-
Notifications
You must be signed in to change notification settings - Fork 955
feat: CLI update secure docker to python3.14#7926
Merged
mscolnick merged 1 commit intomarimo-team:mainfrom Jan 22, 2026
Merged
Conversation
Contributor
CLI: update secure docker to python3.14
Use uv:0.9.25-python3.14-bookworm image
Also /app does not exist, so use /home for work directory.
Fixes:
$ marimo edit --sandbox https://molab.marimo.io/notebooks/nb_g6ygAQ8b1HMSaoszTGEGqy
Would you like to run it in a secure docker container? [Y/n]: y
Starting containerized marimo notebook
Running command: docker run --rm -d -p 8080:8080 -e MARIMO_MANAGE_SCRIPT_METADATA=true -e MARIMO_IN_SECURE_ENVIRONMENT=true -w /app ghcr.io/astral-sh/uv:0.4.21-python3.12-bookworm uvx marimo edit --sandbox --no-token -p 8080 --host 0.0.0.0 https://molab.marimo.io/notebooks/nb_g6ygAQ8b1HMSaoszTGEGqy Failed to start Docker container: Command '['docker', 'run', '--rm', '-d', '-p', '8080:8080', '-e', 'MARIMO_MANAGE_SCRIPT_METADATA=true', '-e', 'MARIMO_IN_SECURE_ENVIRONMENT=true', '-w', '/app', 'ghcr.io/astral-sh/uv:0.4.21-python3.12-bookworm', 'uvx', 'marimo', 'edit', '--sandbox', '--no-token', '-p', '8080', '--host', '0.0.0.0', 'https://molab.marimo.io/notebooks/nb_g6ygAQ8b1HMSaoszTGEGqy ']' returned non-zero exit status 126.
Stopping and removing container...
Container stopped and removed successfully
Error: workdir "/app" does not exist on container...
and
error: No interpreter found for Python >=3.14 in virtual environments, managed installations, or system path
Checklist
- [x ] I have read the contributor guidelines.
- Tests have been added for the changes made.
- Documentation has been updated where applicable, including docstrings for API changes.
- Pull request title is a good summary of the changes - it will be used in the release notes.
Also /app does not exist, so use /home for work directory.
Fixes:
$ marimo edit --sandbox https://molab.marimo.io/notebooks/nb_g6ygAQ8b1HMSaoszTGEGqy
This notebook is hosted on a remote server.
Would you like to run it in a secure docker container? [Y/n]: y
Starting containerized marimo notebook
Running command: docker run --rm -d -p 8080:8080 -e MARIMO_MANAGE_SCRIPT_METADATA=true -e MARIMO_IN_SECURE_ENVIRONMENT=true -w /app ghcr.io/astral-sh/uv:0.4.21-python3.12-bookworm uvx marimo edit --sandbox --no-token -p 8080 --host 0.0.0.0 https://molab.marimo.io/notebooks/nb_g6ygAQ8b1HMSaoszTGEGqy
Failed to start Docker container: Command '['docker', 'run', '--rm', '-d', '-p', '8080:8080', '-e', 'MARIMO_MANAGE_SCRIPT_METADATA=true', '-e', 'MARIMO_IN_SECURE_ENVIRONMENT=true', '-w', '/app', 'ghcr.io/astral-sh/uv:0.4.21-python3.12-bookworm', 'uvx', 'marimo', 'edit', '--sandbox', '--no-token', '-p', '8080', '--host', '0.0.0.0', 'https://molab.marimo.io/notebooks/nb_g6ygAQ8b1HMSaoszTGEGqy']' returned non-zero exit status 126.
Stopping and removing container...
Container stopped and removed successfully
Error: workdir "/app" does not exist on container def1e28dd32293cfd511fa4f3a67cae27a4f101aaca95d9c3a0e7c97a27186b7
and
error: No interpreter found for Python >=3.14 in virtual environments, managed installations, or system path
Fixes:
$ marimo edit --sandbox https://molab.marimo.io/notebooks/nb_g6ygAQ8b1HMSaoszTGEGqy
This notebook is hosted on a remote server.
Would you like to run it in a secure docker container? [Y/n]: y
Starting containerized marimo notebook
Running command: docker run --rm -d -p 8080:8080 -e MARIMO_MANAGE_SCRIPT_METADATA=true -e MARIMO_IN_SECURE_ENVIRONMENT=true -w /app ghcr.io/astral-sh/uv:0.4.21-python3.12-bookworm uvx marimo edit --sandbox --no-token -p 8080 --host 0.0.0.0 https://molab.marimo.io/notebooks/nb_g6ygAQ8b1HMSaoszTGEGqy
Failed to start Docker container: Command '['docker', 'run', '--rm', '-d', '-p', '8080:8080', '-e', 'MARIMO_MANAGE_SCRIPT_METADATA=true', '-e', 'MARIMO_IN_SECURE_ENVIRONMENT=true', '-w', '/app', 'ghcr.io/astral-sh/uv:0.4.21-python3.12-bookworm', 'uvx', 'marimo', 'edit', '--sandbox', '--no-token', '-p', '8080', '--host', '0.0.0.0', 'https://molab.marimo.io/notebooks/nb_g6ygAQ8b1HMSaoszTGEGqy']' returned non-zero exit status 126.
Stopping and removing container...
Container stopped and removed successfully
Error: workdir "/app" does not exist on container def1e28dd32293cfd511fa4f3a67cae27a4f101aaca95d9c3a0e7c97a27186b7
and
error: No interpreter found for Python >=3.14 in virtual environments, managed installations, or system path
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
All contributors have signed the CLA |
Contributor
Author
|
I have read the CLA Document and I hereby sign the CLA |
mscolnick
approved these changes
Jan 21, 2026
Contributor
Author
I kept the same pattern as the original code in freezing the uv and python versions.
|
Contributor
|
@EdSwarthout - im game to use the latest only argument i can think of is to avoid continue to download newer versions each time (not sure what the TTL would be) |
|
Development release published. You may be able to view the changes at https://marimo.app?v=0.19.5-dev38 |
Contributor
Author
and I suppose a frozen version is better for CI and security |
botterYosuke
pushed a commit
to botterYosuke/marimo
that referenced
this pull request
Jan 23, 2026
## CLI: update secure docker to python3.14
Use uv:0.9.25-python3.14-bookworm image
Also /app does not exist, so use /home for work directory.
Fixes:
$ `marimo edit --sandbox
https://molab.marimo.io/notebooks/nb_g6ygAQ8b1HMSaoszTGEGqy`
```This notebook is hosted on a remote server.
Would you like to run it in a secure docker container? [Y/n]: y
Starting containerized marimo notebook
Running command: docker run --rm -d -p 8080:8080 -e MARIMO_MANAGE_SCRIPT_METADATA=true -e MARIMO_IN_SECURE_ENVIRONMENT=true -w /app ghcr.io/astral-sh/uv:0.4.21-python3.12-bookworm uvx marimo edit --sandbox --no-token -p 8080 --host 0.0.0.0 https://molab.marimo.io/notebooks/nb_g6ygAQ8b1HMSaoszTGEGqy Failed to start Docker container: Command '['docker', 'run', '--rm', '-d', '-p', '8080:8080', '-e', 'MARIMO_MANAGE_SCRIPT_METADATA=true', '-e', 'MARIMO_IN_SECURE_ENVIRONMENT=true', '-w', '/app', 'ghcr.io/astral-sh/uv:0.4.21-python3.12-bookworm', 'uvx', 'marimo', 'edit', '--sandbox', '--no-token', '-p', '8080', '--host', '0.0.0.0', 'https://molab.marimo.io/notebooks/nb_g6ygAQ8b1HMSaoszTGEGqy']' returned non-zero exit status 126.
Stopping and removing container...
Container stopped and removed successfully
```
`Error: workdir "/app" does not exist on container...`
and
`error: No interpreter found for Python >=3.14 in virtual environments,
managed installations, or system path`
## Checklist
- [x ] I have read the [contributor
guidelines](https://github.com/marimo-team/marimo/blob/main/CONTRIBUTING.md).
- [ ] Tests have been added for the changes made.
- [ ] Documentation has been updated where applicable, including
docstrings for API changes.
- [ ] Pull request title is a good summary of the changes - it will be
used in the [release
notes](https://github.com/marimo-team/marimo/releases).
Use uv:0.9.25-python3.14-bookworm image
Also /app does not exist, so use /home for work directory.
Fixes:
$ `marimo edit --sandbox
https://molab.marimo.io/notebooks/nb_g6ygAQ8b1HMSaoszTGEGqy`
```This notebook is hosted on a remote server.
Would you like to run it in a secure docker container? [Y/n]: y
Starting containerized marimo notebook
Running command: docker run --rm -d -p 8080:8080 -e MARIMO_MANAGE_SCRIPT_METADATA=true -e MARIMO_IN_SECURE_ENVIRONMENT=true -w /app ghcr.io/astral-sh/uv:0.4.21-python3.12-bookworm uvx marimo edit --sandbox --no-token -p 8080 --host 0.0.0.0 https://molab.marimo.io/notebooks/nb_g6ygAQ8b1HMSaoszTGEGqy Failed to start Docker container: Command '['docker', 'run', '--rm', '-d', '-p', '8080:8080', '-e', 'MARIMO_MANAGE_SCRIPT_METADATA=true', '-e', 'MARIMO_IN_SECURE_ENVIRONMENT=true', '-w', '/app', 'ghcr.io/astral-sh/uv:0.4.21-python3.12-bookworm', 'uvx', 'marimo', 'edit', '--sandbox', '--no-token', '-p', '8080', '--host', '0.0.0.0', 'https://molab.marimo.io/notebooks/nb_g6ygAQ8b1HMSaoszTGEGqy']' returned non-zero exit status 126.
Stopping and removing container...
Container stopped and removed successfully
```
`Error: workdir "/app" does not exist on container...`
and
`error: No interpreter found for Python >=3.14 in virtual environments,
managed installations, or system path`
## Checklist
- [x ] I have read the [contributor
guidelines](https://github.com/marimo-team/marimo/blob/main/CONTRIBUTING.md).
- [ ] Tests have been added for the changes made.
- [ ] Documentation has been updated where applicable, including
docstrings for API changes.
- [ ] Pull request title is a good summary of the changes - it will be
used in the [release
notes](https://github.com/marimo-team/marimo/releases).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.