mirror of
https://github.com/langchain-ai/stateful-deepagents.git
synced 2026-07-01 20:14:06 -04:00
eabbff949b
Add minimum version constraints for vulnerable direct and transitive dependencies surfaced by Dependabot. Since requirements.txt was unpinned prior to this change, the effective install version was already whatever the resolver picked — these floors guarantee the patched versions. Resolves: - GHSA-r7w7-9xr2-qq2r (langchain-openai) - GHSA-rr7j-v2q5-chgv (langsmith) - CVE-2026-40087 / GHSA-926x-3r5x-gfhw (langchain-core) - CVE-2026-39892 / GHSA-p423-j2cm-9vmq (cryptography) - CVE-2026-34073 / GHSA-m959-cc7f-wv43 (cryptography) - CVE-2026-34452 / GHSA-w828-4qhx-vxx3 (anthropic) - CVE-2026-34450 / GHSA-q5f5-3gjm-7mfm (anthropic) - CVE-2026-4539 / GHSA-5239-wwwm-4pmq (Pygments)
14 lines
207 B
Plaintext
14 lines
207 B
Plaintext
deepagents
|
|
tavily-python
|
|
langchain
|
|
langgraph
|
|
langgraph-cli[inmem]
|
|
requests
|
|
ipykernel
|
|
langchain-openai>=1.1.14
|
|
langchain-core>=1.2.28
|
|
langsmith>=0.7.31
|
|
anthropic>=0.87.0
|
|
cryptography>=46.0.7
|
|
Pygments>=2.20.0
|