chore(deps): bump jupyterlab from 4.5.0 to 4.5.9

[dependabot]

Bumps jupyterlab from 4.5.0 to 4.5.9.

Release notes

Sourced from jupyterlab's releases.

v4.5.9

4.5.9

(Full Changelog)

Bugs fixed

• Fix jupyter labextension build crash on webpack ≥ 5.107 #19021 (@​Darshan808, @​krassowski)
• Backport PR #18992: Fix hidden cells after moving collapsed headings #19016 (@​MUFFANUJ, @​krassowski)
• Forbid relative URLs in extensionmanager #19013 (@​Yann-P)
• Fix XSS in extension manager's homepage_url #19003 (@​Yann-P)
• Fix toolbar popup row clipping in Safari #18998 (@​arun-357)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​arun-357 (activity) | @​Darshan808 (activity) | @​krassowski (activity) | @​MUFFANUJ (activity) | @​Yann-P (activity)

v4.5.8

4.5.8

(Full Changelog)

Bugs fixed

• Prevent dialog from hanging when getValue() throws #18938 (@​AliMahmoudDev)
• Add packaging min version pin #18910 (@​krassowski)
• Use CSS anchor for prompt overlay #18840 (@​CrafterKolyan)

Maintenance and upkeep improvements

• Fix completer test failures on CI #18946 (@​krassowski)
• Bump license webpack plugin #18929 (@​Darshan808, @​krassowski)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​AliMahmoudDev (activity) | @​CrafterKolyan (activity) | @​Darshan808 (activity) | @​krassowski (activity)

... (truncated)

Commits

• dd65403 [ci skip] Publish 4.5.9
• 2693672 Backport PR #18992: Fix hidden cells after moving collapsed headings (#19016)
• 360c176 Backport PR #18998 on branch 4.5.x (Fix toolbar popup row clipping in Safari)...
• e9db010 Fix jupyter labextension build crash on webpack ≥ 5.107 (#19021)
• 3b8428c Backport PR #19013 on branch 4.5.x (Forbid relative URLs in extensionmanager)...
• 3c84a84 Backport PR #19003 on branch 4.5.x (Fix XSS in extension manager's `homepage_...
• 0dee996 [ci skip] Publish 4.5.8
• 8d30d48 Backport PR #18946 on branch 4.5.x (Fix completer test failures on CI) (#18949)
• 872d4c8 Backport PR #18938 on branch 4.5.x (Prevent dialog from hanging when `getValu...
• d8a3874 Bump license webpack plugin (#18929)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[socket-security]

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. It is recommended to resolve "Warn" alerts too. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Block		Telemetry collection: pypi jupyterlab Note: The source code contains telemetry functionality that raises privacy concerns due to the collection and transmission of user data without explicit consent. This behavior could be classified as malicious if users are unaware of the data being sent. Further scrutiny is needed to ensure compliance with privacy standards. From: uv.lock → pypi/jupyter@1.1.1 → pypi/jupyterlab@4.5.9 ℹ Read more on: This package | This alert | What is telemetry? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Most telemetry comes with settings to disable it. Consider disabling telemetry if you do not want to be tracked. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore pypi/jupyterlab@4.5.9. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: pypi jupyterlab is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: uv.lock → pypi/jupyter@1.1.1 → pypi/jupyterlab@4.5.9 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore pypi/jupyterlab@4.5.9. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report