mirror of
https://github.com/langchain-ai/langsmith-pii-removal.git
synced 2026-07-01 19:54:41 -04:00
fix: patch 5 security alerts (medium+low severity)
Bumps direct pins and adds security floor pins for transitive deps. - langchain-openai: >=1.0.0 → >=1.1.14 (GHSA-r7w7-9xr2-qq2r) - langsmith: >=0.4.0 → >=0.7.31 (GHSA-rr7j-v2q5-chgv) - cryptography: >=46.0.6 → >=46.0.7 (CVE-2026-39892) - langchain-core: new pin >=1.2.28 (CVE-2026-40087) - langchain-text-splitters: new pin >=1.1.2 (GHSA-fv5p-p927-qmxr)
This commit is contained in:
+5
-3
@@ -11,10 +11,12 @@ langgraph>=1.0.3
|
||||
langchain>=1.0.8
|
||||
langgraph-cli[inmem]
|
||||
python-dotenv
|
||||
langchain-openai>=1.0.0
|
||||
langsmith>=0.4.0
|
||||
langchain-openai>=1.1.14
|
||||
langsmith>=0.7.31
|
||||
|
||||
# Security: minimum version pins for transitive dependencies
|
||||
aiohttp>=3.13.4
|
||||
Pygments>=2.20.0
|
||||
cryptography>=46.0.6
|
||||
cryptography>=46.0.7
|
||||
langchain-core>=1.2.28
|
||||
langchain-text-splitters>=1.1.2
|
||||
Reference in New Issue
Block a user