fix(deps): bump langchain-openai, langchain-core, langchain-text-splitters to fix CVEs#1248
Conversation
…tters to fix CVEs Addresses Dependabot security alerts: - CVE: langchain-openai SSRF DNS rebinding (fix: >=1.1.14) - CVE: langchain-text-splitters HTMLHeaderTextSplitter SSRF (fix: >=1.1.2) Changes: - langchain-openai: 1.0.3/1.1.0/1.1.1 → 1.1.14 across all agents and RAG packages - langchain-core: 1.2.28 → 1.2.31 (required by langchain-openai 1.1.14) - langchain-text-splitters: 1.0.0 → 1.1.2 in rag/ingestors and rag/server - openai: 2.19.0 → 2.32.0 in rag/server (required by langchain-openai 1.1.14) - Regenerated all 26 affected uv.lock files Assisted-by: Claude:claude-sonnet-4-6 Signed-off-by: Sri Aradhyula <sraradhy@cisco.com>
sriaradhyula
force-pushed
the
prebuild/fix/langchain-mcp-vulnerabilities
branch
from
82a71b9 to
9a4b99d
Compare
|
✅ No proprietary content detected. This PR is clear for review! |
🐳 Prebuild Dynamic Agents Docker Image PublishedRepository: Usagedocker pull ghcr.io/cnoe-io/prebuild/caipe-dynamic-agents:fix-langchain-mcp-vulnerabilities-2Test in Helm valuesdynamic-agents:
image:
repository: ghcr.io/cnoe-io/prebuild/caipe-dynamic-agents
tag: "fix-langchain-mcp-vulnerabilities-2"
|
|
✅ No proprietary content detected. This PR is clear for review! |
🐳 Prebuild Dynamic Agents Docker Image PublishedRepository: Usagedocker pull ghcr.io/cnoe-io/prebuild/caipe-dynamic-agents:fix-langchain-mcp-vulnerabilities-2Test in Helm valuesdynamic-agents:
image:
repository: ghcr.io/cnoe-io/prebuild/caipe-dynamic-agents
tag: "fix-langchain-mcp-vulnerabilities-2"
|
🐳 Prebuild Docker Image PublishedRepository: Usagedocker pull ghcr.io/cnoe-io/prebuild/ai-platform-engineering:fix-langchain-mcp-vulnerabilities-2
|
github-project-automation
bot
moved this to Done
in CAIPE (AI Platform Engineering) Project Backlog
🐳 Prebuild Docker Image PublishedRepository: Usagedocker pull ghcr.io/cnoe-io/prebuild/ai-platform-engineering:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedComponent: Usagedocker pull ghcr.io/cnoe-io/prebuild/caipe-rag-server:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedComponent: Usagedocker pull ghcr.io/cnoe-io/prebuild/caipe-rag-agent-ontology:fix-langchain-mcp-vulnerabilities-2
|
1 similar comment
🐳 Prebuild Docker Image PublishedComponent: Usagedocker pull ghcr.io/cnoe-io/prebuild/caipe-rag-agent-ontology:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedComponent: Usagedocker pull ghcr.io/cnoe-io/prebuild/caipe-rag-ingestors:fix-langchain-mcp-vulnerabilities-2
|
1 similar comment
🐳 Prebuild Docker Image PublishedComponent: Usagedocker pull ghcr.io/cnoe-io/prebuild/caipe-rag-ingestors:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedComponent: Usagedocker pull ghcr.io/cnoe-io/prebuild/caipe-rag-server:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-backstage:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-confluence:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-argocd:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-github:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-victorops:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-gitlab:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-slack:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-netutils:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-pagerduty:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-komodor:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-webex:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-template:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-weather:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-aws:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-splunk:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-jira:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-github:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-gitlab:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-weather:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-backstage:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-netutils:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-jira:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-webex:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-confluence:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-slack:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-splunk:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-komodor:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-aws:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-argocd:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-template:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-victorops:fix-langchain-mcp-vulnerabilities-2
|
🐳 Prebuild Docker Image PublishedAgent: Usagedocker pull ghcr.io/cnoe-io/prebuild/agent-pagerduty:fix-langchain-mcp-vulnerabilities-2
|
2 participants
Summary
langchain-openaifrom 1.0.3/1.1.0/1.1.1 → 1.1.14 across all agents and RAG packages (fixes SSRF via DNS rebinding)langchain-corefrom 1.2.28 → 1.2.31 (required bylangchain-openai==1.1.14)langchain-text-splittersfrom 1.0.0 → 1.1.2 inrag/ingestorsandrag/server(fixes HTMLHeaderTextSplitter SSRF redirect bypass)openaifrom 2.19.0 → 2.32.0 inrag/server(required transitively bylangchain-openai==1.1.14)uv.lockfilesDependabot alerts resolved
langchain-openaiSSRF DNS rebinding (LOW, fixed in 1.1.14)langchain-text-splittersHTMLHeaderTextSplitter SSRF (MEDIUM, fixed in 1.1.2)Test plan