mirror of
https://github.com/langchain-ai/langchain-unstructured.git
synced 2026-07-15 04:34:14 -04:00
main
## Summary Patch vulnerable Poetry dependencies reported by OSV/GitHub advisories by adding explicit minimum safe constraints and regenerating `libs/unstructured/poetry.lock`. Updated constraints cover: - `click >= 8.3.3` - `langchain-core >= 1.3.3,<2.0.0` - `markdown >= 3.8.1` - `pdfminer-six >= 20251230` - `pi-heif >= 1.3.0` - `pillow >= 12.3.0` - `pygments >= 2.20.0` - `setuptools >= 83.0.0` - `torch > 2.12.0` for the `local` extra ## Validation - `poetry lock` using Poetry 2.4.1 - `poetry check --lock` using Poetry 2.4.1 - Queried OSV for every package/version in the regenerated lockfile; no vulnerabilities returned ## Notes Dependabot alerts API was not accessible from this environment (`403 Resource not accessible by integration`), so I validated against OSV/GitHub advisory data from the lockfile instead. Co-authored-by: Langster Security Agent <john@langchain.dev>
🦜️🔗 LangChain Unstructured
This repository contains 1 package with Unstructured integrations with LangChain:
Releases
3
Languages
Python
91.7%
Makefile
6.8%
Shell
1.5%