chore(deps): bump jupyter-server from 2.17.0 to 2.18.0

[dependabot]

Bumps jupyter-server from 2.17.0 to 2.18.0.

Release notes

Sourced from jupyter-server's releases.

v2.18.0

2.18.0

(Full Changelog)

Security patches

• CVE-2026-40110 GHSA-24qx-w28j-9m6p
• CVE-2025-61669 GHSA-qh7q-6qm3-653w
• CVE-2026-40934 GHSA-5mrq-x3x5-8v8f
• CVE-2026-35397 GHSA-5789-5fc7-67v3

API and Breaking Changes

• Add query param to sanitize HTML in GET /nbconvert/html #1618 (@​Yann-P, @​Carreau)

Enhancements made

• Update handlers.py to fix ioloop blockers(sync file operations) #1617 (@​zolyfarkas-fb, @​Carreau)
• Add resolvePath API for resolving kernel-relative paths #1331 (@​krassowski, @​Carreau, @​blink1073)

Bugs fixed

• Move check origin into a util function and add it to websocket #1630 (@​Carreau, @​Yann-P)
• Fix flaky test_restart_kernel by unsticking nudge() after port-changing restart #1628 (@​Carreau, @​claude, @​krassowski)
• Try to fix flaky test "test_restart_kernel" #1625 (@​Carreau)
• Fix potential unraisable pytest error #1624 (@​Carreau)
• fix: use %s placeholders in HTTPError to prevent Tornado from doubling % in gateway URLs #1620 (@​terminalchai, @​krassowski, @​ptch314)
• Fix three file descriptor leaks in kernel connection lifecycle (#1506) #1619 (@​tonyx93, @​Carreau)
• Use web.HTTPError for kernel restart failures #1616 (@​YDawn, @​Carreau)
• Handle EADDRINUSE and EACCES in _bind_http_server_tcp #1613 (@​YDawn, @​Zsailer, @​minrk)
• Use st_birthtime for file created timestamp on macOS/BSD #1594 (@​ktaletsk, @​krassowski, @​minrk)
• Fix double write when refusing hidden files in contents handler #1585 (@​Krish-876, @​minrk)
• Close all sockets in _find_http_port explicitly #1584 (@​MaryushSoroka, @​minrk)
• Fix writing on remote file systems with attribute cache #1574 (@​krassowski, @​Zsailer)
• Add IdentityProvider.cookie_secret_hook #1569 (@​emin63, @​minrk)
• fix context pollution #1561 (@​dualc, @​Zsailer)
• Fix gateway cookie handling #1558 (@​kevin-bates, @​RRosio, @​lresende, @​minrk)
• fix connection exception cause high cpu load #1484 (@​dualc, @​lresende, @​minrk)

Maintenance and upkeep improvements

• Start to test on Python 3.13 and 3.14 #1623 (@​Carreau)
• Bump actions/create-github-app-token from 2 to 3 in the actions group across 1 directory #1621 (@​Carreau)
• Bump brace-expansion from 1.1.12 to 1.1.13 #1615 (@​minrk)
• Fix package spec for jupytext #1614 (@​krassowski, @​Zsailer)
• chore: update pre-commit hooks #1607 (@​minrk)
• try to fix ci on windows #1600 (@​minrk, @​krassowski)
• run prerelease tests on 3.14 #1599 (@​minrk)
• Pin sphinx to an older version (<9) to fix docs #1597 (@​krassowski, @​minrk)

... (truncated)

Changelog

Sourced from jupyter-server's changelog.

2.18.0

(Full Changelog)

API and Breaking Changes

• Add query param to sanitize HTML in GET /nbconvert/html #1618 (@​Yann-P, @​Carreau)

Enhancements made

• Update handlers.py to fix ioloop blockers(sync file operations) #1617 (@​zolyfarkas-fb, @​Carreau)
• Avoid redundant call to _get_os_path in _dir_model #1547 (@​joeyutong, @​vidartf)
• Allow specifying extra params to scrub from logs #1538 (@​jtpio, @​Zsailer, @​vidartf)
• Add a logger to the ExtensionPoint API #1523 (@​Zsailer, @​vidartf)
• Allow user to update identity values #1518 (@​brichet, @​minrk)
• If ServerApp.ip is ipv6 use [::1] as local_url #1495 (@​manics, @​afshin)
• Better error message when starting kernel for session. #1478 (@​Carreau, @​davidbrochart, @​krassowski, @​minrk)
• Add a traitlet to disable recording HTTP request metrics #1472 (@​yuvipanda, @​Zsailer)
• prometheus: Expose 3 activity metrics #1471 (@​yuvipanda, @​Zsailer)
• Add prometheus info metrics listing server extensions + versions #1470 (@​yuvipanda, @​Zsailer)
• Add prometheus metric with version information #1467 (@​yuvipanda, @​Zsailer)
• Don't hide .so,.dylib files by default #1457 (@​nokados, @​krassowski, @​minrk, @​vidartf)
• Better hash format error message #1442 (@​fcollonval, @​Zsailer)
• Removing excessive logging from reading local files #1420 (@​lresende, @​kevin-bates)
• Add async start hook to ExtensionApp API #1417 (@​Zsailer, @​Darshan808, @​bollwyvl, @​fcollonval, @​krassowski)
• Do not include token in dashboard link, when available #1406 (@​minrk, @​blink1073)
• Add an option to have authentication enabled for all endpoints by default #1392 (@​krassowski, @​Wh1isper, @​blink1073, @​bollwyvl, @​minrk, @​yuvipanda)
• websockets: add configurations for ping interval and timeout #1391 (@​oliver-sanders, @​blink1073)
• log extension import time at debug level unless it's actually slow #1375 (@​minrk, @​Zsailer, @​yuvipanda)
• Add support for async Authorizers (part 2) #1374 (@​Zsailer, @​blink1073)
• Support async Authorizers #1373 (@​Zsailer, @​blink1073)
• Support get file(notebook) md5 #1363 (@​Wh1isper, @​blink1073, @​bollwyvl, @​krassowski)
• Update kernel env to reflect changes in session #1354 (@​blink1073, @​Carreau, @​krassowski)
• Add resolvePath API for resolving kernel-relative paths #1331 (@​krassowski, @​Carreau, @​blink1073)

Bugs fixed

• Move check origin into a util function and add it to websocket #1630 (@​Carreau, @​Yann-P)
• Fix flaky test_restart_kernel by unsticking nudge() after port-changing restart #1628 (@​Carreau, @​claude, @​krassowski)
• Try to fix flaky test "test_restart_kernel" #1625 (@​Carreau)
• Fix potential unraisable pytest error #1624 (@​Carreau)
• fix: use %s placeholders in HTTPError to prevent Tornado from doubling % in gateway URLs #1620 (@​terminalchai, @​krassowski, @​ptch314)
• Fix three file descriptor leaks in kernel connection lifecycle (#1506) #1619 (@​tonyx93, @​Carreau)
• Use web.HTTPError for kernel restart failures #1616 (@​YDawn, @​Carreau)
• Handle EADDRINUSE and EACCES in _bind_http_server_tcp #1613 (@​YDawn, @​Zsailer, @​minrk)
• Use st_birthtime for file created timestamp on macOS/BSD #1594 (@​ktaletsk, @​krassowski, @​minrk)
• Fix double write when refusing hidden files in contents handler #1585 (@​Krish-876, @​minrk)
• Close all sockets in _find_http_port explicitly #1584 (@​MaryushSoroka, @​minrk)
• Fix writing on remote file systems with attribute cache #1574 (@​krassowski, @​Zsailer)
• Add IdentityProvider.cookie_secret_hook #1569 (@​emin63, @​minrk)

... (truncated)

Commits

• 0ceed45 Publish 2.18.0
• 49b3439 Move check origin into a util function and add it to websocket (#1630)
• e2e08c8 Add test case for bad next URL format
• 624d6c0 Delete outdated patch code
• d825b93 Apply suggestion from @​minrk
• 789fed0 patch open redirect in /login
• 2ee51ec fix(CVE-2026-35397): path traversal when target dir starts with root dir
• 057869a Fix allow_origin_pat to do full matching instead of prefix matching
• 4862199 Add resolvePath API for resolving kernel-relative paths
• e31d514 Bump actions/create-github-app-token from 2 to 3 in the actions group across ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[helmut-hoffer-von-ankershoffen]

🛡️ Cross-link from supply-chain audit routine

The pysdk-audit-daily cloud routine ran today (2026-05-06) and tracked this PR — plus #614 (notebook bump) — in PYSDK-124.

Why this PR matters for downstream consumers: the jupyter-server 2.17.0 → 2.18.0 bump closes 4 advisories reaching consumers via the aignostics[jupyter] extra:

• CVE-2025-61669 (Medium) — open redirect via ?next=
• CVE-2026-40110 (High) — re.match Origin-header bypass / CORS
• CVE-2026-35397 (High) — sibling-directory traversal escape from root_dir
• CVE-2026-40934 (Medium) — persistent cookie secret across password rotation

Current blocker: audit / audit is failing here because this PR doesn't include the notebook 7.5.5 → 7.5.6 bump (still flagged for CVE-2026-40171). sonarcloud is also failing.

To unblock: rebase this PR onto a state that includes #614's bump (or vice-versa) so a single PR carries both jupyter-server>=2.18.0 and notebook>=7.5.6 in uv.lock. Once landed, the next audit-daily run will follow up by raising the matching pyproject.toml lower bounds so consumer resolvers can no longer pick up the vulnerable versions.

Note: the routine deliberately did not rebase this PR or recreate it — per the audit-vulnerabilities skill, autonomous routines don't trigger dependency upgrades; that decision stays with a human. PYSDK-124 documents the full picture and recommended remediation path.

---

Generated by Claude Opus 4.7 (cloud routine pysdk-audit-daily) for helmut@aignostics.com

[dependabot]

Looks like jupyter-server is up-to-date now, so this is no longer needed.