chore(deps): update dependency langchain-core to v0.3.15 [security] #85
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
/gcbrun |
product-auto-label
bot
added
the
api: cloudsql-sqlserver
renovate-bot
force-pushed
the
renovate/pypi-langchain-core-vulnerability
branch
from
96829b0 to
2feb378
Compare
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-core-vulnerability
branch
from
2feb378 to
2d24bf2
Compare
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-core-vulnerability
branch
from
2d24bf2 to
94f1d72
Compare
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-core-vulnerability
branch
from
94f1d72 to
8f97bcb
Compare
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-core-vulnerability
branch
from
8f97bcb to
c895ca1
Compare
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-core-vulnerability
branch
from
c895ca1 to
1cb6047
Compare
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-core-vulnerability
branch
from
1cb6047 to
1aea5dc
Compare
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-core-vulnerability
branch
from
1aea5dc to
5c13305
Compare
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-core-vulnerability
branch
from
5c13305 to
9596162
Compare
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-core-vulnerability
branch
from
9596162 to
9e725a3
Compare
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-core-vulnerability
branch
from
9e725a3 to
6033b01
Compare
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-core-vulnerability
branch
from
6033b01 to
e168155
Compare
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-core-vulnerability
branch
from
e168155 to
af93972
Compare
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-core-vulnerability
branch
from
e21fca9 to
1aac627
Compare
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-core-vulnerability
branch
from
1aac627 to
b13237e
Compare
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-core-vulnerability
branch
from
b13237e to
9de97ef
Compare
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-core-vulnerability
branch
from
9de97ef to
4daeabc
Compare
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-core-vulnerability
branch
from
4daeabc to
b0aaafd
Compare
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-core-vulnerability
branch
from
b0aaafd to
23001fd
Compare
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-core-vulnerability
branch
from
23001fd to
ce26114
Compare
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-core-vulnerability
branch
from
ce26114 to
d864d3d
Compare
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-core-vulnerability
branch
from
d864d3d to
4718896
Compare
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-core-vulnerability
branch
from
4718896 to
54242c3
Compare
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-core-vulnerability
branch
from
54242c3 to
2908d52
Compare
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-core-vulnerability
branch
from
2908d52 to
e8858fd
Compare
|
/gcbrun |
loeng2023
approved these changes
Jul 1, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==0.3.6->==0.3.15GitHub Vulnerability Alerts
CVE-2024-10940
A vulnerability in langchain-core versions >=0.1.17,<0.1.53, >=0.2.0,<0.2.43, and >=0.3.0,<0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the ability to create langchain_core.prompts.ImagePromptTemplate's (and by extension langchain_core.prompts.ChatPromptTemplate's) with input variables that can read any user-specified path from the server file system. If the outputs of these prompt templates are exposed to the user, either directly or through downstream model outputs, it can lead to the exposure of sensitive information.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Never, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.