chore(deps): bump jupyterlab 4.5.6 → 4.5.7 (high CVE GHSA-rch3-82jr-f9w9)#49
Merged
Merged
Conversation
…f9w9) GitHub Dependabot flagged GHSA-rch3-82jr-f9w9 (high): "Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS". Vulnerable range `<= 4.5.6` (and `>= 7.0.0, <= 7.5.5` on the 7.x line); patched in 4.5.7 / 7.5.6. We pin the 4.x line via the `notebook` extra. This is a defence-in-depth bump for a notebook-extra dependency only. JupyterLab is not on a CI surface and not part of the navi-SAD adapter or gate path, but the CommandLinker XSS would let an attacker steal the JupyterLab auth token from any user who renders a maliciously crafted notebook in JupyterLab — small surface, real impact, easy fix. `uv lock --upgrade-package jupyterlab` moves only jupyterlab 4.5.6 -> 4.5.7. No other resolution changes. Verification: - `make all`: 440 CPU + 13 GPU tests pass. - `uv.lock` diff confined to the jupyterlab rows. - transformers Trainer-class CVE (GHSA-69w3-r845-3855) remains open-and-dismissed per the standing not-exploitable disposition (Trainer never invoked in any code path; transformers ~=4.57 is a frozen decision keystone for the Mistral adapter).
Nelson Spence (Fieldnote-Echo)
requested a review
from Navi Bot (project-navi-bot)
as a code owner
Review Summary by QodoBump jupyterlab to 4.5.7 for CommandLinker XSS CVE patch
WalkthroughsDescription• Bump jupyterlab from 4.5.6 to 4.5.7 • Patch high-severity CVE GHSA-rch3-82jr-f9w9 (CommandLinker XSS) • Prevents authentication token theft via malicious notebooks • Defence-in-depth security fix for notebook extra dependency Diagramflowchart LR
A["jupyterlab 4.5.6<br/>vulnerable to GHSA-rch3-82jr-f9w9"] -- "security patch" --> B["jupyterlab 4.5.7<br/>CommandLinker XSS fixed"]
B --> C["notebook extra<br/>auth token protected"]
File Changes1. pyproject.toml
|
Code Review by Qodo🐞 Bugs (0) 📘 Rule violations (0) 📎 Requirement gaps (0)
Great, no issues found!Qodo reviewed your code and found no material issues that require review |
Navi Bot (project-navi-bot)
approved these changes
Apr 30, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes Dependabot alert #17 (high): GHSA-rch3-82jr-f9w9 — Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS.
<= 4.5.6(4.x line) />= 7.0.0, <= 7.5.5(7.x line)4.5.7/7.5.6notebookextra.Scope
Defence-in-depth. JupyterLab isn't on a CI surface and isn't part of the navi-SAD adapter or gate path, so this CVE doesn't reach instrument or gate output, but the CommandLinker XSS would let an attacker steal a JupyterLab auth token from anyone who renders a maliciously crafted notebook — small surface, real impact, easy fix.
uv lock --upgrade-package jupyterlabmoves only jupyterlab 4.5.6 → 4.5.7; no other resolution changes.Test plan
make allclean (440 CPU + 13 GPU tests pass)uv.lockdiff confined to the jupyterlab rows (verified viagit diff uv.lock | grep -E "^[-+]name = " | sort -u)Standing dispositions (unchanged by this PR)
Traineris never invoked in any code path;transformers ~=4.57is a frozen-decisions keystone for the Mistral adapter (Gate 0 parity is forward-replacement-coupled).