Skip to content

chore(deps): update urllib3 and langchain-core to fix security vulner… #130

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
bsbodden merged 1 commit into from
Dec 11, 2025
Merged

chore(deps): update urllib3 and langchain-core to fix security vulner… #130

bsbodden merged 1 commit into from
Dec 11, 2025

Conversation

@bsbodden
Copy link
Contributor

@bsbodden bsbodden commented Dec 11, 2025

…abilities

Update transitive dependencies to address 3 high severity vulnerabilities:

  • urllib3: 2.5.0 -> 2.6.2

    • Fixes: Improper handling of highly compressed data (CVE pending)
    • Fixes: Unbounded links in decompression chain (CVE pending)

  • langchain-core: 1.0.5 -> 1.1.3

    • Fixes: Template injection via attribute access in prompt templates

See: https://github.com/redis-developer/langgraph-redis/security/dependabot

🤖 Generated with Claude Code

@bsbodden @claude
chore(deps): update urllib3 and langchain-core to fix security vulner…
65f495a 
…abilities

Update transitive dependencies to address 3 high severity vulnerabilities:

- urllib3: 2.5.0 -> 2.6.2
  - Fixes: Improper handling of highly compressed data (CVE pending)
  - Fixes: Unbounded links in decompression chain (CVE pending)

- langchain-core: 1.0.5 -> 1.1.3
  - Fixes: Template injection via attribute access in prompt templates

See: https://github.com/redis-developer/langgraph-redis/security/dependabot

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <[email protected]>
abrookins
abrookins approved these changes Dec 11, 2025
View reviewed changes
Copy link
Contributor

@abrookins abrookins left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@bsbodden bsbodden merged commit ab3dd3c into main Dec 11, 2025
17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@abrookins abrookins abrookins approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bsbodden @abrookins