chore(deps): update dependency streamlit to v1.37.0 [security] #19

renovate · 2024-05-28T17:24:19Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
streamlit (source, changelog)	`==1.20.0` -> `==1.37.0`

GitHub Vulnerability Alerts

GHSA-8qw9-gf7w-42x5

Impact

The initial vulnerability identified in Streamlit apps using custom components, allowing for directory traversal attacks, was addressed in version 1.11.1. However, a minor issue persisted, which could still potentially expose certain files on the server file-system under specific conditions.

Patches

We released an update in version 1.30.0 to further tighten security measures. Users are strongly advised to update to version 1.30.0 immediately for optimal security.

Workarounds

No additional workarounds are necessary once the update to version 1.30.0 is applied.

For more information

If you have any questions or comments about this advisory:

Email us at security@streamlit.io

CVE-2024-42474

1. Impacted Products

Streamilt Open Source versions before 1.37.0.

2. Introduction

Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. The vulnerability was patched on Jul 25, 2024, as part of Streamlit open source version 1.37.0. The vulnerability only affects Windows.

3. Path Traversal Vulnerability

3.1 Description

On May 12, 2024, Streamlit was informed via our bug bounty program about a path traversal vulnerability in the open source library. We fixed and merged a patch remediating the vulnerability on Jul 25, 2024. The issue was determined to be in the moderate severity range with a maximum CVSSv3 base score of 5.9

3.2 Scenarios and attack vector(s)

Users of hosted Streamlit app(s) on Windows were vulnerable to a path traversal vulnerability when the static file sharing feature is enabled. An attacker could utilize the vulnerability to leak the password hash of the Windows user running Streamlit.

3.3 Resolution

The vulnerability has been fixed in all Streamlit versions released since Jul 25, 2024. We recommend all users upgrade to Version 1.37.0.

4. Contact

Please contact security@snowflake.com if you have any questions regarding this advisory. If you discover a security vulnerability in one of our products or websites, please report the issue to HackerOne. For more information, please see our Vulnerability Disclosure Policy.

Release Notes

streamlit/streamlit (streamlit)

`v1.37.0`

Compare Source

What's Changed

What's Changed

Breaking Changes 🛠

Remove legacy caching logic by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8737
Deprecate the experimental_allow_widgets caching parameter by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8817

New Features 🎉

Allow passing on_change_callback for CustomComponents by @raethlein in https://github.com/streamlit/streamlit/pull/8633
Use raw number for number column overlay and copy by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8708
Introduce st.navigation and st.Page by @kmcgrady in https://github.com/streamlit/streamlit/pull/8744
Make st.write call st.json to display Streamlit secrets object by @snehankekre in https://github.com/streamlit/streamlit/pull/8659
Streamlit Charts: Customizable Axis Labels by @mayagbarnes in https://github.com/streamlit/streamlit/pull/8846
Add vertical alignment parameter to st.columns by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8568
Add icon parameter to st.expander by @snehankekre in https://github.com/streamlit/streamlit/pull/8716
Use the default widget height for non-stacked checkbox & toggle widgets by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8835
Horizontal st.bar_chart by @mayagbarnes in https://github.com/streamlit/streamlit/pull/8877

Bug Fixes 🐛

Remove non-existent kwargs in ast.Call() call by @JelleZijlstra in https://github.com/streamlit/streamlit/pull/8711
Don't instantiate the LocalSourcesWatcher if file watching is disabled by @vdonato in https://github.com/streamlit/streamlit/pull/8741
Make the session state writes disallowed message more generic by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8720
Ensure SessionInfo is set before performing an action by @kmcgrady in https://github.com/streamlit/streamlit/pull/8779
Unify the minimum height of most element by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8797
Don't allow writing widgets outside the fragment by @raethlein in https://github.com/streamlit/streamlit/pull/8756
Fix element replay regression for plotly charts by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8770
Improve exception text when selectbox index larger than options by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8775
Prevent images in markdown to go beyond the container width by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8794
Ensure current page script hash and active script hash is correct at script start by @kmcgrady in https://github.com/streamlit/streamlit/pull/8830
Revert "Handle Altair resolve_scale (#8497)" by @kmcgrady in https://github.com/streamlit/streamlit/pull/8845
Update custom-components import paths and tests by @raethlein in https://github.com/streamlit/streamlit/pull/8666
Raise exception if st.Page is given an invalid path by @vdonato in https://github.com/streamlit/streamlit/pull/8878

Other Changes

Explicitly export experimental_dialog by @raethlein in https://github.com/streamlit/streamlit/pull/8728
Remove default value for title of dialog_decorator by @raethlein in https://github.com/streamlit/streamlit/pull/8729
Docstrings for 1.35.0 (and type consistency for charts) by @sfc-gh-dmatthews in https://github.com/streamlit/streamlit/pull/8740
Migrate streamlit hello to MPAv2 by @kmcgrady in https://github.com/streamlit/streamlit/pull/8806
Fix use_container_width docstring when default is True by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8809
Allow protobuf v5 as dependency by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8627
Fix: Remove title appending · Streamlit by @mayagbarnes in https://github.com/streamlit/streamlit/pull/8900

New Contributors

@JelleZijlstra made their first contribution in https://github.com/streamlit/streamlit/pull/8711

Full Changelog: streamlit/streamlit@1.35.0...1.36.0

`v1.35.0`

Compare Source

What's Changed

New Features 🎉

Add support for selections to st.plotly_chart by @willhuang1997 in https://github.com/streamlit/streamlit/pull/8191
feat: support set mysql connection query from secrets.toml by @LucianLiu6 in https://github.com/streamlit/streamlit/pull/8581
Feature: st.logo by @mayagbarnes in https://github.com/streamlit/streamlit/pull/8554
Material icon for st.page_link by @kajarenc in https://github.com/streamlit/streamlit/pull/8593
Add dataframe row and column selections by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8411
Add support for selections to st.altair_chart & st.vega_lite_chart by @willhuang1997 in https://github.com/streamlit/streamlit/pull/8302

Bug Fixes 🐛

Fix standalone custom-component execution by @raethlein in https://github.com/streamlit/streamlit/pull/8620
Clear stale elements when st.rerun() is used by @vdonato in https://github.com/streamlit/streamlit/pull/8599
Focus chat input after the submit button is pressed by @kmcgrady in https://github.com/streamlit/streamlit/pull/8637
fix: #8500 bypass StrEnum 'index' to make position-indexable by @97k in https://github.com/streamlit/streamlit/pull/8622
Update scroll-margin-top by @raethlein in https://github.com/streamlit/streamlit/pull/8641
Fix cell error when data editor gets reconstructed by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8640
Ensure that column config is cloned by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8677
Add fallback method for CSV download by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8452

Other Changes

Bump mheap/github-action-required-labels from 5.4.0 to 5.4.1 by @dependabot in https://github.com/streamlit/streamlit/pull/8582
Remove fullscreen button for st.table by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8621
Improve typing for query params .update and .from_dict by @Asaurus1 in https://github.com/streamlit/streamlit/pull/8614
Improve anchor button visualization for titles and headings by @raethlein in https://github.com/streamlit/streamlit/pull/8587
Allow protobuf v5 by @mark-thm in https://github.com/streamlit/streamlit/pull/8624
Stabilize the vega-lite spec for altair-based charts by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8628
Update address output in headless mode by @raethlein in https://github.com/streamlit/streamlit/pull/8647
Revert "Allow protobuf v5" by @raethlein in https://github.com/streamlit/streamlit/pull/8701

New Contributors

@LucianLiu6 made their first contribution in https://github.com/streamlit/streamlit/pull/8581
@mark-thm made their first contribution in https://github.com/streamlit/streamlit/pull/8624
@97k made their first contribution in https://github.com/streamlit/streamlit/pull/8622

Full Changelog: streamlit/streamlit@1.34.0...1.35.0

`v1.34.0`

Compare Source

What's Changed

New Features 🎉

Add st.experimental_dialog by @raethlein in https://github.com/streamlit/streamlit/pull/8040
from_dict for query params by @Asaurus1 in https://github.com/streamlit/streamlit/pull/8470
Improve period type support in st.dataframe and st.data_editor by @LukasMasuch in https://github.com/streamlit/streamlit/pull/7987
Add ability to clear cache for specific function arguments by passing args to <cached_func>.clear() by @OscarSaharoy in https://github.com/streamlit/streamlit/pull/8297
Add support for autoplaying st.audio and st.video media by @snehankekre in https://github.com/streamlit/streamlit/pull/8481
Support background colors for text by @snehankekre in https://github.com/streamlit/streamlit/pull/8435
Non-emoji icons by @kajarenc in https://github.com/streamlit/streamlit/pull/8307
Add support for Modin and Snowpark Pandas by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8506
Enable the usage of the pydeck-carto package with st.pydeck_chart by @vdonato in https://github.com/streamlit/streamlit/pull/8422

Bug Fixes 🐛

Offset dates in vega if no timezone information is attached. by @kmcgrady in https://github.com/streamlit/streamlit/pull/8278
Fix issues with fragments writing to containers and the sidebar by @vdonato in https://github.com/streamlit/streamlit/pull/8408
Produce python error for slider min=max by @AnOctopus in https://github.com/streamlit/streamlit/pull/8413
Make check for component ready dynamic by @kmcgrady in https://github.com/streamlit/streamlit/pull/8434
Update Auto Theme after print dialog if necessary by @kmcgrady in https://github.com/streamlit/streamlit/pull/8469
Reset widget state on page change by @AnOctopus in https://github.com/streamlit/streamlit/pull/8425
Switch back to using undeprecated pillow constant by @vdonato in https://github.com/streamlit/streamlit/pull/8492
Fix double script/callback run when replacing a file by @vdonato in https://github.com/streamlit/streamlit/pull/8493
Handle Altair vconcat with use_container_width by @kmcgrady in https://github.com/streamlit/streamlit/pull/8498
Fix empty state for st.status by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8369
Fix st.multiselect usage with empty sets or tuples by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8471
Handle Altair resolve_scale by @kmcgrady in https://github.com/streamlit/streamlit/pull/8497
Adjust default date for st.date_input if today's date is out of bounds by @vdonato in https://github.com/streamlit/streamlit/pull/8519
Handle setting session state keys to None for supported widgets by @vdonato in https://github.com/streamlit/streamlit/pull/8529
Fix empty generator usage with st.write_stream by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8560

Other Changes

Update modal styles by @raethlein in https://github.com/streamlit/streamlit/pull/8274
Move toasts to top right and make them prettier by @sfc-gh-tteixeira in https://github.com/streamlit/streamlit/pull/8433
Fix escaping in docstrings by @vdonato in https://github.com/streamlit/streamlit/pull/8510
Fix blank space print by @raethlein in https://github.com/streamlit/streamlit/pull/8502
Remove snowflake extras python restriction by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8538

New Contributors

@Lundez made their first contribution in https://github.com/streamlit/streamlit/pull/8520
@OscarSaharoy made their first contribution in https://github.com/streamlit/streamlit/pull/8297

Full Changelog: streamlit/streamlit@1.33.0...1.34.0

`v1.33.0`

Compare Source

What's Changed

Breaking Changes 🛠

Require explicit suggestion of unsafe_allow_html in st.write by @kmcgrady in https://github.com/streamlit/streamlit/pull/8238

New Features 🎉

explicit update() method for query_params by @Asaurus1 in https://github.com/streamlit/streamlit/pull/8205
Add AreaChartColumn to column config by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8237
Associate label with input to make label click focus input by @filiptammergard in https://github.com/streamlit/streamlit/pull/8155
Media elements improvements by @kajarenc in https://github.com/streamlit/streamlit/pull/8203
Page switching in AppTest by @AnOctopus in https://github.com/streamlit/streamlit/pull/8280
Add ability to use timedelta and stings to start_time and end_time. by @kajarenc in https://github.com/streamlit/streamlit/pull/8348
st.experimental_fragment decorator by @vdonato in https://github.com/streamlit/streamlit/pull/8343
Feature: st.html by @mayagbarnes in https://github.com/streamlit/streamlit/pull/8366

Bug Fixes 🐛

AppTest format_func by @AnOctopus in https://github.com/streamlit/streamlit/pull/8189
Url decode link column display values if regex is used by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8258
Fix infinite loop when rerun and triggered widgets are used together in AppTest by @AnOctopus in https://github.com/streamlit/streamlit/pull/8264
Use the button width as minimum for st.popover container by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8266
Revert "Expire session storage cache on an async timer (#8083)" by @kmcgrady in https://github.com/streamlit/streamlit/pull/8281
Allow custom themes to override embed options query parameter by @kmcgrady in https://github.com/streamlit/streamlit/pull/8021
Fix issue with not correctly waiting for connections by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8294
Fix initial iframe height for custom component by @kmcgrady in https://github.com/streamlit/streamlit/pull/8290
Fullscreen Button Overflow Horizontally by @kmcgrady in https://github.com/streamlit/streamlit/pull/8279
Fix white components backgrounds when OS is using dark theme by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8242
Add simple fix to update container status after llm complete by @KedoKudo in https://github.com/streamlit/streamlit/pull/8311
Simplify toast message truncation to use character limit directly by @snehankekre in https://github.com/streamlit/streamlit/pull/8337
resolve path when registering watcher for module paths by @zyxue in https://github.com/streamlit/streamlit/pull/8372
Readd mistakenly removed line and add explanatory comment by @vdonato in https://github.com/streamlit/streamlit/pull/8392

Other Changes

Allow packaging 24.x by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8338

New Contributors

@filiptammergard made their first contribution in https://github.com/streamlit/streamlit/pull/8155
@KedoKudo made their first contribution in https://github.com/streamlit/streamlit/pull/8311
@zyxue made their first contribution in https://github.com/streamlit/streamlit/pull/8372

Full Changelog: streamlit/streamlit@1.32.2...1.33.0

`v1.32.2`

Compare Source

Full Changelog: streamlit/streamlit@1.32.1...1.32.2

`v1.32.1`

Compare Source

Full Changelog: streamlit/streamlit@1.32.0...1.32.1

`v1.32.0`

Compare Source

What's Changed

New Features 🎉

Support markdown links inst.radio options by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8028
Improve error handling in st.write_stream by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8036
Add support for PIL images in st.write by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8039
add: Supprt for HTTP method to /healthz endpoint by @rahulmistri1997 in https://github.com/streamlit/streamlit/pull/8145
Add support for AzureOpenAI chat stream by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8107
Add st.popover layout container by @LukasMasuch in https://github.com/streamlit/streamlit/pull/7908
AppTest from_function args by @AnOctopus in https://github.com/streamlit/streamlit/pull/8183
Subtitles changes for st.video by @kajarenc in https://github.com/streamlit/streamlit/pull/8057
Expander and Status AppTest wrappers by @AnOctopus in https://github.com/streamlit/streamlit/pull/8187

Bug Fixes 🐛

Add support for converting st.query_params to string by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8030
Fix custom dataframe scrollbars in Chrome by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8034
Fix time_input menu colors in dark mode by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8056
Make shallow copies of options returned from ensure_indexable by @vdonato in https://github.com/streamlit/streamlit/pull/8064
Fix memory leak in runtime coroutine loop by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8068
Prevent pandas keyerror when checking color column format in st.map by @awhazell in https://github.com/streamlit/streamlit/pull/8079
Fix #7954 by @vdonato in https://github.com/streamlit/streamlit/pull/8054
Fix issue using a local path with st.image on windows. by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8092
Fix: st.page_link & st.switch_page handling / prefixed paths by @mayagbarnes in https://github.com/streamlit/streamlit/pull/8085
Fix script runner stack overflow by @AnOctopus in https://github.com/streamlit/streamlit/pull/8100
Normalize main script path in st.switch_page and st.page_link by @kajarenc in https://github.com/streamlit/streamlit/pull/8103
Fix: st.page_link URL preview shows file path by @mayagbarnes in https://github.com/streamlit/streamlit/pull/8086
Support multiple path characteristics for switch_page and page_link by @kmcgrady in https://github.com/streamlit/streamlit/pull/8127
Fix chart exception where color-handling code expected DF index to start at 0 by @sfc-gh-tteixeira in https://github.com/streamlit/streamlit/pull/8158
Fix: Alert element overflow by @mayagbarnes in https://github.com/streamlit/streamlit/pull/8194
Fully clear App State on page change by @kmcgrady in https://github.com/streamlit/streamlit/pull/8208
Make st.help more resilient with conditional members by @kmcgrady in https://github.com/streamlit/streamlit/pull/8228

Other Changes

Expire session storage cache on an async timer by @AnOctopus in https://github.com/streamlit/streamlit/pull/8083
Lazy-load emoji module to improve performance by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8109
Lazy-load pandas and pyarrow to improve performance by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8125
Miscellaneous docstring edits and argument names by @sfc-gh-dmatthews in https://github.com/streamlit/streamlit/pull/8118
Deprecate the deprecation.showPyplotGlobalUse config option by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8133
Use env variable to configure matplotlib backend by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8113
Lazy-load numpy and pillow to improve performance by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8134
Show a warning when server port 3000 is used by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8152
Fixed typos in example documentation by @t1emp0 in https://github.com/streamlit/streamlit/pull/8162
Increase time until timeout warning is shown for a custom component by @raethlein in https://github.com/streamlit/streamlit/pull/8179
Update glide-data-grid to version 6.0.4 by @LukasMasuch in https://github.com/streamlit/streamlit/pull/7779

New Contributors

@awhazell made their first contribution in https://github.com/streamlit/streamlit/pull/8079
@SidVer312 made their first contribution in https://github.com/streamlit/streamlit/pull/8017
@rahulmistri1997 made their first contribution in https://github.com/streamlit/streamlit/pull/8145
@t1emp0 made their first contribution in https://github.com/streamlit/streamlit/pull/8162

Full Changelog: streamlit/streamlit@1.31.1...1.32.0

`v1.31.1`

Compare Source

Full Changelog: streamlit/streamlit@1.31.0...1.31.1

`v1.31.0`

Compare Source

What's Changed

New Features 🎉

Allow inline usage of st.chat_input by @LukasMasuch in https://github.com/streamlit/streamlit/pull/7896
Feature: st.page_link by @mayagbarnes in https://github.com/streamlit/streamlit/pull/7965
Add st.write_stream command to handle generators or OpenAI output by @LukasMasuch in https://github.com/streamlit/streamlit/pull/7906

Bug Fixes 🐛

Reuse style element for theme injection into custom components by @Tom-Julux in https://github.com/streamlit/streamlit/pull/7914
Handle out of order blocks when parsing element tree by @AnOctopus in https://github.com/streamlit/streamlit/pull/7923
Fix progress bar float input bug by @notiona in https://github.com/streamlit/streamlit/pull/7953
Don't pass query parameters from parent page into iframes by @eric-skydio in https://github.com/streamlit/streamlit/pull/7951
Fix period type support for Pandas 2.2.0 by @LukasMasuch in https://github.com/streamlit/streamlit/pull/7988
Only ignore hiding required columns in dynamic mode by @LukasMasuch in https://github.com/streamlit/streamlit/pull/7996
Disable watchdog suggestion for none or poll watcher type by @LukasMasuch in https://github.com/streamlit/streamlit/pull/8024

Other Changes

Support latest importlib-metadata v7 by @elgalu in https://github.com/streamlit/streamlit/pull/7925
Make Snowpark dependency truly optional for SnowflakeConnection by @vdonato in https://github.com/streamlit/streamlit/pull/7919

New Contributors

@Tom-Julux made their first contribution in https://github.com/streamlit/streamlit/pull/7914
@elgalu made their first contribution in https://github.com/streamlit/streamlit/pull/7925
@notiona made their first contribution in https://github.com/streamlit/streamlit/pull/7953

Full Changelog: streamlit/streamlit@1.30.0...1.31.0

`v1.30.0`

Compare Source

What's Changed

New Features 🎉

Add support for scroll container via the height parameter by @LukasMasuch in https://github.com/streamlit/streamlit/pull/7697
Add display_text to LinkColumn by @sfc-gh-bhay in https://github.com/streamlit/streamlit/pull/7741
st.query_params by @willhuang1997 in https://github.com/streamlit/streamlit/pull/7774
Add Pandas styler support to LinkColumn by @LukasMasuch in https://github.com/streamlit/streamlit/pull/7784
Config - MPA Sidebar Page Navigation by @mayagbarnes in https://github.com/streamlit/streamlit/pull/7852
Feature - st.switch_page by @mayagbarnes in https://github.com/streamlit/streamlit/pull/7853

Bug Fixes 🐛

Fix handling of ordinal columns for builtin-charts by @LukasMasuch in https://github.com/streamlit/streamlit/pull/7771
Fix st.toggle background color by @sfc-gh-jgarcia in https://github.com/streamlit/streamlit/pull/7788
Don't send command used to start streamlit to frontend by @vdonato in https://github.com/streamlit/streamlit/pull/7787
Fix iframe background for dark color scheme by @LukasMasuch in https://github.com/streamlit/streamlit/pull/7821
Prevent incompatible column config serialization by @LukasMasuch in https://github.com/streamlit/streamlit/pull/7887
Prevent hiding required editable columns by @LukasMasuch in https://github.com/streamlit/streamlit/pull/7888
Disable the ability to submit form if a submit button is disabled by @willhuang1997 in https://github.com/streamlit/streamlit/pull/7827
Fix flickering effect when changing tabs by @LukasMasuch in https://github.com/streamlit/streamlit/pull/7904
Fix shrunk icon size in st.expander by @matiboux in https://github.com/streamlit/streamlit/pull/7596
Add check that individual elements are "python comparable" by @kajarenc in https://github.com/streamlit/streamlit/pull/7840
Use commonpath rather than common prefix for more secure access by @kmcgrady in https://github.com/streamlit/streamlit/pull/7901
Don't disable tab on stale flag by @LukasMasuch in https://github.com/streamlit/streamlit/pull/7905
Fix embed params being dropped in page swaps by @sfc-gh-wihuang in https://github.com/streamlit/streamlit/pull/7918

Other Changes

Fix parenthesis error messaging by @willhuang1997 in https://github.com/streamlit/streamlit/pull/7770
Update SECURITY.md by @sfc-gh-hpathak in https://github.com/streamlit/streamlit/pull/7783
Speed up plotly figures by 8x for users with "orjson" by @eric-skydio in https://github.com/streamlit/streamlit/pull/7860

New Contributors

@sfc-gh-bhay made their first contribution in https://github.com/streamlit/streamlit/pull/7741
@sfc-gh-jkinkead made their first contribution in https://github.com/streamlit/streamlit/pull/7843
@sfc-gh-jdaly made their first contribution in https://github.com/streamlit/streamlit/pull/7842
@matiboux made their first contribution in https://github.com/streamlit/streamlit/pull/7596

Full Changelog: streamlit/streamlit@1.29.0...1.30.0

`v1.29.0`

Compare Source

What's Changed

Breaking Changes 🛠

Remove old app test api by @AnOctopus in https://github.com/streamlit/streamlit/pull/7657

New Features 🎉

Add ability to add empty query params by @willhuang1997 in https://github.com/streamlit/streamlit/pull/7601
Add Enum coercion to options elements, if input Enum classes "identical" but redefined on script run by @Asaurus1 in https://github.com/streamlit/streamlit/pull/7408
Remove Recording Feature Menu Item when unsupported by @kmcgrady in https://github.com/streamlit/streamlit/pull/7604
Improved AppTest/ElementTree formatting by @AnOctopus in https://github.com/streamlit/streamlit/pull/7658
Add support for timedelta type to st.dataframe, st.data_editor and st.table. by @LukasMasuch in https://github.com/streamlit/streamlit/pull/7689
Add border parameter to container and form by @LukasMasuch in [https://github.com/streamlit/streamlit

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

github-actions · 2024-05-28T17:26:22Z

Route to deployed app is: https://snowpackdata-pr-19-frontend.apps.silver.devops.gov.bc.ca

github-actions · 2024-07-23T21:02:18Z

Route to deployed app is: https://snowpackdata-pr-19-frontend.apps.silver.devops.gov.bc.ca

github-actions · 2024-08-14T02:41:35Z

Route to deployed app is: https://snowpackdata-pr-19-frontend.apps.silver.devops.gov.bc.ca

github-actions · 2024-08-14T02:41:57Z

Route to deployed app is: https://snowpackdata-pr-19-frontend.apps.silver.devops.gov.bc.ca

renovate · 2024-08-20T15:04:03Z

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (==1.37.0). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

renovate bot temporarily deployed to dev May 28, 2024 17:25 Inactive

renovate bot temporarily deployed to dev July 23, 2024 21:01 Inactive

chore(deps): update dependency streamlit to v1.37.0 [security]

1bb438f

renovate bot force-pushed the renovate/pypi-streamlit-vulnerability branch from 8a0c8df to 1bb438f Compare August 14, 2024 02:39

renovate bot changed the title ~~chore(deps): update dependency streamlit to v1.30.0 [security]~~ chore(deps): update dependency streamlit to v1.37.0 [security] Aug 14, 2024

renovate bot temporarily deployed to dev August 14, 2024 02:41 Inactive

franTarkenton closed this Aug 20, 2024

franTarkenton temporarily deployed to dev August 20, 2024 15:03 — with GitHub Actions Inactive

franTarkenton temporarily deployed to prod August 20, 2024 15:03 — with GitHub Actions Inactive

renovate bot deleted the renovate/pypi-streamlit-vulnerability branch August 20, 2024 15:04

franTarkenton restored the renovate/pypi-streamlit-vulnerability branch August 20, 2024 15:04

renovate bot deleted the renovate/pypi-streamlit-vulnerability branch August 20, 2024 15:05

franTarkenton restored the renovate/pypi-streamlit-vulnerability branch August 20, 2024 17:14

renovate bot deleted the renovate/pypi-streamlit-vulnerability branch August 20, 2024 17:15

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update dependency streamlit to v1.37.0 [security] #19

chore(deps): update dependency streamlit to v1.37.0 [security] #19

renovate bot commented May 28, 2024 •

edited

Loading

github-actions bot commented May 28, 2024

github-actions bot commented Jul 23, 2024

github-actions bot commented Aug 14, 2024

github-actions bot commented Aug 14, 2024

renovate bot commented Aug 20, 2024

chore(deps): update dependency streamlit to v1.37.0 [security] #19

chore(deps): update dependency streamlit to v1.37.0 [security] #19

Conversation

renovate bot commented May 28, 2024 • edited Loading

GitHub Vulnerability Alerts

Impact

Patches

Workarounds

For more information

1. Impacted Products

2. Introduction

3. Path Traversal Vulnerability

3.1 Description

3.2 Scenarios and attack vector(s)

3.3 Resolution

4. Contact

Release Notes

What's Changed

New Features 🎉

Bug Fixes 🐛

Other Changes

New Contributors

What's Changed

Breaking Changes 🛠

New Features 🎉

Bug Fixes 🐛

Other Changes

New Contributors

What's Changed

New Features 🎉

Bug Fixes 🐛

Other Changes

New Contributors

What's Changed

New Features 🎉

Bug Fixes 🐛

Other Changes

New Contributors

What's Changed

Breaking Changes 🛠

New Features 🎉

Bug Fixes 🐛

Other Changes

New Contributors

What's Changed

New Features 🎉

Bug Fixes 🐛

Other Changes

New Contributors

What's Changed

New Features 🎉

Bug Fixes 🐛

Other Changes

New Contributors

What's Changed

New Features 🎉

Bug Fixes 🐛

Other Changes

New Contributors

What's Changed

Breaking Changes 🛠

New Features 🎉

Configuration

github-actions bot commented May 28, 2024

github-actions bot commented Jul 23, 2024

github-actions bot commented Aug 14, 2024

github-actions bot commented Aug 14, 2024

renovate bot commented Aug 20, 2024

Renovate Ignore Notification

renovate bot commented May 28, 2024 •

edited

Loading