Skip to content

Commit 64e1df3

Browse files
JacobLezbergbaskaryan
JacobLezberg
and
baskaryan
authored
infra: Update package version to apply CVE-related patch (langchain-ai#19490)
- **Description:** [CVE 2024-21503](https://www.cve.org/CVERecord?id=CVE-2024-21503) was recently identified. The python linter "black" suffers from a potential Regex-related denial of service attack. Updated version from the vulnerable 24.2.0 to the patched 24.3.0. - **Issue:** N/A - **Dependencies:** The 'black' package in both `langchain` (top-level) and `templates/python-lint`. Co-authored-by: Bagatur <[email protected]>
1 parent 96dc180 commit 64e1df3

File tree

4 files changed

+50
-49
lines changed

4 files changed

+50
-49
lines changed

poetry.lock

+24-24
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

pyproject.toml

+1
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@ repository = "https://www.github.com/langchain-ai/langchain"
1010

1111
[tool.poetry.dependencies]
1212
python = ">=3.8.1,<4.0"
13+
black = "^24.2.0"
1314

1415
[tool.poetry.group.docs.dependencies]
1516
langchain = { path = "libs/langchain/", develop = true }

templates/python-lint/poetry.lock

+24-24
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

templates/python-lint/pyproject.toml

+1-1
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ readme = "README.md"
77

88
[tool.poetry.dependencies]
99
ruff = ">=0.1.8"
10-
black = ">=23.12.0"
10+
black = "^24.2.0"
1111
mypy = ">=1.7.1"
1212
python = ">=3.8.1,<4.0"
1313
langchain = "^0.1"

0 commit comments

Comments
 (0)