Skip to content

Bump marimo from 0.16.5 to 0.23.0#146

Merged
nicosuave merged 1 commit into
mainfrom
dependabot/uv/marimo-0.23.0
May 23, 2026
Merged

Bump marimo from 0.16.5 to 0.23.0#146
nicosuave merged 1 commit into
mainfrom
dependabot/uv/marimo-0.23.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 22, 2026

Copy link
Copy Markdown
Contributor

Bumps marimo from 0.16.5 to 0.23.0.

Release notes

Sourced from marimo's releases.

0.23.0

Security Announcement

This release contains important security updates for CVE-2026-39987. See Terminal WebSocket Authentication Bypass

The /terminal/ws endpoint is accessible without authentication on default marimo installations. This allows for unauthenticated users to remote execute code via this endpoint.

Who is affected

  • If you have deployed marimo as an editable notebook (not an application) to the public internet and only using marimo’s built-in authentication.
  • If you expose marimo to your shared network using --host 0.0.0.0 and while in edit mode (not an application).

Likely not affected

You are not affected if any of these are true.

  • If you have your own authentication proxy on top of editable marimo notebooks.
  • If you are not exposing marimo to the public internet
  • If you are running marimo as an application (in run mode)
  • WebAssembly (WASM) notebooks are not affected
  • molab is not affected

Please upgrade to 0.23.0 or later.

What's Changed

Full Changelog: marimo-team/marimo@0.22.5...0.23.0

0.22.5

What's Changed

This release launches marimo pair — an agent skill that drops AI agents directly inside a running marimo notebook session — along with a cleaner, more responsive data table experience and a slate of reliability fixes.

⭐ Highlights

marimo pair: collaborate with agents inside your notebook

... (truncated)

Commits
  • 7d07685 release: 0.23.0 (#9099)
  • c24d480 fix: properly authenticate terminal route (#9098)
  • 78489d4 feat(plotly): add reactive area chart selection support (#9046)
  • 8649f3b feat(plotly): add reactive violin plot selection support (#9011)
  • 3ed090f feat: Accept suggestion on Enter (frontend-only localStorage pref) (#9016)
  • 8d1ea4a fix use API.get for pair with agent modal (#9090)
  • e072d9f docs: fix a misformatted markdown link (#9093)
  • 55b1f86 fix: table filtering by NaN in pandas string columns (#9092)
  • 986886f fix: reset Plotly axis settings when switching between different chart types ...
  • eade4fe feat: indicate server side installations (#8998)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [marimo](https://github.com/marimo-team/marimo) from 0.16.5 to 0.23.0.
- [Release notes](https://github.com/marimo-team/marimo/releases)
- [Commits](marimo-team/marimo@0.16.5...0.23.0)

---
updated-dependencies:
- dependency-name: marimo
  dependency-version: 0.23.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 22, 2026
@chatgpt-codex-connector

Copy link
Copy Markdown

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Repo admins can enable using credits for code reviews in their settings.

@nicosuave nicosuave merged commit 95bbbc2 into main May 23, 2026
15 checks passed
@nicosuave nicosuave deleted the dependabot/uv/marimo-0.23.0 branch May 23, 2026 01:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant