chore(deps): update dependency langchain-community to v0.3.27 [security] #93

renovate-bot · 2025-09-05T18:10:09Z

This PR contains the following updates:

Package	Change	Age	Confidence
langchain-community (changelog)	`==0.3.1` -> `==0.3.27`

GitHub Vulnerability Alerts

CVE-2025-6984

The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity (XXE) attacks due to insecure XML parsing. The vulnerability arises from the use of etree.iterparse() without disabling external entity references, which can lead to sensitive information disclosure. An attacker could exploit this by crafting a malicious XML payload that references local files, potentially exposing sensitive data such as /etc/passwd. This issue has been fixed in 0.3.27 of langchain-community.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

dpebot · 2025-09-05T18:10:19Z

/gcbrun

dpebot · 2025-09-06T01:10:49Z

/gcbrun

dpebot · 2025-09-06T08:56:54Z

/gcbrun

dpebot · 2025-09-06T16:24:39Z

/gcbrun

dpebot · 2025-09-07T01:24:01Z

/gcbrun

dpebot · 2025-09-07T09:38:55Z

/gcbrun

dpebot · 2025-09-07T17:52:35Z

/gcbrun

dpebot · 2025-09-08T03:15:51Z

/gcbrun

dpebot · 2025-09-08T10:11:31Z

/gcbrun

dpebot · 2025-09-08T16:31:12Z

/gcbrun

dpebot · 2025-09-09T02:49:00Z

/gcbrun

dpebot · 2025-09-09T08:59:08Z

/gcbrun

dpebot · 2025-09-09T18:09:42Z

/gcbrun

dpebot · 2025-10-03T18:05:09Z

/gcbrun

dpebot · 2025-10-04T01:03:03Z

/gcbrun

dpebot · 2025-10-04T08:51:34Z

/gcbrun

dpebot · 2025-10-04T16:48:09Z

/gcbrun

dpebot · 2025-10-05T01:22:49Z

/gcbrun

dpebot · 2025-10-05T08:35:39Z

/gcbrun

dpebot · 2025-10-05T17:34:22Z

/gcbrun

dpebot · 2025-10-06T01:29:21Z

/gcbrun

dpebot · 2025-10-06T10:41:26Z

/gcbrun

dpebot · 2025-10-06T23:25:15Z

/gcbrun

dpebot · 2025-10-07T05:21:49Z

/gcbrun

dpebot · 2025-10-07T15:29:19Z

/gcbrun

dpebot · 2025-10-08T08:00:05Z

/gcbrun

dpebot · 2025-10-08T15:29:25Z

/gcbrun

dpebot · 2025-10-09T01:56:47Z

/gcbrun

renovate-bot requested review from a team as code owners September 5, 2025 18:10

blunderbuss-gcf bot assigned kgala2 Sep 5, 2025

product-auto-label bot added the api: cloudsql-sqlserver Issues related to the googleapis/langchain-google-cloud-sql-mssql-python API. label Sep 5, 2025

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 71f8a72 to 363ae62 Compare September 6, 2025 01:10

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 363ae62 to c6b610e Compare September 6, 2025 08:56

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from c6b610e to 6bd8806 Compare September 6, 2025 16:24

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 6bd8806 to 41c0964 Compare September 7, 2025 01:23

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 41c0964 to d5e5fb8 Compare September 7, 2025 09:38

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from d5e5fb8 to b647a4f Compare September 7, 2025 17:52

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from b647a4f to bd62012 Compare September 8, 2025 03:15

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from bd62012 to 572d53b Compare September 8, 2025 10:11

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 572d53b to c528315 Compare September 8, 2025 16:31

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from c528315 to 6c4a902 Compare September 9, 2025 02:48

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 6c4a902 to cce9e09 Compare September 9, 2025 08:58

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from cce9e09 to 49e6715 Compare September 9, 2025 18:09

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 49e6715 to 44f95b0 Compare September 10, 2025 02:24

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 5236df6 to 57c4e19 Compare October 4, 2025 01:02

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 57c4e19 to 4e7c180 Compare October 4, 2025 08:51

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 4e7c180 to c1af027 Compare October 4, 2025 16:48

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from c1af027 to a0771f2 Compare October 5, 2025 01:22

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from a0771f2 to 6779b44 Compare October 5, 2025 08:35

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 6779b44 to 119b306 Compare October 5, 2025 17:34

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 119b306 to 6a678c5 Compare October 6, 2025 01:29

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 6a678c5 to fc71581 Compare October 6, 2025 10:41

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from fc71581 to 80af72c Compare October 6, 2025 23:25

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 80af72c to eec84f2 Compare October 7, 2025 05:21

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from eec84f2 to 39b9b9b Compare October 7, 2025 15:29

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 39b9b9b to f2a80a5 Compare October 8, 2025 07:59

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from f2a80a5 to cf0e57f Compare October 8, 2025 15:29

chore(deps): update dependency langchain-community to v0.3.27 [security]

d99ecbf

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from cf0e57f to d99ecbf Compare October 9, 2025 01:56

chore(deps): update dependency langchain-community to v0.3.27 [security] #93

Are you sure you want to change the base?

chore(deps): update dependency langchain-community to v0.3.27 [security] #93

Uh oh!

Conversation

renovate-bot commented Sep 5, 2025

GitHub Vulnerability Alerts

CVE-2025-6984

Configuration

Uh oh!

dpebot commented Sep 5, 2025

Uh oh!

dpebot commented Sep 6, 2025

Uh oh!

dpebot commented Sep 6, 2025

Uh oh!

dpebot commented Sep 6, 2025

Uh oh!

dpebot commented Sep 7, 2025

Uh oh!

dpebot commented Sep 7, 2025

Uh oh!

dpebot commented Sep 7, 2025

Uh oh!

dpebot commented Sep 8, 2025

Uh oh!

dpebot commented Sep 8, 2025

Uh oh!

dpebot commented Sep 8, 2025

Uh oh!

dpebot commented Sep 9, 2025

Uh oh!

dpebot commented Sep 9, 2025

Uh oh!

dpebot commented Sep 9, 2025

Uh oh!

dpebot commented Oct 3, 2025

Uh oh!

dpebot commented Oct 4, 2025

Uh oh!

dpebot commented Oct 4, 2025

Uh oh!

dpebot commented Oct 4, 2025

Uh oh!

dpebot commented Oct 5, 2025

Uh oh!

dpebot commented Oct 5, 2025

Uh oh!

dpebot commented Oct 5, 2025

Uh oh!

dpebot commented Oct 6, 2025

Uh oh!

dpebot commented Oct 6, 2025

Uh oh!

dpebot commented Oct 6, 2025

Uh oh!

dpebot commented Oct 7, 2025

Uh oh!

dpebot commented Oct 7, 2025

Uh oh!

dpebot commented Oct 8, 2025

Uh oh!

dpebot commented Oct 8, 2025

Uh oh!

dpebot commented Oct 9, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants