forked from langchain-ai/langserve
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
100 changed files
with
19,149 additions
and
495 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
{ | ||
"contributors": ["eyurtsev", "hwchase17", "nfcampos", "efriis", "jacoblee93", "dqbd", "kreneskyp", "adarsh-jha-dev", "harris", "baskaryan", "hinthornw", "bracesproul", "jakerachleff", "craigsdennis", "anhi", "169", "LarchLiu", "PaulLockett", "RCMatthias", "jwynia", "majiayu000", "mpskex", "shivachittamuru", "sinashaloudegi", "sowsan", "akira", "lucianotonet", "JGalego"], | ||
"contributors": ["eyurtsev", "hwchase17", "nfcampos", "efriis", "jacoblee93", "dqbd", "kreneskyp", "adarsh-jha-dev", "harris", "baskaryan", "hinthornw", "bracesproul", "jakerachleff", "craigsdennis", "anhi", "169", "LarchLiu", "PaulLockett", "RCMatthias", "jwynia", "majiayu000", "mpskex", "shivachittamuru", "sinashaloudegi", "sowsan", "akira", "lucianotonet", "JGalego", "nat-n", "dirien", "donbr"], | ||
"message": "Thank you for your pull request and welcome to our community. We require contributors to sign our Contributor License Agreement, and we don't seem to have the username {{usersWithoutCLA}} on file. In order for us to review and merge your code, please complete the Individual Contributor License Agreement here https://forms.gle/AQFbtkWRoHXUgipM6 .\n\nThis process is done manually on our side, so after signing the form one of the maintainers will add you to the contributors list.\n\nFor more details about why we have a CLA and other contribution guidelines please see: https://github.com/langchain-ai/langserve/blob/main/CONTRIBUTING.md." | ||
} |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -162,3 +162,5 @@ cython_debug/ | |
.envrc | ||
|
||
.vscode/ | ||
# IntelliJ IDE's | ||
.idea |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,61 @@ | ||
# Security Policy | ||
|
||
## Reporting a Vulnerability | ||
## Reporting OSS Vulnerabilities | ||
|
||
Please report security vulnerabilities by email to `security@langchain.dev`. | ||
This email is an alias to a subset of our maintainers, and will ensure the issue is promptly triaged and acted upon as needed. | ||
LangChain is partnered with [huntr by Protect AI](https://huntr.com/) to provide | ||
a bounty program for our open source projects. | ||
|
||
Please report security vulnerabilities associated with the LangChain | ||
open source projects by visiting the following link: | ||
|
||
[https://huntr.com/bounties/disclose/](https://huntr.com/bounties/disclose/?target=https%3A%2F%2Fgithub.com%2Flangchain-ai%2Flangchain&validSearch=true) | ||
|
||
Before reporting a vulnerability, please review: | ||
|
||
1) In-Scope Targets and Out-of-Scope Targets below. | ||
2) The [langchain-ai/langchain](https://python.langchain.com/docs/contributing/repo_structure) monorepo structure. | ||
3) LangChain [security guidelines](https://python.langchain.com/docs/security) to | ||
understand what we consider to be a security vulnerability vs. developer | ||
responsibility. | ||
|
||
### In-Scope Targets | ||
|
||
The following packages and repositories are eligible for bug bounties: | ||
|
||
- langchain-core | ||
- langchain (see exceptions) | ||
- langchain-community (see exceptions) | ||
- langgraph | ||
- langserve | ||
|
||
### Out of Scope Targets | ||
|
||
All out of scope targets defined by huntr as well as: | ||
|
||
- **langchain-experimental**: This repository is for experimental code and is not | ||
eligible for bug bounties, bug reports to it will be marked as interesting or waste of | ||
time and published with no bounty attached. | ||
- **tools**: Tools in either langchain or langchain-community are not eligible for bug | ||
bounties. This includes the following directories | ||
- langchain/tools | ||
- langchain-community/tools | ||
- Please review our [security guidelines](https://python.langchain.com/docs/security) | ||
for more details, but generally tools interact with the real world. Developers are | ||
expected to understand the security implications of their code and are responsible | ||
for the security of their tools. | ||
- Code documented with security notices. This will be decided done on a case by | ||
case basis, but likely will not be eligible for a bounty as the code is already | ||
documented with guidelines for developers that should be followed for making their | ||
application secure. | ||
- Any LangSmith related repositories or APIs see below. | ||
|
||
## Reporting LangSmith Vulnerabilities | ||
|
||
Please report security vulnerabilities associated with LangSmith by email to `security@langchain.dev`. | ||
|
||
- LangSmith site: https://smith.langchain.com | ||
- SDK client: https://github.com/langchain-ai/langsmith-sdk | ||
|
||
### Other Security Concerns | ||
|
||
For any other security concerns, please contact us at `security@langchain.dev`. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.