Skip to content

Commit

Permalink
infra: Update package version to apply CVE-related patch (langchain-a…
Browse files Browse the repository at this point in the history 
…i#19490)

- **Description:** [CVE
2024-21503](https://www.cve.org/CVERecord?id=CVE-2024-21503) was
recently identified. The python linter "black" suffers from a potential
Regex-related denial of service attack. Updated version from the
vulnerable 24.2.0 to the patched 24.3.0.
- **Issue:** N/A
- **Dependencies:** The 'black' package in both `langchain` (top-level)
and `templates/python-lint`.

Co-authored-by: Bagatur <22008038+baskaryan@users.noreply.github.com>
  • Loading branch information
@JacobLezberg @baskaryan @gkorland
2 people authored and gkorland committed Mar 30, 2024
1 parent 772a842 commit e2a95c6
Show file tree
Hide file tree
Showing 4 changed files with 50 additions and 49 deletions.
48 changes: 24 additions & 24 deletions poetry.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions pyproject.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ repository = "https://www.github.com/langchain-ai/langchain"

[tool.poetry.dependencies]
python = ">=3.8.1,<4.0"
black = "^24.2.0"

[tool.poetry.group.docs.dependencies]
langchain = { path = "libs/langchain/", develop = true }
Expand Down
48 changes: 24 additions & 24 deletions templates/python-lint/poetry.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion templates/python-lint/pyproject.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ readme = "README.md"

[tool.poetry.dependencies]
ruff = ">=0.1.8"
black = ">=23.12.0"
black = "^24.2.0"
mypy = ">=1.7.1"
python = ">=3.8.1,<4.0"
langchain = "^0.1"
Expand Down

0 comments on commit e2a95c6

Please sign in to comment.