Skip to content

Bump jupytext from 1.19.1 to 1.19.4#91

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/jupytext-1.19.4
Open

Bump jupytext from 1.19.1 to 1.19.4#91
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/jupytext-1.19.4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 24, 2026

Copy link
Copy Markdown
Contributor

Bumps jupytext from 1.19.1 to 1.19.4.

Release notes

Sourced from jupytext's releases.

Version 1.19.4

Changed

  • Jupytext's documentation is now at https://jupytext.org! (#1538)
  • We have moved Jupytext to its own Jupytext organization (#1546)
  • Updated the JupyterLab extension production dependencies (12 patch updates) (#1541)
  • We require pandoc<3.10 on the CI as pandoc converts the "3.10" string to a float, which then causes issues in Jupytext (#1545)
  • Fixed the CI so that tests also run on scheduled runs, and so that jupyterfs tests are skipped when their initialization fails (#1539)
  • In the CI, the extension is build using a dedicated build pixi environment.

Fixed

  • We now support unicode characters while dumping YAML (#1542)

Added

  • A new custom_language_magics option is available (#1491). Thanks to steovd for making the PR!

Security

  • Fixed GHSA-m22c-4q2m-m5wr: the update-playwright-snapshots workflow was triggerable by any user via an issue_comment event. It now checks that the comment author is an OWNER, MEMBER, or COLLABORATOR before running (#1535)
  • Set persist-credentials: false on all workflow checkout steps as defense-in-depth, preventing a live GITHUB_TOKEN from being left in .git/config where attacker-controlled build hooks could read it. This is strictly required only for update-playwright-snapshots (fixed above), but applies to all workflows so they remain safe if their scope is later extended.

Version 1.19.3

Fixed

  • The Jupytext CLI issues a warning when a notebook is not trusted. Also, trust is preserved when empty outputs are added (follow-up on #1505)

Changed

  • The dependabot config has been updated to correctly bump extension packages, now allowing only production updates and ignoring dev dependencies (#1532). Thanks to Mahendra Paipuri for this PR!
  • Removed deprecated stylelint packages (stylelint-config-prettier and stylelint-prettier) from the JupyterLab extension dependencies (#1530)
  • We have removed Python 3.9 testing from the CI (Python 3.9 reached EOL in October 2025)

Version 1.19.2

Fixed

  • Trusted notebooks remain trusted after jupytext --sync (#1505)
  • We have fixed the homepage link in package.json. Thanks to Michał Krassowski for making this PR (#1494)
  • Thanks to Brigitta Sipőcz for fixing a broken link in our CLI (#1428)
  • The --quiet flag now suppresses the creating missing directory warning when writing to a path that includes a prefix (#1533)

Changed

  • The CI workflow has been restructured to maximize parallelization. All test suites (pip, conda, UI) and the build step now run concurrently after pre-commit checks, instead of sequentially, reducing CI times (#1527)
  • We have skipped the tests that involve jupyterfs on Python 3.12+ as they started failing on the CI with no obvious way to fix them (#1509)
  • We have changed the configuration of Dependabot to get grouped dependency updates for our JupyterLab extension.
  • We have merged a series of Dependabot security updates: #1516, #1517, #1519, #1520, #1522, #1524
Changelog

Sourced from jupytext's changelog.

1.19.4 (2026-06-21)

Changed

  • Jupytext's documentation is now at https://jupytext.org! (#1538)
  • We have moved Jupytext to its own Jupytext organization (#1546)
  • Updated the JupyterLab extension production dependencies (12 patch updates) (#1541)
  • We require pandoc<3.10 on the CI as pandoc converts the "3.10" string to a float, which then causes issues in Jupytext (#1545)
  • Fixed the CI so that tests also run on scheduled runs, and so that jupyterfs tests are skipped when their initialization fails (#1539)
  • In the CI, the extension is build using a dedicated build pixi environment.

Fixed

  • We now support unicode characters while dumping YAML (#1542)

Added

  • A new custom_language_magics option is available (#1491). Thanks to steovd for making the PR!

Security

  • Fixed GHSA-m22c-4q2m-m5wr: the update-playwright-snapshots workflow was triggerable by any user via an issue_comment event. It now checks that the comment author is an OWNER, MEMBER, or COLLABORATOR before running (#1535)
  • Set persist-credentials: false on all workflow checkout steps as defense-in-depth, preventing a live GITHUB_TOKEN from being left in .git/config where attacker-controlled build hooks could read it. This is strictly required only for update-playwright-snapshots (fixed above), but applies to all workflows so they remain safe if their scope is later extended.

1.19.3 (2026-05-17)

Fixed

  • The Jupytext CLI issues a warning when a notebook is not trusted. Also, trust is preserved when empty outputs are added (follow-up on #1505)

Changed

  • The dependabot config has been updated to correctly bump extension packages, now allowing only production updates and ignoring dev dependencies (#1532). Thanks to Mahendra Paipuri for this PR!
  • Removed deprecated stylelint packages (stylelint-config-prettier and stylelint-prettier) from the JupyterLab extension dependencies (#1530)
  • We have removed Python 3.9 testing from the CI (Python 3.9 reached EOL in October 2025)

1.19.2 (2026-05-10)

Fixed

  • Trusted notebooks remain trusted after jupytext --sync (#1505)
  • We have fixed the homepage link in package.json. Thanks to Michał Krassowski for making this PR (#1494)
  • Thanks to Brigitta Sipőcz for fixing a broken link in our CLI (#1428)
  • The --quiet flag now suppresses the creating missing directory warning when writing to a path that includes a prefix (#1533)

... (truncated)

Commits
  • 95cd281 Fix: quarto example
  • 8ef90bb Move Jupytext to a Jupytext organization
  • 7cfe21d Update the jupytext.org website (#1561)
  • 590ce61 build(deps): bump undici
  • 61e7163 Add custom_language_magics option to support user-defined language magics i...
  • 1d464eb Fix: use comment-tag to update the existing PR comment (#1560)
  • 7a65533 Fix CI: Build the extension with a dedicated pixi environment (#1558)
  • cbf24f8 docs: add changelog entries for #1539, #1540, and #1541
  • 7e433c5 ci: set persist-credentials: false on all workflow checkouts
  • 2d09640 build(deps): bump the jupytext-extension-dependencies group across 2 director...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump jupytext from 1.19.1 to 1.19.4
325731f 
Bumps [jupytext](https://github.com/jupytext/jupytext) from 1.19.1 to 1.19.4.
- [Release notes](https://github.com/jupytext/jupytext/releases)
- [Changelog](https://github.com/jupytext/jupytext/blob/main/CHANGELOG.md)
- [Commits](jupytext/jupytext@v1.19.1...v1.19.4)

---
updated-dependencies:
- dependency-name: jupytext
  dependency-version: 1.19.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot mentioned this pull request Jun 24, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@tsalo tsalo

Labels

ignore-for-release maintenance

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tsalo