chore(deps): update dependency langchain-core to v0.2.43 [security] #114

renovate-bot · 2025-03-21T16:53:24Z

This PR contains the following updates:

Package	Change	Age	Confidence
langchain-core (changelog)	`==0.2.31` -> `==0.2.43`

GitHub Vulnerability Alerts

CVE-2024-10940

A vulnerability in langchain-core versions >=0.1.17,<0.1.53, >=0.2.0,<0.2.43, and >=0.3.0,<0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the ability to create langchain_core.prompts.ImagePromptTemplate's (and by extension langchain_core.prompts.ChatPromptTemplate's) with input variables that can read any user-specified path from the server file system. If the outputs of these prompt templates are exposed to the user, either directly or through downstream model outputs, it can lead to the exposure of sensitive information.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

dpebot · 2025-03-21T16:53:36Z

/gcbrun

dpebot · 2025-09-05T15:40:01Z

/gcbrun

dpebot · 2025-09-05T21:43:40Z

/gcbrun

dpebot · 2025-09-06T04:37:10Z

/gcbrun

dpebot · 2025-09-06T12:30:32Z

/gcbrun

dpebot · 2025-09-06T21:23:17Z

/gcbrun

dpebot · 2025-09-07T05:46:16Z

/gcbrun

dpebot · 2025-09-07T13:28:22Z

/gcbrun

dpebot · 2025-09-07T20:43:58Z

/gcbrun

dpebot · 2025-09-08T04:57:24Z

/gcbrun

dpebot · 2025-09-08T13:55:41Z

/gcbrun

dpebot · 2025-09-08T21:26:29Z

/gcbrun

dpebot · 2025-09-09T06:24:47Z

/gcbrun

dpebot · 2025-10-03T21:43:33Z

/gcbrun

dpebot · 2025-10-04T05:41:39Z

/gcbrun

dpebot · 2025-10-04T13:58:46Z

/gcbrun

dpebot · 2025-10-04T21:56:08Z

/gcbrun

dpebot · 2025-10-05T05:50:44Z

/gcbrun

dpebot · 2025-10-05T13:03:03Z

/gcbrun

dpebot · 2025-10-05T21:29:28Z

/gcbrun

dpebot · 2025-10-06T05:04:25Z

/gcbrun

dpebot · 2025-10-06T14:00:48Z

/gcbrun

dpebot · 2025-10-07T01:37:11Z

/gcbrun

dpebot · 2025-10-07T11:29:29Z

/gcbrun

dpebot · 2025-10-07T19:40:52Z

/gcbrun

dpebot · 2025-10-08T09:02:39Z

/gcbrun

dpebot · 2025-10-08T19:01:57Z

/gcbrun

dpebot · 2025-10-09T02:07:38Z

/gcbrun

renovate-bot requested review from a team as code owners March 21, 2025 16:53

blunderbuss-gcf bot assigned PingXie Mar 21, 2025

product-auto-label bot added the api: redis Issues related to the googleapis/langchain-google-memorystore-redis-python API. label Mar 21, 2025

renovate-bot force-pushed the renovate/pypi-langchain-core-vulnerability branch from 8c5f2c2 to eb792ce Compare September 5, 2025 15:39

renovate-bot force-pushed the renovate/pypi-langchain-core-vulnerability branch from eb792ce to 234c5e8 Compare September 5, 2025 21:43

renovate-bot force-pushed the renovate/pypi-langchain-core-vulnerability branch from 234c5e8 to 4bfd107 Compare September 6, 2025 04:37

renovate-bot force-pushed the renovate/pypi-langchain-core-vulnerability branch from 4bfd107 to 911e4b9 Compare September 6, 2025 12:30

renovate-bot force-pushed the renovate/pypi-langchain-core-vulnerability branch from 911e4b9 to 882769a Compare September 6, 2025 21:23

renovate-bot force-pushed the renovate/pypi-langchain-core-vulnerability branch from 882769a to b4d96a2 Compare September 7, 2025 05:46

renovate-bot force-pushed the renovate/pypi-langchain-core-vulnerability branch from b4d96a2 to 231bdf0 Compare September 7, 2025 13:28

renovate-bot force-pushed the renovate/pypi-langchain-core-vulnerability branch from 231bdf0 to e6cc2d7 Compare September 7, 2025 20:43

renovate-bot force-pushed the renovate/pypi-langchain-core-vulnerability branch from e6cc2d7 to 50210b6 Compare September 8, 2025 04:57

renovate-bot force-pushed the renovate/pypi-langchain-core-vulnerability branch from 50210b6 to a7abc8c Compare September 8, 2025 13:55

renovate-bot force-pushed the renovate/pypi-langchain-core-vulnerability branch from a7abc8c to 6819b22 Compare September 8, 2025 21:26

renovate-bot force-pushed the renovate/pypi-langchain-core-vulnerability branch from 6819b22 to eb36c0d Compare September 9, 2025 06:24

renovate-bot force-pushed the renovate/pypi-langchain-core-vulnerability branch from eb36c0d to 490e17a Compare September 9, 2025 14:33

renovate-bot force-pushed the renovate/pypi-langchain-core-vulnerability branch from 20410ab to 964368e Compare October 4, 2025 05:41

renovate-bot force-pushed the renovate/pypi-langchain-core-vulnerability branch from 964368e to 89304ba Compare October 4, 2025 13:58

renovate-bot force-pushed the renovate/pypi-langchain-core-vulnerability branch from 89304ba to 6e4efb6 Compare October 4, 2025 21:55

renovate-bot force-pushed the renovate/pypi-langchain-core-vulnerability branch from 6e4efb6 to 4ae7d51 Compare October 5, 2025 05:50

renovate-bot force-pushed the renovate/pypi-langchain-core-vulnerability branch from 4ae7d51 to 9228079 Compare October 5, 2025 13:02

renovate-bot force-pushed the renovate/pypi-langchain-core-vulnerability branch from 9228079 to 3360ab9 Compare October 5, 2025 21:29

renovate-bot force-pushed the renovate/pypi-langchain-core-vulnerability branch from 3360ab9 to 463cec9 Compare October 6, 2025 05:04

renovate-bot force-pushed the renovate/pypi-langchain-core-vulnerability branch from 463cec9 to b3551c6 Compare October 6, 2025 14:00

renovate-bot force-pushed the renovate/pypi-langchain-core-vulnerability branch from b3551c6 to ee416ab Compare October 7, 2025 01:37

renovate-bot force-pushed the renovate/pypi-langchain-core-vulnerability branch from ee416ab to 16adb91 Compare October 7, 2025 11:29

renovate-bot force-pushed the renovate/pypi-langchain-core-vulnerability branch from 16adb91 to 717f2f3 Compare October 7, 2025 19:40

renovate-bot force-pushed the renovate/pypi-langchain-core-vulnerability branch from 717f2f3 to e5408d4 Compare October 8, 2025 09:02

renovate-bot force-pushed the renovate/pypi-langchain-core-vulnerability branch from e5408d4 to 38930a3 Compare October 8, 2025 19:01

chore(deps): update dependency langchain-core to v0.2.43 [security]

a730616

renovate-bot force-pushed the renovate/pypi-langchain-core-vulnerability branch from 38930a3 to a730616 Compare October 9, 2025 02:07

chore(deps): update dependency langchain-core to v0.2.43 [security] #114

Are you sure you want to change the base?

chore(deps): update dependency langchain-core to v0.2.43 [security] #114

Uh oh!

Conversation

renovate-bot commented Mar 21, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

GitHub Vulnerability Alerts

CVE-2024-10940

Configuration

Uh oh!

dpebot commented Mar 21, 2025

Uh oh!

dpebot commented Sep 5, 2025

Uh oh!

dpebot commented Sep 5, 2025

Uh oh!

dpebot commented Sep 6, 2025

Uh oh!

dpebot commented Sep 6, 2025

Uh oh!

dpebot commented Sep 6, 2025

Uh oh!

dpebot commented Sep 7, 2025

Uh oh!

dpebot commented Sep 7, 2025

Uh oh!

dpebot commented Sep 7, 2025

Uh oh!

dpebot commented Sep 8, 2025

Uh oh!

dpebot commented Sep 8, 2025

Uh oh!

dpebot commented Sep 8, 2025

Uh oh!

dpebot commented Sep 9, 2025

Uh oh!

dpebot commented Oct 3, 2025

Uh oh!

dpebot commented Oct 4, 2025

Uh oh!

dpebot commented Oct 4, 2025

Uh oh!

dpebot commented Oct 4, 2025

Uh oh!

dpebot commented Oct 5, 2025

Uh oh!

dpebot commented Oct 5, 2025

Uh oh!

dpebot commented Oct 5, 2025

Uh oh!

dpebot commented Oct 6, 2025

Uh oh!

dpebot commented Oct 6, 2025

Uh oh!

dpebot commented Oct 7, 2025

Uh oh!

dpebot commented Oct 7, 2025

Uh oh!

dpebot commented Oct 7, 2025

Uh oh!

dpebot commented Oct 8, 2025

Uh oh!

dpebot commented Oct 8, 2025

Uh oh!

dpebot commented Oct 9, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

renovate-bot commented Mar 21, 2025 •

edited

Loading