github/langchain
1
0
Fork 0
mirror of https://github.com/hwchase17/langchain.git synced 2026-06-09 10:17:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385)

Browse Source 
## Summary

Bumps `pygments` to `>=2.20.0` across all 21 affected packages to
address [CVE-2026-4539](https://github.com/advisories/GHSA-XXXX) — ReDoS
via inefficient GUID regex in Pygments.

- **Severity:** Low
- **Fixed in:** 2.20.0 (was 2.19.2)
- **Change:** Added `pygments>=2.20.0` to `constraint-dependencies` in
`[tool.uv]` for each package, then ran `uv lock --upgrade-package
pygments` to regenerate lock files.

Closes Dependabot alerts #3435–#3455.

## Release Note
Patch deps

### Test Plan
 - [x] CI Green 🙏

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
John Kennedy
2026-03-30 20:26:59 -07:00
committed by GitHub
parent e207685e8f
commit 0f4f3f74c8
42 changed files with 205 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
libs/partners/anthropic/uv.lock generated
View File

@@ -11,7 +11,10 @@ resolution-markers = [
]
[manifest]
constraints = [{ name = "urllib3", specifier = ">=2.6.3" }]
constraints = [
{ name = "pygments", specifier = ">=2.20.0" },
{ name = "urllib3", specifier = ">=2.6.3" },
]
[[package]]
name = "annotated-types"
@@ -647,7 +650,7 @@ typing = [
[[package]]
name = "langchain-core"
version = "1.2.22"
version = "1.2.23"
source = { editable = "../../core" }
dependencies = [
{ name = "jsonpatch" },
@@ -1369,11 +1372,11 @@ wheels = [
[[package]]
name = "pygments"
version = "2.19.2"
version = "2.20.0"
source = { registry = "https://pypi.org/simple" }
sdist = { url = "https://files.pythonhosted.org/packages/b0/77/a5b8c569bf593b0140bde72ea885a803b82086995367bf2037de0159d924/pygments-2.19.2.tar.gz", hash = "sha256:636cb2477cec7f8952536970bc533bc43743542f70392ae026374600add5b887", size = 4968631, upload-time = "2025-06-21T13:39:12.283Z" }
sdist = { url = "https://files.pythonhosted.org/packages/c3/b2/bc9c9196916376152d655522fdcebac55e66de6603a76a02bca1b6414f6c/pygments-2.20.0.tar.gz", hash = "sha256:6757cd03768053ff99f3039c1a36d6c0aa0b263438fcab17520b30a303a82b5f", size = 4955991, upload-time = "2026-03-29T13:29:33.898Z" }
wheels = [
{ url = "https://files.pythonhosted.org/packages/c7/21/705964c7812476f378728bdf590ca4b771ec72385c533964653c68e86bdc/pygments-2.19.2-py3-none-any.whl", hash = "sha256:86540386c03d588bb81d44bc3928634ff26449851e99741617ecb9037ee5ec0b", size = 1225217, upload-time = "2025-06-21T13:39:07.939Z" },
{ url = "https://files.pythonhosted.org/packages/f4/7e/a72dd26f3b0f4f2bf1dd8923c85f7ceb43172af56d63c7383eb62b332364/pygments-2.20.0-py3-none-any.whl", hash = "sha256:81a9e26dd42fd28a23a2d169d86d7ac03b46e2f8b59ed4698fb4785f946d0176", size = 1231151, upload-time = "2026-03-29T13:29:30.038Z" },
]
[[package]]