Skip to content

chore(deps): update dependency langchain-core to v0.1.30 [security] - autoclosed #54

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

chore(deps): update dependency langchain-core to v0.1.30 [security] - autoclosed #54

wants to merge 1 commit into from

Conversation

@renovate-bot
Copy link
Contributor

@renovate-bot renovate-bot commented Mar 14, 2024

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
langchain-core ==0.1.25 -> ==0.1.30 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-28088

LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate-bot renovate-bot requested a review from a team as a code owner March 14, 2024 23:18
@dpebot
Copy link
Collaborator

dpebot commented Mar 14, 2024

/gcbrun

@product-auto-label product-auto-label bot added the api: redis Issues related to the googleapis/langchain-google-memorystore-redis-python API. label Mar 14, 2024
@renovate-bot renovate-bot changed the title chore(deps): update dependency langchain-core to v0.1.30 [security] chore(deps): update dependency langchain-core to v0.1.30 [security] - autoclosed Mar 15, 2024
@renovate-bot renovate-bot deleted the renovate/pypi-langchain-core-vulnerability branch March 15, 2024 22:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

api: redis Issues related to the googleapis/langchain-google-memorystore-redis-python API.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@renovate-bot @dpebot