CVE-2024-31207

Advisory

Dbt-snowflake 1.8.0b2 updates its cryptography requirement to version 42.0.4 or newer, addressing security concerns highlighted by CVE-2024-26130.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

What's Changed

New Features!
- 🤖 **AI Suggestions**: Bring your own OpenAI API key to unlock AI-powered suggestions!

<img width="857" alt="image" src="https://github.com/marimo-team/marimo/assets/1994308/06c5be42-33f8-4277-99a9-abeb1c3c7401">

Get started by updating your `~/.marimo.toml` config file:

toml
[ai.open_ai]
Get your API key from https://platform.openai.com/account/api-keys
api_key = "sk-..."
Choose a model, we recommend "gpt-3.5-turbo"
model = "gpt-3.5-turbo"
Change the base_url if you are using a different OpenAI-compatible API
base_url = "https://api.openai.com"


[Read the docs](https://docs.marimo.io/guides/ai_completion.html#using-ai-to-modify-cells) to learn more.

**Lazy evaluation/rendering of components** The new library function [`mo.lazy()`](https://docs.marimo.io/api/layouts/lazy.html#marimo.lazy) lets you defer the computation and rendering of components, especially useful if you have expensive components that are hidden by default (e.g., in a tab or accordion).

All changes

* chore(deps): update dependency typescript to ^5.4.3 by renovate in https://github.com/marimo-team/marimo/pull/1044
* fix(deps): update dependency react-resizable-panels to v2.0.16 by renovate in https://github.com/marimo-team/marimo/pull/1042
* chore(deps): update all eslint dependencies by renovate in https://github.com/marimo-team/marimo/pull/1043
* fix: pyodide additional remounting by mscolnick in https://github.com/marimo-team/marimo/pull/1046
* fix: dont allow renaming to '.' or '..', show dotfiles by mscolnick in https://github.com/marimo-team/marimo/pull/1047
* fix: allow removing Grid layout by mscolnick in https://github.com/marimo-team/marimo/pull/1048
* improvement: click hourglass to move view to current cell by fuenfundachtzig in https://github.com/marimo-team/marimo/pull/1040
* feat: model/base-url settings for AI completion, bring out of experimental by mscolnick in https://github.com/marimo-team/marimo/pull/1049
* feat: editor placeholder for AI prompt by mscolnick in https://github.com/marimo-team/marimo/pull/1057
* feat: mo.lazy by mscolnick in https://github.com/marimo-team/marimo/pull/1052
* fix: guard against modules that don't have a `__spec__` attr by akshayka in https://github.com/marimo-team/marimo/pull/1058
* fix: set event loop policy in create_asgi_app by akshayka in https://github.com/marimo-team/marimo/pull/1060
* chore(deps): update dependency vite to v5.1.7 [security] by renovate in https://github.com/marimo-team/marimo/pull/1054
* fix: resuming when auto-instantiate is false by akshayka in https://github.com/marimo-team/marimo/pull/1061
* improvement: update ai system prompt to be mpl aware by akshayka in https://github.com/marimo-team/marimo/pull/1062
* 0.3.9 by akshayka in https://github.com/marimo-team/marimo/pull/1063


**Full Changelog**: https://github.com/marimo-team/marimo/compare/0.3.8...0.3.9

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31207