Update dependency streamlit to v1.37.0 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
streamlit (source, changelog)	==1.22.0 -> ==1.37.0

GitHub Vulnerability Alerts

GHSA-8qw9-gf7w-42x5

Impact

The initial vulnerability identified in Streamlit apps using custom components, allowing for directory traversal attacks, was addressed in version 1.11.1. However, a minor issue persisted, which could still potentially expose certain files on the server file-system under specific conditions.

Patches

We released an update in version 1.30.0 to further tighten security measures. Users are strongly advised to update to version 1.30.0 immediately for optimal security.

Workarounds

No additional workarounds are necessary once the update to version 1.30.0 is applied.

For more information

If you have any questions or comments about this advisory:

• Email us at security@streamlit.io

CVE-2024-42474

1. Impacted Products

Streamilt Open Source versions before 1.37.0.

2. Introduction

Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. The vulnerability was patched on Jul 25, 2024, as part of Streamlit open source version 1.37.0. The vulnerability only affects Windows.

3. Path Traversal Vulnerability

3.1 Description

On May 12, 2024, Streamlit was informed via our bug bounty program about a path traversal vulnerability in the open source library. We fixed and merged a patch remediating the vulnerability on Jul 25, 2024. The issue was determined to be in the moderate severity range with a maximum CVSSv3 base score of 5.9

3.2 Scenarios and attack vector(s)

Users of hosted Streamlit app(s) on Windows were vulnerable to a path traversal vulnerability when the static file sharing feature is enabled. An attacker could utilize the vulnerability to leak the password hash of the Windows user running Streamlit.

3.3 Resolution

The vulnerability has been fixed in all Streamlit versions released since Jul 25, 2024. We recommend all users upgrade to Version 1.37.0.

4. Contact

Please contact security@snowflake.com if you have any questions regarding this advisory. If you discover a security vulnerability in one of our products or websites, please report the issue to HackerOne. For more information, please see our Vulnerability Disclosure Policy.

---

Release Notes

streamlit/streamlit (streamlit)

v1.37.0

Compare Source

What's Changed

New Features 🎉

• Stacking options - st.bar_chart by @​mayagbarnes in https://github.com/streamlit/streamlit/pull/8945
• Support graphviz.sources.Source object for st.graphviz_chart by @​sfc-gh-kbregula in https://github.com/streamlit/streamlit/pull/8993
• Add support for material icons in markdown by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8889
• Fix lag when closing dialog by @​raethlein in https://github.com/streamlit/streamlit/pull/9023
• Stacking options - st.area_chart by @​mayagbarnes in https://github.com/streamlit/streamlit/pull/8992
• Add feedback widget by @​raethlein in https://github.com/streamlit/streamlit/pull/8915
• READ only headers and cookies by @​kajarenc in https://github.com/streamlit/streamlit/pull/8976
• De-experimentalize st.fragment by @​vdonato in https://github.com/streamlit/streamlit/pull/9019
• De-experimentalize st.dialog by @​raethlein in https://github.com/streamlit/streamlit/pull/9020

Bug Fixes 🐛

• Show fragment errors in fragment-path for main app runs by @​raethlein in https://github.com/streamlit/streamlit/pull/8868
• Fix st.rerun fragment thread reuse issue by @​raethlein in https://github.com/streamlit/streamlit/pull/8798
• Support non-unix style paths for MPA loading by @​kmcgrady in https://github.com/streamlit/streamlit/pull/8988
• Set theme hash properly on load if a custom theme is active to start by @​kmcgrady in https://github.com/streamlit/streamlit/pull/8989
• Don't remove session refs on fragment runs by @​vdonato in https://github.com/streamlit/streamlit/pull/9010
• Improvements to NumberInput formatting by @​sfc-gh-nbellante in https://github.com/streamlit/streamlit/pull/9035
• Hide all Particles upon printing by @​sfc-gh-nbellante in https://github.com/streamlit/streamlit/pull/9053
• Fix: MPA support of custom themes by @​mayagbarnes in https://github.com/streamlit/streamlit/pull/8994
• st.switch_page clears non-embed query params by @​mayagbarnes in https://github.com/streamlit/streamlit/pull/9059
• Fix secrets.toml Windows Path Bug by @​sfc-gh-nbellante in https://github.com/streamlit/streamlit/pull/9061
• Bugfix: Fixes two st.map width bugs by @​sfc-gh-nbellante in https://github.com/streamlit/streamlit/pull/9070
• Validate the path using Tornado before performing checks by @​kmcgrady in https://github.com/streamlit/streamlit/pull/8990
• Reset ctx.current_fragment_id to last ID instead of None by @​vdonato in https://github.com/streamlit/streamlit/pull/9114

Other Changes

• Update emojis used for validation by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8923
• Add support for numpy 2.x by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8940
• Remove a bunch of deprecated experimental features by @​vdonato in https://github.com/streamlit/streamlit/pull/8943
• Migrate custom icons from material outlined to rounded by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8998
• Remove old config options - part 1 by @​mayagbarnes in https://github.com/streamlit/streamlit/pull/9005
• Remove old config options - part 2 by @​mayagbarnes in https://github.com/streamlit/streamlit/pull/9013
• Remove deprecation.showPyplotGlobalUse config option by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/9018
• Fix broken st.navigation docstring by @​mahotd in https://github.com/streamlit/streamlit/pull/9027
• Update the feedback widget design by @​raethlein in https://github.com/streamlit/streamlit/pull/9094

New Contributors

• @​Dev-iL made their first contribution in https://github.com/streamlit/streamlit/pull/8947
• @​quant12345 made their first contribution in https://github.com/streamlit/streamlit/pull/8968
• @​mahotd made their first contribution in https://github.com/streamlit/streamlit/pull/9027

Full Changelog: streamlit/streamlit@1.36.0...1.37.0

v1.36.0

Compare Source

What's Changed

Breaking Changes 🛠

• Remove legacy caching logic by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8737
• Deprecate the experimental_allow_widgets caching parameter by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8817

New Features 🎉

• Allow passing on_change_callback for CustomComponents by @​raethlein in https://github.com/streamlit/streamlit/pull/8633
• Use raw number for number column overlay and copy by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8708
• Introduce st.navigation and st.Page by @​kmcgrady in https://github.com/streamlit/streamlit/pull/8744
• Make st.write call st.json to display Streamlit secrets object by @​snehankekre in https://github.com/streamlit/streamlit/pull/8659
• Streamlit Charts: Customizable Axis Labels by @​mayagbarnes in https://github.com/streamlit/streamlit/pull/8846
• Add vertical alignment parameter to st.columns by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8568
• Add icon parameter to st.expander by @​snehankekre in https://github.com/streamlit/streamlit/pull/8716
• Use the default widget height for non-stacked checkbox & toggle widgets by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8835
• Horizontal st.bar_chart by @​mayagbarnes in https://github.com/streamlit/streamlit/pull/8877

Bug Fixes 🐛

• Remove non-existent kwargs in ast.Call() call by @​JelleZijlstra in https://github.com/streamlit/streamlit/pull/8711
• Don't instantiate the LocalSourcesWatcher if file watching is disabled by @​vdonato in https://github.com/streamlit/streamlit/pull/8741
• Make the session state writes disallowed message more generic by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8720
• Ensure SessionInfo is set before performing an action by @​kmcgrady in https://github.com/streamlit/streamlit/pull/8779
• Unify the minimum height of most element by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8797
• Don't allow writing widgets outside the fragment by @​raethlein in https://github.com/streamlit/streamlit/pull/8756
• Fix element replay regression for plotly charts by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8770
• Improve exception text when selectbox index larger than options by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8775
• Prevent images in markdown to go beyond the container width by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8794
• Ensure current page script hash and active script hash is correct at script start by @​kmcgrady in https://github.com/streamlit/streamlit/pull/8830
• Revert "Handle Altair resolve_scale (#​8497)" by @​kmcgrady in https://github.com/streamlit/streamlit/pull/8845
• Update custom-components import paths and tests by @​raethlein in https://github.com/streamlit/streamlit/pull/8666
• Raise exception if st.Page is given an invalid path by @​vdonato in https://github.com/streamlit/streamlit/pull/8878

Other Changes

• Explicitly export experimental_dialog by @​raethlein in https://github.com/streamlit/streamlit/pull/8728
• Remove default value for title of dialog_decorator by @​raethlein in https://github.com/streamlit/streamlit/pull/8729
• Docstrings for 1.35.0 (and type consistency for charts) by @​sfc-gh-dmatthews in https://github.com/streamlit/streamlit/pull/8740
• Migrate streamlit hello to MPAv2 by @​kmcgrady in https://github.com/streamlit/streamlit/pull/8806
• Fix use_container_width docstring when default is True by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8809
• Allow protobuf v5 as dependency by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8627
• Fix: Remove title appending · Streamlit by @​mayagbarnes in https://github.com/streamlit/streamlit/pull/8900

New Contributors

• @​JelleZijlstra made their first contribution in https://github.com/streamlit/streamlit/pull/8711

Full Changelog: streamlit/streamlit@1.35.0...1.36.0

v1.35.0

Compare Source

What's Changed

New Features 🎉

• Add support for selections to st.plotly_chart by @​willhuang1997 in https://github.com/streamlit/streamlit/pull/8191
• feat: support set mysql connection query from secrets.toml by @​LucianLiu6 in https://github.com/streamlit/streamlit/pull/8581
• Feature: st.logo by @​mayagbarnes in https://github.com/streamlit/streamlit/pull/8554
• Material icon for st.page_link by @​kajarenc in https://github.com/streamlit/streamlit/pull/8593
• Add dataframe row and column selections by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8411
• Add support for selections to st.altair_chart & st.vega_lite_chart by @​willhuang1997 in https://github.com/streamlit/streamlit/pull/8302

Bug Fixes 🐛

• Fix standalone custom-component execution by @​raethlein in https://github.com/streamlit/streamlit/pull/8620
• Clear stale elements when st.rerun() is used by @​vdonato in https://github.com/streamlit/streamlit/pull/8599
• Focus chat input after the submit button is pressed by @​kmcgrady in https://github.com/streamlit/streamlit/pull/8637
• fix: #​8500 bypass StrEnum 'index' to make position-indexable by @​97k in https://github.com/streamlit/streamlit/pull/8622
• Update scroll-margin-top by @​raethlein in https://github.com/streamlit/streamlit/pull/8641
• Fix cell error when data editor gets reconstructed by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8640
• Ensure that column config is cloned by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8677
• Add fallback method for CSV download by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8452

Other Changes

• Bump mheap/github-action-required-labels from 5.4.0 to 5.4.1 by @​dependabot in https://github.com/streamlit/streamlit/pull/8582
• Remove fullscreen button for st.table by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8621
• Improve typing for query params .update and .from_dict by @​Asaurus1 in https://github.com/streamlit/streamlit/pull/8614
• Improve anchor button visualization for titles and headings by @​raethlein in https://github.com/streamlit/streamlit/pull/8587
• Allow protobuf v5 by @​mark-thm in https://github.com/streamlit/streamlit/pull/8624
• Stabilize the vega-lite spec for altair-based charts by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8628
• Update address output in headless mode by @​raethlein in https://github.com/streamlit/streamlit/pull/8647
• Revert "Allow protobuf v5" by @​raethlein in https://github.com/streamlit/streamlit/pull/8701

New Contributors

• @​LucianLiu6 made their first contribution in https://github.com/streamlit/streamlit/pull/8581
• @​mark-thm made their first contribution in https://github.com/streamlit/streamlit/pull/8624
• @​97k made their first contribution in https://github.com/streamlit/streamlit/pull/8622

Full Changelog: streamlit/streamlit@1.34.0...1.35.0

v1.34.0

Compare Source

What's Changed

New Features 🎉

• Add st.experimental_dialog by @​raethlein in https://github.com/streamlit/streamlit/pull/8040
• from_dict for query params by @​Asaurus1 in https://github.com/streamlit/streamlit/pull/8470
• Improve period type support in st.dataframe and st.data_editor by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/7987
• Add ability to clear cache for specific function arguments by passing args to <cached_func>.clear() by @​OscarSaharoy in https://github.com/streamlit/streamlit/pull/8297
• Add support for autoplaying st.audio and st.video media by @​snehankekre in https://github.com/streamlit/streamlit/pull/8481
• Support background colors for text by @​snehankekre in https://github.com/streamlit/streamlit/pull/8435
• Non-emoji icons by @​kajarenc in https://github.com/streamlit/streamlit/pull/8307
• Add support for Modin and Snowpark Pandas by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8506
• Enable the usage of the pydeck-carto package with st.pydeck_chart by @​vdonato in https://github.com/streamlit/streamlit/pull/8422

Bug Fixes 🐛

• Offset dates in vega if no timezone information is attached. by @​kmcgrady in https://github.com/streamlit/streamlit/pull/8278
• Fix issues with fragments writing to containers and the sidebar by @​vdonato in https://github.com/streamlit/streamlit/pull/8408
• Produce python error for slider min=max by @​AnOctopus in https://github.com/streamlit/streamlit/pull/8413
• Make check for component ready dynamic by @​kmcgrady in https://github.com/streamlit/streamlit/pull/8434
• Update Auto Theme after print dialog if necessary by @​kmcgrady in https://github.com/streamlit/streamlit/pull/8469
• Reset widget state on page change by @​AnOctopus in https://github.com/streamlit/streamlit/pull/8425
• Switch back to using undeprecated pillow constant by @​vdonato in https://github.com/streamlit/streamlit/pull/8492
• Fix double script/callback run when replacing a file by @​vdonato in https://github.com/streamlit/streamlit/pull/8493
• Handle Altair vconcat with use_container_width by @​kmcgrady in https://github.com/streamlit/streamlit/pull/8498
• Fix empty state for st.status by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8369
• Fix st.multiselect usage with empty sets or tuples by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8471
• Handle Altair resolve_scale by @​kmcgrady in https://github.com/streamlit/streamlit/pull/8497
• Adjust default date for st.date_input if today's date is out of bounds by @​vdonato in https://github.com/streamlit/streamlit/pull/8519
• Handle setting session state keys to None for supported widgets by @​vdonato in https://github.com/streamlit/streamlit/pull/8529
• Fix empty generator usage with st.write_stream by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8560

Other Changes

• Update modal styles by @​raethlein in https://github.com/streamlit/streamlit/pull/8274
• Move toasts to top right and make them prettier by @​sfc-gh-tteixeira in https://github.com/streamlit/streamlit/pull/8433
• Fix escaping in docstrings by @​vdonato in https://github.com/streamlit/streamlit/pull/8510
• Fix blank space print by @​raethlein in https://github.com/streamlit/streamlit/pull/8502
• Remove snowflake extras python restriction by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8538

New Contributors

• @​Lundez made their first contribution in https://github.com/streamlit/streamlit/pull/8520
• @​OscarSaharoy made their first contribution in https://github.com/streamlit/streamlit/pull/8297

Full Changelog: streamlit/streamlit@1.33.0...1.34.0

v1.33.0

Compare Source

What's Changed

Breaking Changes 🛠

• Require explicit suggestion of unsafe_allow_html in st.write by @​kmcgrady in https://github.com/streamlit/streamlit/pull/8238

New Features 🎉

• explicit update() method for query_params by @​Asaurus1 in https://github.com/streamlit/streamlit/pull/8205
• Add AreaChartColumn to column config by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8237
• Associate label with input to make label click focus input by @​filiptammergard in https://github.com/streamlit/streamlit/pull/8155
• Media elements improvements by @​kajarenc in https://github.com/streamlit/streamlit/pull/8203
• Page switching in AppTest by @​AnOctopus in https://github.com/streamlit/streamlit/pull/8280
• Add ability to use timedelta and stings to start_time and end_time. by @​kajarenc in https://github.com/streamlit/streamlit/pull/8348
• st.experimental_fragment decorator by @​vdonato in https://github.com/streamlit/streamlit/pull/8343
• Feature: st.html by @​mayagbarnes in https://github.com/streamlit/streamlit/pull/8366

Bug Fixes 🐛

• AppTest format_func by @​AnOctopus in https://github.com/streamlit/streamlit/pull/8189
• Url decode link column display values if regex is used by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8258
• Fix infinite loop when rerun and triggered widgets are used together in AppTest by @​AnOctopus in https://github.com/streamlit/streamlit/pull/8264
• Use the button width as minimum for st.popover container by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8266
• Revert "Expire session storage cache on an async timer (#​8083)" by @​kmcgrady in https://github.com/streamlit/streamlit/pull/8281
• Allow custom themes to override embed options query parameter by @​kmcgrady in https://github.com/streamlit/streamlit/pull/8021
• Fix issue with not correctly waiting for connections by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8294
• Fix initial iframe height for custom component by @​kmcgrady in https://github.com/streamlit/streamlit/pull/8290
• Fullscreen Button Overflow Horizontally by @​kmcgrady in https://github.com/streamlit/streamlit/pull/8279
• Fix white components backgrounds when OS is using dark theme by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8242
• Add simple fix to update container status after llm complete by @​KedoKudo in https://github.com/streamlit/streamlit/pull/8311
• Simplify toast message truncation to use character limit directly by @​snehankekre in https://github.com/streamlit/streamlit/pull/8337
• resolve path when registering watcher for module paths by @​zyxue in https://github.com/streamlit/streamlit/pull/8372
• Readd mistakenly removed line and add explanatory comment by @​vdonato in https://github.com/streamlit/streamlit/pull/8392

Other Changes

• Allow packaging 24.x by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8338

New Contributors

• @​filiptammergard made their first contribution in https://github.com/streamlit/streamlit/pull/8155
• @​KedoKudo made their first contribution in https://github.com/streamlit/streamlit/pull/8311
• @​zyxue made their first contribution in https://github.com/streamlit/streamlit/pull/8372

Full Changelog: streamlit/streamlit@1.32.2...1.33.0

v1.32.2

Compare Source

Full Changelog: streamlit/streamlit@1.32.1...1.32.2

v1.32.1

Compare Source

Full Changelog: streamlit/streamlit@1.32.0...1.32.1

v1.32.0

Compare Source

What's Changed

New Features 🎉

• Support markdown links inst.radio options by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8028
• Improve error handling in st.write_stream by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8036
• Add support for PIL images in st.write by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8039
• add: Supprt for HTTP method to /healthz endpoint by @​rahulmistri1997 in https://github.com/streamlit/streamlit/pull/8145
• Add support for AzureOpenAI chat stream by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8107
• Add st.popover layout container by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/7908
• AppTest from_function args by @​AnOctopus in https://github.com/streamlit/streamlit/pull/8183
• Subtitles changes for st.video by @​kajarenc in https://github.com/streamlit/streamlit/pull/8057
• Expander and Status AppTest wrappers by @​AnOctopus in https://github.com/streamlit/streamlit/pull/8187

Bug Fixes 🐛

• Add support for converting st.query_params to string by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8030
• Fix custom dataframe scrollbars in Chrome by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8034
• Fix time_input menu colors in dark mode by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8056
• Make shallow copies of options returned from ensure_indexable by @​vdonato in https://github.com/streamlit/streamlit/pull/8064
• Fix memory leak in runtime coroutine loop by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8068
• Prevent pandas keyerror when checking color column format in st.map by @​awhazell in https://github.com/streamlit/streamlit/pull/8079
• Fix #​7954 by @​vdonato in https://github.com/streamlit/streamlit/pull/8054
• Fix issue using a local path with st.image on windows. by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8092
• Fix: st.page_link & st.switch_page handling / prefixed paths by @​mayagbarnes in https://github.com/streamlit/streamlit/pull/8085
• Fix script runner stack overflow by @​AnOctopus in https://github.com/streamlit/streamlit/pull/8100
• Normalize main script path in st.switch_page and st.page_link by @​kajarenc in https://github.com/streamlit/streamlit/pull/8103
• Fix: st.page_link URL preview shows file path by @​mayagbarnes in https://github.com/streamlit/streamlit/pull/8086
• Support multiple path characteristics for switch_page and page_link by @​kmcgrady in https://github.com/streamlit/streamlit/pull/8127
• Fix chart exception where color-handling code expected DF index to start at 0 by @​sfc-gh-tteixeira in https://github.com/streamlit/streamlit/pull/8158
• Fix: Alert element overflow by @​mayagbarnes in https://github.com/streamlit/streamlit/pull/8194
• Fully clear App State on page change by @​kmcgrady in https://github.com/streamlit/streamlit/pull/8208
• Make st.help more resilient with conditional members by @​kmcgrady in https://github.com/streamlit/streamlit/pull/8228

Other Changes

• Expire session storage cache on an async timer by @​AnOctopus in https://github.com/streamlit/streamlit/pull/8083
• Lazy-load emoji module to improve performance by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8109
• Lazy-load pandas and pyarrow to improve performance by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8125
• Miscellaneous docstring edits and argument names by @​sfc-gh-dmatthews in https://github.com/streamlit/streamlit/pull/8118
• Deprecate the deprecation.showPyplotGlobalUse config option by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8133
• Use env variable to configure matplotlib backend by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8113
• Lazy-load numpy and pillow to improve performance by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8134
• Show a warning when server port 3000 is used by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8152
• Fixed typos in example documentation by @​t1emp0 in https://github.com/streamlit/streamlit/pull/8162
• Increase time until timeout warning is shown for a custom component by @​raethlein in https://github.com/streamlit/streamlit/pull/8179
• Update glide-data-grid to version 6.0.4 by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/7779

New Contributors

• @​awhazell made their first contribution in https://github.com/streamlit/streamlit/pull/8079
• @​SidVer312 made their first contribution in https://github.com/streamlit/streamlit/pull/8017
• @​rahulmistri1997 made their first contribution in https://github.com/streamlit/streamlit/pull/8145
• @​t1emp0 made their first contribution in https://github.com/streamlit/streamlit/pull/8162

Full Changelog: streamlit/streamlit@1.31.1...1.32.0

v1.31.1

Compare Source

Full Changelog: streamlit/streamlit@1.31.0...1.31.1

v1.31.0

Compare Source

What's Changed

New Features 🎉

• Allow inline usage of st.chat_input by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/7896
• Feature: st.page_link by @​mayagbarnes in https://github.com/streamlit/streamlit/pull/7965
• Add st.write_stream command to handle generators or OpenAI output by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/7906

Bug Fixes 🐛

• Reuse style element for theme injection into custom components by @​Tom-Julux in https://github.com/streamlit/streamlit/pull/7914
• Handle out of order blocks when parsing element tree by @​AnOctopus in https://github.com/streamlit/streamlit/pull/7923
• Fix progress bar float input bug by @​notiona in https://github.com/streamlit/streamlit/pull/7953
• Don't pass query parameters from parent page into iframes by @​eric-skydio in https://github.com/streamlit/streamlit/pull/7951
• Fix period type support for Pandas 2.2.0 by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/7988
• Only ignore hiding required columns in dynamic mode by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/7996
• Disable watchdog suggestion for none or poll watcher type by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/8024

Other Changes

• Support latest importlib-metadata v7 by @​elgalu in https://github.com/streamlit/streamlit/pull/7925
• Make Snowpark dependency truly optional for SnowflakeConnection by @​vdonato in https://github.com/streamlit/streamlit/pull/7919

New Contributors

• @​Tom-Julux made their first contribution in https://github.com/streamlit/streamlit/pull/7914
• @​elgalu made their first contribution in https://github.com/streamlit/streamlit/pull/7925
• @​notiona made their first contribution in https://github.com/streamlit/streamlit/pull/7953

Full Changelog: streamlit/streamlit@1.30.0...1.31.0

v1.30.0

Compare Source

What's Changed

New Features 🎉

• Add support for scroll container via the height parameter by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/7697
• Add display_text to LinkColumn by @​sfc-gh-bhay in https://github.com/streamlit/streamlit/pull/7741
• st.query_params by @​willhuang1997 in https://github.com/streamlit/streamlit/pull/7774
• Add Pandas styler support to LinkColumn by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/7784
• Config - MPA Sidebar Page Navigation by @​mayagbarnes in https://github.com/streamlit/streamlit/pull/7852
• Feature - st.switch_page by @​mayagbarnes in https://github.com/streamlit/streamlit/pull/7853

Bug Fixes 🐛

• Fix handling of ordinal columns for builtin-charts by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/7771
• Fix st.toggle background color by @​sfc-gh-jgarcia in https://github.com/streamlit/streamlit/pull/7788
• Don't send command used to start streamlit to frontend by @​vdonato in https://github.com/streamlit/streamlit/pull/7787
• Fix iframe background for dark color scheme by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/7821
• Prevent incompatible column config serialization by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/7887
• Prevent hiding required editable columns by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/7888
• Disable the ability to submit form if a submit button is disabled by @​willhuang1997 in https://github.com/streamlit/streamlit/pull/7827
• Fix flickering effect when changing tabs by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/7904
• Fix shrunk icon size in st.expander by @​matiboux in https://github.com/streamlit/streamlit/pull/7596
• Add check that individual elements are "python comparable" by @​kajarenc in https://github.com/streamlit/streamlit/pull/7840
• Use commonpath rather than common prefix for more secure access by @​kmcgrady in https://github.com/streamlit/streamlit/pull/7901
• Don't disable tab on stale flag by @​LukasMasuch in https://github.com/streamlit/streamlit/pull/7905
• Fix embed params being dropped in page swaps by @​sfc-gh-wihuang in https://github.com/streamlit/streamlit/pull/7918

Other Changes

• Fix parenthesis error messaging by [@​willhuang1997

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cr-gpt]

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

[cr-gpt]

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information