Bump the uv group across 1 directory with 3 updates

[dependabot]

Bumps the uv group with 3 updates in the / directory: jupyterlab-git, jupyterlab and pydantic-settings.

Updates jupyterlab-git from 0.53.0 to 0.54.0a1

Release notes

Sourced from jupyterlab-git's releases.

v0.54.0a1

0.54.0a1

(Full Changelog)

Enhancements made

• Git panel UI tweaks #1480 (@​jtpio, @​krassowski)

Other merged PRs

• Bump lodash from 4.17.23 to 4.18.1 #1479 (@​jtpio)
• Bump ws from 8.17.1 to 8.20.1 #1478 (@​jtpio)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​jtpio (activity) | @​krassowski (activity)

v0.54.0a0

0.54.0a0

(Full Changelog)

Enhancements made

• Switch to using an Accordion Panel #1474 (@​jtpio, @​alexblanchard0808-boop, @​krassowski)
• Move the diff functionality to separate plugins #1465 (@​jtpio, @​krassowski)

Maintenance and upkeep improvements

• Fix root pyproject.toml #1466 (@​jtpio, @​djangoliv, @​krassowski)

Other merged PRs

• Bump systeminformation from 5.31.1 to 5.31.6 in /ui-tests #1476 (@​jtpio)
• Bump flatted from 3.2.7 to 3.4.2 #1473 (@​jtpio)
• Bump yaml from 1.10.2 to 1.10.3 #1472 (@​jtpio)
• Bump picomatch from 2.3.1 to 2.3.2 #1471 (@​jtpio)
• Bump brace-expansion from 1.1.12 to 1.1.14 in /ui-tests #1470 (@​jtpio)
• Bump postcss from 8.4.31 to 8.5.14 #1469 (@​jtpio)
• Bump lodash-es from 4.17.23 to 4.18.1 #1468 (@​jtpio)

... (truncated)

Changelog

Sourced from jupyterlab-git's changelog.

0.54.0a1

(Full Changelog)

Enhancements made

• Git panel UI tweaks #1480 (@​jtpio, @​krassowski)

Other merged PRs

• Bump lodash from 4.17.23 to 4.18.1 #1479 (@​jtpio)
• Bump ws from 8.17.1 to 8.20.1 #1478 (@​jtpio)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​jtpio (activity) | @​krassowski (activity)

0.54.0a0

(Full Changelog)

Enhancements made

• Switch to using an Accordion Panel #1474 (@​jtpio, @​alexblanchard0808-boop, @​krassowski)
• Move the diff functionality to separate plugins #1465 (@​jtpio, @​krassowski)

Maintenance and upkeep improvements

• Fix root pyproject.toml #1466 (@​jtpio, @​djangoliv, @​krassowski)

Other merged PRs

• Bump systeminformation from 5.31.1 to 5.31.6 in /ui-tests #1476 (@​jtpio)
• Bump flatted from 3.2.7 to 3.4.2 #1473 (@​jtpio)
• Bump yaml from 1.10.2 to 1.10.3 #1472 (@​jtpio)
• Bump picomatch from 2.3.1 to 2.3.2 #1471 (@​jtpio)
• Bump brace-expansion from 1.1.12 to 1.1.14 in /ui-tests #1470 (@​jtpio)
• Bump postcss from 8.4.31 to 8.5.14 #1469 (@​jtpio)
• Bump lodash-es from 4.17.23 to 4.18.1 #1468 (@​jtpio)
• Bump lodash from 4.17.23 to 4.18.1 in /ui-tests #1467 (@​jtpio)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

... (truncated)

Commits

• 8443bd5 Publish 0.54.0a1
• 781591d Git panel UI tweaks (#1480)
• 3f80f9d Bump lodash from 4.17.23 to 4.18.1 (#1479)
• 11d7ceb Bump ws from 8.17.1 to 8.20.1 (#1478)
• dda0e47 Publish 0.54.0a0
• bd6fc65 Bump systeminformation from 5.31.1 to 5.31.6 in /ui-tests (#1476)
• fbb5ed5 Switch to using an Accordion Panel (#1474)
• 2419fb1 Bump flatted from 3.2.7 to 3.4.2 (#1473)
• 84aa522 Bump yaml from 1.10.2 to 1.10.3 (#1472)
• eadd60a Bump postcss from 8.4.31 to 8.5.14 (#1469)
• Additional commits viewable in compare view

Updates jupyterlab from 4.5.8 to 4.5.9

Release notes

Sourced from jupyterlab's releases.

v4.5.9

4.5.9

(Full Changelog)

Bugs fixed

• Fix jupyter labextension build crash on webpack ≥ 5.107 #19021 (@​Darshan808, @​krassowski)
• Backport PR #18992: Fix hidden cells after moving collapsed headings #19016 (@​MUFFANUJ, @​krassowski)
• Forbid relative URLs in extensionmanager #19013 (@​Yann-P)
• Fix XSS in extension manager's homepage_url #19003 (@​Yann-P)
• Fix toolbar popup row clipping in Safari #18998 (@​arun-357)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​arun-357 (activity) | @​Darshan808 (activity) | @​krassowski (activity) | @​MUFFANUJ (activity) | @​Yann-P (activity)

Commits

• dd65403 [ci skip] Publish 4.5.9
• 2693672 Backport PR #18992: Fix hidden cells after moving collapsed headings (#19016)
• 360c176 Backport PR #18998 on branch 4.5.x (Fix toolbar popup row clipping in Safari)...
• e9db010 Fix jupyter labextension build crash on webpack ≥ 5.107 (#19021)
• 3b8428c Backport PR #19013 on branch 4.5.x (Forbid relative URLs in extensionmanager)...
• 3c84a84 Backport PR #19003 on branch 4.5.x (Fix XSS in extension manager's `homepage_...
• See full diff in compare view

Updates pydantic-settings from 2.14.1 to 2.14.2

Release notes

Sourced from pydantic-settings's releases.

v2.14.2

What's Changed

This is a security patch release.

• Prevent NestedSecretsSettingsSource from following symlinks outside secrets_dir by @​hramezani in pydantic/pydantic-settings#889
• Prepare release 2.14.2 by @​hramezani in pydantic/pydantic-settings#890

Security

Fixes GHSA-4xgf-cpjx-pc3j: NestedSecretsSettingsSource with secrets_nested_subdir=True could follow a symbolic link inside secrets_dir pointing outside it, reading out-of-tree files into settings values and bypassing the secrets_dir_max_size cap. Affected versions: >= 2.12.0, < 2.14.2.

Full Changelog: pydantic/pydantic-settings@v2.14.1...v2.14.2

Commits

• d703bd7 Prepare release 2.14.2 (#890)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

MLCommons CLA bot All contributors have signed the MLCommons CLA ✍️ ✅