Skip to content

fix(security): bump langchain-core, langsmith, aiohttp, urllib3, idna + npm deps (GHSA-pjwx-r37v-7724 and 17 more)#33

Merged
andriy-sudo merged 1 commit into
mainfrom
andriy/secfix-agentql-integrations-deps
Jun 25, 2026
Merged

fix(security): bump langchain-core, langsmith, aiohttp, urllib3, idna + npm deps (GHSA-pjwx-r37v-7724 and 17 more)#33
andriy-sudo merged 1 commit into
mainfrom
andriy/secfix-agentql-integrations-deps

Conversation

@andriy-sudo

Copy link
Copy Markdown
Contributor

Vulnerability Fixes

All changes are limited to manifest/lock file version bumps — no functional source code changes.

Python (langchain/)

Package Old New Advisory CVSS Status
langchain-core 0.3.83 0.3.86 GHSA-pjwx-r37v-7724 (unsafe deserialization) 8.2 ✅ Fixed
langchain-core 0.3.83 0.3.86 GHSA-926x-3r5x-gfhw 5.3 ✅ Fixed
langsmith 0.7.32 0.9.1 GHSA-f4xh-w4cj-qxq8 7.7 ✅ Fixed
langsmith 0.7.32 0.9.1 GHSA-3644-q5cj-c5c7 7.1 ✅ Fixed
aiohttp 3.13.5 3.14.1 GHSA-4fvr-rgm6-gqmc + 8 more up to 6.6 ✅ Fixed
urllib3 2.6.3 2.7.0 PYSEC-2026-141/142 / GHSA-mf9v-mfxr-j63j / GHSA-qccp-gfcp-xxvc 8.2 / 8.9 ✅ Fixed
idna 3.11 3.18 GHSA-65pc-fj4g-8rjx 6.9 ✅ Fixed (floor pin)
pydantic-settings 2.12.0 2.14.2 GHSA-4xgf-cpjx-pc3j 5.3 ✅ Fixed (floor pin)
langchain 0.3.27 0.3.30+ GHSA-3644-q5cj-c5c7 7.1 ✅ Fixed (floor pin)
vcrpy 7.0.0 / 8.1.1 8.2.1+ GHSA-rpj2-4hq8-938g 7.8 ✅ Fixed (test dep floor pin)

npm (zapier/)

Package Old New Advisory CVSS Status
form-data 4.0.4 4.0.6 GHSA-hmw2-7cc7-3qxx (CRLF injection) 8.7 ✅ Fixed (override)
brace-expansion 1.1.12 1.1.13 GHSA-f886-m6hf-6m8v 6.5 ✅ Fixed (override)
@babel/core 7.28.6 7.29.6 GHSA-4x5r-pxfx-6jf8 3.2 ✅ Fixed (override)

Risk Accepted (osv-scanner.toml)

Package Advisory Reason
langchain-core 0.3.x GHSA-2g6r-c272-w58r Fix at 1.2.11 requires breaking major upgrade; langchain-community 0.3.x caps langchain-core<1.0.0
langchain-core 0.3.x GHSA-qh6h-p6c9-ff54 Fix at 1.2.22 — same breaking constraint
langchain-openai 0.3.x GHSA-r7w7-9xr2-qq2r Fix at 0.4.4 requires langchain-core>=1.3.1 — breaking
langchain-text-splitters 0.3.x GHSA-fv5p-p927-qmxr Fix at 1.1.2 requires langchain-core>=1.2.31 — breaking
langchain 0.3.x GHSA-gr75-jv2w-4656 Fix at 1.3.9 — breaking major upgrade; transitive dep
pytest GHSA-6w46-j5rx-g56g langchain-tests 0.3.x pins pytest<9
js-yaml (zapier dev) GHSA-h67p-54hq-rp68 Fix at 4.2.0 is major API break; consumer uses removed safeLoad()
dify flask/werkzeug/requests GHSA-68rp-wp8r-4726 + 4 more dify_plugin==0.0.1b65 hard-pins flask~=3.0.3 / werkzeug~=3.0.x; Linux/macOS not affected by Windows device name issues
Changelog impact summary
Package Old New Classification Key changes
langchain-core 0.3.83 0.3.86 Patch/security CVE fix for unsafe deserialization via load() allowlists
langsmith 0.7.32 0.9.1 Patch/security Security fixes; no breaking API changes in 0.x → 0.9.x
aiohttp 3.13.5 3.14.1 Patch/security 9 CVE fixes; no breaking changes in 3.14.x
urllib3 2.6.3 2.7.0 Patch/security Request smuggling / proxy credential exposure fixes
idna 3.11 3.18 Patch/security DoS fix; no API changes
pydantic-settings 2.12.0 2.14.2 Patch/security Security fix; no API changes
langchain 0.3.27 0.3.30+ Patch/security Transitive bump for GHSA-3644; no app changes
vcrpy <8.2.1 8.2.1+ Patch/security Security fix in test dep
form-data 4.0.4 4.0.6 Patch/security CRLF injection fix
brace-expansion 1.1.12 1.1.13 Patch/security DoS fix
@babel/core 7.28.6 7.29.6 Patch/security Security patch only

…, pydantic-settings, vcrpy; fix npm deps

Python (langchain/):
- langchain-core 0.3.83 → 0.3.85+ (GHSA-pjwx-r37v-7724 / GHSA-926x-3r5x-gfhw, CVSS 8.2/5.3)
- langsmith 0.7.32 → 0.8.18+ (GHSA-f4xh-w4cj-qxq8 / GHSA-3644-q5cj-c5c7, CVSS 7.7/7.1)
- aiohttp 3.13.5 → 3.14.1+ (9 GHSAs incl. GHSA-4fvr-rgm6-gqmc, CVSS up to 6.6)
- urllib3 2.6.3 → 2.7.0+ (PYSEC-2026-141/142 / GHSA-mf9v-mfxr-j63j / GHSA-qccp-gfcp-xxvc, CVSS 8.2/8.9)
- idna 3.11 → 3.15+ (GHSA-65pc-fj4g-8rjx, CVSS 6.9) — transitive floor pin
- pydantic-settings 2.12.0 → 2.14.2+ (GHSA-4xgf-cpjx-pc3j, CVSS 5.3) — transitive floor pin
- langchain 0.3.27 → 0.3.30+ (GHSA-3644-q5cj-c5c7, CVSS 7.1) — transitive floor pin
- vcrpy < 8.2.1 → 8.2.1+ (GHSA-rpj2-4hq8-938g, CVSS 7.8) — test dep floor pin

npm (zapier/):
- @babel/core 7.28.6 → 7.29.6 (GHSA-4x5r-pxfx-6jf8, CVSS 3.2) — override
- brace-expansion 1.1.12 → 1.1.13 (GHSA-f886-m6hf-6m8v, CVSS 6.5) — override
- form-data 4.0.4 → 4.0.6 (GHSA-hmw2-7cc7-3qxx, CVSS 8.7) — override

Risk accepted (osv-scanner.toml):
- js-yaml 3.14.2: fix 4.2.0 is major API break; consumer (@istanbuljs) uses removed safeLoad()
- langchain 0.3.x: GHSA-gr75-jv2w-4656 fix only in 1.3.9 (breaking major)
- langchain-core 0.3.x: GHSA-2g6r-c272-w58r fix only in 1.2.11 (renewed suppress)
- dify flask/werkzeug/requests: dify_plugin==0.0.1b65 hard-pins incompatible versions
@andriy-sudo andriy-sudo requested a review from a team as a code owner June 25, 2026 09:10
@coderabbitai

coderabbitai Bot commented Jun 25, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 073883cf-8c38-4a7c-9ace-a62b9dfd5fd5

📥 Commits

Reviewing files that changed from the base of the PR and between 86f9144 and dd9ecd3.

⛔ Files ignored due to path filters (2)
  • langchain/poetry.lock is excluded by !**/*.lock
  • zapier/package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (3)
  • langchain/pyproject.toml
  • osv-scanner.toml
  • zapier/package.json

📝 Walkthrough

Walkthrough

The PR updates dependency and security-related configuration in three places: Poetry constraints in langchain/pyproject.toml, OSV ignore entries in osv-scanner.toml, and npm override pins in zapier/package.json. It raises and adds several Python dependency version ranges, adds vcrpy to the test dependencies, refreshes existing OSV ignore metadata and adds more ignored GHSA entries, and adds new package override pins in the Zapier package manifest.

🚥 Pre-merge checks | ✅ 4
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the security dependency bumps and matches the packages changed in the PR.
Description check ✅ Passed The description accurately explains the dependency and vulnerability fixes reflected in the changeset.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch andriy/secfix-agentql-integrations-deps

Comment @coderabbitai help to get the list of available commands.

@andriy-sudo andriy-sudo requested a review from hongjingzhou June 25, 2026 09:12
@andriy-sudo andriy-sudo merged commit 5615015 into main Jun 25, 2026
3 checks passed
@andriy-sudo andriy-sudo deleted the andriy/secfix-agentql-integrations-deps branch June 25, 2026 14:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants