chore(deps): update dependency streamlit to v1.37.0 [security] (Googl…

…eCloudPlatform#1104)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [streamlit](https://streamlit.io)
([source](https://redirect.github.com/streamlit/streamlit),
[changelog](https://docs.streamlit.io/develop/quick-reference/changelog))
| `1.36.0` -> `1.37.0` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/streamlit/1.37.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/streamlit/1.37.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/streamlit/1.36.0/1.37.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/streamlit/1.36.0/1.37.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

> [!WARNING]
> Some dependencies could not be looked up. Check the warning logs for
more information.

### GitHub Vulnerability Alerts

####
[CVE-2024-42474](https://redirect.github.com/streamlit/streamlit/security/advisories/GHSA-rxff-vr5r-8cj5)

### 1. Impacted Products
Streamilt Open Source versions before 1.37.0.

### 2. Introduction
Snowflake Streamlit open source addressed a security vulnerability via
the [static file sharing
feature](https://docs.streamlit.io/develop/concepts/configuration/serving-static-files).
The vulnerability was patched on Jul 25, 2024, as part of Streamlit open
source version 1.37.0. The vulnerability only affects Windows.

### 3. Path Traversal Vulnerability 

#### 3.1 Description
On May 12, 2024, Streamlit was informed via our bug bounty program about
a path traversal vulnerability in the open source library. We fixed and
merged a patch remediating the vulnerability on Jul 25, 2024. The issue
was determined to be in the moderate severity range with a maximum
CVSSv3 base score of
[5.9](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N)

#### 3.2 Scenarios and attack vector(s)
Users of hosted Streamlit app(s) on Windows were vulnerable to a path
traversal vulnerability when the [static file sharing
feature](https://docs.streamlit.io/develop/concepts/configuration/serving-static-files)
is enabled. An attacker could utilize the vulnerability to leak the
password hash of the Windows user running Streamlit.

#### 3.3 Resolution
The vulnerability has been fixed in all Streamlit versions released
since Jul 25, 2024. We recommend all users upgrade to Version 1.37.0.

### 4. Contact
Please contact [email protected] if you have any questions
regarding this advisory. If you discover a security vulnerability in one
of our products or websites, please report the issue to HackerOne. For
more information, please see our [Vulnerability Disclosure
Policy](https://hackerone.com/snowflake?type=team).

---

### Release Notes

<details>
<summary>streamlit/streamlit (streamlit)</summary>

###
[`v1.37.0`](https://redirect.github.com/streamlit/streamlit/releases/tag/1.37.0)

[Compare
Source](https://redirect.github.com/streamlit/streamlit/compare/1.36.0...1.37.0)

<!-- Release notes generated using configuration in .github/release.yml
at 1.37.0 -->

#### What's Changed

##### New Features 🎉

- Stacking options - `st.bar_chart` by
[@&#8203;mayagbarnes](https://redirect.github.com/mayagbarnes) in
[https://github.com/streamlit/streamlit/pull/8945](https://redirect.github.com/streamlit/streamlit/pull/8945)
- Support `graphviz.sources.Source` object for `st.graphviz_chart` by
[@&#8203;sfc-gh-kbregula](https://redirect.github.com/sfc-gh-kbregula)
in
[https://github.com/streamlit/streamlit/pull/8993](https://redirect.github.com/streamlit/streamlit/pull/8993)
- Add support for material icons in markdown by
[@&#8203;LukasMasuch](https://redirect.github.com/LukasMasuch) in
[https://github.com/streamlit/streamlit/pull/8889](https://redirect.github.com/streamlit/streamlit/pull/8889)
- Fix lag when closing dialog by
[@&#8203;raethlein](https://redirect.github.com/raethlein) in
[https://github.com/streamlit/streamlit/pull/9023](https://redirect.github.com/streamlit/streamlit/pull/9023)
- Stacking options - `st.area_chart` by
[@&#8203;mayagbarnes](https://redirect.github.com/mayagbarnes) in
[https://github.com/streamlit/streamlit/pull/8992](https://redirect.github.com/streamlit/streamlit/pull/8992)
- Add feedback widget by
[@&#8203;raethlein](https://redirect.github.com/raethlein) in
[https://github.com/streamlit/streamlit/pull/8915](https://redirect.github.com/streamlit/streamlit/pull/8915)
- READ only headers and cookies by
[@&#8203;kajarenc](https://redirect.github.com/kajarenc) in
[https://github.com/streamlit/streamlit/pull/8976](https://redirect.github.com/streamlit/streamlit/pull/8976)
- De-experimentalize st.fragment by
[@&#8203;vdonato](https://redirect.github.com/vdonato) in
[https://github.com/streamlit/streamlit/pull/9019](https://redirect.github.com/streamlit/streamlit/pull/9019)
- De-experimentalize st.dialog by
[@&#8203;raethlein](https://redirect.github.com/raethlein) in
[https://github.com/streamlit/streamlit/pull/9020](https://redirect.github.com/streamlit/streamlit/pull/9020)

##### Bug Fixes 🐛

- Show fragment errors in fragment-path for main app runs by
[@&#8203;raethlein](https://redirect.github.com/raethlein) in
[https://github.com/streamlit/streamlit/pull/8868](https://redirect.github.com/streamlit/streamlit/pull/8868)
- Fix st.rerun fragment thread reuse issue by
[@&#8203;raethlein](https://redirect.github.com/raethlein) in
[https://github.com/streamlit/streamlit/pull/8798](https://redirect.github.com/streamlit/streamlit/pull/8798)
- Support non-unix style paths for MPA loading by
[@&#8203;kmcgrady](https://redirect.github.com/kmcgrady) in
[https://github.com/streamlit/streamlit/pull/8988](https://redirect.github.com/streamlit/streamlit/pull/8988)
- Set theme hash properly on load if a custom theme is active to start
by [@&#8203;kmcgrady](https://redirect.github.com/kmcgrady) in
[https://github.com/streamlit/streamlit/pull/8989](https://redirect.github.com/streamlit/streamlit/pull/8989)
- Don't remove session refs on fragment runs by
[@&#8203;vdonato](https://redirect.github.com/vdonato) in
[https://github.com/streamlit/streamlit/pull/9010](https://redirect.github.com/streamlit/streamlit/pull/9010)
- Improvements to NumberInput formatting by
[@&#8203;sfc-gh-nbellante](https://redirect.github.com/sfc-gh-nbellante)
in
[https://github.com/streamlit/streamlit/pull/9035](https://redirect.github.com/streamlit/streamlit/pull/9035)
- Hide all Particles upon printing by
[@&#8203;sfc-gh-nbellante](https://redirect.github.com/sfc-gh-nbellante)
in
[https://github.com/streamlit/streamlit/pull/9053](https://redirect.github.com/streamlit/streamlit/pull/9053)
- Fix: MPA support of custom themes by
[@&#8203;mayagbarnes](https://redirect.github.com/mayagbarnes) in
[https://github.com/streamlit/streamlit/pull/8994](https://redirect.github.com/streamlit/streamlit/pull/8994)
- `st.switch_page` clears non-embed query params by
[@&#8203;mayagbarnes](https://redirect.github.com/mayagbarnes) in
[https://github.com/streamlit/streamlit/pull/9059](https://redirect.github.com/streamlit/streamlit/pull/9059)
- Fix secrets.toml Windows Path Bug by
[@&#8203;sfc-gh-nbellante](https://redirect.github.com/sfc-gh-nbellante)
in
[https://github.com/streamlit/streamlit/pull/9061](https://redirect.github.com/streamlit/streamlit/pull/9061)
- Bugfix: Fixes two st.map width bugs by
[@&#8203;sfc-gh-nbellante](https://redirect.github.com/sfc-gh-nbellante)
in
[https://github.com/streamlit/streamlit/pull/9070](https://redirect.github.com/streamlit/streamlit/pull/9070)
- Validate the path using Tornado before performing checks by
[@&#8203;kmcgrady](https://redirect.github.com/kmcgrady) in
[https://github.com/streamlit/streamlit/pull/8990](https://redirect.github.com/streamlit/streamlit/pull/8990)
- Reset ctx.current_fragment_id to last ID instead of None by
[@&#8203;vdonato](https://redirect.github.com/vdonato) in
[https://github.com/streamlit/streamlit/pull/9114](https://redirect.github.com/streamlit/streamlit/pull/9114)

##### Other Changes

- Update emojis used for validation by
[@&#8203;LukasMasuch](https://redirect.github.com/LukasMasuch) in
[https://github.com/streamlit/streamlit/pull/8923](https://redirect.github.com/streamlit/streamlit/pull/8923)
- Add support for numpy 2.x by
[@&#8203;LukasMasuch](https://redirect.github.com/LukasMasuch) in
[https://github.com/streamlit/streamlit/pull/8940](https://redirect.github.com/streamlit/streamlit/pull/8940)
- Remove a bunch of deprecated experimental features by
[@&#8203;vdonato](https://redirect.github.com/vdonato) in
[https://github.com/streamlit/streamlit/pull/8943](https://redirect.github.com/streamlit/streamlit/pull/8943)
- Migrate custom icons from material outlined to rounded by
[@&#8203;LukasMasuch](https://redirect.github.com/LukasMasuch) in
[https://github.com/streamlit/streamlit/pull/8998](https://redirect.github.com/streamlit/streamlit/pull/8998)
- Remove old config options - part 1 by
[@&#8203;mayagbarnes](https://redirect.github.com/mayagbarnes) in
[https://github.com/streamlit/streamlit/pull/9005](https://redirect.github.com/streamlit/streamlit/pull/9005)
- Remove old config options - part 2 by
[@&#8203;mayagbarnes](https://redirect.github.com/mayagbarnes) in
[https://github.com/streamlit/streamlit/pull/9013](https://redirect.github.com/streamlit/streamlit/pull/9013)
- Remove `deprecation.showPyplotGlobalUse` config option by
[@&#8203;LukasMasuch](https://redirect.github.com/LukasMasuch) in
[https://github.com/streamlit/streamlit/pull/9018](https://redirect.github.com/streamlit/streamlit/pull/9018)
- Fix broken `st.navigation` docstring by
[@&#8203;mahotd](https://redirect.github.com/mahotd) in
[https://github.com/streamlit/streamlit/pull/9027](https://redirect.github.com/streamlit/streamlit/pull/9027)
- Update the feedback widget design by
[@&#8203;raethlein](https://redirect.github.com/raethlein) in
[https://github.com/streamlit/streamlit/pull/9094](https://redirect.github.com/streamlit/streamlit/pull/9094)

#### New Contributors

- [@&#8203;Dev-iL](https://redirect.github.com/Dev-iL) made their first
contribution in
[https://github.com/streamlit/streamlit/pull/8947](https://redirect.github.com/streamlit/streamlit/pull/8947)
- [@&#8203;quant12345](https://redirect.github.com/quant12345) made
their first contribution in
[https://github.com/streamlit/streamlit/pull/8968](https://redirect.github.com/streamlit/streamlit/pull/8968)
- [@&#8203;mahotd](https://redirect.github.com/mahotd) made their first
contribution in
[https://github.com/streamlit/streamlit/pull/9027](https://redirect.github.com/streamlit/streamlit/pull/9027)

**Full Changelog**:
streamlit/streamlit@1.36.0...1.37.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/GoogleCloudPlatform/generative-ai).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC44MC4wIiwidXBkYXRlZEluVmVyIjoiMzguODAuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->

gemini/sample-apps/llamaindex-rag/pyproject.toml

@@ -228,7 +228,7 @@ sqlalchemy = "2.0.31"
 st-annotated-text = "4.0.1"
 st-theme = "1.2.3"
 starlette = "0.37.2"
-streamlit = "1.36.0"
+streamlit = "1.37.0"
 streamlit-camera-input-live = "0.2.0"
 streamlit-card = "1.0.2"
 streamlit-embedcode = "0.1.2"