build(deps): bump marimo from 0.23.6 to 0.23.9

[dependabot]

Bumps marimo from 0.23.6 to 0.23.9.

Release notes

Sourced from marimo's releases.

0.23.9

What's Changed

This release makes opening a notebook in a second tab non-destructive, mo.ui.table adds new args for hidden_columns/visible_columns (mutually exclusive), and tightens sharing and error-output behavior across the board.

⭐️ Highlights

Open the same notebook in a second tab

Opening a notebook in a second browser tab no longer forcibly disconnects the first. The new tab joins as a live, read-only viewer, and you can take over editing from either side with a single click — no destructive modal and no reload required (#9746).

Show and hide table columns

mo.ui.table now supports column visibility. Hide and show columns from the column header menu, Column Explorer with a click, find columns fast with smart prefix-based search, and control initial visibility from Python. A hidden-count and "Unhide all" link keep things discoverable (#9687, #9696).

Cells with no output now show in slides

Because slides allow code edits, a slide edited to no longer produce an output used to disappear from the deck entirely. Such cells now appear in the slides minimap and viewer so you can edit them back in (they're still skipped during a presentation). Minimap thumbnails are also larger and more readable (#9771).

✨ Enhancements

• Add MARIMO_RESTRICT_SHARING env var machine-wide (#9756)
• Non-destructive local takeover (read-only viewer + bidirectional takeover) (#9746)
• Add cells with no output to the minimap & viewer (#9771)
• Add GET /api/kernel/status endpoint (#9768)
• Enforce sharing config as server-side security (#9578)
• Add filter param for regex and callable filtering (#9667)
• Slides config panel open by default (#9737)
• Add pair with agent link (#9738)
• Add Opus 4.8 and script to append models to the top (#9723)
• Remove mapping for 'src' to 'auto-mix-prep' (#9725)
• Add workflow to automate running llm-sync-models script (#9724)
• Automation script to pull models.yml (#9635)
• Support Dremio ADBC data source browsing (#9694)
• Add auto_close_pairs setting (#9711)
• WASM compatibility rule checks (#9587)
• Fix dropped error hints and improve error output UI (#9673)
• Column Explorer visibility controls + smart-search (#9696)
• Sort toml entries when writing config (#9686)

... (truncated)

Commits

• c3c0ee3 release: 0.23.9 (#9790)
• fdd55c8 fix: escape user-controlled file_key in service worker injection (#9789)
• dc35cdf feat(sharing): add MARIMO_RESTRICT_SHARING env var machine-wide (#9756)
• 6dcaff7 feat: non-destructive local takeover (read-only viewer + bidirectional takeov...
• d0352e2 slides: add cells with no output to the minimap & viewer (#9771)
• d9ab41a fix completions in slides view (#9769)
• c0f07c0 fix: arg/kwarg collision for local numpy vars in caching (#9751)
• 8d6e540 feat(server): add GET /api/kernel/status endpoint (#9768)
• e55e7ba fix(runtime): don't shadow builtin print unless mo.Thread is used (#9765) (#9...
• 4d47f09 fix(lsp): suppress marimo hover tooltip for all LSP providers, not just pylsp...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

Note

Low Risk
Dependency-only bump for a dev tool; runtime behavior of Pinecone examples is unchanged unless you rely on marimo locally.

Overview
Bumps the dev dependency marimo from 0.23.6 to 0.23.9 in pyproject.toml and refreshes uv.lock to match.

The lockfile now resolves marimo 0.23.9 (new sdist/wheel pins) and pulls in python-multipart as an added transitive dependency of marimo. No application or notebook source files change in this PR.

^{Reviewed by Cursor Bugbot for commit 5d171bd. Bugbot is set up for automated code reviews on this repo. Configure here.}