mirror of
https://github.com/hwchase17/langchain.git
synced 2026-02-21 14:43:07 +00:00
fix: Server-Side Request Forgery (SSRF) in HTMLHeaderTextSplitter.split_text_from_url (#35196)
This commit is contained in:
committed by
GitHub
parent
b06716fb87
commit
1493b4c5ee
@@ -205,6 +205,11 @@ class HTMLHeaderTextSplitter:
|
||||
Raises:
|
||||
requests.RequestException: If the HTTP request fails.
|
||||
"""
|
||||
from langchain_core._security._ssrf_protection import ( # noqa: PLC0415
|
||||
validate_safe_url,
|
||||
)
|
||||
|
||||
validate_safe_url(url, allow_private=False, allow_http=True)
|
||||
response = requests.get(url, timeout=timeout, **kwargs)
|
||||
response.raise_for_status()
|
||||
return self.split_text(response.text)
|
||||
|
||||
@@ -25,7 +25,7 @@ classifiers = [
|
||||
version = "1.1.0"
|
||||
requires-python = ">=3.10.0,<4.0.0"
|
||||
dependencies = [
|
||||
"langchain-core>=1.2.0,<2.0.0",
|
||||
"langchain-core>=1.2.12,<2.0.0",
|
||||
]
|
||||
|
||||
[project.urls]
|
||||
|
||||
4
libs/text-splitters/uv.lock
generated
4
libs/text-splitters/uv.lock
generated
@@ -1,5 +1,5 @@
|
||||
version = 1
|
||||
revision = 3
|
||||
revision = 2
|
||||
requires-python = ">=3.10.0, <4.0.0"
|
||||
resolution-markers = [
|
||||
"python_full_version >= '3.14'",
|
||||
@@ -1175,7 +1175,7 @@ wheels = [
|
||||
|
||||
[[package]]
|
||||
name = "langchain-core"
|
||||
version = "1.2.11"
|
||||
version = "1.2.12"
|
||||
source = { editable = "../core" }
|
||||
dependencies = [
|
||||
{ name = "jsonpatch" },
|
||||
|
||||
Reference in New Issue
Block a user