Skip to content

[https://nvbugs/6467687][fix] Bump the jupyter_server minimum to >=2.20.0 and update the WAR comment to…#16526

Open
trtllm-agent wants to merge 1 commit into
NVIDIA:mainfrom
tensorrt-cicd:repair-bot-bug6467687
Open

[https://nvbugs/6467687][fix] Bump the jupyter_server minimum to >=2.20.0 and update the WAR comment to…#16526
trtllm-agent wants to merge 1 commit into
NVIDIA:mainfrom
tensorrt-cicd:repair-bot-bug6467687

Conversation

@trtllm-agent

@trtllm-agent trtllm-agent commented Jul 17, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Root cause: constraints.txt pins jupyter_server>=2.18.0, which allows the CVE-affected 2.18.2 to resolve; CVE GHSA-fcw5-x6j4-ccmp is fixed in 2.20.0.
  • Fix: Bump the jupyter_server minimum to >=2.20.0 and update the WAR comment to reference GHSA-fcw5-x6j4-ccmp.
  • Automated fix generated by repair-bot

Test plan

  • Verify fix on the same GPU type as the original failure
  • Check for regressions in related tests

Links

Summary by CodeRabbit

  • Bug Fixes
    • Updated the Jupyter Server requirement to a newer secure version, addressing a known security advisory.

…HSA-fcw5-x6j4-ccmp

Signed-off-by: trtllm-agent <296075020+trtllm-agent@users.noreply.github.com>
@coderabbitai

coderabbitai Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: fb4dba0a-95d7-4426-9e31-e26c62a1a3fe

📥 Commits

Reviewing files that changed from the base of the PR and between ed1a0b9 and 5a52aa5.

📒 Files selected for processing (1)
  • constraints.txt

📝 Walkthrough

Walkthrough

The jupyter_server minimum version constraint in constraints.txt is raised from >=2.18.0 to >=2.20.0 to address a security advisory.

Changes

Dependency Constraint

Layer / File(s) Summary
Raise jupyter_server minimum version
constraints.txt
Updates the minimum jupyter_server version from 2.18.0 to 2.20.0.

Estimated code review effort: 1 (Trivial) | ~2 minutes

Suggested reviewers: yuxianq

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title matches the PR's main change: bumping the jupyter_server minimum to 2.20.0 for a security fix.
Description check ✅ Passed The description covers the summary and test plan, and includes the bug link; only the checklist section is missing.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants