Christophe Bornet
8aed3b61a9
core: Bump ruff version to 0.12 ( #31846 )
2025-07-07 10:02:51 -04:00
Michael Li
73552883c3
cli: fix dockerfile incorrect copy ( #31883 )
2025-07-06 21:20:57 -04:00
m27315
013ce2c47f
huggingface: fix HuggingFaceEndpoint._astream() got multiple values for argument 'stop' ( #31385 )
2025-07-06 15:18:53 +00:00
CuberMessenegr
e934788ca2
docs: Fix uppercase typo in the Similarity search section ( #31886 )
2025-07-06 10:24:13 -04:00
Christophe Bornet
bf05229029
langchain: Add ruff rule W ( #31876 )
...
All auto-fixes
See https://docs.astral.sh/ruff/rules/#warning-w
Co-authored-by: Chester Curme <chester.curme@gmail.com>
2025-07-05 21:57:30 +00:00
ccurme
3f4b355eef
anthropic[patch]: pass back in citations in multi-turn conversations ( #31882 )
...
Also adds VCR cassettes for some heavy tests.
2025-07-05 17:33:22 -04:00
Christophe Bornet
46fe09f013
cli: Bump ruff version to 0.12 ( #31864 )
2025-07-05 17:15:24 -04:00
Christophe Bornet
df5cc024fd
langchain: Bump ruff version to 0.12 ( #31867 )
2025-07-05 17:13:55 -04:00
Christophe Bornet
a15c3e0856
text-splitters: Bump ruff version to 0.12 ( #31866 )
2025-07-05 17:13:08 -04:00
Christophe Bornet
e1eb3f8d6f
standard-tests: Bump ruff version to 0.12 ( #31865 )
2025-07-05 17:12:00 -04:00
NeatGuyCoding
64815445e4
langchain[patch]: fix a bug where now.replace(day=now.day - 1)
would raise a ValueError
when now.day
is equal to 1 ( #31878 )
2025-07-05 14:54:26 -04:00
Viet Hoang
15dc684d34
docs: Integration with GreenNode Serverless AI ( #31836 )
2025-07-05 13:48:35 -04:00
Nithish Raghunandanan
8bdb1de006
[docs] Update couchbase provider, vector store & features list ( #31719 )
2025-07-05 13:34:48 -04:00
Mohammad Mohtashim
b26d2250ba
core[patch]: Int Combine when Merging Dicts ( #31572 )
...
- **Description:** Combining the Int Types by adding them which makes
the most sense.
- **Issue:** #31565
2025-07-04 14:44:16 -04:00
Mason Daugherty
6a5073b227
langchain[patch]: Add bandit rules ( #31818 )
...
Integrate Bandit for security analysis, suppress warnings for specific issues, and address potential vulnerabilities such as hardcoded passwords and SQL injection risks. Adjust documentation and formatting for clarity.
2025-07-03 14:20:33 -04:00
ccurme
df06041eb2
docs: Anthropic search_result nits ( #31855 )
2025-07-03 14:12:10 -04:00
ccurme
ade642b7c5
Revert "infra: temporarily skip tests" ( #31854 )
...
Reverts langchain-ai/langchain#31853
2025-07-03 13:55:29 -04:00
ccurme
c9f45dc323
infra: temporarily skip tests ( #31853 )
...
Tests failed twice with different timeout errors.
2025-07-03 13:39:14 -04:00
ccurme
f88fff0b8a
anthropic: release 0.3.17 ( #31852 )
2025-07-03 13:18:43 -04:00
ccurme
7cb9388c33
Revert "infra: drop anthropic from core test matrix" ( #31851 )
...
Reverts langchain-ai/langchain#31850
2025-07-03 17:14:26 +00:00
ccurme
21664985c7
infra: drop anthropic from core test matrix ( #31850 )
...
Overloaded errors blocking release. Will revert after.
2025-07-03 12:52:25 -04:00
ccurme
b140d16696
docs: update ChatAnthropic guide ( #31849 )
2025-07-03 12:51:11 -04:00
ccurme
2090f85789
core: release 0.3.68 ( #31848 )
...
Also add `search_result` to recognized tool message block types.
2025-07-03 12:36:25 -04:00
Mason Daugherty
572020c4d8
ollama: add validate_model_on_init
, catch more errors ( #31784 )
...
* Ensure access to local model during `ChatOllama` instantiation
(#27720 ). This adds a new param `validate_model_on_init` (default:
`true`)
* Catch a few more errors from the Ollama client to assist users
2025-07-03 11:07:11 -04:00
Mason Daugherty
1a3a8db3c9
docs: anthropic formatting cleanup ( #31847 )
...
inline URLs, capitalization, code blocks
2025-07-03 14:50:23 +00:00
Christophe Bornet
ee3709535d
text-splitters: bump spacy version to 3.8.7 ( #31834 )
...
This allows to use spacy with Python 3.13
2025-07-03 10:13:25 -04:00
Christophe Bornet
b8e9b4adfc
cli: Add ruff rule UP (pyupgrade) ( #31843 )
...
See https://docs.astral.sh/ruff/rules/#pyupgrade-up
All auto-fixed
Co-authored-by: Eugene Yurtsev <eyurtsev@gmail.com>
2025-07-03 14:12:46 +00:00
Christophe Bornet
cd7dce687a
standard-tests: Add ruff rule UP (pyupgrade) ( #31842 )
...
See https://docs.astral.sh/ruff/rules/#pyupgrade-up
All auto-fixed
2025-07-03 10:12:31 -04:00
Christophe Bornet
802d2bf249
text-splitters: Add ruff rule UP (pyupgrade) ( #31841 )
...
See https://docs.astral.sh/ruff/rules/#pyupgrade-up
All auto-fixed except `typing.AbstractSet` -> `collections.abc.Set`
2025-07-03 10:11:35 -04:00
Mason Daugherty
911b0b69ea
groq: Add service tier option to ChatGroq ( #31801 )
...
- Allows users to select a [flex
processing](https://console.groq.com/docs/flex-processing ) service tier
2025-07-03 10:11:18 -04:00
Eugene Yurtsev
10ec5c8f02
text-splitters: 0.3.9 ( #31844 )
...
Release langchain-text-splitters 0.3.9
2025-07-03 10:02:35 -04:00
Eugene Yurtsev
6dca787a9d
ci: set explicit workflow permissions ( #31830 )
...
* Set explicit workflow permissions
* Should be a no-op since we're using restricted GITHUB_TOKENs by
default
2025-07-03 10:02:18 -04:00
Christophe Bornet
46745f91b5
core: Use parametric tests in test_openai_tools ( #31839 )
2025-07-03 08:43:46 -04:00
Eugene Yurtsev
181c22c512
update CODEOWNERS ( #31831 )
...
Update CODEOWNERS
2025-07-02 17:31:49 -04:00
Cole Murray
43eef43550
security: Remove xslt_path and harden XML parsers in HTMLSectionSplitter: package: langchain-text-splitters ( #31819 )
...
## Summary
- Removes the `xslt_path` parameter from HTMLSectionSplitter to
eliminate XXE attack vector
- Hardens XML/HTML parsers with secure configurations to prevent XXE
attacks
- Adds comprehensive security tests to ensure the vulnerability is fixed
## Context
This PR addresses a critical XXE vulnerability discovered in the
HTMLSectionSplitter component. The vulnerability allowed attackers to:
- Read sensitive local files (SSH keys, passwords, configuration files)
- Perform Server-Side Request Forgery (SSRF) attacks
- Exfiltrate data to attacker-controlled servers
## Changes Made
1. **Removed `xslt_path` parameter** - This eliminates the primary
attack vector where users could supply malicious XSLT files
2. **Hardened XML parsers** - Added security configurations to prevent
XXE attacks even with the default XSLT:
- `no_network=True` - Blocks network access
- `resolve_entities=False` - Prevents entity expansion -
`load_dtd=False` - Disables DTD processing -
`XSLTAccessControl.DENY_ALL` - Blocks all file/network I/O in XSLT
transformations
3. **Added security tests** - New test file `test_html_security.py` with
comprehensive tests for various XXE attack vectors
4. **Updated existing tests** - Modified tests that were using the
removed `xslt_path` parameter
## Test Plan
- [x] All existing tests pass
- [x] New security tests verify XXE attacks are blocked
- [x] Code passes linting and formatting checks
- [x] Tested with both old and new versions of lxml
Twitter handle: @_colemurray
2025-07-02 15:24:08 -04:00
Mason Daugherty
815d11ed6a
docs: Add PR info doc ( #31833 )
2025-07-02 19:20:27 +00:00
Eugene Yurtsev
73fefe0295
core[path]: Use context manager for FileCallbackHandler ( #31813 )
...
Recommend using context manager for FileCallbackHandler to avoid opening
too many file descriptors
---------
Co-authored-by: Mason Daugherty <github@mdrxy.com>
2025-07-02 13:31:58 -04:00
ojumah20
377e5f5204
docs: Update agents.ipynb ( #31820 )
2025-07-02 10:42:28 -04:00
Mason Daugherty
eb12294583
langchain-xai[patch]: Add ruff bandit rules to linter ( #31816 )
...
- Add ruff bandit rules
- Some formatting
2025-07-01 18:59:06 +00:00
Mason Daugherty
86a698d1b6
langchain-qdrant[patch]: Add ruff bandit rules to linter ( #31815 )
...
- Add ruff bandit rules
- Address a few s101s
- Some formatting
2025-07-01 18:42:55 +00:00
Mason Daugherty
b03e326231
langchain-prompty[patch]: Add ruff bandit rules to linter ( #31814 )
...
- Add ruff bandit rules
- Address some s101 assertion warnings
- Address s506 by using `yaml.safe_load()`
2025-07-01 18:32:02 +00:00
Mason Daugherty
3190c4132f
langchain-perplexity[patch]: Add ruff bandit rules to linter ( #31812 )
...
- Add ruff bandit rules
2025-07-01 18:17:28 +00:00
Mason Daugherty
f30fe07620
update pyproject.toml flake8 comment ( #31810 )
2025-07-01 18:16:38 +00:00
Mason Daugherty
d0dce5315f
langchain-ollama[patch]: Add ruff bandit rules to linter ( #31811 )
...
- Add ruff bandit rules
2025-07-01 18:16:07 +00:00
Mason Daugherty
c9e1ce2966
groq: release 0.3.5 ( #31809 )
2025-07-01 13:21:23 -04:00
Mason Daugherty
404d8408f4
langchain-nomic[patch]: Add ruff bandit rules to linter ( #31805 )
...
- Add ruff bandit rules
- Some formatting
2025-07-01 11:39:11 -04:00
Mason Daugherty
0279af60b5
langchain-mistralai[patch]: Add ruff bandit rules to linter, formatting ( #31803 )
...
- Add ruff bandit rules
- Address a s101 error
- Formatting
2025-07-01 11:08:01 -04:00
Mason Daugherty
425ee52581
langchain-huggingface[patch]: Add ruff bandit rules to linter ( #31798 )
...
- Add ruff bandit rules
2025-07-01 11:07:52 -04:00
Mason Daugherty
0efaa483e4
langchain-groq[patch]: Add ruff bandit rules to linter ( #31797 )
...
- Add ruff bandit rules
- Address s105 errors
2025-07-01 11:07:42 -04:00
Mason Daugherty
479b6fd7c5
langchain-fireworks[patch]: Add ruff bandit rules to linter ( #31796 )
...
- Add ruff bandit rules
- Address a s113 error
2025-07-01 11:07:26 -04:00