Skip to content

Commit 6230c23

Browse files
adriannoesadriannoes
committed
build(deps): override langsmith>=0.7.31 for GHSA-rr7j-v2q5-chgv
langsmith 0.7.9 (transitive via langchain-core) has a known vulnerability. Override to 0.7.31+ to fix CI pip-audit failure.
1 parent 62386bd commit 6230c23

2 files changed

Lines changed: 6 additions & 3 deletions

File tree

pyproject.toml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -112,6 +112,7 @@ Issues = "https://github.com/adriannoes/asap-protocol/issues"
112112
# - pytest>=9.0.3 for CVE-2025-71176 (dev)
113113
# - python-multipart>=0.0.26 for CVE-2026-40347 (FastAPI stack)
114114
# - pygments>=2.20.0 for CVE-2026-4539
115+
# - langsmith>=0.7.31 for GHSA-rr7j-v2q5-chgv
115116
[tool.uv]
116117
override-dependencies = [
117118
"pyjwt>=2.12.0",
@@ -123,6 +124,7 @@ override-dependencies = [
123124
"pytest>=9.0.3",
124125
"python-multipart>=0.0.26",
125126
"pygments>=2.20.0",
127+
"langsmith>=0.7.31",
126128
]
127129

128130
[project.scripts]

uv.lock

Lines changed: 4 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)