Update dependency @langchain/community to ^0.3.3 [SECURITY] #27

renovate · 2024-10-29T20:58:13Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@langchain/community (source)	`^0.0.16` -> `^0.3.3`

GitHub Vulnerability Alerts

CVE-2024-7042

A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.

Release Notes

langchain-ai/langchainjs (@langchain/community)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

cr-gpt · 2024-10-29T20:58:17Z

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

vercel · 2024-10-29T20:58:18Z

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
chatbot-component	❌ Failed (Inspect)			Oct 29, 2024 9:12pm
chatbot-components	❌ Failed (Inspect)			Oct 29, 2024 9:12pm

Update dependency @langchain/community to ^0.3.0 [SECURITY]

f325504

vercel bot temporarily deployed to Preview – chatbot-components October 29, 2024 21:11 Inactive

vercel bot temporarily deployed to Preview – chatbot-component October 29, 2024 21:12 Inactive

renovate bot changed the title ~~Update dependency @langchain/community to ^0.3.0 [SECURITY]~~ Update dependency @langchain/community to ^0.3.3 [SECURITY] Oct 30, 2024

renovate bot changed the title ~~Update dependency @langchain/community to ^0.3.3 [SECURITY]~~ Update dependency @langchain/community to ^0.3.0 [SECURITY] Nov 18, 2024

renovate bot changed the title ~~Update dependency @langchain/community to ^0.3.0 [SECURITY]~~ Update dependency @langchain/community to ^0.3.3 [SECURITY] Nov 19, 2024

renovate bot changed the title ~~Update dependency @langchain/community to ^0.3.3 [SECURITY]~~ Update dependency @langchain/community to ^0.3.0 [SECURITY] Dec 4, 2024

renovate bot changed the title ~~Update dependency @langchain/community to ^0.3.0 [SECURITY]~~ Update dependency @langchain/community to ^0.3.3 [SECURITY] Dec 7, 2024

renovate bot changed the title ~~Update dependency @langchain/community to ^0.3.3 [SECURITY]~~ Update dependency @langchain/community to ^0.3.0 [SECURITY] Dec 21, 2024

renovate bot changed the title ~~Update dependency @langchain/community to ^0.3.0 [SECURITY]~~ Update dependency @langchain/community to ^0.3.3 [SECURITY] Dec 22, 2024

renovate bot changed the title ~~Update dependency @langchain/community to ^0.3.3 [SECURITY]~~ Update dependency @langchain/community to ^0.3.0 [SECURITY] Dec 24, 2024

renovate bot changed the title ~~Update dependency @langchain/community to ^0.3.0 [SECURITY]~~ Update dependency @langchain/community to ^0.3.3 [SECURITY] Dec 25, 2024

renovate bot changed the title ~~Update dependency @langchain/community to ^0.3.3 [SECURITY]~~ Update dependency @langchain/community to ^0.3.0 [SECURITY] Jan 15, 2025

renovate bot changed the title ~~Update dependency @langchain/community to ^0.3.0 [SECURITY]~~ Update dependency @langchain/community to ^0.3.3 [SECURITY] Jan 15, 2025

renovate bot changed the title ~~Update dependency @langchain/community to ^0.3.3 [SECURITY]~~ Update dependency @langchain/community to ^0.3.0 [SECURITY] Jan 25, 2025

renovate bot changed the title ~~Update dependency @langchain/community to ^0.3.0 [SECURITY]~~ Update dependency @langchain/community to ^0.3.3 [SECURITY] Jan 26, 2025

renovate bot changed the title ~~Update dependency @langchain/community to ^0.3.3 [SECURITY]~~ Update dependency @langchain/community to ^0.3.0 [SECURITY] Jan 31, 2025

renovate bot changed the title ~~Update dependency @langchain/community to ^0.3.0 [SECURITY]~~ Update dependency @langchain/community to ^0.3.3 [SECURITY] Feb 1, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency @langchain/community to ^0.3.3 [SECURITY] #27

Update dependency @langchain/community to ^0.3.3 [SECURITY] #27

renovate bot commented Oct 29, 2024 •

edited

Loading

cr-gpt bot commented Oct 29, 2024

vercel bot commented Oct 29, 2024 •

edited

Loading

Update dependency @langchain/community to ^0.3.3 [SECURITY] #27

Are you sure you want to change the base?

Update dependency @langchain/community to ^0.3.3 [SECURITY] #27

Conversation

renovate bot commented Oct 29, 2024 • edited Loading

GitHub Vulnerability Alerts

Release Notes

What's Changed

New Contributors

What's Changed

What's Changed

What's Changed

What's Changed

New Contributors

Configuration

cr-gpt bot commented Oct 29, 2024

vercel bot commented Oct 29, 2024 • edited Loading

renovate bot commented Oct 29, 2024 •

edited

Loading

vercel bot commented Oct 29, 2024 •

edited

Loading