fix(security): bump liquidjs to fix 4 additional high-severity CVEs

[sergioestebance]

Summary

Bumps the liquidjs pnpm.overrides from <10.25.0 to >=10.25.7 (latest) to fix 4 high-severity alerts not covered by PR #393:

• Add evidence field to judge criteria results #215: memoryLimit Bypass through Negative Range Values Leads to Process Crash
• docs: multimodal changes #216: Exponential Memory Amplification through replace_first Filter
• feat: add scenario role and run_id attributes to agent spans #294: Root restriction bypass for partial and layout loading through symlinked templates
• docs(red-team): follow-up fixes to Quick Start #325: DoS via circular block reference in layout

Part of #400

Test plan

• pnpm install --lockfile-only succeeds
• CI passes

[sergioestebance]

Dependency Assessment: liquidjs 10.24.0 → 10.25.7

1. WHERE IS THIS DEPENDENCY USED?

Zero imports found in this repo. Searched all .ts, .js, .mjs files for liquidjs, from.*liquidjs, require.*liquidjs, parseAndRenderSync, and new.*Liquid — nothing in javascript/src/ or anywhere else in the codebase (excluding lockfile/package.json).

The dependency exists only because the published langwatch@0.16.1 npm package declares liquidjs@^10.21.1 in its dependencies. In the built langwatch SDK dist files, it uses:

• import { Liquid } from "liquidjs" — the Liquid class constructor
• liquid.parseAndRenderSync(template, variables, opts) — synchronous template rendering

These are the core, stable public APIs of liquidjs and have existed since v1. The 10.24→10.25 changes are security patches (memoryLimit enforcement, DoS prevention, symlink restriction), not API changes.

2. PRODUCTION CODE IMPACT

The langwatch SDK (published as langwatch@0.16.1 on npm) uses liquidjs for prompt template compilation. However, this repo's code does not import liquidjs — the SDK's source isn't in this repository's javascript/src/ (this repo consumes it as a dependency via "langwatch": "0.16.1" in package.json).

The override affects the resolved version when users install this project's dependencies (i.e., during development/CI), but the langwatch SDK's published package.json still declares ^10.21.1, meaning end users installing langwatch get whatever pnpm/npm resolves within that range.

3. EXAMPLES/TESTS/DOCS ONLY?

Not even that. This repo only consumes the published langwatch SDK — it doesn't develop it. The override just ensures the transitive liquidjs version resolved in this project's lockfile is patched. No example, test, or doc file in this repo imports liquidjs.

4. VERSION JUMP SIZE

Minor patch bump within the same minor version: 10.24.0 → 10.25.7

• Same major version (10.x)
• The 10.25.x line is security-focused patches (published March–April 2026)
• Same entry points (dist/liquid.node.js, dist/index.d.ts)
• Same dependency (commander@^10.0.0) — no new deps introduced
• Same engine requirement (node >=16)

The only API the SDK uses (Liquid constructor + parseAndRenderSync) has been stable across all 10.x releases.

5. PINNED VERSION COMMENTS

None found. Searched for pinned.*liquidjs, liquidjs.*do not, liquidjs.*version, and any comments mentioning liquidjs constraints. No warnings about upgrading.

6. TRANSITIVE vs DIRECT

Transitive only. liquidjs does NOT appear in this project's dependencies or devDependencies. It's pulled in transitively via:

this project → langwatch@0.16.1 → liquidjs@^10.21.1

The pnpm override forces the resolved version from 10.24.0 to >=10.25.7 within the lockfile.

7. FINAL VERDICT: TRIVIAL ✅

This is a transitive-only dependency that is never imported anywhere in this repo's source code. The version bump is a minor patch (10.24→10.25.7) with no breaking changes, no new dependencies, and the same public API surface. The only effect is ensuring the lockfile resolves a patched version during local dev/CI.

Risk factors:

• Not imported in any source file: ✅ zero risk of API breakage
• Transitive only (via published langwatch SDK): ✅ no direct coupling
• Same major version, security patches only: ✅ no behavioral changes
• No pinning comments or upgrade warnings: ✅ no known constraints
• Same dependency tree (commander only): ✅ no new transitive deps

Safe to merge with CI passing. The main caveat is that this override only affects this repo's lockfile — downstream users of the langwatch SDK will still resolve whatever version their package manager picks within ^10.21.1. If the langwatch SDK itself should pin higher, that's a separate change to the SDK's published package.json.

[sergioestebance]

CI Status

32/33 test files pass, 49/50 tests pass. CodeQL, PR validation, and evaluate checks all green.

Failing check: ci-checks (24.x) — Test (Examples)

Test: tests/multiturn-10-scripted.test.ts > "should handle a full 10-turn travel planning conversation"
Error: Test timed out in 180000ms (retried 3x, all timed out)

Assessment: Flaky test, unrelated to this PR

Evidence:

1. Same test fails on other unrelated branches run at the same time:
   • fix/security-vite (run 25249196531) — identical multiturn-10-scripted.test.ts timeout
   • fix/security-langchain (run 25249219783) — failed on lint (different issue), not our change either
2. Main branch is green: The most recent javascript-ci run on main (run 25238353146) passed all checks including this test.
3. This PR changes only pnpm.overrides for liquidjs — a transitive dependency with zero imports in the codebase. The failing test is an LLM-backed 10-turn conversation test that times out due to LLM API latency, not dependency resolution.
4. The test is inherently flaky — it runs a 10-turn multi-model conversation with a 180s timeout and retries 3x. Any LLM API slowdown causes it to fail.

Verdict

All code checks pass. The single failure is a known-flaky LLM integration test that also fails on concurrent unrelated PRs. Ready for review.

[sergioestebance]

Rebased onto latest main. Conflicts resolved. CI re-running.

[sergioestebance]

Rebased onto latest main, conflicts resolved.

[github-actions]

Automated low-risk assessment

This PR was evaluated against the repository's Low-Risk Pull Requests procedure and does not qualify as low risk.

The PR updates a third‑party dependency (liquidjs) and modifies the pnpm lockfile to enforce a newer version to address CVEs. Dependency and lockfile changes can affect runtime/template behavior and are not limited to UI/docs/tests, so this does not meet the low-risk criteria and should undergo normal review.

This PR requires a manual review before merging.