{"affected":[{"ecosystem_specific":{"binaries":[{"jupyter-jupyterlab":"2.2.10-bp154.2.3.1","python3-jupyterlab":"2.2.10-bp154.2.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP4","name":"python-jupyterlab","purl":"pkg:rpm/suse/python-jupyterlab&distro=SUSE%20Package%20Hub%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.2.10-bp154.2.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"jupyter-jupyterlab":"2.2.10-bp154.2.3.1","python3-jupyterlab":"2.2.10-bp154.2.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.4","name":"python-jupyterlab","purl":"pkg:rpm/opensuse/python-jupyterlab&distro=openSUSE%20Leap%2015.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.2.10-bp154.2.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for python-jupyterlab fixes the following issues:\n\nUpdate to 2.2.10:\n\n* Remove `form` tags' `action` attribute during sanitizing, to prevent an\n  XSS (CVE-2021-32797) (boo#1196663)\n* Header ‘Content-Type’ should not be overwritten\n* Do not use token parameters in websocket urls\n* Properly handle errors in async browser_check\n* Cells can no longer be executed while kernels are terminating or\n  restarting. There is a new status for these events on the Kernel Indicator\n* Add styling for high memory usage warning in status bar with nbresuse\n* Adds support for Python version 3.10\n* Support live editing of SVG with updating rendering\n* Lazy load codemirror theme stylesheets\n* Add feature request template + slight reorg in readme\n* Add link to react example in extension-examples repo\n* Close correct tab with close tab\n* Remove unused css rules\n* Simplified multicursor backspace code\n* Fix recent breaking changes to normalizepath in filebrowser\n* Handle quit_button when launched as an extension\n* Add worker-loader\n* Fix icon sidebar height for third party extensions\n* Scrolls cells into view after deletion\n* Support Node.js 10+\n* Select search text when focusing the search overlay\n* Throttle fetch requests in the setting registry’s data connector\n* Avoid redundant checkpoint calls on loading a notebook \n","id":"openSUSE-SU-2022:10075-1","modified":"2022-08-02T10:20:19Z","published":"2022-08-02T10:20:19Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VZGF2ZZFSQOBN7NRPXC3MMQXPLYLS2IH/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1196663"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-32797"}],"related":["CVE-2021-32797"],"summary":"Security update for python-jupyterlab","upstream":["CVE-2021-32797"]}