Workflow

Jupyterlab-git

Latest version: v0.51.1

Safety actively analyzes 726092 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 3 of 3

0.42.0rc0

Not secure
([Full Changelog](https://github.com/jupyterlab/jupyterlab-git/compare/v0.41.0...d14ba4ab42371a139dadceb56c2458819bee6c53))

Enhancements made

- Add git stash [1228](https://github.com/jupyterlab/jupyterlab-git/pull/1228) ([shawnesquivel](https://github.com/shawnesquivel))
- Fix files changed and reverting merge commits from the history panel bug [1227](https://github.com/jupyterlab/jupyterlab-git/pull/1227) ([basokant](https://github.com/basokant))
- Adding support for standalone diffs of images [1223](https://github.com/jupyterlab/jupyterlab-git/pull/1223) ([basokant](https://github.com/basokant))

Bugs fixed

- Fix menu entry selection [1246](https://github.com/jupyterlab/jupyterlab-git/pull/1246) ([fcollonval](https://github.com/fcollonval))
- fix switch from a detached head to a branch not working [1218](https://github.com/jupyterlab/jupyterlab-git/pull/1218) ([basokant](https://github.com/basokant))
- fix history panel not rendering when history is empty [1215](https://github.com/jupyterlab/jupyterlab-git/pull/1215) ([basokant](https://github.com/basokant))

Maintenance and upkeep improvements

- Update configuration on latest 3.x template [1248](https://github.com/jupyterlab/jupyterlab-git/pull/1248) ([fcollonval](https://github.com/fcollonval))
- Bump vega from 5.21.0 to 5.23.0 in /ui-tests [1229](https://github.com/jupyterlab/jupyterlab-git/pull/1229) ([dependabot](https://github.com/dependabot))
- Update pre-commit [1216](https://github.com/jupyterlab/jupyterlab-git/pull/1216) ([fcollonval](https://github.com/fcollonval))
- Bump to 0.41.0 [1204](https://github.com/jupyterlab/jupyterlab-git/pull/1204) ([fcollonval](https://github.com/fcollonval))

Other merged PRs

- Bump json5 from 2.2.0 to 2.2.3 in /ui-tests [1235](https://github.com/jupyterlab/jupyterlab-git/pull/1235) ([dependabot](https://github.com/dependabot))
- Bump webpack from 5.74.0 to 5.76.1 [1232](https://github.com/jupyterlab/jupyterlab-git/pull/1232) ([dependabot](https://github.com/dependabot))
- add shawnesquivel as a contributor for code [1225](https://github.com/jupyterlab/jupyterlab-git/pull/1225) ([allcontributors](https://github.com/all-contributors))
- add basokant as a contributor for code [1224](https://github.com/jupyterlab/jupyterlab-git/pull/1224) ([allcontributors](https://github.com/all-contributors))
- bug: modified password placeholder text depending if remote URI is github (Fix 1176) [1220](https://github.com/jupyterlab/jupyterlab-git/pull/1220) ([shawnesquivel](https://github.com/shawnesquivel))
- Bump http-cache-semantics from 4.1.0 to 4.1.1 [1213](https://github.com/jupyterlab/jupyterlab-git/pull/1213) ([dependabot](https://github.com/dependabot))
- Hide overflow for latest item on click [1212](https://github.com/jupyterlab/jupyterlab-git/pull/1212) ([ardislu](https://github.com/ardislu))
- Bump json5 from 1.0.1 to 1.0.2 [1208](https://github.com/jupyterlab/jupyterlab-git/pull/1208) ([dependabot](https://github.com/dependabot))

Contributors to this release

([GitHub contributors page for this release](https://github.com/jupyterlab/jupyterlab-git/graphs/contributors?from=2022-12-15&to=2023-06-19&type=c))

[allcontributors](https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab-git+involves%3Aallcontributors+updated%3A2022-12-15..2023-06-19&type=Issues) | [ardislu](https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab-git+involves%3Aardislu+updated%3A2022-12-15..2023-06-19&type=Issues) | [basokant](https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab-git+involves%3Abasokant+updated%3A2022-12-15..2023-06-19&type=Issues) | [dependabot](https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab-git+involves%3Adependabot+updated%3A2022-12-15..2023-06-19&type=Issues) | [fcollonval](https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab-git+involves%3Afcollonval+updated%3A2022-12-15..2023-06-19&type=Issues) | [github-actions](https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab-git+involves%3Agithub-actions+updated%3A2022-12-15..2023-06-19&type=Issues) | [shawnesquivel](https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab-git+involves%3Ashawnesquivel+updated%3A2022-12-15..2023-06-19&type=Issues) | [welcome](https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab-git+involves%3Awelcome+updated%3A2022-12-15..2023-06-19&type=Issues)


Making a new release of jupyterlab_git

The extension can be published to `PyPI` and `npm` manually or using the [Jupyter Releaser](https://github.com/jupyter-server/jupyter_releaser).

Manual release

Python package

This extension can be distributed as Python packages. All of the Python
packaging instructions are in the `pyproject.toml` file to wrap your extension in a
Python package. Before generating a package, you first need to install some tools:

bash
pip install build twine hatch


Bump the version using `hatch`. By default this will create a tag.
See the docs on [hatch-nodejs-version](https://github.com/agoose77/hatch-nodejs-version#semver) for details.

bash
hatch version <new-version>


Make sure to clean up all the development files before building the package:

bash
jlpm clean:all


You could also clean up the local git repository:

bash
git clean -dfX


To create a Python source package (`.tar.gz`) and the binary package (`.whl`) in the `dist/` directory, do:

bash
python -m build


> `python setup.py sdist bdist_wheel` is deprecated and will not work for this package.

Then to upload the package to PyPI, do:

bash
twine upload dist/*


NPM package

To publish the frontend part of the extension as a NPM package, do:

bash
npm login
npm publish --access public


Automated releases with the Jupyter Releaser

The extension repository should already be compatible with the Jupyter Releaser.

Check out the [workflow documentation](https://jupyter-releaser.readthedocs.io/en/latest/get_started/making_release_from_repo.html) for more information.

Here is a summary of the steps to cut a new release:

- Add tokens to the [Github Secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets) in the repository:
- `ADMIN_GITHUB_TOKEN` (with "public_repo" and "repo:status" permissions); see the [documentation](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)
- `NPM_TOKEN` (with "automation" permission); see the [documentation](https://docs.npmjs.com/creating-and-viewing-access-tokens)
- Set up PyPI

<details><summary>Using PyPI trusted publisher (modern way)</summary>

- Set up your PyPI project by [adding a trusted publisher](https://docs.pypi.org/trusted-publishers/adding-a-publisher/)
- The _workflow name_ is `publish-release.yml` and the _environment_ should be left blank.
- Ensure the publish release job as `permissions`: `id-token : write` (see the [documentation](https://docs.pypi.org/trusted-publishers/using-a-publisher/))

</details>

- Go to the Actions panel
- Run the "Step 1: Prep Release" workflow
- Check the draft changelog
- Run the "Step 2: Publish Release" workflow

Publishing to `conda-forge`

If the package is not on conda forge yet, check the documentation to learn how to add it: https://conda-forge.org/docs/maintainer/adding_pkgs.html

Otherwise a bot should pick up the new version publish to PyPI, and open a new PR on the feedstock repository automatically.

Page 3 of 3

Links

Releases

Has known vulnerabilities

Previous

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.