backend: bump langchain stack to 1.x for 2 HIGH + 3 MEDIUM CVEs

[mdmohsin7]

Summary

2 atomic commits closing the deferred langchain-stack CVEs from the Artifact Registry scan on gcr.io/based-hardware/backend@sha256:348e17d6…. langchain ecosystem moves from the 0.3.x line to 1.x as one resolver-satisfiable set; tight inter-package pins (e.g. langgraph-prebuilt 1.0.8 requires langchain-core>=1.0.0, langchain-text-splitters 1.1.2 requires langchain-core>=1.2.31) make a partial bump impossible.

Commit	Scope	CVEs
1	Refactor utils/llm/persona.py — single deprecated from langchain.schema import → from langchain_core.messages (no-op under 0.3.x; required for 1.x where langchain.schema is removed)	—
2	langchain ecosystem 0.3 → 1.x (11 packages) + 4 cascade pins	2 HIGH + 3 MEDIUM

Closed:

Package	Was → Now	CVE	Severity
langchain-core	0.3.84 → 1.3.2	CVE-2026-34070	HIGH 7.5
langgraph-checkpoint	2.1.2 → 4.0.0	CVE-2025-64439	HIGH
langgraph	0.6.10 → 1.0.10	CVE-2026-28277	MEDIUM 7.2
langgraph-checkpoint	2.1.2 → 4.0.0	CVE-2026-27794	MEDIUM 6.6 (covered by same bump)
langchain-text-splitters	0.3.11 → 1.1.2	CVE-2026-41481	MEDIUM 6.5

Locked-in cascade (langchain stack)

Package	Was → Now	Reason
langchain	0.3.27 → 1.2.9	locked to langchain-core 1.x
langchain-community	0.3.31 → 0.4.1	locked to langchain-core 1.x
langchain-openai	0.3.35 → 1.1.9	locked; held below 1.1.10 to defer the openai 2.x cascade
langchain-google-genai	2.1.12 → 3.2.0	locked to langchain-core 1.x (3.x is the 1.x-compatible series)
langchain-pinecone	0.2.12 → 0.2.13	0.2.13 opens its langchain-core cap to 1.x
langgraph-prebuilt	(transitive 0.6.5) → 1.0.8 (new explicit pin)	required by langgraph 1.0
langgraph-sdk	0.2.9 → 0.3.0	required by langgraph 1.0

Cascade pins outside the langchain stack

Package	Was → Now	Reason
openai	1.104.2 → 1.109.1	langchain-openai 1.1.9 requires openai>=1.109.1; held within 1.x to keep the openai 2.x SDK migration out of scope
pydantic	2.8.2 → 2.11.10	langchain-pinecone 0.2.13 requires pydantic>=2.11.1
pydantic_core	2.20.1 → 2.33.2	pydantic 2.11.10 hard-pins pydantic-core==2.33.2
typing_extensions	4.12.2 → 4.15.0	regression fix — langchain-core 1.x uses the TypedDict extra_items keyword (added in typing_extensions 4.13). Without this bump, every utils/llm/* and utils/retrieval/* module fails at import with _TypedDictMeta.__new__() got an unexpected keyword argument 'extra_items'. Caught via post-bump module-import smoke test, not the unit subset

All cascade bumps held to the smallest version that resolves the conflict.

Code change in commit 1

The single deprecated path in our code (from langchain.schema import SystemMessage, HumanMessage, AIMessage in utils/llm/persona.py:5) moves to from langchain_core.messages import …. The classes are identical (verified with is comparison): langchain.schema has been a re-export of langchain_core.messages since 0.1.x and is removed entirely in the langchain 1.x line. Doing the migration under the existing 0.3.x pin keeps the bump commit a pure dep change.

Out of scope (deferred)

Package	CVE	Why deferred
langchain-openai 1.1.9 → 1.1.14	CVE-2026-41488	LOW; fix at 1.1.14 requires openai>=2.26.0, which is a major SDK migration. Covered separately.
openai 1.109.1 → 2.x	(no CVE itself)	Belongs with the langchain-openai 1.1.14 bump above

Test plan

For the bump commit:

1. Update requirements.txt (15 pinned + 1 new pin)
2. Rebuild local Dockerfile.test (Python 3.11-slim, requirements.txt minus the source-built lc3py) — only the pip install layer rebuilds
3. Run baseline 190-test subset (same 11 files used in backend: bump 10 Python deps for 1 CRITICAL + 16 HIGH CVEs #7126/backend: bump Python deps with major-version cascades for 7 HIGH CVEs #7127/backend: bump 15 Python deps for ~17 MEDIUM + 1 HIGH + 6 LOW CVEs #7146)
4. Additional: smoke-import every module under utils/llm/, utils/retrieval/, utils/observability/ that imports any langchain-* package (28 modules) — catches API/typing regressions that the baseline subset doesn't exercise

All commits individually green:

• 190-test baseline subset all pass
• 28 langchain-using modules all import cleanly (only DefaultCredentialsError on modules that touch GCP at import time, expected in test env without service account)

Verifying after deploy

• Re-scan rebuilt image; expect the listed CVEs to clear.
• Smoke /health, an LLM-powered route (chat or memory generation), and a retrieval-tool route (calendar or memory search) to confirm the langchain 1.x runtime APIs behave correctly under real LLM traffic.

[mdmohsin7]

@morpheus review — Approved ✅

2-file diff: one import migration in persona.py, 15 version pin changes in requirements.txt.

Commit 1: Confirmed persona.py is the only from langchain.schema import in the repo (verified via code search). Migration to from langchain_core.messages is a no-op under 0.3.x, required for 1.x. Correctly isolated so the bump commit stays pure-deps.

Commit 2: 11 langchain-stack packages move as one resolver-satisfiable set (entangled pins make partial bumps impossible — documented). 4 cascade pins held to minimums:

• openai held within 1.x to defer the 2.x SDK migration
• pydantic 2.11.10 driven by langchain-pinecone 0.2.13's constraint
• pydantic_core hard-pinned by pydantic
• typing_extensions 4.15.0 is critical — langchain-core 1.x uses TypedDict extra_items (added in 4.13). Without this, every utils/llm/* and utils/retrieval/* module fails at import. Good catch via the module-import smoke test beyond the baseline subset.

Risk profile: pydantic 2.8→2.11 and typing_extensions 4.12→4.15 are foundational packages with wide blast radius, but both are backward-compatible within their major lines. The 190-test baseline + 28-module import smoke passing gives adequate coverage.

Deferred items correctly scoped: langchain-openai 1.1.14 (LOW CVE, requires openai 2.x) explicitly parked. No forward references.

2 atomic commits, clean separation of concerns. Labels set.

[greptile-apps]

Greptile Summary

This PR closes 2 HIGH and 3 MEDIUM CVEs by bumping the entire langchain ecosystem from 0.3.x to 1.x (11 packages) plus 4 cascade pins, and migrates the one deprecated langchain.schema import in persona.py to langchain_core.messages. The code migration is complete — no other langchain.schema usages exist in the backend — and the version matrix is internally consistent and well-reasoned. One deferred LOW CVE (CVE-2026-41488, langchain-openai 1.1.14 / openai 2.x) is explicitly scoped out.

Confidence Score: 4/5

Safe to merge; all findings are P2 quality concerns with no present defects in the changed code.

The import change is correct and verified to be the only instance of the deprecated path. The version matrix is logically consistent and backed by a documented smoke-import test over 28 modules. The only open item is that pydantic-settings==2.10.1 was not explicitly called out as a verified cascade pin alongside pydantic 2.11.10, which is a P2 concern but not a blocking defect.

backend/requirements.txt — verify pydantic-settings==2.10.1 compatibility with pydantic==2.11.10.

Important Files Changed

Filename	Overview
backend/utils/llm/persona.py	Single import updated from deprecated langchain.schema to langchain_core.messages; no other langchain.schema usages exist in the codebase, so this is the complete migration needed for langchain 1.x compatibility.
backend/requirements.txt	11 langchain-ecosystem packages bumped from 0.3.x to 1.x, plus 4 cascade pins (openai, pydantic, pydantic_core, typing_extensions) and a new langgraph-prebuilt pin; pydantic-settings==2.10.1 and langsmith==0.7.31 are held at prior versions while their dependencies advance, warranting verification.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[PR: langchain stack 0.3→1.x] --> B[Commit 1: persona.py
langchain.schema → langchain_core.messages]
    A --> C[Commit 2: requirements.txt
11 ecosystem + 4 cascade pins]

    B --> D{Other deprecated
langchain.schema imports?}
    D -->|None found| E[✅ Migration complete]

    C --> F[langchain-core 0.3.84→1.3.2
CVE-2026-34070 HIGH]
    C --> G[langgraph-checkpoint 2.1.2→4.0.0
CVE-2025-64439 HIGH + CVE-2026-27794 MEDIUM]
    C --> H[langgraph 0.6.10→1.0.10
CVE-2026-28277 MEDIUM]
    C --> I[langchain-text-splitters 0.3.11→1.1.2
CVE-2026-41481 MEDIUM]

    C --> J[Cascade: openai 1.104.2→1.109.1
held at 1.x to defer openai 2.x]
    C --> K[Cascade: pydantic 2.8.2→2.11.10
pydantic_core 2.20.1→2.33.2]
    C --> L[Cascade: typing_extensions 4.12.2→4.15.0
fixes TypedDict extra_items regression]

    J --> M[⚠️ CVE-2026-41488 DEFERRED
langchain-openai 1.1.14 needs openai 2.x]

Loading

_{Reviews (1): Last reviewed commit: "Bump langchain ecosystem to 1.x for HIGH..." | Re-trigger Greptile}

[greptile-apps]

pydantic-settings==2.10.1 is held while pydantic advances to 2.11.10 and pydantic_core to 2.33.2. The PR description lists all cascade pins carefully, but pydantic-settings isn't mentioned. While pydantic-settings 2.10.x typically declares a broad pydantic>=2.x dependency and is likely compatible, it's worth confirming this pair was covered by the 28-module smoke-import test (Settings-derived config classes are used in utils/llm/clients.py and friends).