Skip to content

chore(deps): update dependency langchain-community to v0.2.19 [security] - abandoned #270

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
renovate-bot wants to merge 2 commits into from
Closed

chore(deps): update dependency langchain-community to v0.2.19 [security] - abandoned #270

renovate-bot wants to merge 2 commits into from

Conversation

@renovate-bot
Copy link
Contributor

@renovate-bot renovate-bot commented Oct 30, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
langchain-community (changelog) ==0.2.16 -> ==0.2.19 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-8309

A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate-bot renovate-bot requested review from a team as code owners October 30, 2024 18:08
@dpebot
Copy link
Collaborator

dpebot commented Oct 30, 2024

/gcbrun

@product-auto-label product-auto-label bot added the api: alloydb Issues related to the googleapis/langchain-google-alloydb-pg-python API. label Oct 30, 2024
@renovate-bot renovate-bot changed the title chore(deps): update dependency langchain-community to v0.3.0 [security] chore(deps): update dependency langchain-community to v0.2.19 [security] Nov 12, 2024
@renovate-bot renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 0168ada to df6bc1e Compare November 12, 2024 20:01
@dpebot
Copy link
Collaborator

dpebot commented Nov 12, 2024

/gcbrun

@dpebot
Copy link
Collaborator

dpebot commented Nov 13, 2024

/gcbrun

@renovate-bot renovate-bot changed the title chore(deps): update dependency langchain-community to v0.2.19 [security] chore(deps): update dependency langchain-community to v0.2.19 [security] - abandoned Nov 13, 2024
@forking-renovate
Copy link

forking-renovate bot commented Nov 13, 2024

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@twishabansal twishabansal

Labels

api: alloydb Issues related to the googleapis/langchain-google-alloydb-pg-python API.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@renovate-bot @dpebot @averikitsch @twishabansal