Fix for GHSA-pjwx-r37v-7724#179
Conversation
…tion of attacker-controlled objects through overly broad `load()` allowlists
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
|
Obsolete: #187 merged (Jul 8) and bumps this package to or past the fixed version this PR targets. Main's uv.lock now resolves aiohttp 3.14.1, authlib 1.7.1, idna 3.15, langchain-core 1.4.8, langsmith 0.8.18, pydantic-ai 2.0.0, pydantic-settings 2.14.2, among others. |
Socket fix for GHSA-pjwx-r37v-7724.
Vulnerability Summary: LangChain vulnerable to unsafe deserialization of attacker-controlled objects through overly broad
load()allowlistsSeverity: HIGH
Affected Packages: langchain-core (PIP)