Skip to content

chore(deps): bump nbclient from 0.10.4 to 0.11.0#145

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/nbclient-0.11.0
Open

chore(deps): bump nbclient from 0.10.4 to 0.11.0#145
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/nbclient-0.11.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 10, 2026

Copy link
Copy Markdown
Contributor

Bumps nbclient from 0.10.4 to 0.11.0.

Release notes

Sourced from nbclient's releases.

v0.11.0

0.11.0

(Full Changelog)

Maintenance and upkeep improvements

Other merged PRs

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​a-detiste (activity) | @​Carreau (activity) | @​krassowski (activity) | @​mgorny (activity) | @​minrk (activity) | @​Yann-P (activity)

Changelog

Sourced from nbclient's changelog.

0.11.0

(Full Changelog)

Maintenance and upkeep improvements

Other merged PRs

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​a-detiste (activity) | @​Carreau (activity) | @​krassowski (activity) | @​mgorny (activity) | @​minrk (activity) | @​Yann-P (activity)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [nbclient](https://github.com/jupyter/nbclient) from 0.10.4 to 0.11.0.
- [Release notes](https://github.com/jupyter/nbclient/releases)
- [Changelog](https://github.com/jupyter/nbclient/blob/main/CHANGELOG.md)
- [Commits](jupyter/nbclient@v0.10.4...v0.11.0)

---
updated-dependencies:
- dependency-name: nbclient
  dependency-version: 0.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added python Python-specific runtime or environment optimizations security labels Jul 10, 2026
@dependabot dependabot Bot requested a review from squid-protocol as a code owner July 10, 2026 10:24
@dependabot dependabot Bot added security python Python-specific runtime or environment optimizations labels Jul 10, 2026
@github-actions

Copy link
Copy Markdown
Contributor

🐦‍⬛ Muninn Security Scan

Severity Count
🔴 Critical 0
🟠 High 1
🟡 Medium 0
🟢 Low 0
ℹ️ Info 0

🟠 High Findings

[dependency] Mistune: Potential DoS via quadratic-time parsing in parse_link_text

Package: mistune 3.2.1 (PyPI)
Advisory: GHSA-qcq2-496w-v96p (CVE-2026-49851)
Detected by: osv-scanner, trivy
Sources:

  • /github/workspace/gitgalaxy/requirements.txt (osv-scanner)
  • gitgalaxy/requirements.txt (trivy)
    ### Summary Mistune is vulnerable to a CPU exhaustion DoS due to superlinear (approximately O(n²)) behavior in parse_link_text. A relatively small input consisting of repeated [ characters causes significant parsing slowdown. ### Affected component mistune/inline_parser.py → parse_link_text...

🐦‍⬛ Powered by Muninn · Skald Lab

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

python Python-specific runtime or environment optimizations

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant