fix: patch 5 security alerts (medium+low severity)

Bumps direct pins and adds security floor pins for transitive deps.

- langchain-openai: >=1.0.0 → >=1.1.14 (GHSA-r7w7-9xr2-qq2r)
- langsmith: >=0.4.0 → >=0.7.31 (GHSA-rr7j-v2q5-chgv)
- cryptography: >=46.0.6 → >=46.0.7 (CVE-2026-39892)
- langchain-core: new pin >=1.2.28 (CVE-2026-40087)
- langchain-text-splitters: new pin >=1.1.2 (GHSA-fv5p-p927-qmxr)
This commit is contained in:
John Kennedy
2026-04-21 06:56:55 +00:00
parent 0b2fd9ab5b
commit cffcbab16a
+5 -3
View File
@@ -11,10 +11,12 @@ langgraph>=1.0.3
langchain>=1.0.8
langgraph-cli[inmem]
python-dotenv
langchain-openai>=1.0.0
langsmith>=0.4.0
langchain-openai>=1.1.14
langsmith>=0.7.31
# Security: minimum version pins for transitive dependencies
aiohttp>=3.13.4
Pygments>=2.20.0
cryptography>=46.0.6
cryptography>=46.0.7
langchain-core>=1.2.28
langchain-text-splitters>=1.1.2