15 Commits

Author SHA1 Message Date
John Kennedy 518b709000 Merge pull request #1 from langchain-ai/fix/security-alerts-2026-04-21
fix: patch 8 security alerts (medium + low severity)
2026-04-20 23:56:16 -07:00
John Kennedy eabbff949b fix: patch 8 security alerts (medium + low severity)
Add minimum version constraints for vulnerable direct and transitive
dependencies surfaced by Dependabot. Since requirements.txt was unpinned
prior to this change, the effective install version was already whatever
the resolver picked — these floors guarantee the patched versions.

Resolves:
- GHSA-r7w7-9xr2-qq2r (langchain-openai)
- GHSA-rr7j-v2q5-chgv (langsmith)
- CVE-2026-40087 / GHSA-926x-3r5x-gfhw (langchain-core)
- CVE-2026-39892 / GHSA-p423-j2cm-9vmq (cryptography)
- CVE-2026-34073 / GHSA-m959-cc7f-wv43 (cryptography)
- CVE-2026-34452 / GHSA-w828-4qhx-vxx3 (anthropic)
- CVE-2026-34450 / GHSA-q5f5-3gjm-7mfm (anthropic)
- CVE-2026-4539 / GHSA-5239-wwwm-4pmq (Pygments)
2026-04-21 06:53:57 +00:00
j-broekhuizen 650cb13644 cleaning up 2025-11-07 13:23:47 -08:00
j-broekhuizen d6c604654a add outputs 2025-11-07 13:08:29 -08:00
j-broekhuizen 5ee16b1684 add outputs 2025-11-07 12:47:14 -08:00
j-broekhuizen 39e1b8b633 add outputs 2025-11-07 12:42:57 -08:00
j-broekhuizen 4e329e5fe3 add outputs 2025-11-07 07:54:25 -08:00
j-broekhuizen b9fbf603a4 add outputs 2025-11-06 17:12:07 -08:00
j-broekhuizen cbfc1bd05f updates 2025-11-06 17:09:57 -08:00
Jake Broekhuizen b91fea8c66 Delete workbook.ipynb 2025-11-06 16:05:19 -08:00
j-broekhuizen d120f4a1bd fix 2025-11-06 16:03:17 -08:00
j-broekhuizen 67c94e1de5 add state_deepagent notebook 2025-11-06 16:00:38 -08:00
j-broekhuizen 776fa4dc1a add outputs 2025-11-05 11:25:26 -08:00
j-broekhuizen 1fa3ce1164 add outputs 2025-11-05 11:09:58 -08:00
j-broekhuizen 6a7df28cc1 initial commit 2025-11-05 11:07:56 -08:00