next release is 3.0, not 2.4

docs/source/_static/rest-api.yml

@@ -564,7 +564,7 @@ paths:
                     A list of role names from which to derive scopes.
                     This is a shortcut for assigning collections of scopes;
                     Tokens do not retain role assignment.
-                    (Changed in 2.4: roles are immediately resolved to scopes
+                    (Changed in 3.0: roles are immediately resolved to scopes
                     instead of stored on roles.)
                   items:
                     type: string
@@ -572,7 +572,7 @@ paths:
                   type: array
                   description: |
                     A list of scopes that the token should have.
-                    (new in JupyterHub 2.4).
+                    (new in JupyterHub 3.0).
                   items:
                     type: string
         required: false

docs/source/rbac/scopes.md

@@ -233,7 +233,7 @@ If you use {class}`~.HubOAuthenticated`, this check is performed automatically
 against the `.hub_scopes` attribute of each Handler
 (the default is populated from `$JUPYTERHUB_OAUTH_ACCESS_SCOPES` and usually `access:services!service=myservice`).
 
-:::{versionchanged} 2.4
+:::{versionchanged} 3.0
 The JUPYTERHUB_OAUTH_SCOPES environment variable is deprecated and renamed to JUPYTERHUB_OAUTH_ACCESS_SCOPES,
 to avoid ambiguity with JUPYTERHUB_OAUTH_CLIENT_ALLOWED_SCOPES
 :::

docs/source/reference/services.md

@@ -117,9 +117,9 @@ JUPYTERHUB_SERVICE_PREFIX: URL path prefix of this service (/services/:service-n
 JUPYTERHUB_SERVICE_URL:    Local URL where the service is expected to be listening.
                            Only for proxied web services.
 JUPYTERHUB_OAUTH_SCOPES:   JSON-serialized list of scopes to use for allowing access to the service
-                           (deprecated in 2.4, use JUPYTERHUB_OAUTH_ACCESS_SCOPES).
-JUPYTERHUB_OAUTH_ACCESS_SCOPES: JSON-serialized list of scopes to use for allowing access to the service (new in 2.4).
-JUPYTERHUB_OAUTH_CLIENT_ALLOWED_SCOPES: JSON-serialized list of scopes that can be requested by the oauth client on behalf of users (new in 2.4).
+                           (deprecated in 3.0, use JUPYTERHUB_OAUTH_ACCESS_SCOPES).
+JUPYTERHUB_OAUTH_ACCESS_SCOPES: JSON-serialized list of scopes to use for allowing access to the service (new in 3.0).
+JUPYTERHUB_OAUTH_CLIENT_ALLOWED_SCOPES: JSON-serialized list of scopes that can be requested by the oauth client on behalf of users (new in 3.0).
 ```
 
 For the previous 'cull idle' Service example, these environment variables

docs/source/reference/spawners.md

@@ -308,7 +308,7 @@ The process environment is returned by `Spawner.get_env`, which specifies the fo
   This is also the OAuth client secret.
 - JUPYTERHUB_CLIENT_ID - the OAuth client ID for authenticating visitors.
 - JUPYTERHUB_OAUTH_CALLBACK_URL - the callback URL to use in oauth, typically `/user/:name/oauth_callback`
-- JUPYTERHUB_OAUTH_ACCESS_SCOPES - the scopes required to access the server (called JUPYTERHUB_OAUTH_SCOPES prior to 2.4)
+- JUPYTERHUB_OAUTH_ACCESS_SCOPES - the scopes required to access the server (called JUPYTERHUB_OAUTH_SCOPES prior to 3.0)
 - JUPYTERHUB_OAUTH_CLIENT_ALLOWED_SCOPES - the scopes the service is allowed to request.
   If no scopes are requested explicitly, these scopes will be requested.
 

jupyterhub/oauth/provider.py

@@ -570,7 +570,7 @@ class JupyterHubRequestValidator(RequestValidator):
 
         # TODO: handle roles->scopes transition
         # In 2.0-2.2, `?scopes=` only accepted _role_ names,
-        # but in 2.4 we accept and prefer scopes.
+        # but in 3.0 we accept and prefer scopes.
         # For backward-compatibility, we still accept both.
         # Should roles be deprecated here, or kept as a convenience?
         try:

jupyterhub/services/auth.py

@@ -336,7 +336,7 @@ class HubAuth(SingletonConfigurable):
     @property
     def oauth_scopes(self):
         warnings.warn(
-            "HubAuth.oauth_scopes is deprecated in JupyterHub 2.4. Use .access_scopes"
+            "HubAuth.oauth_scopes is deprecated in JupyterHub 3.0. Use .access_scopes"
         )
         return self.access_scopes
 
@@ -352,7 +352,7 @@ class HubAuth(SingletonConfigurable):
     def _default_scopes(self):
         env_scopes = os.getenv('JUPYTERHUB_OAUTH_ACCESS_SCOPES')
         if not env_scopes:
-            # deprecated name (since 2.4)
+            # deprecated name (since 3.0)
             env_scopes = os.getenv('JUPYTERHUB_OAUTH_SCOPES')
         if env_scopes:
             return set(json.loads(env_scopes))

jupyterhub/services/service.py

@@ -203,7 +203,7 @@ class Service(LoggingConfigurable):
     oauth_roles = List(
         help="""OAuth allowed roles.
 
-        DEPRECATED in 2.4: use oauth_client_allowed_scopes
+        DEPRECATED in 3.0: use oauth_client_allowed_scopes
       """
     ).tag(input=True)
 

jupyterhub/spawner.py

@@ -306,7 +306,7 @@ class Spawner(LoggingConfigurable):
         [Callable(), List()],
         help="""Allowed roles for oauth tokens.
 
-        Deprecated in 2.4: use oauth_client_allowed_scopes
+        Deprecated in 3.0: use oauth_client_allowed_scopes
 
         This sets the maximum and default roles
         assigned to oauth tokens issued by a single-user server's
@@ -955,11 +955,11 @@ class Spawner(LoggingConfigurable):
             self.user.url, url_escape_path(self.name), 'oauth_callback'
         )
 
-        # deprecated env, renamed in 2.4 for disambiguation
+        # deprecated env, renamed in 3.0 for disambiguation
         env['JUPYTERHUB_OAUTH_SCOPES'] = json.dumps(self.oauth_access_scopes)
         env['JUPYTERHUB_OAUTH_ACCESS_SCOPES'] = json.dumps(self.oauth_access_scopes)
 
-        # added in 2.4
+        # added in 3.0
         env['JUPYTERHUB_OAUTH_CLIENT_ALLOWED_SCOPES'] = json.dumps(
             self.oauth_client_allowed_scopes
         )