chore(deps): update dependency langchain-community to v0.3.27 [security] #123
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
product-auto-label
bot
added
the
api: cloudsql-mysql
Collaborator
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-community-vulnerability
branch
from
8d4831c to
108a2e1
Compare
Collaborator
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-community-vulnerability
branch
from
108a2e1 to
ab3dbe3
Compare
Collaborator
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-community-vulnerability
branch
from
ab3dbe3 to
3bad708
Compare
Collaborator
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-community-vulnerability
branch
from
3bad708 to
13bb466
Compare
Collaborator
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-community-vulnerability
branch
from
13bb466 to
8cc8d71
Compare
Collaborator
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-community-vulnerability
branch
from
8cc8d71 to
23b9fa8
Compare
Collaborator
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-community-vulnerability
branch
from
23b9fa8 to
411456f
Compare
Collaborator
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-community-vulnerability
branch
from
411456f to
22495b2
Compare
Collaborator
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-community-vulnerability
branch
from
22495b2 to
bf62675
Compare
Collaborator
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-community-vulnerability
branch
from
bf62675 to
ca14cb7
Compare
Collaborator
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-community-vulnerability
branch
from
ca14cb7 to
a0936e3
Compare
Collaborator
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-community-vulnerability
branch
from
a0936e3 to
a4984b8
Compare
Collaborator
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-community-vulnerability
branch
from
a4984b8 to
fcaee97
Compare
Collaborator
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-community-vulnerability
branch
from
fc648ec to
95025b0
Compare
Collaborator
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-community-vulnerability
branch
from
95025b0 to
aa5e68e
Compare
Collaborator
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-community-vulnerability
branch
from
aa5e68e to
e6bdd3b
Compare
Collaborator
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-community-vulnerability
branch
from
e6bdd3b to
8398afd
Compare
Collaborator
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-community-vulnerability
branch
from
8398afd to
25ef5f4
Compare
Collaborator
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-community-vulnerability
branch
from
25ef5f4 to
d38c98c
Compare
Collaborator
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-community-vulnerability
branch
from
d38c98c to
cfeb5c4
Compare
Collaborator
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-community-vulnerability
branch
from
cfeb5c4 to
5f8829d
Compare
Collaborator
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-community-vulnerability
branch
from
5f8829d to
482bfa1
Compare
Collaborator
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-community-vulnerability
branch
from
482bfa1 to
d915f9c
Compare
Collaborator
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-community-vulnerability
branch
from
d915f9c to
30e3cec
Compare
Collaborator
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-community-vulnerability
branch
from
30e3cec to
2245b43
Compare
Collaborator
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-community-vulnerability
branch
from
2245b43 to
32b3b17
Compare
Collaborator
|
/gcbrun |
renovate-bot
force-pushed
the
renovate/pypi-langchain-community-vulnerability
branch
from
32b3b17 to
fe4773a
Compare
Collaborator
|
/gcbrun |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==0.3.3->==0.3.27GitHub Vulnerability Alerts
CVE-2025-6984
The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity (XXE) attacks due to insecure XML parsing. The vulnerability arises from the use of etree.iterparse() without disabling external entity references, which can lead to sensitive information disclosure. An attacker could exploit this by crafting a malicious XML payload that references local files, potentially exposing sensitive data such as /etc/passwd. This issue has been fixed in 0.3.27 of langchain-community.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Never, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.