fix(deps): update dependency langchain to ^0.2.0 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
langchain (source, changelog)	^0.0.330 -> ^0.2.0

GitHub Vulnerability Alerts

CVE-2024-0243

With the following crawler configuration:

from bs4 import BeautifulSoup as Soup

url = "https://example.com"
loader = RecursiveUrlLoader(
    url=url, max_depth=2, extractor=lambda x: Soup(x, "html.parser").text 
)
docs = loader.load()

An attacker in control of the contents of https://example.com could place a malicious HTML file in there with links like "https://example.completely.different/my_file.html" and the crawler would proceed to download that file as well even though prevent_outside=True.

https://github.com/langchain-ai/langchain/blob/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22/libs/community/langchain_community/document_loaders/recursive_url_loader.py#L51-L51

Resolved in https://github.com/langchain-ai/langchain/pull/15559

CVE-2024-28088

LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution.

CVE-2024-3571

langchain-ai/langchain is vulnerable to path traversal due to improper limitation of a pathname to a restricted directory ('Path Traversal') in its LocalFileStore functionality. An attacker can leverage this vulnerability to read or write files anywhere on the filesystem, potentially leading to information disclosure or remote code execution. The issue lies in the handling of file paths in the mset and mget methods, where user-supplied input is not adequately sanitized, allowing directory traversal sequences to reach unintended directories.

CVE-2024-2965

Denial of service in SitemapLoader Document Loader in the langchain-community package, affecting versions below 0.2.5. The parse_sitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap itself. This oversight allows for the possibility of an infinite loop, leading to a crash by exceeding the maximum recursion depth in Python. This vulnerability can be exploited to occupy server socket/port resources and crash the Python process, impacting the availability of services relying on this functionality.

CVE-2024-8309

A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.

---

Release Notes

langchain-ai/langchain (langchain)

v0.1.16

Compare Source

What's Changed

• openai[patch]: Release 0.1.2 by @​baskaryan in #​20241
• docs: fix external repo partner docs by @​efriis in #​20238
• groq[patch]: Release 0.1.1 by @​baskaryan in #​20242
• experimental[patch]: Release 0.0.57 by @​baskaryan in #​20243
• groq: xfail tool_choice tests by @​efriis in #​20247
• [core]: add tool calls message by @​baskaryan in #​18947
• core[patch]: Pre-release 0.1.42-rc.1 by @​baskaryan in #​20248
• openai[patch]: pre-release 0.1.3-rc.1 by @​baskaryan in #​20249
• anthropic[patch]: Pre-release 0.1.8-rc.1 by @​baskaryan in #​20250
• mistralai[patch]: Pre-release 0.1.2-rc.1 by @​baskaryan in #​20251
• infra, multiple: rc release versions by @​efriis in #​20252
• update agents to use tool call messages by @​ccurme in #​20074
• openai[patch]: Fix langchain-openai unknown parameter error with gpt-4-turbo by @​os1ma in #​20271
• community: import flattening fix by @​leo-gan in #​20110
• core: mustache prompt templates by @​nfcampos in #​19980
• docs: update tool calling cookbook by @​ccurme in #​20290
• core[patch]: fix duplicated kwargs in _load_sql_databse_chain by @​B-Step62 in #​19908
• partners: Add chroma partner package by @​killind-dev in #​19292
• chroma: add optional fastapi dep to restrict to <1 by @​efriis in #​20295
• chroma: add required fastapi dep to restrict to <1 by @​efriis in #​20297
• chroma: bump rc, keep optional by @​efriis in #​20298
• core[patch]: include tool_calls in ai msg chunk serialization by @​baskaryan in #​20291
• core[patch]: fix ChatGeneration.text with content blocks by @​baskaryan in #​20294
• langchain[patch]: agents check prompt partial vars by @​baskaryan in #​20303
• openai[patch]: use tool_calls in request by @​baskaryan in #​20272
• docs: added backtick on RunnablePassthrough by @​spike-spiegel-21 in #​20310
• core[patch]: For now remove user warning by @​eyurtsev in #​20321
• community[patch]: Add deprecation warnings to postgres implementation by @​eyurtsev in #​20222
• mistral: add IDs to tool calls by @​ccurme in #​20299
• core[patch]: Release 0.1.42 by @​baskaryan in #​20332
• release anthropic, fireworks, openai, groq, mistral by @​baskaryan in #​20333
• docs: Update documentation for custom LLMs by @​eyurtsev in #​19972
• Testing list of tool calling providers by @​eyurtsev in #​20330
• langchain[patch]: Release 0.1.16 by @​baskaryan in #​20335
• docs: add component page for tool calls by @​ccurme in #​20282
• docs: add tool-calling agent by @​baskaryan in #​20328
• docs: update chat openai by @​baskaryan in #​20331

New Contributors

• @​killind-dev made their first contribution in #​19292

Full Changelog: langchain-ai/langchain@v0.1.15...v0.1.16

v0.1.15

Compare Source

What's Changed

• experimental[patch]: Release 0.0.56 by @​baskaryan in #​19840
• docs: remove unnecessary args from the pip install by @​cyai in #​19823
• Update cross_encoder_reranker.ipynb by @​eltociear in #​19846
• core: generate mermaid syntax and render visual graph by @​angeligareta in #​19599
• ai21[patch]: release 0.1.3 by @​efriis in #​19867
• 👥 Update LangChain people data by @​jacoblee93 in #​19858
• community[patch]: Revert " Fix the bug that Chroma does not specify `e… by @​baskaryan in #​19866
• openai[patch]: fix azure embedding length check by @​efriis in #​19870
• Partially Revert "openai[patch]: Update openai chat model to new base class interface" by @​nfcampos in #​19871
• ai21[patch]: fix core dep by @​efriis in #​19874
• community[patch]: Release 0.0.31 by @​baskaryan in #​19873
• community: Update ChatZhipuAI to support GLM-4 model by @​zhangch9 in #​16695
• openai[patch]: remove openai chunk size validation by @​efriis in #​19878
• Add OpenVINO rerank model support by @​OpenVINO-dev-contest in #​19791
• robocorp[patch]: Fix nested arguments descriptors and tool names by @​mkorpela in #​19707
• robocorp[patch]: fix core min version by @​efriis in #​19879
• community: Add Dria retriever by @​anilaltuner in #​17098
• docs[patch]: Revert quarto update by @​bracesproul in #​19880
• docs: Fix link in Unstructured notebook by @​northern-64bit in #​19851
• cli[minor]: Add version to integration package template by @​eyurtsev in #​19876
• langchain: Adding a new section aware splitter to langchain by @​msetbar in #​16526
• docs: Add docs for RunnableConfigurableFields by @​spike-spiegel-21 in #​19849
• feat(partners): support request timeout in BaseCohere by @​mspronesti in #​19641
• docs[patch]: Hide google from function calling docs by @​bracesproul in #​19887
• community: add Layerup Security integration by @​JamsheedMistri in #​19787
• Add remove_comments option (default True): do not extract html comments by @​petervandenabeele in #​13259
• core: Assign missing message ids in BaseChatModel by @​nfcampos in #​19863
• Core[major]: Base Tracer to propagate raw output from tool for on_tool_end by @​keenborder786 in #​18932
• core[patch]: Release 0.1.38 by @​baskaryan in #​19895
• langchain: fix ElasticsearchStore reference for self query by @​maxjakob in #​19907
• Cohere: Add multihop tool agent by @​harry-cohere in #​19919
• cohere[patch]: release 0.1.0 by @​efriis in #​19924
• cohere, docs: update imports and installs to langchain_cohere by @​billytrend-cohere in #​19918
• cohere: simplify integration test by @​harry-cohere in #​19928
• cohere: Improve integration test stability, fix documents bug by @​harry-cohere in #​19929
• docs: mention caveats with CacheBackedEmbeddings.embed_query by @​jokester in #​19926
• pinecone[patch]: source tag by @​efriis in #​19739
• core[patch]: remove requests by @​efriis in #​19891
• deprecating integrations moved to langchain_google_community by @​lkuligin in #​19841
• docs: update cohere documentation by @​sepiatone in #​19700
• core: BaseChatModel modify chat message before passing to run_manager by @​nfcampos in #​19939
• core[patch]: Release 0.1.39 by @​baskaryan in #​19940
• core: fix return of draw_mermaid_png and change to not save image by default by @​angeligareta in #​19950
• core[minor]: Add aload to document loader by @​eyurtsev in #​19936
• langchain-postgres: Initial package with postgres chat history implementation by @​eyurtsev in #​19884
• Support weight only quantization with intel-extension-for-transformers. by @​PenghuiCheng in #​14504
• comunity: Implement delete method and all async methods in opensearch_vector_search by @​2jimoo in #​17321
• Update metadata filtering examples of documents by @​tomasonjo in #​19963
• core: 0.1.40, fix try_load_from_hub for older langchain versions load_chain by @​efriis in #​19964
• docs: Custom Document Loaders by @​eyurtsev in #​19935
• cli[minor]: Add disable sockets in unit tests by @​eyurtsev in #​19877
• langchain_groq[feat]: Add tool calling support by @​gradenr in #​19971
• groq: release 0.1.0 by @​efriis in #​19975
• groq: fix core version by @​efriis in #​19976
• groq: handle streaming tool call case by @​efriis in #​19978
• Jacob/docs new by @​jacoblee93 in #​19765
• cohere: Add citations to agent, flexibility to tool parsing, fix SDK issue by @​harry-cohere in #​19965
• core[Patch]: mypy ignore fixes #​17048 by @​UtkarshaGupte in #​19931
• core[minor]: Add aformat to FewShotPromptTemplate by @​cbornet in #​19652
• core: support pydantic V2 for JSONOutputParser, allow for other sources of JSON schemas by @​jnis23 in #​19716
• [docs][minor]: Fix typo in Custom Document Loader doc by @​cbornet in #​20003
• community: Implement Async OpenSearch afrom_texts & afrom_embeddings by @​crispyricepc in #​20009
• community[minor]: Add metadata filtering support for neo4j vector by @​tomasonjo in #​20001
• langchain: enhance LocalFileStore to allow directory/file permissions to be specified by @​chrispy-snps in #​18857
• docs[patch]: Make Docusaurus and Vercel add trailing slashes when navigating by default by @​jacoblee93 in #​20014
• community[minor]: added missed class to all by @​leo-gan in #​19888
• anthropic[minor]: tool use by @​baskaryan in #​20016
• anthropic[patch]: bump core dep by @​baskaryan in #​20019
• Add cookbook for Anthropic .with_structured_output() by @​rlancemartin in #​20017
• anthropic[patch]: fix experimental tests by @​baskaryan in #​20021
• docs: graphs update by @​leo-gan in #​19675
• docs integrations/providers update 10 by @​leo-gan in #​19970
• anthropic[patch]: use anthropic 0.23 by @​baskaryan in #​20022
• anthropic[patch]: Release 0.1.6 by @​baskaryan in #​20026
• docs: integrations/providers/unstructured update by @​leo-gan in #​19892
• docs: mark anthropic tools wrapper as deprecated by @​baskaryan in #​20024
• docs: integrations/providers update 9 by @​leo-gan in #​19941
• Update example cookbook for Anthropic tool use by @​rlancemartin in #​20029
• docs: hide experimental anthropic by @​baskaryan in #​20030
• docs: fixing typo in argument name by @​0ssamaak0 in #​20028
• docs[patch]: Fix Model I/O quickstart by @​jacoblee93 in #​20031
• docs: fix together model tab by @​baskaryan in #​20032
• docs: weaviate docs by @​efriis in #​20042
• Docs: Update custom chat model by @​eyurtsev in #​19967
• docs: fix title cap by @​efriis in #​20048
• core: Implement aformat_messages for ChatMessagePromptTemplate by @​cbornet in #​20038
• core: Add async aformat_document method by @​cbornet in #​20037
• core: Implement aformat_prompt and ainvoke in BasePromptTemplate by @​cbornet in #​20035
• core[patch]: Document BaseCache abstraction in code by @​eyurtsev in #​20046
• langchain-core[minor]: Allow passing local cache to language models by @​liugddx in #​19331
• community[patch]: Improve import callbacks to make it IDE friendly by @​eyurtsev in #​20050
• docs[patch]: Add missing redirects by @​jacoblee93 in #​20076
• cohere: move package to external repo by @​efriis in #​20081
• docs: anthropic tool docstring by @​baskaryan in #​20091
• template: add rag azure search template by @​kristapratico in #​18143
• partners[anthropic]: fix anthropic chat model message type lookup keys by @​maximeperrindev in #​19034
• templates: migrate to langchain_anthropic package to support Claude 3 models by @​donbr in #​19393
• pinecone[patch]: release 0.1.0 by @​efriis in #​20109
• Documentation: Fixed the typo of Discord -> Telegram by @​TAAGECH9 in #​20008
• [core] fix: manually specifying run_id for chat models.invoke() and .ainvoke() by @​hinthornw in #​20082
• postgres[minor]: add postgres checkpoint implementation by @​eyurtsev in #​20025
• postgres[minor]: Add pgvector community as is by @​eyurtsev in #​20096
• community[minor]: Add support for Pebblo cloud_api_key in PebbloSafeLoader by @​rahul-trip in #​19855
• Community: Updating Azure Retriever and Docs to be Azure AI Search instead of Azure Cognitive Search by @​marlenezw in #​19925
• community: Add PHP language parser to document_loaders by @​david02871 in #​19850
• docs: use standard openai params by @​baskaryan in #​20160
• docs: standardize fireworks params by @​baskaryan in #​20162
• mistralai[patch]: standardize model params by @​baskaryan in #​20163
• anthropic[patch]: standardize init args by @​baskaryan in #​20161
• community: extend Predibase integration to support fine-tuned LLM adapters by @​alexsherstinsky in #​19979
• langchain: fix pinecone upsert when async_req is set to False by @​harryhaibojiang in #​19793
• pinecone[patch]: fix core min version by @​efriis in #​20177
• Adding MongoDB Cookbook for Chat history and semantic cache by @​RichmondAlake in #​19998
• community: add request_timeout and max_retries to ChatAnthropic by @​kaijietti in #​19402
• docs: add vertexai to structured output by @​baskaryan in #​20171
• community: cross_encoders flatten namespaces by @​leo-gan in #​20183
• docs: TogetherAI as a drop-in replacement for OpenAI by @​sepiatone in #​19900
• Community: Add support for MLX models (chat & llm) by @​Blaizzy in #​18152
• community: add bedrock anthropic callback for token usage counting by @​Sukitly in #​19864
• Fix pr 19772 by @​3coins in #​20047
• baichuan[patch]: standardize init args by @​liugddx in #​20209
• docs: Fix the class links in openai_tools and openai_functions description in output parser documentations by @​Haris-Ali007 in #​20197
• community[patch]: pass through sql agent kwargs by @​baskaryan in #​19962
• community: Enhance Tencent Cloud VectorDB, langchain: make Tencent Cloud VectorDB self query retrieve compatible by @​jeffkit in #​19651
• GCSDirectoryLoader bugfix by @​timothywong731 in #​20005
• doc:(sharememory&bittensor) Get rid of ZeroShotAgent and use create_react_agent instead by @​liugddx in #​20157
• community: add allow_dangerous_requests for OpenAPI toolkits by @​daviddwlee84 in #​19493
• docs: Add documentation of ElasticsearchStore.BM25RetrievalStrategy by @​g-votte in #​20098
• openai: wrap stream code in context manager blocks by @​snopoke in #​18013
• Remove postgres package by @​eyurtsev in #​20207
• langchain-postgres: Remove remaining README.md file by @​eyurtsev in #​20221
• together: release 0.1.0 by @​efriis in #​20225
• standard-tests: a standard unit and integration test set by @​efriis in #​20182
• core: Implement aformat for FewShotPromptWithTemplates by @​cbornet in #​20039
• core: Implement aformat_messages for _StringImageMessagePromptTemplate by @​cbornet in #​20036
• community: switch to falkordb python client by @​efriis in #​20229
• community[patch]: OpenLLM Async Client Fixes and Timeout Parameter by @​charlod in #​20007
• langchain[patch]: make BooleanOutputParser check words not substrings by @​casperdcl in #​20064
• langchain[patch]: Update unit test by @​eyurtsev in #​20228
• docs: Fix typo in citations example by @​sjnarmstrong in #​20218
• community: fixed multithreading returning List[List[Documents]] instead of List[Documents] by @​chip-davis in #​20230
• core[patch]: Release 0.1.41 by @​baskaryan in #​20233
• community[patch]: Release 0.0.32 by @​baskaryan in #​20236
• langchain[patch]: Release 0.1.15 by @​baskaryan in #​20237
• mistralai[patch]: Release 0.1.1 by @​baskaryan in #​20239
• anthropic[patch]: Release 0.1.7 by @​baskaryan in #​20240

New Contributors

• @​angeligareta made their first contribution in #​19599
• @​zhangch9 made their first contribution in #​16695
• @​mkorpela made their first contribution in #​19707
• @​anilaltuner made their first contribution in #​17098
• @​spike-spiegel-21 made their first contribution in #​19849
• @​JamsheedMistri made their first contribution in #​19787
• @​jokester made their first contribution in #​19926
• @​PenghuiCheng made their first contribution in #​14504
• @​UtkarshaGupte made their first contribution in #​19931
• @​crispyricepc made their first contribution in #​20009
• @​0ssamaak0 made their first contribution in #​20028
• @​donbr made their first contribution in #​19393
• @​TAAGECH9 made their first contribution in #​20008
• @​rahul-trip made their first contribution in #​19855
• @​david02871 made their first contribution in #​19850
• @​harryhaibojiang made their first contribution in #​19793
• @​RichmondAlake made their first contribution in #​19998
• @​Blaizzy made their first contribution in #​18152
• @​Haris-Ali007 made their first contribution in #​20197
• @​jeffkit made their first contribution in #​19651
• @​daviddwlee84 made their first contribution in #​19493
• @​snopoke made their first contribution in #​18013
• @​charlod made their first contribution in #​20007
• @​casperdcl made their first contribution in #​20064
• @​sjnarmstrong made their first contribution in #​20218

Full Changelog: langchain-ai/langchain@v0.1.14...v0.1.15

v0.1.14

Compare Source

What's Changed

• robocorp[patch]: release 0.0.4 by @​efriis in #​19357
• robocorp[patch]: run integration tests on release by @​efriis in #​19358
• experimental[patch]: Release 0.0.55 by @​baskaryan in #​19353
• openai[patch]: release 0.1.0, message id and name support by @​efriis in #​19363
• openai[patch]: fix name param by @​efriis in #​19365
• openai[patch]: fix core min version by @​efriis in #​19366
• feat: update base_url of anthropic by @​enfeng in #​18634
• community:Replace positional argument with text=text for cohere>=5 compatibility by @​billytrend-cohere in #​19407
• core[patch]: allow "placeholder" type in from_messages tuples by @​hinthornw in #​19152
• mistralai[minor]: 0.1.0rc0, remove mistral sdk by @​efriis in #​19420
• core[minor]: Add utility code to create tool examples by @​hwchase17 in #​18602
• [langchain] fix OpenAIAssistantRunnable.create_assistant by @​ccurme in #​19081
• cookbook[patch]: add strip of quotes
  by @​efriis in #​19452
• mistralai: update tool calling by @​ccurme in #​19451
• community[patch]: invoke callback prior to yielding token (llama.cpp) by @​sepiatone in #​19392
• mistralai[patch]: release 0.1.0rc1 by @​efriis in #​19453
• mistralai[patch]: fix core version by @​efriis in #​19454
• docs: delete mistralai embeddings doc from incorrect location by @​sepiatone in #​19432
• langchain_openai: [URGENT REGRESSION FIX] Don't fail if tool message already doesn't contain name by @​ldorigo in #​19435
• openai[patch]: release 0.1.1 by @​efriis in #​19458
• openai[patch]: integration test structured output by @​efriis in #​19459
• openai[patch]: tool use integration test by @​baskaryan in #​19460
• docs: use invoke instead of run by @​raybellwaves in #​19457
• docs: point to titantic dataset on web by @​raybellwaves in #​19455
• community:Modified regular expression by @​igeni in #​19449
• openai[patch]: add test coverage to output by @​efriis in #​19462
• community: RecursiveUrlLoader: add base_url option by @​germankrause in #​19421
• docarray requires hnsw installation by @​lucifertrj in #​19416
• langchain: Add async methods to VectorStoreRetrieverMemory by @​cbornet in #​19408
• makefile api_docs_clean fix by @​leo-gan in #​19405
• docs: moving FireworksEmbeddings documentation to docs folder by @​sepiatone in #​19398
• community[patch]: invoke callback prior to yielding token (fireworks) by @​sepiatone in #​19388
• community[patch]: invoke callback prior to yielding token (openai) by @​sepiatone in #​19389
• docs: Add partition parameter to DashVector by @​wangcailin in #​19385
• community: fix bugs in baiduvectordb as vectorstore by @​fengjial in #​19380
• docs: update import paths and move to lcel for llama.cpp examples by @​sepiatone in #​19391
• docs: update module imports for fireworks documentation by @​sepiatone in #​19377
• docs: fix error bilibili url by @​Undertone0809 in #​19375
• docs: adding voyageai to the list of partner packages by @​sepiatone in #​19376
• mistralai[patch]: streaming tool calls by @​efriis in #​19469
• Remove non-rendering images & output spamming from doc ntbks by @​rlancemartin in #​19475
• Use async memory in Chain when needed by @​cbornet in #​19429
• code[patch]: Add in code documentation to core Runnable pipe and pick methods (docs only) by @​liugddx in #​19395
• community[minor]: S3FileLoader to use expose mode and post_processors arguments of unstructured loader by @​preak95 in #​19270
• Add OpenVINO llms docs by @​OpenVINO-dev-contest in #​19489
• community[minor]: Add DuckDB as a vectorstore by @​Hugoberry in #​18916
• infra: Update package version to apply CVE-related patch by @​JacobLezberg in #​19490
• langchain-community: Dappier chat model integration by @​IgorMunizS in #​19370
• Update docs for HuggingFacePipeline by @​nikhilkmr300 in #​19306
• add kwargs by @​ccurme in #​19519
• langchain: Passthrough batch_size on index()/aindex() calls by @​znwilkins in #​19443
• core[patch]: Use defusedxml in XMLOutputParser by @​eyurtsev in #​19526
• langchain_cohere: add cohere as a partner package by @​billytrend-cohere in #​19049
• core[runnables]: docstring for class runnable, method with_listeners() by @​sepiatone in #​19515
• cohere[patch]: fix release by @​efriis in #​19529
• core[patch]: fix xml output parser transform by @​eyurtsev in #​19530
• partners/openai: increase max batch size for Azure OpenAI Embeddings API by @​orestxherija in #​19532
• docs: Update local llms article to use invoke instead of deprecated call by @​clarkerican in #​19528
• community: More flexible handling for entity names in vector store "HANA Cloud" by @​MartinKolbAtWork in #​19523
• community: Added GigaChat Embeddings support + updated previous GigaChat integration by @​Mikelarg in #​19516
• fixed links by @​lkuligin in #​19503
• docs: Update streaming.ipynb by [@​eltociear](https:/

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.