Conversation
The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-15763443 - https://snyk.io/vuln/SNYK-PYTHON-STREAMLIT-15782919
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| networkx==2.4 | ||
| pydot==1.4.1 | ||
| streamlit==0.75.0 | ||
| streamlit==1.54.0 |
There was a problem hiding this comment.
Major version bump breaks removed st.beta_columns API
High Severity
Upgrading streamlit from 0.75.0 to 1.54.0 breaks the application because the codebase uses st.beta_columns (in project/interface/train.py, project/run_mnist_interface.py, project/sentiment_interface.py), which was removed in newer Streamlit versions and replaced with st.columns. This will cause AttributeError: module 'streamlit' has no attribute 'beta_columns' at runtime, crashing the Streamlit app. The @st.cache decorator with allow_output_mutation=True used in project/sentiment_interface.py is also deprecated and may fail. The code needs to be updated to use the current Streamlit API before this version bump can land safely.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 31bc21c5dc
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| networkx==2.4 | ||
| pydot==1.4.1 | ||
| streamlit==0.75.0 | ||
| streamlit==1.54.0 |
There was a problem hiding this comment.
Pinning streamlit==1.54.0 introduces a runtime break in the project UIs because the codebase still calls beta-prefixed APIs such as st.beta_columns and st.beta_expander (for example in project/tensor_interface.py and project/run_mnist_interface.py), which are not available in modern Streamlit releases. With this dependency change, those pages raise AttributeError when rendered, so the interactive tooling in project/ no longer works without additional code migration.
Useful? React with 👍 / 👎.
3 participants
Snyk has created this PR to fix 2 vulnerabilities in the pip dependencies of this project.
Snyk changed the following file(s):
requirements.extra.txtImportant
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
👩💻 Set who automatically gets assigned
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Insecure Temporary File
🦉 Server-side Request Forgery (SSRF)
Note
Medium Risk
Moderate risk because
streamlitis upgraded across major versions and may introduce breaking dependency/runtime changes;requestspin is low risk but could affect transitive dependency resolution.Overview
Updates
requirements.extra.txtto remediate Snyk-reported vulnerabilities by upgradingstreamlitfrom0.75.0to1.54.0.Also adds an explicit
requests>=2.33.0constraint (not previously listed) and normalizes theembeddings==0.0.8entry (ensuring it’s present as a proper line).Written by Cursor Bugbot for commit 31bc21c. This will update automatically on new commits. Configure here.