Use lowercase letters for random IDs generated in our Javascript
(:ghpull:`3264`).
* Removed duplicate code setting ``TextCell.notebook`` (:ghpull:`3256`).
-------------------------------------------------------------------
Thu Jan 18 06:41:05 UTC 2018 - toddrme2178@gmail.com
- update to version 5.3.1
* Add support for terminals on windows (:ghpull:`3087`).
* Add a "restart and run all" button to the toolbar (:ghpull:`2965`).
* Send files to os trash mechanism on delete (:ghpull:`1968`).
* Allow programmatic copy to clipboard (:ghpull:`3088`).
* Use DOM History API for navigating between directories in the file browser (:ghpull:`3115`).
* Add translated files to folder(docs-translations) (:ghpull:`3065`).
* Allow non empty dirs to be deleted (:ghpull:`3108`).
* Set cookie on base_url (:ghpull:`2959`).
* Allow token-authenticated requests cross-origin by default (:ghpull:`2920`).
* Change cull_idle_timeout_minimum to 1 from 300 (:ghpull:`2910`).
* Config option to shut down server after n seconds with no kernels (:ghpull:`2963`).
* Display a "close" button on load notebook error (:ghpull:`3176`).
* Add action to command pallette to run CodeMirror's "indentAuto" on selection (:ghpull:`3175`).
* Add option to specify extra services (:ghpull:`3158`).
* Warn_bad_name should not use global name (:ghpull:`3160`).
* Avoid overflow of hidden form (:ghpull:`3148`).
* Fix shutdown trans loss (:ghpull:`3147`).
* Find available kernelspecs more efficiently (:ghpull:`3136`).
* Don\'t try to translate missing help strings (:ghpull:`3122`).
* Frontend/extension-config: allow default json files in a .d directory (:ghpull:`3116`).
* Use `requirejs` vs. `require` (:ghpull:`3097`).
* Fixes some ui bugs in firefox #3044 (:ghpull:`3058`).
* Compare non-specific language code when choosing to use arabic numerals (:ghpull:`3055`).
* Fix save-script deprecation (:ghpull:`3053`).
* Include moment locales in package_data (:ghpull:`3051`).
* Fix moment locale loading in bidi support (:ghpull:`3048`).
* Tornado 5: periodiccallback loop arg will be removed (:ghpull:`3034`).
* Use `/files` prefix for pdf-like files (:ghpull:`3031`).
* Add folder for document translation (:ghpull:`3022`).
* When login-in via token, let a chance for user to set the password (:ghpull:`3008`).
* Switch to jupyter_core implementation of ensure_dir_exists (:ghpull:`3002`).
* Send http shutdown request on \'stop\' subcommand (:ghpull:`3000`).
* Work on loading ui translations (:ghpull:`2969`).
* Fix ansi inverse (:ghpull:`2967`).
* Add send2trash to requirements for building docs (:ghpull:`2964`).
* I18n readme.md improvement (:ghpull:`2962`).
* Add \'reason\' field to json error responses (:ghpull:`2958`).
* Add some padding for stream outputs (:ghpull:`3194`).
* Always use setuptools in ``setup.py`` (:ghpull:`3206`).
* Fix clearing cookies on logout when ``base_url`` is configured (:ghpull:`3207`).
-------------------------------------------------------------------
Sun Dec 3 19:11:58 UTC 2017 - arun@gmx.de
- update to version 5.2.2:
* set cookie on base_urls (:ghpull:`2959`).
-------------------------------------------------------------------
Sat Nov 4 02:03:55 UTC 2017 - arun@gmx.de
- update to version 5.2.1:
* Fix invisible CodeMirror cursor at specific browser zoom levels
(:ghpull:`2983`).
* Fix nbconvert handler causing broken export to PDF
(:ghpull:`2981`).
* Fix the prompt_area argument of the output area
constructor. (:ghpull:`2961`).
* Handle a compound extension in new_untitled (:ghpull:`2949`).
* Allow disabling offline message buffering (:ghpull:`2916`).
-------------------------------------------------------------------
Thu Oct 26 17:30:52 UTC 2017 - toddrme2178@gmail.com
- Update to 5.2.0
* Make all files in the dashboard editable by default and provide
a whitelist of viewable file extensions (:ghpull:`2911`).
* Ensure that the root directory is not hidden (:ghpull:`2907`).
* Fix CodeMirror styling issue (:ghpull:`2880`).
* Update error handling on ``APIHandlers`` (:ghpull:`2853`).
* Upgrade xterm.js to 2.9.2 (:ghpull:`2849`).
* Add Chinese translations (depends on upcoming UI implementation)
(:ghpull:`2804`).
* Allow for simpler customization of ``output_prompt`` in
custom.js (:ghpull:`2774`).
* Use RFC5987 encoding for filenames (:ghpull:`2767`).
* Add path to the resources metadata (:ghpull:`2753`).
* Make ``extraKeys`` consistent between notebook and editor views
(:ghpull:`2745`).
* Add RTL (right-to-left) support (:ghpull:`2357`).
-------------------------------------------------------------------
Tue Sep 19 20:58:26 UTC 2017 - toddrme2178@gmail.com
- Update to 5.1.0
* Preliminary i18n implementation
* Expose URL with auth token in notebook UI
* Fix search background style
* List running notebooks without requiring ``--allow-root``
* Allow session of type other than notebook
* Fix search background style
* Fix some Markdown styling issues
* Remove keymaps that conflict with non-English keyboards
* Add session-specific favicons (notebook, terminal, file)
* Add /api/shutdown handler
* Include metadata when copying a cell
* Stop notebook server from command line
* Improve "View" and "Edit" file handling in dashboard
* Provide a promise to replace use of the ``app_initialized.NotebookApp`` event
* Fix disabled collapse/expand output button
* Cull idle kernels using ``--MappingKernelManager.cull_idle_timeout``
* Allow read-only notebooks to be trusted
-------------------------------------------------------------------
Thu Apr 27 08:10:10 UTC 2017 - toddrme2178@gmail.com
- All python versions can share the empty extension directories
without conflicting.
-------------------------------------------------------------------
Wed Apr 26 21:32:05 UTC 2017 - toddrme2178@gmail.com
- Implement single-spec version.
-------------------------------------------------------------------
Thu Mar 30 19:44:31 UTC 2017 - toddrme2178@gmail.com
- Update to version 5.0.0
* Files in the dashboard may now be sorted by last modified date or name (:ghpull:`943`):
* There is a new cell toolbar for adding *cell tags* (:ghpull:`2048`):
* The default styling for tables in the notebook has been updated (:ghpull:`1776`).
* You can now edit keyboard shortcuts for *Command Mode* within the UI
* You can copy and paste cells between notebooks, using :kbd:`Ctrl-C` and
:kbd:`Ctrl-V` (:kbd:`Cmd-C` and :kbd:`Cmd-V` on Mac).
* It's easier to configure a password for the notebook with the new
``jupyter notebook password`` command (:ghpull:`2007`).
* The file list can now be ordered by *last modified* or by *name*
(:ghpull:`943`).
* Markdown cells now support attachments. Simply drag and drop an image from
your desktop to a markdown cell to add it. Unlike relative links that you
enter manually, attachments are embedded in the notebook itself. An
unreferenced attachment will be automatically scrubbed from the notebook on
save (:ghpull:`621`).
* Undoing cell deletion now supports undeleting multiple cells. Cells may not be
in the same order as before their deletion, depending on the actions you did
on the meantime, but this should should help reduce the impact of
accidentally deleting code.
* The file browser now has *Edit* and *View* buttons.
* The file browser now supports moving multiple files at once
(:ghpull:`1088`).
* The Notebook will refuse to run as root unless the ``--allow-root`` flag is
given (:ghpull:`1115`).
* Keyboard shortcuts are now declarative (:ghpull:`1234`).
* Toggling line numbers can now affect all cells (:ghpull:`1312`).
* Add more visible *Trusted* and *Untrusted* notifications (:ghpull:`1658`).
* The favicon (browser shortcut icon) now changes to indicate when the kernel is busy
(:ghpull:`1837`).
* Header and toolbar visibility is now persisted in nbconfig and across sessions
(:ghpull:`1769`).
* Load server extensions with ConfigManager so that merge happens recursively,
unlike normal config values, to make it load more consistently with frontend
extensions(:ghpull:`2108`).
* The notebook server now supports the `bundler API
<http://jupyter-notebook.readthedocs.io/en/latest/extending/bundler_extensions.html>`__
from the `jupyter_cms incubator project
<https://github.com/jupyter-incubator/contentmanagement>`__ (:ghpull:`1579`).
* The notebook server now provides information about kernel activity in
its kernel resource API (:ghpull:`1827`).
- Update to 4.4.0
* Allow override of output callbacks to redirect output messages. This is used to implement the ipywidgets Output widget, for example.
* Fix an async bug in message handling by allowing comm message handlers to return a promise which halts message processing until the promise resolves.
- Update to 4.3.2
* Monkey-patch for CodeMirror that resolves `#2037 <https://github.com/jupyter/notebook/issues/2037>`__ without breaking `#1967 <https://github.com/jupyter/notebook/issues/1967>`__
* Read-only (``"editable": false``) cells can be executed but cannot be split, merged, or deleted
- Update to 4.3.1
* CVE-2016-9971. Fix CSRF vulnerability,
where malicious forms could create untitled files and start kernels
(no remote execution or modification of existing files)
for users of certain browsers (Firefox, Internet Explorer / Edge).
All previous notebook releases are affected.
- Bug fixes:
* Fix carriage return handling
* Make the font size more robust against fickle browsers
* Ignore resize events that bubbled up and didn't come from window
* Add Authorization to allowed CORS headers
* Downgrade CodeMirror to 5.16 while we figure out issues in Safari
- Other improvements:
* Better docs for token-based authentication
* Further highlight token info in log output when autogenerated
- Update to 4.3.0
- Highlights:
* API for creating mime-type based renderer extensions using :code:`OutputArea.register_mime_type` and :code:`Notebook.render_cell_output` methods. See `mimerender-cookiecutter <https://github.com/jupyterlab/mimerender-cookiecutter>`__ for reference implementations and cookiecutter.
* Enable token authentication by default. See :ref:`server_security` for more details.
* Update security docs to reflect new signature system
* Switched from term.js to xterm.js
- Bug fixes:
* Ensure variable is set if exc_info is falsey
* Catch and log handler exceptions in :code:`events.trigger`
* Add debug log for static file paths
* Don't check origin on token-authenticated requests
* Remove leftover print statement
* Fix highlighting of Python code blocks
* :code:`json_errors` should be outermost decorator on API handlers
* Fix remove old nbserver info files
* Fix notebook mime type on download links
* Fix carriage symbol bahvior
* Fix terminal styles
* Update dead links in docs
* If kernel is broken, start a new session
* Include cross-origin check when allowing login URL redirects
- Other improvements:
* Allow JSON output data with mime type "application/*+json"
* Allow kernelspecs to have spaces in them for backward compat
* Allow websocket connections from scripts
* Allow :code:`None` for post_save_hook
* Upgrade CodeMirror to 5.21
* Upgrade xterm to 2.1.0
* Docs for using comms
* Set :code:`dirty` flag when output arrives
* Set :code:`ws-url` data attribute when accessing a notebook terminal
* Add base aliases for nbextensions
* Include :code:`@` operator in CodeMirror IPython mode
* Extend mathjax_url docstring
* Load nbextension in predictable order
* Improve the error messages for nbextensions
* Include cross-origin check when allowing login URL redirects
- Update to 4.2.3
* Fix regression in 4.2.2 that delayed loading custom.js
until after ``notebook_loaded`` and ``app_initialized`` events have fired.
* Fix some outdated docs and links.
- Update to 4.2.2
* **Security fix**: CVE-2016-6524, where untrusted latex output
could be added to the page in a way that could execute javascript.
* Fix missing POST in OPTIONS responses.
* Fix for downloading non-ascii filenames.
* Avoid clobbering ssl_options, so that users can specify more detailed SSL configuration.
* Fix inverted load order in nbconfig, so user config has highest priority.
* Improved error messages here and there.
- Update to 4.2.1
* Compatibility fixes for some versions of ipywidgets
* Fix for ignored CSS on Windows
* Fix specifying destination when installing nbextensions
- Update to 4.2.0
* Upgrade MathJax to 2.6 to fix vertical-bar appearing on some equations.
* Restore ability for notebook directory to be root (4.1 regression)
* Large outputs are now throttled, reducing the ability of output floods to
kill the browser.
* Fix the notebook ignoring cell executions while a kernel is starting by queueing the messages.
* Fix handling of url prefixes (e.g. JupyterHub) in terminal and edit pages.
* Support nested SVGs in output.
- Create doc subpackage
-------------------------------------------------------------------
Mon Jan 11 08:24:03 UTC 2016 - toddrme2178@gmail.com
- Update to 4.1.0
+ Bug fixes:
- Properly reap zombie subprocesses
- Fix cross-origin problems
- Fix double-escaping of the base URL prefix
- Handle invalid unicode filenames more gracefully
- Fix ANSI color-processing
- Send keepalive messages for web terminals
- Fix bugs in the notebook tour
+ UI changes:
- Moved the cell toolbar selector into the *View* menu. Added
a button that triggers a "hint" animation to the main toolbar
so users can find the new location.
- Added *Restart & Run All* to the *Kernel* menu. Users can
also bind it to a keyboard shortcut on action
``restart-kernel-and-run-all-cells``.
- Added multiple-cell selection. Users press ``Shift-Up/Down``
or ``Shift-K/J`` to extend selection in command mode.
Various actions such as cut/copy/paste, execute, and cell
type conversions apply to all selected cells.
- Added a command palette for executing Jupyter actions by
name. Users press ``Cmd/Ctrl-Shift-P`` or click the new
command palette icon on the toolbar.
- Added a *Find and Replace* dialog to the *Edit* menu.
Users can also press ``F`` in command mode to show the
dialog.
+ Other improvements:
- Custom KernelManager methods can be Tornado coroutines,
allowing async operations.
- Make clearing output optional when rewriting input with
``set_next_input(replace=True)``.
- Added support for TLS client authentication via
``--NotebookApp.client-ca``.
- Added tags to ``jupyter/notebook`` releases on DockerHub.
``latest`` continues to track the master branch.
-------------------------------------------------------------------
Mon Oct 12 13:43:57 UTC 2015 - toddrme2178@gmail.com
- update to version 4.0.6:
* fix installation of mathjax support files
* fix some double-escape regressions in 4.0.5
* fix a couple of cases where errors could prevent opening a notebook
- specfile:
* filename change: tgz->tar.gz
-------------------------------------------------------------------
Mon Oct 5 10:01:17 UTC 2015 - toddrme2178@gmail.com
- Build documentation
-------------------------------------------------------------------
Wed Sep 23 11:24:40 UTC 2015 - toddrme2178@gmail.com
- Update to 4.0.5
* Fix launching the notebook on Windows
* Fix the path searched for frontend config
-------------------------------------------------------------------
Fri Aug 14 11:28:49 UTC 2015 - toddrme2178@gmail.com
- Initial version