Skip to content

Fix for GHSA-3644-q5cj-c5c7#180

Closed
keycard-gh-workflows-access[bot] wants to merge 1 commit into
mainfrom
socket/fix/GHSA-3644-q5cj-c5c7
Closed

Fix for GHSA-3644-q5cj-c5c7#180
keycard-gh-workflows-access[bot] wants to merge 1 commit into
mainfrom
socket/fix/GHSA-3644-q5cj-c5c7

Conversation

@keycard-gh-workflows-access

Copy link
Copy Markdown
Contributor

Socket fix for GHSA-3644-q5cj-c5c7.

Vulnerability Summary: LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning

Severity: HIGH

Affected Packages: langchain (PIP), langchain-classic (PIP), langsmith (NPM), and langsmith (PIP)

…izes untrusted manifests without trust boundary warning
@Larry-Osakwe

Copy link
Copy Markdown
Contributor

Obsolete: #187 merged (Jul 8) and bumps this package to or past the fixed version this PR targets. Main's uv.lock now resolves aiohttp 3.14.1, authlib 1.7.1, idna 3.15, langchain-core 1.4.8, langsmith 0.8.18, pydantic-ai 2.0.0, pydantic-settings 2.14.2, among others.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant