fix(deps): update dependency @langchain/community to ^0.3.3 [security] #26

renovate · 2024-10-31T02:40:29Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@langchain/community (source)	`^0.2.23` -> `^0.3.3`

GitHub Vulnerability Alerts

CVE-2024-7042

A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.

Release Notes

langchain-ai/langchainjs (@langchain/community)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

codecov · 2024-10-31T02:41:42Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 93.09%. Comparing base (323b311) to head (eb5ca4e).

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #26   +/-   ##
=======================================
  Coverage   93.09%   93.09%           
=======================================
  Files          14       14           
  Lines         304      304           
  Branches       47       13   -34     
=======================================
  Hits          283      283           
  Misses         21       21

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

renovate bot force-pushed the renovate/npm-langchain-community-vulnerability branch from a03dbf0 to 0d9472d Compare November 18, 2024 14:56

renovate bot changed the title ~~fix(deps): update dependency @langchain/community to ^0.3.3 [security]~~ fix(deps): update dependency @langchain/community to ^0.3.0 [security] Nov 18, 2024

renovate bot force-pushed the renovate/npm-langchain-community-vulnerability branch from 0d9472d to 046345e Compare November 19, 2024 08:48

renovate bot changed the title ~~fix(deps): update dependency @langchain/community to ^0.3.0 [security]~~ fix(deps): update dependency @langchain/community to ^0.3.3 [security] Nov 19, 2024

renovate bot force-pushed the renovate/npm-langchain-community-vulnerability branch from 046345e to 37867cb Compare December 4, 2024 23:53

renovate bot changed the title ~~fix(deps): update dependency @langchain/community to ^0.3.3 [security]~~ fix(deps): update dependency @langchain/community to ^0.3.0 [security] Dec 4, 2024

renovate bot force-pushed the renovate/npm-langchain-community-vulnerability branch from 37867cb to ca6140d Compare December 6, 2024 20:47

renovate bot changed the title ~~fix(deps): update dependency @langchain/community to ^0.3.0 [security]~~ fix(deps): update dependency @langchain/community to ^0.3.3 [security] Dec 6, 2024

renovate bot force-pushed the renovate/npm-langchain-community-vulnerability branch from ca6140d to b5202a6 Compare December 21, 2024 14:49

renovate bot changed the title ~~fix(deps): update dependency @langchain/community to ^0.3.3 [security]~~ fix(deps): update dependency @langchain/community to ^0.3.0 [security] Dec 21, 2024

renovate bot force-pushed the renovate/npm-langchain-community-vulnerability branch from b5202a6 to de4c82e Compare December 22, 2024 02:33

renovate bot changed the title ~~fix(deps): update dependency @langchain/community to ^0.3.0 [security]~~ fix(deps): update dependency @langchain/community to ^0.3.3 [security] Dec 22, 2024

renovate bot force-pushed the renovate/npm-langchain-community-vulnerability branch from de4c82e to b653213 Compare December 23, 2024 05:44

renovate bot changed the title ~~fix(deps): update dependency @langchain/community to ^0.3.3 [security]~~ fix(deps): update dependency @langchain/community to ^0.3.0 [security] Dec 23, 2024

renovate bot force-pushed the renovate/npm-langchain-community-vulnerability branch from b653213 to 003a3f2 Compare December 25, 2024 05:31

renovate bot changed the title ~~fix(deps): update dependency @langchain/community to ^0.3.0 [security]~~ fix(deps): update dependency @langchain/community to ^0.3.3 [security] Dec 25, 2024

renovate bot force-pushed the renovate/npm-langchain-community-vulnerability branch from 003a3f2 to ba675ff Compare January 15, 2025 20:02

renovate bot changed the title ~~fix(deps): update dependency @langchain/community to ^0.3.3 [security]~~ fix(deps): update dependency @langchain/community to ^0.3.0 [security] Jan 15, 2025

renovate bot force-pushed the renovate/npm-langchain-community-vulnerability branch from ba675ff to d7137b9 Compare January 17, 2025 07:41

renovate bot changed the title ~~fix(deps): update dependency @langchain/community to ^0.3.0 [security]~~ fix(deps): update dependency @langchain/community to ^0.3.3 [security] Jan 17, 2025

renovate bot force-pushed the renovate/npm-langchain-community-vulnerability branch from d7137b9 to 3d0343b Compare January 25, 2025 08:09

renovate bot changed the title ~~fix(deps): update dependency @langchain/community to ^0.3.3 [security]~~ fix(deps): update dependency @langchain/community to ^0.3.0 [security] Jan 25, 2025

renovate bot force-pushed the renovate/npm-langchain-community-vulnerability branch from 3d0343b to b4b7611 Compare January 26, 2025 02:59

renovate bot changed the title ~~fix(deps): update dependency @langchain/community to ^0.3.0 [security]~~ fix(deps): update dependency @langchain/community to ^0.3.3 [security] Jan 26, 2025

renovate bot force-pushed the renovate/npm-langchain-community-vulnerability branch from b4b7611 to 55fa0e8 Compare January 31, 2025 20:02

renovate bot changed the title ~~fix(deps): update dependency @langchain/community to ^0.3.3 [security]~~ fix(deps): update dependency @langchain/community to ^0.3.0 [security] Jan 31, 2025

renovate bot force-pushed the renovate/npm-langchain-community-vulnerability branch from 55fa0e8 to 88b3391 Compare February 1, 2025 19:59

renovate bot changed the title ~~fix(deps): update dependency @langchain/community to ^0.3.0 [security]~~ fix(deps): update dependency @langchain/community to ^0.3.3 [security] Feb 1, 2025

renovate bot force-pushed the renovate/npm-langchain-community-vulnerability branch from 88b3391 to 7bcda1a Compare February 11, 2025 07:59

renovate bot changed the title ~~fix(deps): update dependency @langchain/community to ^0.3.3 [security]~~ fix(deps): update dependency @langchain/community to ^0.3.0 [security] Feb 11, 2025

renovate bot force-pushed the renovate/npm-langchain-community-vulnerability branch from 7bcda1a to 2d02e4b Compare February 15, 2025 00:08

renovate bot changed the title ~~fix(deps): update dependency @langchain/community to ^0.3.0 [security]~~ fix(deps): update dependency @langchain/community to ^0.3.3 [security] Feb 15, 2025

renovate bot force-pushed the renovate/npm-langchain-community-vulnerability branch from 2d02e4b to d0e1015 Compare February 22, 2025 03:37

renovate bot changed the title ~~fix(deps): update dependency @langchain/community to ^0.3.3 [security]~~ fix(deps): update dependency @langchain/community to ^0.3.0 [security] Feb 22, 2025

renovate bot force-pushed the renovate/npm-langchain-community-vulnerability branch from d0e1015 to abc4cc7 Compare February 23, 2025 11:26

renovate bot changed the title ~~fix(deps): update dependency @langchain/community to ^0.3.0 [security]~~ fix(deps): update dependency @langchain/community to ^0.3.3 [security] Feb 23, 2025

renovate bot force-pushed the renovate/npm-langchain-community-vulnerability branch from abc4cc7 to f7e153a Compare March 4, 2025 04:07

renovate bot changed the title ~~fix(deps): update dependency @langchain/community to ^0.3.3 [security]~~ fix(deps): update dependency @langchain/community to ^0.3.0 [security] Mar 4, 2025

renovate bot force-pushed the renovate/npm-langchain-community-vulnerability branch from f7e153a to ea2e60b Compare March 7, 2025 03:30

renovate bot changed the title ~~fix(deps): update dependency @langchain/community to ^0.3.0 [security]~~ fix(deps): update dependency @langchain/community to ^0.3.3 [security] Mar 7, 2025

renovate bot force-pushed the renovate/npm-langchain-community-vulnerability branch from ea2e60b to 04f9894 Compare March 12, 2025 20:06

renovate bot changed the title ~~fix(deps): update dependency @langchain/community to ^0.3.3 [security]~~ fix(deps): update dependency @langchain/community to ^0.3.0 [security] Mar 12, 2025

renovate bot force-pushed the renovate/npm-langchain-community-vulnerability branch from 04f9894 to e75f7f8 Compare March 15, 2025 11:45

renovate bot changed the title ~~fix(deps): update dependency @langchain/community to ^0.3.0 [security]~~ fix(deps): update dependency @langchain/community to ^0.3.3 [security] Mar 15, 2025

renovate bot force-pushed the renovate/npm-langchain-community-vulnerability branch from e75f7f8 to 3d5f1ee Compare March 18, 2025 23:46

renovate bot changed the title ~~fix(deps): update dependency @langchain/community to ^0.3.3 [security]~~ fix(deps): update dependency @langchain/community to ^0.3.0 [security] Mar 18, 2025

fix(deps): update dependency @langchain/community to ^0.3.3 [security]

eb5ca4e

renovate bot force-pushed the renovate/npm-langchain-community-vulnerability branch from 3d5f1ee to eb5ca4e Compare March 21, 2025 08:09

renovate bot changed the title ~~fix(deps): update dependency @langchain/community to ^0.3.0 [security]~~ fix(deps): update dependency @langchain/community to ^0.3.3 [security] Mar 21, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(deps): update dependency @langchain/community to ^0.3.3 [security] #26

fix(deps): update dependency @langchain/community to ^0.3.3 [security] #26

renovate bot commented Oct 31, 2024 •

edited

Loading

codecov bot commented Oct 31, 2024 •

edited

Loading

fix(deps): update dependency @langchain/community to ^0.3.3 [security] #26

Are you sure you want to change the base?

fix(deps): update dependency @langchain/community to ^0.3.3 [security] #26

Conversation

renovate bot commented Oct 31, 2024 • edited Loading

GitHub Vulnerability Alerts

Release Notes

What's Changed

New Contributors

What's Changed

What's Changed

What's Changed

Configuration

codecov bot commented Oct 31, 2024 • edited Loading

Codecov Report

renovate bot commented Oct 31, 2024 •

edited

Loading

codecov bot commented Oct 31, 2024 •

edited

Loading