Fix for GHSA-2jrp-274c-jhv3#181
Conversation
…y (SSRF) in URL Download Handling
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
|
Obsolete: #187 merged (Jul 8) and bumps this package to or past the fixed version this PR targets. Main's uv.lock now resolves aiohttp 3.14.1, authlib 1.7.1, idna 3.15, langchain-core 1.4.8, langsmith 0.8.18, pydantic-ai 2.0.0, pydantic-settings 2.14.2, among others. |
Socket fix for GHSA-2jrp-274c-jhv3.
Vulnerability Summary: Pydantic AI has Server-Side Request Forgery (SSRF) in URL Download Handling
Severity: HIGH
Affected Packages: pydantic-ai-slim (PIP) and pydantic-ai (PIP)