fix: resolve security vulnerabilities in dependencies (#2059)

Browse Source

Python (uv.lock):
- langchain-core 1.2.7 → 1.2.18 (SSRF via image_url token counting)
- langgraph 1.0.7 → 1.1.1 (unsafe msgpack deserialization)
- flask 3.1.2 → 3.1.3 (missing Vary: Cookie header)
- werkzeug 3.1.5 → 3.1.6 (Windows special device name in safe_join)

npm (web/pnpm-lock.yaml):
- minimatch updated to fix ReDoS vulnerabilities

...

This commit is contained in:

Junyan Chin

2026-03-12 20:09:19 +08:00

committed by GitHub

parent 8b8cfb76de

commit d7df1f05d1

3 changed files with 302 additions and 301 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

560

uv.lock generated

File diff suppressed because it is too large Load Diff