Bump jupyter-server from 1.23.5 to 2.11.2

[dependabot]

Bumps jupyter-server from 1.23.5 to 2.11.2.

Release notes

Sourced from jupyter-server's releases.

v2.11.2

2.11.2

(Full Changelog)

Contributors to this release

(GitHub contributors page for this release)

v2.11.1

2.11.1

(Full Changelog)

Bugs fixed

• avoid unhandled error on some invalid paths #1369 (@​minrk)
• Change md5 to hash and hash_algorithm, fix incompatibility #1367 (@​Wh1isper)

Contributors to this release

(GitHub contributors page for this release)

@​blink1073 | @​fcollonval | @​minrk | @​Wh1isper

v2.11.0

2.11.0

(Full Changelog)

Enhancements made

• Support get file(notebook) md5 #1363 (@​Wh1isper)

Maintenance and upkeep improvements

• Update ruff and typings #1365 (@​blink1073)

Documentation improvements

• Update api docs with md5 param #1364 (@​Wh1isper)
• typo: ServerApp #1361 (@​IITII)

Contributors to this release

... (truncated)

Changelog

Sourced from jupyter-server's changelog.

2.11.2

(Full Changelog)

Contributors to this release

(GitHub contributors page for this release)

2.11.1

(Full Changelog)

Bugs fixed

• avoid unhandled error on some invalid paths #1369 (@​minrk)
• Change md5 to hash and hash_algorithm, fix incompatibility #1367 (@​Wh1isper)

Contributors to this release

(GitHub contributors page for this release)

@​blink1073 | @​fcollonval | @​minrk | @​Wh1isper

2.11.0

(Full Changelog)

Enhancements made

• Support get file(notebook) md5 #1363 (@​Wh1isper)

Maintenance and upkeep improvements

• Update ruff and typings #1365 (@​blink1073)

Documentation improvements

• Update api docs with md5 param #1364 (@​Wh1isper)
• typo: ServerApp #1361 (@​IITII)

Contributors to this release

(GitHub contributors page for this release)

@​blink1073 | @​IITII | @​welcome | @​Wh1isper

2.10.1

(Full Changelog)

... (truncated)

Commits

• 9bd9657 Publish 2.11.2
• 0056c3a Merge pull request from GHSA-h56g-gq9v-vc8r
• 88eca99 Bump to 2.12.0.dev0
• 3755794 Publish 2.11.1
• 40a95e5 avoid unhandled error on some invalid paths (#1369)
• ecd5b1f Change md5 to hash and hash_algorithm, fix incompatibility (#1367)
• 8e5d766 Bump to 2.12.0.dev0
• cc74bb6 Publish 2.11.0
• e7c0f33 Update api docs with md5 param (#1364)
• 0983b71 Update ruff and typings (#1365)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dryrunsecurity]

DryRun Security Summary

The pull request focuses on updating the requirements.txt file, with a significant version bump for the jupyter-server library from 1.23.5 to 2.11.2, which requires a thorough security review and comprehensive testing to ensure the application's security posture is not compromised.

Expand for full summary

Summary:

The changes in this pull request focus on updating the requirements.txt file, which is a crucial component in managing the dependencies and libraries used by the application. The primary change is a significant version bump for the jupyter-server library, from 1.23.5 to 2.11.2. This type of major version change can potentially introduce breaking changes, new functionality, and security implications that need to be carefully reviewed.

As an application security engineer, I would recommend thoroughly reviewing the release notes and changelogs for the new version of jupyter-server to understand the impact of this change. It's crucial to ensure that the updated version does not introduce any known vulnerabilities or security issues that could compromise the application's security posture. Additionally, comprehensive testing of the application with the new version of jupyter-server should be conducted to identify any regressions or unexpected behavior changes that could lead to security vulnerabilities.

Files Changed:

• requirements.txt: The primary change in this file is the update of the jupyter-server version from 1.23.5 to 2.11.2. This is a significant version bump that warrants a closer security review to assess the potential impact on the application's security and functionality.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.