diff --git a/osv-scanner.toml b/osv-scanner.toml index 062e24dc..dc6a5af4 100644 --- a/osv-scanner.toml +++ b/osv-scanner.toml @@ -5,8 +5,8 @@ reason = "langchain-text-splitters SSRF redirect bypass in HTMLHeaderTextSplitte [[IgnoredVulns]] id = "GHSA-2g6r-c272-w58r" -ignoreUntil = 2026-06-15 -reason = "langchain-core SSRF via image_url token counting (LOW). Fix requires upgrading langchain-core 0.3.x -> 1.2.11, a breaking major version change incompatible with our ^0.3.15 constraint. No semver-compatible fix available." +ignoreUntil = 2026-07-30 +reason = "langchain-core SSRF via image_url token counting (LOW, CVE-2026-26013). Fix requires upgrading langchain-core 0.3.x -> 1.2.11, a breaking major version change incompatible with our ^0.3.15 constraint. No semver-compatible fix available. ENG-12311." [[IgnoredVulns]] id = "GHSA-qh6h-p6c9-ff54"