Bump jupyter-server from 2.18.2 to 2.20.0

[dependabot]

Bumps jupyter-server from 2.18.2 to 2.20.0.

Release notes

Sourced from jupyter-server's releases.

v2.20.0

2.20.0

(Full Changelog)

Security fixes

• CVE-2026-44727 GHSA-fcw5-x6j4-ccmp

Enhancements made

• Fix confusing terminal output when using ServerApp.ip=0.0.0.0 #1643 (@​Yann-P, @​minrk)
• Add a toggle to enable curve encryption for all kernels that support it #1638 (@​krassowski, @​Carreau, @​ianthomas23, @​minrk)

Bugs fixed

• Grab the port from bind_sockets in case its different #1651 (@​choldgraf, @​krassowski)

Maintenance and upkeep improvements

• Fix test_authorizer having a spurious comma in params #1664 (@​krassowski)
• Add a reminder to merge GHSA before release #1659 (@​Yann-P, @​Carreau)
• Exclude problematic pywinpty 3.0.4 version #1658 (@​krassowski)
• ci: explicitly pass base-setup inputs to fix strict validation failures #1626 (@​Carreau, @​Copilot)

Documentation improvements

• Align docs for curve encryption with latest JEP version #1660 (@​krassowski, @​Carreau)
• Remove PGP key from docs #1653 (@​Yann-P, @​krassowski)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​Carreau (activity) | @​choldgraf (activity) | @​Copilot (activity) | @​ianthomas23 (activity) | @​krassowski (activity) | @​minrk (activity) | @​Yann-P (activity)

v2.19.0

2.19.0

(Full Changelog)

Enhancements made

... (truncated)

Changelog

Sourced from jupyter-server's changelog.

2.20.0

(Full Changelog)

Enhancements made

• Fix confusing terminal output when using ServerApp.ip=0.0.0.0 #1643 (@​Yann-P, @​minrk)
• Add a toggle to enable curve encryption for all kernels that support it #1638 (@​krassowski, @​Carreau, @​ianthomas23, @​minrk)

Bugs fixed

• Grab the port from bind_sockets in case its different #1651 (@​choldgraf, @​krassowski)

Maintenance and upkeep improvements

• Fix test_authorizer having a spurious comma in params #1664 (@​krassowski)
• Add a reminder to merge GHSA before release #1659 (@​Yann-P, @​Carreau)
• Exclude problematic pywinpty 3.0.4 version #1658 (@​krassowski)
• ci: explicitly pass base-setup inputs to fix strict validation failures #1626 (@​Carreau, @​Copilot)

Documentation improvements

• Align docs for curve encryption with latest JEP version #1660 (@​krassowski, @​Carreau)
• Remove PGP key from docs #1653 (@​Yann-P, @​krassowski)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​Carreau (activity) | @​choldgraf (activity) | @​Copilot (activity) | @​ianthomas23 (activity) | @​krassowski (activity) | @​minrk (activity) | @​Yann-P (activity)

2.19.0

(Full Changelog)

Enhancements made

• Return unresolved stanza when kernel scope is unavailable for resolvePath (instead of failing with 404) #1641 (@​MUFFANUJ, @​Carreau, @​krassowski)

Bugs fixed

• Recreate notary store on failure to prevent save deadlock and data loss #1640 (@​krassowski, @​Carreau)

Maintenance and upkeep improvements

... (truncated)

Commits

• 05a78ad Publish 2.20.0
• 6cbee8d Merge commit from fork
• 333e700 Fix test_authorizer having a spurious comma in params (#1664)
• cccd543 Fix CI: explicitly pass base-setup inputs to avoid strict validation failures
• cd16d71 Align docs for curve encryption with latest JEP version (#1660)
• e458061 Add a toggle to enable curve encryption for all kernels that support it (#1638)
• 0ceeb4f Add note in RELEASE.md
• b13f8a2 Markdown does not work.
• e885b10 Add GHSA reminder in prep-release
• 0e28c90 Exclude problematic pywinpty 3.0.4 version (#1658)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.