Junyan Chin d7df1f05d1 fix: resolve security vulnerabilities in dependencies (#2059) ...

Python (uv.lock):
- langchain-core 1.2.7 → 1.2.18 (SSRF via image_url token counting)
- langgraph 1.0.7 → 1.1.1 (unsafe msgpack deserialization)
- flask 3.1.2 → 3.1.3 (missing Vary: Cookie header)
- werkzeug 3.1.5 → 3.1.6 (Windows special device name in safe_join)

npm (web/pnpm-lock.yaml):
- minimatch updated to fix ReDoS vulnerabilities

2026-03-12 20:09:19 +08:00

241 KiB

Raw Blame History

View Raw