Update dependency jupyterlab to v4.4.8 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
jupyterlab (changelog)	4.3.4 -> 4.4.8

GitHub Vulnerability Alerts

CVE-2025-59842

Links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include the noopener attribute.

This is deemed to have no impact on the default installations. Theoretically users of third-party LaTeX-rendering extensions could find themselves vulnerable to reverse tabnabbing attacks if:

• links generated by those extensions included target=_blank (no such extensions are known at time of writing) and
• they were to click on a link generated in LaTeX (typically visibly different from other links).

For consistency with handling on other links, new versions of JupyterLab will enforce noopener and target=_blank on all links generated by typesetters. The former will harden the resilience of JupyterLab to extensions with lack of secure defaults in link rendering, and the latter will improve user experience by preventing accidental state loss when clicking on links rendered by LaTeX typesetters.

Impact

Since the official LaTeX typesetter extensions for JupyterLab: jupyterlab-mathjax (default), jupyterlab-mathjax2 and jupyterlab-katex do not include the target=_blank, there is no impact for JupyterLab users.

Patches

JupyterLab 4.4.8

Workarounds

No workarounds are necessary.

References

None

---

Release Notes

jupyterlab/jupyterlab (jupyterlab)

v4.4.8

Compare Source

4.4.8

(Full Changelog)

Bugs fixed

• Debugger: Only send the configurationDone message once as per the DAP #​17912 (@​martinRenou)
• Fix output prompt overlay height for large outputs #​17863 (@​Meriem-BenIsmail)
• Prevent overlay of content from other columns when renaming a file in the file browser #​17857 (@​CrafterKolyan)
• Fix notebook toolbar item order #​17866 (@​Darshan808)

Maintenance and upkeep improvements

• Ignore npmjs.com in check-links #​17915 (@​jtpio)

Documentation improvements

• Add JupyterCon banner and Jupyter colors #​17906 (@​choldgraf)

Contributors to this release

(GitHub contributors page for this release)

@​brichet | @​github-actions | @​HaudinFlorence | @​jtpio | @​jupyterlab-probot | @​krassowski | @​martinRenou | @​meeseeksmachine | @​Meriem-BenIsmail | @​williamstein

v4.4.7

Compare Source

4.4.7

(Full Changelog)

Enhancements made

• Update to mermaid 11.10, marked 16.2 #​17813 (@​bollwyvl)

Bugs fixed

• Change default line wrap in default editor config #​17818 (@​gjmooney)
• Select file and accept dialog on file double click in FileDialog.getOpenFiles #​17844 (@​martinRenou)
• Fix broken toolbar updates due to missing 'clear' cases in switch statements for ObservableList #​17837 (@​Darshan808)
• Send code to console #​17824 (@​gjmooney)
• Clear incomplete execution metadata when splitting running cells #​17804 (@​Darshan808)
• Don't create empty page_config in sys_prefix when disabled is empty #​17791 (@​gjmooney)

Documentation improvements

• Improve language/grammar in extensions documentation #​17833 (@​jrdnbradford)
• Reorganise and improve discoverability in documentation #​17821 (@​cmarmo)
• Replace deprecated toolbarRegistry.registerFactory with toolbarRegistry.addFactory in docs #​17799 (@​krassowski)

Contributors to this release

(GitHub contributors page for this release)

@​bollwyvl | @​jtpio | @​jupyterlab-probot | @​krassowski | @​lumberbot-app | @​meeseeksmachine | @​Meriem-BenIsmail

v4.4.6

Compare Source

4.4.6

(Full Changelog)

Bugs fixed

• Preserve original cell during split to maintain kernel connections #​17755 (@​Darshan808)
• Fix file browser navigation with preferredDir #​17723 (@​Darshan808)
• Fix anchor navigation on sanitized HTML #​17727 (@​brichet)
• Fix tab order for status bar items #​17700 (@​MUFFANUJ)
• Fix uncoalesced cell stream outputs clearing #​17672 (@​Darshan808)
• Fix error when deleting a markdown cell with heading #​17720 (@​itsmevichu)
• Fix initial column sizes in FileDialog.getOpenFiles dialog #​17737 (@​martinRenou)
• Exclude version 6.30.0 of ipykernel, which add a regression on the debugger #​17744 (@​brichet)

Maintenance and upkeep improvements

• Avoid ipykernel 7.0.0a2 in CI #​17778 (@​ianthomas23)
• Add logs to the server startup in the js-testing tests #​17754 (@​jtpio)
• Bump form-data from 4.0.2 to 4.0.4 #​17717 (@​dependabot[bot])
• Pin to httpx<1 #​17746 (@​jtpio)
• Add more retries on the frequently failing test #​17689 (@​krassowski)

Documentation improvements

• Fix file browser navigation with preferredDir #​17723 (@​Darshan808)
• Fix anchor navigation on sanitized HTML #​17727 (@​brichet)
• Improve documentation for jupyter.lab.transform #​17726 (@​MUFFANUJ)

Contributors to this release

(GitHub contributors page for this release)

@​brichet | @​Darshan808 | @​fcollonval | @​github-actions | @​jtpio | @​jupyterlab-probot | @​krassowski | @​meeseeksmachine | @​Zsailer

v4.4.5

Compare Source

4.4.5

(Full Changelog)

Bugs fixed

• Fix scrollbar behaviour when scrolling past long cell in full windowing mode #​17705 (@​krassowski)
• Update @codemirror/view to v6.38.1, fixing lineWrap in defer mode #​17698 (@​krassowski)
• Fix auto completion on irrelevant cell types #​17693 (@​itsmevichu)
• Do not change silently when executing an empty cell #​17701 (@​brichet)
• Reduce UI blocking time when saving large notebooks by using file stream #​17707 (@​krassowski)
• Normalize ToolbarButtonComponent dataset attributes with the data- prefix #​17703 (@​RRosio)
• Fixes for accessibility issues reported on missing ARIA roles #​17591 (@​nkn2022)
• Fix threadId being passed to the debugger #​17667 (@​kr-2003)

Maintenance and upkeep improvements

• Bump brace-expansion from 1.1.11 to 1.1.12 #​17699 (@​dependabot[bot])

Documentation improvements

• Documentation for Kernel Subshells #​17623 (@​MUFFANUJ)

Contributors to this release

(GitHub contributors page for this release)

@​Darshan808 | @​github-actions | @​itsmevichu | @​jtpio | @​jupyterlab-probot | @​kr-2003 | @​krassowski | @​martinRenou | @​meeseeksmachine | @​nkn2022

v4.4.4

Compare Source

4.4.4

(Full Changelog)

Bugs fixed

• Fix colors for CodeMirror panels #​17666 (@​krassowski)
• Fix cell toolbar enabled status with multiple notebooks #​17625 (@​MUFFANUJ)
• Create a subshell per target and kernel when using CommsOverSubshells.PerCommTarget #​17634 (@​ianthomas23)
• Prevent memory leak when rendering text stream #​17628 (@​krassowski)
• Fix setting allowed schemes on runtime using Sanitizer.setAllowedSchemes #​17602 (@​bsundaram1)
• Add layout containment on viewport in windowed mode #​17620 (@​krassowski)
• Fix selection visibility in terminal while using Dark High Contrast theme #​17618 (@​MUFFANUJ)

Maintenance and upkeep improvements

• [4.4.x] Update documentation snapshots #​17658 (@​jtpio)
• Fix terminal visual regression snapshots test failures #​17656 (@​krassowski)

Documentation improvements

• Fix link to zulip and icon in docs #​17639 (@​krassowski)

Contributors to this release

(GitHub contributors page for this release)

@​github-actions | @​jtpio | @​jupyterlab-probot | @​krassowski | @​lumberbot-app | @​meeseeksmachine

v4.4.3

Compare Source

4.4.3

(Full Changelog)

Bugs fixed

• Enable save in collaborative mode #​17508 (@​Darshan808)
• Fix error handing in extension manager (typo and undefined variable) #​17592 (@​Darshan808)
• Ensure strings with yellow background in tracebacks are visible #​17577 (@​EtiennePelletier)
• Fix stdin input triggering cell re-execution on Shift+Enter #​17565 (@​Darshan808)
• Add standby callback to lumino polls #​17567 (@​mahendrapaipuri)
• Fix incorrect ARIA labels in the MainAreaWidget #​17527 (@​dnlzrgz)
• fileeditor-extension: fix handling of launcher, commands and menu entries on specsChanged #​17550 (@​jtpio)

Maintenance and upkeep improvements

• Use hatch to get the version #​17559 (@​krassowski)
• Temporarily ignore links to github.com #​17544 (@​krassowski)

Contributors to this release

(GitHub contributors page for this release)

@​github-actions | @​jtpio | @​jupyterlab-probot | @​krassowski | @​meeseeksmachine

v4.4.2

Compare Source

4.4.2

(Full Changelog)

Bugs fixed

• Fix Settings Editor incorrectly resetting values to default in filtered view #​17540 (@​yukiiii04)
• Upgrade CodeMirror packages to latest #​17526 (@​krassowski)
• Update widget flag on attaching cell to viewport #​17532 (@​trungleduc)
• Update lumino to v2025.4.30 to pull menu aria fix #​17525 (@​krassowski)
• Fix rendering of long cell editors in windowed notebook #​17528 (@​krassowski)
• Add aria-hidden to icons (<svg> elements) which do not have a title #​17472 (@​nkn2022)
• Fix editing shortcuts on Safari (allow shortcut edit button to receive focus) #​17511 (@​minrk)

Maintenance and upkeep improvements

• Reconfigure 4.4.x branch #​17537 (@​krassowski)
• Bump tough-cookie from 4.1.2 to 4.1.4 #​17502 (@​dependabot[bot])

Documentation improvements

• Reconfigure 4.4.x branch #​17537 (@​krassowski)

Contributors to this release

(GitHub contributors page for this release)

@​jtpio | @​jupyterlab-probot | @​krassowski | @​meeseeksmachine | @​nkn2022

v4.4.1

Compare Source

(Full Changelog)

Bugs fixed

• Fix undo/redo in cells created in none windowing mode #​17486 (@​krassowski)
• Fix token extraction for incomplete paths #​17477 (@​DenisaCG)
• Fix handling of the single click navigation #​17475 (@​jtpio)
• Follow changes to stream outputs #​17469 (@​davidbrochart)
• Fix incorrect modifications in collaborative save events #​17466 (@​Darshan808)
• Fix document search matching text within unsupported SVG tags #​17429 (@​achhina)
• Fix handling of the CSV viewer theme #​17405 (@​jtpio)
• Fix browser tab name updates when started in single-document mode #​17210 (@​Darshan808)

Maintenance and upkeep improvements

• Bump webpack from 5.91.0 to 5.99.6 in /jupyterlab/tests/mock_packages/test-hyphens-underscore #​17495 (@​dependabot)
• Bump webpack from 5.91.0 to 5.99.6 in /jupyterlab/tests/mock_packages/test_no_hyphens #​17494 (@​dependabot)
• Bump @​babel/runtime from 7.21.0 to 7.27.0 #​17491 (@​dependabot)
• Fix @jupyterlab/services import #​17457 (@​jtpio)
• Remove dependencies for Python < 3.9 #​17453 (@​bnavigator)
• Bump nanoid from 3.3.7 to 3.3.11 in /jupyterlab/tests/mock_packages/test-hyphens-underscore #​17448 (@​dependabot)

Contributors to this release

(GitHub contributors page for this release)

@​achhina | @​afshin | @​bnavigator | @​brichet | @​Darshan808 | @​davidbrochart | @​DenisaCG | @​dependabot | @​jtpio | @​jupyterlab-probot | @​krassowski | @​pre-commit-ci

v4.4.0

Compare Source

(Full Changelog)

New features added

• Add Settings Import Feature from a JSON File #​16994 (@​Darshan808)
• Support kernel subshells #​16963 (@​ianthomas23)

Enhancements made

• Create "Kernels" section, split statusbar settings #​17415 (@​krassowski)
• Add IKernelSpecAPICLient and ITerminalAPIClient, fix definitions of interfaces #​17395 (@​jtpio)
• If subshells are supported by the kernel, send comm messages to subshells #​17363 (@​martinRenou)
• Add a setting to disable the context menu #​17352 (@​afshin)
• Add IKernelAPIClient and ISessionAPIClient as options for Kernel.IManager and Session.IManager #​17348 (@​jtpio)
• Fix checkbox alignment in dialog using display: flex #​17343 (@​SatyajitRedekar)
• Speed up output rendering: add a limit on max length of protocol to linkify #​17264 (@​krassowski)
• Remove spurious regex to slightly improve performance of streaming large outputs #​17262 (@​krassowski)
• Add (opt-in) workspace selector, show workspace name in the title #​17256 (@​Darshan808)
• Add commands to change the console prompt position to the palette #​17253 (@​jtpio)
• Improve UX for "Rename on First Save" Dialog #​17217 (@​MUFFANUJ)
• Replace R logo with official logo #​17216 (@​ajbozarth)
• Bump @codemirror/lang-python to provide match-case indentation #​17189 (@​deephbz)
• Remove --subshell-console flag #​17180 (@​ianthomas23)
• Add Content Provider API #​17092 (@​krassowski)
• Copy edits in CONTRIBUTING.md #​17078 (@​JasonWeill)
• Add option to render markdown cells upon exit #​17076 (@​peytondmurray)
• Add option for automatic Fill-in-the-Middle inline completion #​17067 (@​Darshan808)
• Update the form schema if it changed #​16907 (@​brichet)
• Export user preference settings to a json file #​16896 (@​Darshan808)
• Add more descriptive labels for fetching Jupyter news options #​16848 (@​Adam-D-Lewis)
• Hide the terminals part of the running sessions status bar item by default #​16846 (@​jtpio)
• Allow customizing the ServiceManager with plugins #​16794 (@​jtpio)
• Move @jupyterlab/debugger icons to @jupyterlab/ui-components #​16745 (@​joaopalmeiro)
• Add option to disable input placeholder text #​16713 (@​maitreya2954)
• Allow changing the position of the code console prompt cell, add settings and toolbar items #​13837 (@​jtpio)

Bugs fixed

• Fix CommandPalette gets re-rendered even if hidden #​17442 (@​fcollonval)
• Add distinct accessible aria label for each toolbar #​17441 (@​nkn2022)
• Fix read-only indicator not showing in RTC docprovider #​17440 (@​Darshan808)
• Fix visual indication for drag and drop in editor #​17438 (@​MUFFANUJ)
• Fix usage of ITerminalAPIClient in TerminalConnection #​17437 (@​jtpio)
• Fix for filebrowser tooltip rendering the kernel info repeatedly #​17421 (@​itsmevichu)
• More specific selector for "Copy Output to Clipboard" #​17413 (@​jtpio)
• Fix rendering URLs as linked in errors #​17371 (@​afshin)
• Fix cell output stream if previous chunk did not end in new line #​17369 (@​davidbrochart)
• Use "Move to Trash" over "Delete" when contents manager's delete_to_trash is True #​17359 (@​jesuino)
• Add widget ID arg to semantic command invocations #​17350 (@​afshin)
• Improve scrolling edge cases #​17339 (@​krassowski)
• Fix HTML lang attribute #​17337 (@​fcollonval)
• Fix typo in LSP console message on kernel change #​17323 (@​iisakkirotko)
• Fix handling of a null banner in the code console #​17322 (@​jtpio)
• Updated enabling logic for run-all-below button on Notebook Panel #​17298 (@​rsaditya01)
• Disable new ctrl + m toggle focus binding, enable configuring it via Keyboard Shortcuts #​17291 (@​krassowski)
• Fix order of extensions in PyPI Extension Manager #​17266 (@​Princekumarofficial)
• Allow <GroupItem> to filter out null children and accept any ReactNode #​17244 (@​MUFFANUJ)
• Cache item state to improve filebrowser's performance #​17239 (@​Rishab87)
• Fix windowing crash due to out-of-bounds access #​17238 (@​krassowski)
• Fix vertical scrollbar issue caused by \tag{} directive in LaTeX #​17223 (@​MUFFANUJ)
• Fix display of tooltip/title for terminal and kernel sessions statusbar item #​17220 (@​MUFFANUJ)
• Fix disabling Fuzzy Filtering in the File Browser #​17214 (@​Darshan808)
• Fix for inconsistent tab closure in "Close All Tabs" operation #​17203 (@​itsmevichu)
• Fix "running" prompt state with server-side execution #​17195 (@​krassowski)
• Fix for issue preventing cell metadata removal #​17194 (@​itsmevichu)
• Add missing aria labels in application shell #​17192 (@​Rishab87)
• Fix misaligned SVG icon in "Add Tag" button #​17187 (@​MUFFANUJ)
• Increase color contrast of operators in code editor #​17173 (@​hxrshxz)
• Fix read-only cells becoming editable on settings change #​17167 (@​Darshan808)
• Ensure search highlight is applied to Python builtin keywords #​17160 (@​hxrshxz)
• Fix scrolling and selection restoration on undo/redo #​17158 (@​krassowski)
• Fix emission of lastCell from notebook run actions #​17156 (@​pawel99k)
• Improve contrast for 'Add' button in Keyboard Shortcuts UI in both dark and light theme #​17153 (@​hxrshxz)
• Fixed Missing Comma in devcontainer.json to enable functional configuration #​17150 (@​hxrshxz)
• Fixing dialog closing unexpectedly when typing in the textarea #​17142 (@​Rishab87)
• Fix setter for contentProviderId #​17141 (@​jtpio)
• Fix title for overscan count option #​17130 (@​krassowski)
• Ensure context menu closes when clicking outside it in the minimap #​17128 (@​peytondmurray)
• Respect query argument in settingeditor:open when settings editor is already open #​17121 (@​andrewfulton9)
• Fix sanitizer call in ToC if html data is array of strings #​17114 (@​martenrichter)
• Use bare string proxies parameter for httpx<0.28 #​17113 (@​AmberArr)
• Add missing bind(this) to NotebookAdapter's isReady function #​17109 (@​martenrichter)
• Fix background of the popup toolbar #​17098 (@​krassowski)
• Focus terminal after copy and paste operations #​17097 (@​krassowski)
• Sync Settings Editor with Updated Settings #​17091 (@​Darshan808)
• Fix consecutive invocations of inline completion #​17082 (@​fcollonval)
• Fix contrast for unselected search matches in Dark High Contrast theme #​17065 (@​krassowski)
• Bump @codemirror packages #​17064 (@​jtpio)
• Use AsyncHTTPTransport over HTTPTransport for httpx #​17058 (@​krassowski)
• Reset resizeData after column adjustment to allow file dragging #​17047 (@​Darshan808)
• Fix newline handling in stream outputs #​17043 (@​davidbrochart)
• Fix filebrowser name order #​17038 (@​Nriver)
• Improve performance of rendering stdout/stderr #​17022 (@​krassowski)
• Fixing missed first keystroke on Ctrl+F #​17005 (@​itsmevichu)
• Fix disappearing cells (heal offsets after updating estimated sizes) #​17000 (@​krassowski)
• Fix handling of carriage return in output streams #​16999 (@​davidbrochart)
• Fix emission of FileBrowserModel.onFileChanged for drives (including RTC:) #​16988 (@​davidbrochart)
• Restore viewport min-height when not windowing #​16979 (@​brichet)
• Fix regression in standard error rendering performance #​16975 (@​krassowski)
• Drag image prompt styling #​16972 (@​JasonWeill)
• Remove unused CSS #​16968 (@​mgeier)
• Fix moving files when Last Modified column is hidden #​16962 (@​krassowski)
• Fix prefix removal when reconciling completions from multiple sources #​16953 (@​krassowski)
• Fix total size estimation in full windowing mode to reduce scrollbar jitter #​16950 (@​krassowski)
• Enable Scroll for Overflowing Menus on Small Screens #​16945 (@​Darshan808)
• Disable paste for read-only markdown cells & fix replace all for markdown cells #​16943 (@​itsmevichu)
• Fix Regex Functionality for Find and Replace / Replace All #​16940 (@​itsmevichu)
• Improve drag image styling #​16936 (@​JasonWeill)
• Add clarification about FileFormat in Services.Contents #​16927 (@​cmarmo)
• Reuse serverSettings when reopen an existing terminal #​16921 (@​ianthomas23)
• Maintain autosave timers while disconnected #​16903 (@​holzman)
• Abort saving if a file cannot be saved #​16900 (@​JasonWeill)
• Fix triggering completer on the beginning of the lines #​16863 (@​andrewfulton9)
• Fix for unable to lock any extension #​16213 (@​itsmevichu)

Maintenance and upkeep improvements

• Do not try to prettier .mypy_cache #​17444 (@​krassowski)
• Bump vega from 5.31.0 to 5.32.0 #​17436 (@​dependabot)
• Make ILabShell optional in the logconsole extension #​17430 (@​jtpio)
• Fix types in translation package, remove usages of any #​17414 (@​krassowski)
• Remove workflow using tj-actions/changed-files #​17398 (@​jtpio)
• Fix definition of the ILicensesClient interface #​17397 (@​jtpio)
• Update to mermaid 11.6.0, marked 15.0.7 #​17396 (@​bollwyvl)
• Bump nanoid from 3.3.7 to 3.3.9 in /jupyterlab/tests/mock_packages/test_no_hyphens #​17387 (@​dependabot)
• Bump @​babel/helpers from 7.21.0 to 7.26.10 #​17385 (@​dependabot)
• Bump axios from 1.7.4 to 1.8.2 #​17380 (@​dependabot)
• Update the copyright year to 2025 #​17379 (@​jtpio)
• Update to Playwright 1.51.0 #​17372 (@​jtpio)
• Require JupyterLab.IInfo for the plugin manager plugin [#​17367](https://redi

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.