Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency langchain to v0.0.329 [security] #23

Merged
merged 1 commit into from
Dec 7, 2023
Merged

chore(deps): update dependency langchain to v0.0.329 [security] #23

merged 1 commit into from
Dec 7, 2023

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 5, 2023
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
langchain ==0.0.267 -> ==0.0.329 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-39631

An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library.

Patches: Released in v.0.0.308. numexpr dependency is optional for langchain.

CVE-2023-36281

An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via the via the a json file to the load_prompt parameter. This is related to __subclasses__ or a template.

CVE-2023-46229

LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.

CVE-2023-39659

An issue in langchain langchain-ai before version 0.0.325 allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.

CVE-2023-32786

In Langchain before 0.0.329, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks.

Release Notes

langchain-ai/langchain (langchain)

v0.0.329

Compare Source

What's Changed

New Contributors

CVEs

CVE-2023-32786 -- resolved by APIChain add restrictions to domains (GHSA-6h8p-4hx9-w66c) by @​eyurtsev in https://github.com/langchain-ai/langchain/pull/12747

Full Changelog: langchain-ai/langchain@v0.0.327...v0.0.329

v0.0.327

Compare Source

What's Changed

New Contributors

Full Changelog: langchain-ai/langchain@v0.0.326...v0.0.327

v0.0.326

Compare Source

What's Changed

New Contributors

Full Changelog: langchain-ai/langchain@v0.0.325...v0.0.326

v0.0.325

Compare Source

What's Changed

New Contributors

CVEs

CVE-2023-39659 resolved in https://github.com/langchain-ai/langchain/pull/12427

Full Changelog: langchain-ai/langchain@v0.0.324...v0.0.325

v0.0.324

Compare Source

What's Changed

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot force-pushed the renovate/pypi-langchain-vulnerability branch from 8b49e32 to 2a69c9f Compare October 9, 2023 09:53
@renovate renovate bot changed the title chore(deps): update dependency langchain to v0.0.308 [security] chore(deps): update dependency langchain to v0.0.310 [security] Oct 9, 2023
@renovate renovate bot force-pushed the renovate/pypi-langchain-vulnerability branch from 2a69c9f to 06729fe Compare October 9, 2023 13:05
@renovate renovate bot changed the title chore(deps): update dependency langchain to v0.0.310 [security] chore(deps): update dependency langchain to v0.0.308 [security] Oct 9, 2023
@renovate renovate bot force-pushed the renovate/pypi-langchain-vulnerability branch from 06729fe to 84ee9e2 Compare October 10, 2023 21:53
@renovate renovate bot changed the title chore(deps): update dependency langchain to v0.0.308 [security] chore(deps): update dependency langchain to v0.0.312 [security] Oct 10, 2023
@renovate renovate bot force-pushed the renovate/pypi-langchain-vulnerability branch from 84ee9e2 to 2039b9e Compare October 15, 2023 09:19
@renovate renovate bot changed the title chore(deps): update dependency langchain to v0.0.312 [security] chore(deps): update dependency langchain to v0.0.314 [security] Oct 15, 2023
@renovate renovate bot force-pushed the renovate/pypi-langchain-vulnerability branch from 2039b9e to 79e69ae Compare October 15, 2023 17:30
@renovate renovate bot changed the title chore(deps): update dependency langchain to v0.0.314 [security] chore(deps): update dependency langchain to v0.0.312 [security] Oct 15, 2023
@renovate renovate bot force-pushed the renovate/pypi-langchain-vulnerability branch from 79e69ae to 6f46c6e Compare October 23, 2023 13:16
@renovate renovate bot changed the title chore(deps): update dependency langchain to v0.0.312 [security] chore(deps): update dependency langchain to v0.0.320 [security] Oct 23, 2023
@renovate renovate bot force-pushed the renovate/pypi-langchain-vulnerability branch from 6f46c6e to 19a4738 Compare October 23, 2023 16:48
@renovate renovate bot changed the title chore(deps): update dependency langchain to v0.0.320 [security] chore(deps): update dependency langchain to v0.0.312 [security] Oct 23, 2023
@renovate renovate bot force-pushed the renovate/pypi-langchain-vulnerability branch from 19a4738 to 687679d Compare October 25, 2023 20:19
@renovate renovate bot changed the title chore(deps): update dependency langchain to v0.0.312 [security] chore(deps): update dependency langchain to v0.0.317 [security] Oct 25, 2023
@renovate renovate bot force-pushed the renovate/pypi-langchain-vulnerability branch from 687679d to 29ab50c Compare October 30, 2023 23:05
@renovate renovate bot changed the title chore(deps): update dependency langchain to v0.0.317 [security] chore(deps): update dependency langchain to v0.0.325 [security] Oct 30, 2023
@renovate renovate bot force-pushed the renovate/pypi-langchain-vulnerability branch from 29ab50c to 29a7311 Compare November 6, 2023 07:50
@renovate renovate bot changed the title chore(deps): update dependency langchain to v0.0.325 [security] chore(deps): update dependency langchain to v0.0.330 [security] Nov 6, 2023
@renovate renovate bot force-pushed the renovate/pypi-langchain-vulnerability branch from 29a7311 to 37849f0 Compare November 6, 2023 11:02
@renovate renovate bot changed the title chore(deps): update dependency langchain to v0.0.330 [security] chore(deps): update dependency langchain to v0.0.325 [security] Nov 6, 2023
@renovate renovate bot force-pushed the renovate/pypi-langchain-vulnerability branch from 37849f0 to 49cdbed Compare November 11, 2023 07:15
@renovate renovate bot changed the title chore(deps): update dependency langchain to v0.0.325 [security] chore(deps): update dependency langchain to v0.0.329 [security] Nov 11, 2023
@renovate renovate bot force-pushed the renovate/pypi-langchain-vulnerability branch from 49cdbed to 8778a47 Compare November 16, 2023 10:46
@renovate renovate bot changed the title chore(deps): update dependency langchain to v0.0.329 [security] chore(deps): update dependency langchain to v0.0.336 [security] Nov 16, 2023
@renovate renovate bot force-pushed the renovate/pypi-langchain-vulnerability branch from 8778a47 to 7e3329e Compare November 16, 2023 13:49
@renovate renovate bot changed the title chore(deps): update dependency langchain to v0.0.336 [security] chore(deps): update dependency langchain to v0.0.329 [security] Nov 16, 2023
@renovate renovate bot force-pushed the renovate/pypi-langchain-vulnerability branch from 7e3329e to aeb124d Compare December 3, 2023 11:27
@renovate renovate bot changed the title chore(deps): update dependency langchain to v0.0.329 [security] chore(deps): update dependency langchain to v0.0.345 [security] Dec 3, 2023
@renovate renovate bot force-pushed the renovate/pypi-langchain-vulnerability branch from aeb124d to e10f8af Compare December 3, 2023 14:35
@renovate renovate bot changed the title chore(deps): update dependency langchain to v0.0.345 [security] chore(deps): update dependency langchain to v0.0.329 [security] Dec 3, 2023
@renovate renovate bot force-pushed the renovate/pypi-langchain-vulnerability branch from e10f8af to d097ccd Compare December 7, 2023 10:23
@renovate renovate bot changed the title chore(deps): update dependency langchain to v0.0.329 [security] chore(deps): update dependency langchain to v0.0.347 [security] Dec 7, 2023
@renovate renovate bot force-pushed the renovate/pypi-langchain-vulnerability branch 2 times, most recently from 3436f1a to b5671db Compare December 7, 2023 10:40
@renovate renovate bot changed the title chore(deps): update dependency langchain to v0.0.347 [security] chore(deps): update dependency langchain to v0.0.329 [security] Dec 7, 2023
@renovate renovate bot force-pushed the renovate/pypi-langchain-vulnerability branch from b5671db to 014a7ea Compare December 7, 2023 10:54
@renovate renovate bot changed the title chore(deps): update dependency langchain to v0.0.329 [security] chore(deps): update dependency langchain to v0.0.347 [security] Dec 7, 2023
@renovate renovate bot force-pushed the renovate/pypi-langchain-vulnerability branch from 014a7ea to 6196305 Compare December 7, 2023 10:59
@renovate renovate bot force-pushed the renovate/pypi-langchain-vulnerability branch from 6196305 to b99ea0e Compare December 7, 2023 11:01
@renovate renovate bot changed the title chore(deps): update dependency langchain to v0.0.347 [security] chore(deps): update dependency langchain to v0.0.329 [security] Dec 7, 2023
@benoutram benoutram self-requested a review December 7, 2023 11:18
@benoutram benoutram merged commit 5df4a27 into main Dec 7, 2023
3 checks passed
@benoutram benoutram deleted the renovate/pypi-langchain-vulnerability branch December 7, 2023 11:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benoutram benoutram benoutram approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@benoutram