Skip to content

chore(deps): update dependency langchain-community to v0.2.19 [security]#1509

Merged
olivi-eh merged 9 commits into
GoogleCloudPlatform:mainfrom
renovate-bot:renovate/pypi-langchain-community-vulnerability
Jul 4, 2025
Merged

chore(deps): update dependency langchain-community to v0.2.19 [security]#1509
olivi-eh merged 9 commits into
GoogleCloudPlatform:mainfrom
renovate-bot:renovate/pypi-langchain-community-vulnerability

Conversation

@renovate-bot

@renovate-bot renovate-bot commented Oct 30, 2024

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
langchain-community (changelog) ==0.2.16 -> ==0.2.19 age confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2024-8309

A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@forking-renovate forking-renovate Bot added the lang: python Issues specific to Python. label Oct 30, 2024
@renovate-bot renovate-bot requested a review from a team as a code owner October 30, 2024 18:09
@renovate-bot renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch 2 times, most recently from b501565 to 51c2790 Compare November 5, 2024 21:37
@NimJay

NimJay commented Nov 6, 2024

Copy link
Copy Markdown
Collaborator

Error:

#10 5.830 The conflict is caused by:
#10 5.830     The user requested langchain==0.2.16
#10 5.830     langchain-community 0.3.0 depends on langchain<0.4.0 and >=0.3.0

@renovate-bot renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch 5 times, most recently from 5f5b24d to c817295 Compare November 12, 2024 20:02
@renovate-bot renovate-bot changed the title chore(deps): update dependency langchain-community to v0.3.0 [security] chore(deps): update dependency langchain-community to v0.2.19 [security] Nov 12, 2024
@renovate-bot renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch 10 times, most recently from 0483bcb to 895e2a7 Compare November 25, 2024 14:16
@renovate-bot renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch 5 times, most recently from 453c711 to 7f5decf Compare December 2, 2024 20:45
@renovate-bot renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch 2 times, most recently from 1e59e55 to 8965722 Compare December 4, 2024 14:24
@renovate-bot renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch 5 times, most recently from 4910d30 to 885e662 Compare January 16, 2025 17:34
@renovate-bot renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch 6 times, most recently from bfdf32b to 049c244 Compare January 22, 2025 02:01
@renovate-bot renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch 6 times, most recently from e33f711 to 1d8e297 Compare January 31, 2025 20:11
@renovate-bot renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch 2 times, most recently from c8cb96f to 19dd696 Compare February 7, 2025 20:16
@olivi-eh

olivi-eh commented Jul 4, 2025

Copy link
Copy Markdown
Collaborator

Updated langchain to match requirements for langchain-community. Checks are now all passing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

lang: python Issues specific to Python. type:security

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants