docs: add admonition to DSPy integration page in v0.2 docs (#31277)

Patch for CVE-2024-8309 to the v0.2.x branch of langchain

https://nvd.nist.gov/vuln/detail/cve-2024-8309

docs/docs/integrations/providers/dspy.ipynb

@@ -7,6 +7,12 @@
    "source": [
     "# DSPy\n",
     "\n",
+    ":::important\n",
+    "\n",
+    "DSPy removed its integration with LangChain in [version 2.6.6](https://github.com/stanfordnlp/dspy/compare/2.6.5...2.6.6). See this [related issue](https://github.com/stanfordnlp/dspy/issues/7782) in the DSPy Github. The integration below is no longer supported.\n",
+    "\n",
+    ":::\n",
+    "\n",
     ">[DSPy](https://github.com/stanfordnlp/dspy) is a fantastic framework for LLMs that introduces an automatic compiler that teaches LMs how to conduct the declarative steps in your program. Specifically, the DSPy compiler will internally trace your program and then craft high-quality prompts for large LMs (or train automatic finetunes for small LMs) to teach them the steps of your task.\n",
     "\n",
     "Thanks to [Omar Khattab](https://twitter.com/lateinteraction) we have an integration! It works with any LCEL chains with some minor modifications.\n",

libs/community/langchain_community/chains/graph_qa/arangodb.py

@@ -57,6 +57,37 @@ class ArangoGraphQAChain(Chain):
     # Specify the maximum amount of AQL Generation attempts that should be made
     max_aql_generation_attempts: int = 3
 
+    allow_dangerous_requests: bool = False
+    """Forced user opt-in to acknowledge that the chain can make dangerous requests.
+
+    *Security note*: Make sure that the database connection uses credentials
+        that are narrowly-scoped to only include necessary permissions.
+        Failure to do so may result in data corruption or loss, since the calling
+        code may attempt commands that would result in deletion, mutation
+        of data if appropriately prompted or reading sensitive data if such
+        data is present in the database.
+        The best way to guard against such negative outcomes is to (as appropriate)
+        limit the permissions granted to the credentials used with this tool.
+
+        See https://python.langchain.com/docs/security for more information.
+    """
+
+    def __init__(self, **kwargs: Any) -> None:
+        """Initialize the chain."""
+        super().__init__(**kwargs)
+        if self.allow_dangerous_requests is not True:
+            raise ValueError(
+                "In order to use this chain, you must acknowledge that it can make "
+                "dangerous requests by setting `allow_dangerous_requests` to `True`."
+                "You must narrowly scope the permissions of the database connection "
+                "to only include necessary permissions. Failure to do so may result "
+                "in data corruption or loss or reading sensitive data if such data is "
+                "present in the database."
+                "Only use this chain if you understand the risks and have taken the "
+                "necessary precautions. "
+                "See https://python.langchain.com/docs/security for more information."
+            )
+
     @property
     def input_keys(self) -> List[str]:
         return [self.input_key]

libs/community/langchain_community/chains/graph_qa/cypher.py

@@ -180,6 +180,36 @@ class GraphCypherQAChain(Chain):
     """Optional cypher validation tool"""
     use_function_response: bool = False
     """Whether to wrap the database context as tool/function response"""
+    allow_dangerous_requests: bool = False
+    """Forced user opt-in to acknowledge that the chain can make dangerous requests.
+    
+    *Security note*: Make sure that the database connection uses credentials
+        that are narrowly-scoped to only include necessary permissions.
+        Failure to do so may result in data corruption or loss, since the calling
+        code may attempt commands that would result in deletion, mutation
+        of data if appropriately prompted or reading sensitive data if such
+        data is present in the database.
+        The best way to guard against such negative outcomes is to (as appropriate)
+        limit the permissions granted to the credentials used with this tool.
+
+        See https://python.langchain.com/docs/security for more information.
+    """
+
+    def __init__(self, **kwargs: Any) -> None:
+        """Initialize the chain."""
+        super().__init__(**kwargs)
+        if self.allow_dangerous_requests is not True:
+            raise ValueError(
+                "In order to use this chain, you must acknowledge that it can make "
+                "dangerous requests by setting `allow_dangerous_requests` to `True`."
+                "You must narrowly scope the permissions of the database connection "
+                "to only include necessary permissions. Failure to do so may result "
+                "in data corruption or loss or reading sensitive data if such data is "
+                "present in the database."
+                "Only use this chain if you understand the risks and have taken the "
+                "necessary precautions. "
+                "See https://python.langchain.com/docs/security for more information."
+            )
 
     @property
     def input_keys(self) -> List[str]:

libs/community/langchain_community/chains/graph_qa/falkordb.py

@@ -66,6 +66,37 @@ class FalkorDBQAChain(Chain):
     return_direct: bool = False
     """Whether or not to return the result of querying the graph directly."""
 
+    allow_dangerous_requests: bool = False
+    """Forced user opt-in to acknowledge that the chain can make dangerous requests.
+
+    *Security note*: Make sure that the database connection uses credentials
+        that are narrowly-scoped to only include necessary permissions.
+        Failure to do so may result in data corruption or loss, since the calling
+        code may attempt commands that would result in deletion, mutation
+        of data if appropriately prompted or reading sensitive data if such
+        data is present in the database.
+        The best way to guard against such negative outcomes is to (as appropriate)
+        limit the permissions granted to the credentials used with this tool.
+
+        See https://python.langchain.com/docs/security for more information.
+    """
+
+    def __init__(self, **kwargs: Any) -> None:
+        """Initialize the chain."""
+        super().__init__(**kwargs)
+        if self.allow_dangerous_requests is not True:
+            raise ValueError(
+                "In order to use this chain, you must acknowledge that it can make "
+                "dangerous requests by setting `allow_dangerous_requests` to `True`."
+                "You must narrowly scope the permissions of the database connection "
+                "to only include necessary permissions. Failure to do so may result "
+                "in data corruption or loss or reading sensitive data if such data is "
+                "present in the database."
+                "Only use this chain if you understand the risks and have taken the "
+                "necessary precautions. "
+                "See https://python.langchain.com/docs/security for more information."
+            )
+
     @property
     def input_keys(self) -> List[str]:
         """Return the input keys.

libs/community/langchain_community/chains/graph_qa/gremlin.py

@@ -63,6 +63,37 @@ class GremlinQAChain(Chain):
     return_direct: bool = False
     return_intermediate_steps: bool = False
 
+    allow_dangerous_requests: bool = False
+    """Forced user opt-in to acknowledge that the chain can make dangerous requests.
+
+    *Security note*: Make sure that the database connection uses credentials
+        that are narrowly-scoped to only include necessary permissions.
+        Failure to do so may result in data corruption or loss, since the calling
+        code may attempt commands that would result in deletion, mutation
+        of data if appropriately prompted or reading sensitive data if such
+        data is present in the database.
+        The best way to guard against such negative outcomes is to (as appropriate)
+        limit the permissions granted to the credentials used with this tool.
+
+        See https://python.langchain.com/docs/security for more information.
+    """
+
+    def __init__(self, **kwargs: Any) -> None:
+        """Initialize the chain."""
+        super().__init__(**kwargs)
+        if self.allow_dangerous_requests is not True:
+            raise ValueError(
+                "In order to use this chain, you must acknowledge that it can make "
+                "dangerous requests by setting `allow_dangerous_requests` to `True`."
+                "You must narrowly scope the permissions of the database connection "
+                "to only include necessary permissions. Failure to do so may result "
+                "in data corruption or loss or reading sensitive data if such data is "
+                "present in the database."
+                "Only use this chain if you understand the risks and have taken the "
+                "necessary precautions. "
+                "See https://python.langchain.com/docs/security for more information."
+            )
+
     @property
     def input_keys(self) -> List[str]:
         """Input keys.

libs/community/langchain_community/chains/graph_qa/hugegraph.py

@@ -39,6 +39,37 @@ class HugeGraphQAChain(Chain):
     input_key: str = "query"  #: :meta private:
     output_key: str = "result"  #: :meta private:
 
+    allow_dangerous_requests: bool = False
+    """Forced user opt-in to acknowledge that the chain can make dangerous requests.
+
+    *Security note*: Make sure that the database connection uses credentials
+        that are narrowly-scoped to only include necessary permissions.
+        Failure to do so may result in data corruption or loss, since the calling
+        code may attempt commands that would result in deletion, mutation
+        of data if appropriately prompted or reading sensitive data if such
+        data is present in the database.
+        The best way to guard against such negative outcomes is to (as appropriate)
+        limit the permissions granted to the credentials used with this tool.
+
+        See https://python.langchain.com/docs/security for more information.
+    """
+
+    def __init__(self, **kwargs: Any) -> None:
+        """Initialize the chain."""
+        super().__init__(**kwargs)
+        if self.allow_dangerous_requests is not True:
+            raise ValueError(
+                "In order to use this chain, you must acknowledge that it can make "
+                "dangerous requests by setting `allow_dangerous_requests` to `True`."
+                "You must narrowly scope the permissions of the database connection "
+                "to only include necessary permissions. Failure to do so may result "
+                "in data corruption or loss or reading sensitive data if such data is "
+                "present in the database."
+                "Only use this chain if you understand the risks and have taken the "
+                "necessary precautions. "
+                "See https://python.langchain.com/docs/security for more information."
+            )
+
     @property
     def input_keys(self) -> List[str]:
         """Input keys.

libs/community/langchain_community/chains/graph_qa/kuzu.py

@@ -73,6 +73,37 @@ class KuzuQAChain(Chain):
     input_key: str = "query"  #: :meta private:
     output_key: str = "result"  #: :meta private:
 
+    allow_dangerous_requests: bool = False
+    """Forced user opt-in to acknowledge that the chain can make dangerous requests.
+
+    *Security note*: Make sure that the database connection uses credentials
+        that are narrowly-scoped to only include necessary permissions.
+        Failure to do so may result in data corruption or loss, since the calling
+        code may attempt commands that would result in deletion, mutation
+        of data if appropriately prompted or reading sensitive data if such
+        data is present in the database.
+        The best way to guard against such negative outcomes is to (as appropriate)
+        limit the permissions granted to the credentials used with this tool.
+
+        See https://python.langchain.com/docs/security for more information.
+    """
+
+    def __init__(self, **kwargs: Any) -> None:
+        """Initialize the chain."""
+        super().__init__(**kwargs)
+        if self.allow_dangerous_requests is not True:
+            raise ValueError(
+                "In order to use this chain, you must acknowledge that it can make "
+                "dangerous requests by setting `allow_dangerous_requests` to `True`."
+                "You must narrowly scope the permissions of the database connection "
+                "to only include necessary permissions. Failure to do so may result "
+                "in data corruption or loss or reading sensitive data if such data is "
+                "present in the database."
+                "Only use this chain if you understand the risks and have taken the "
+                "necessary precautions. "
+                "See https://python.langchain.com/docs/security for more information."
+            )
+
     @property
     def input_keys(self) -> List[str]:
         """Return the input keys.

libs/community/langchain_community/chains/graph_qa/nebulagraph.py

@@ -39,6 +39,37 @@ class NebulaGraphQAChain(Chain):
     input_key: str = "query"  #: :meta private:
     output_key: str = "result"  #: :meta private:
 
+    allow_dangerous_requests: bool = False
+    """Forced user opt-in to acknowledge that the chain can make dangerous requests.
+
+    *Security note*: Make sure that the database connection uses credentials
+        that are narrowly-scoped to only include necessary permissions.
+        Failure to do so may result in data corruption or loss, since the calling
+        code may attempt commands that would result in deletion, mutation
+        of data if appropriately prompted or reading sensitive data if such
+        data is present in the database.
+        The best way to guard against such negative outcomes is to (as appropriate)
+        limit the permissions granted to the credentials used with this tool.
+
+        See https://python.langchain.com/docs/security for more information.
+    """
+
+    def __init__(self, **kwargs: Any) -> None:
+        """Initialize the chain."""
+        super().__init__(**kwargs)
+        if self.allow_dangerous_requests is not True:
+            raise ValueError(
+                "In order to use this chain, you must acknowledge that it can make "
+                "dangerous requests by setting `allow_dangerous_requests` to `True`."
+                "You must narrowly scope the permissions of the database connection "
+                "to only include necessary permissions. Failure to do so may result "
+                "in data corruption or loss or reading sensitive data if such data is "
+                "present in the database."
+                "Only use this chain if you understand the risks and have taken the "
+                "necessary precautions. "
+                "See https://python.langchain.com/docs/security for more information."
+            )
+
     @property
     def input_keys(self) -> List[str]:
         """Return the input keys.

libs/community/langchain_community/chains/graph_qa/neptune_cypher.py

@@ -120,6 +120,37 @@ class NeptuneOpenCypherQAChain(Chain):
     extra_instructions: Optional[str] = None
     """Extra instructions by the appended to the query generation prompt."""
 
+    allow_dangerous_requests: bool = False
+    """Forced user opt-in to acknowledge that the chain can make dangerous requests.
+
+    *Security note*: Make sure that the database connection uses credentials
+        that are narrowly-scoped to only include necessary permissions.
+        Failure to do so may result in data corruption or loss, since the calling
+        code may attempt commands that would result in deletion, mutation
+        of data if appropriately prompted or reading sensitive data if such
+        data is present in the database.
+        The best way to guard against such negative outcomes is to (as appropriate)
+        limit the permissions granted to the credentials used with this tool.
+
+        See https://python.langchain.com/docs/security for more information.
+    """
+
+    def __init__(self, **kwargs: Any) -> None:
+        """Initialize the chain."""
+        super().__init__(**kwargs)
+        if self.allow_dangerous_requests is not True:
+            raise ValueError(
+                "In order to use this chain, you must acknowledge that it can make "
+                "dangerous requests by setting `allow_dangerous_requests` to `True`."
+                "You must narrowly scope the permissions of the database connection "
+                "to only include necessary permissions. Failure to do so may result "
+                "in data corruption or loss or reading sensitive data if such data is "
+                "present in the database."
+                "Only use this chain if you understand the risks and have taken the "
+                "necessary precautions. "
+                "See https://python.langchain.com/docs/security for more information."
+            )
+
     @property
     def input_keys(self) -> List[str]:
         """Return the input keys.

libs/community/langchain_community/chains/graph_qa/neptune_sparql.py

@@ -113,6 +113,37 @@ class NeptuneSparqlQAChain(Chain):
     extra_instructions: Optional[str] = None
     """Extra instructions by the appended to the query generation prompt."""
 
+    allow_dangerous_requests: bool = False
+    """Forced user opt-in to acknowledge that the chain can make dangerous requests.
+
+    *Security note*: Make sure that the database connection uses credentials
+        that are narrowly-scoped to only include necessary permissions.
+        Failure to do so may result in data corruption or loss, since the calling
+        code may attempt commands that would result in deletion, mutation
+        of data if appropriately prompted or reading sensitive data if such
+        data is present in the database.
+        The best way to guard against such negative outcomes is to (as appropriate)
+        limit the permissions granted to the credentials used with this tool.
+
+        See https://python.langchain.com/docs/security for more information.
+    """
+
+    def __init__(self, **kwargs: Any) -> None:
+        """Initialize the chain."""
+        super().__init__(**kwargs)
+        if self.allow_dangerous_requests is not True:
+            raise ValueError(
+                "In order to use this chain, you must acknowledge that it can make "
+                "dangerous requests by setting `allow_dangerous_requests` to `True`."
+                "You must narrowly scope the permissions of the database connection "
+                "to only include necessary permissions. Failure to do so may result "
+                "in data corruption or loss or reading sensitive data if such data is "
+                "present in the database."
+                "Only use this chain if you understand the risks and have taken the "
+                "necessary precautions. "
+                "See https://python.langchain.com/docs/security for more information."
+            )
+
     @property
     def input_keys(self) -> List[str]:
         return [self.input_key]

libs/community/langchain_community/chains/graph_qa/ontotext_graphdb.py

@@ -46,6 +46,37 @@ class OntotextGraphDBQAChain(Chain):
     input_key: str = "query"  #: :meta private:
     output_key: str = "result"  #: :meta private:
 
+    allow_dangerous_requests: bool = False
+    """Forced user opt-in to acknowledge that the chain can make dangerous requests.
+
+    *Security note*: Make sure that the database connection uses credentials
+        that are narrowly-scoped to only include necessary permissions.
+        Failure to do so may result in data corruption or loss, since the calling
+        code may attempt commands that would result in deletion, mutation
+        of data if appropriately prompted or reading sensitive data if such
+        data is present in the database.
+        The best way to guard against such negative outcomes is to (as appropriate)
+        limit the permissions granted to the credentials used with this tool.
+
+        See https://python.langchain.com/docs/security for more information.
+    """
+
+    def __init__(self, **kwargs: Any) -> None:
+        """Initialize the chain."""
+        super().__init__(**kwargs)
+        if self.allow_dangerous_requests is not True:
+            raise ValueError(
+                "In order to use this chain, you must acknowledge that it can make "
+                "dangerous requests by setting `allow_dangerous_requests` to `True`."
+                "You must narrowly scope the permissions of the database connection "
+                "to only include necessary permissions. Failure to do so may result "
+                "in data corruption or loss or reading sensitive data if such data is "
+                "present in the database."
+                "Only use this chain if you understand the risks and have taken the "
+                "necessary precautions. "
+                "See https://python.langchain.com/docs/security for more information."
+            )
+
     @property
     def input_keys(self) -> List[str]:
         return [self.input_key]

libs/community/langchain_community/chains/graph_qa/sparql.py

@@ -47,6 +47,37 @@ class GraphSparqlQAChain(Chain):
     output_key: str = "result"  #: :meta private:
     sparql_query_key: str = "sparql_query"  #: :meta private:
 
+    allow_dangerous_requests: bool = False
+    """Forced user opt-in to acknowledge that the chain can make dangerous requests.
+
+    *Security note*: Make sure that the database connection uses credentials
+        that are narrowly-scoped to only include necessary permissions.
+        Failure to do so may result in data corruption or loss, since the calling
+        code may attempt commands that would result in deletion, mutation
+        of data if appropriately prompted or reading sensitive data if such
+        data is present in the database.
+        The best way to guard against such negative outcomes is to (as appropriate)
+        limit the permissions granted to the credentials used with this tool.
+
+        See https://python.langchain.com/docs/security for more information.
+    """
+
+    def __init__(self, **kwargs: Any) -> None:
+        """Initialize the chain."""
+        super().__init__(**kwargs)
+        if self.allow_dangerous_requests is not True:
+            raise ValueError(
+                "In order to use this chain, you must acknowledge that it can make "
+                "dangerous requests by setting `allow_dangerous_requests` to `True`."
+                "You must narrowly scope the permissions of the database connection "
+                "to only include necessary permissions. Failure to do so may result "
+                "in data corruption or loss or reading sensitive data if such data is "
+                "present in the database."
+                "Only use this chain if you understand the risks and have taken the "
+                "necessary precautions. "
+                "See https://python.langchain.com/docs/security for more information."
+            )
+
     @property
     def input_keys(self) -> List[str]:
         """Return the input keys.

libs/community/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "poetry.core.masonry.api"
 
 [tool.poetry]
 name = "langchain-community"
-version = "0.2.18"
+version = "0.2.19"
 description = "Community contributed LangChain integrations."
 authors = []
 license = "MIT"

libs/community/tests/unit_tests/chains/test_graph_qa.py

@@ -59,6 +59,7 @@ def test_graph_cypher_qa_chain_prompt_selection_1() -> None:
         return_intermediate_steps=False,
         qa_prompt=qa_prompt,
         cypher_prompt=cypher_prompt,
+        allow_dangerous_requests=True,
     )
     assert chain.qa_chain.prompt == qa_prompt  # type: ignore[union-attr]
     assert chain.cypher_generation_chain.prompt == cypher_prompt
@@ -71,6 +72,7 @@ def test_graph_cypher_qa_chain_prompt_selection_2() -> None:
         graph=FakeGraphStore(),
         verbose=True,
         return_intermediate_steps=False,
+        allow_dangerous_requests=True,
     )
     assert chain.qa_chain.prompt == CYPHER_QA_PROMPT  # type: ignore[union-attr]
     assert chain.cypher_generation_chain.prompt == CYPHER_GENERATION_PROMPT
@@ -87,6 +89,7 @@ def test_graph_cypher_qa_chain_prompt_selection_3() -> None:
         return_intermediate_steps=False,
         cypher_llm_kwargs={"memory": readonlymemory},
         qa_llm_kwargs={"memory": readonlymemory},
+        allow_dangerous_requests=True,
     )
     assert chain.qa_chain.prompt == CYPHER_QA_PROMPT  # type: ignore[union-attr]
     assert chain.cypher_generation_chain.prompt == CYPHER_GENERATION_PROMPT
@@ -107,6 +110,7 @@ def test_graph_cypher_qa_chain_prompt_selection_4() -> None:
         return_intermediate_steps=False,
         cypher_llm_kwargs={"prompt": cypher_prompt, "memory": readonlymemory},
         qa_llm_kwargs={"prompt": qa_prompt, "memory": readonlymemory},
+        allow_dangerous_requests=True,
     )
     assert chain.qa_chain.prompt == qa_prompt  # type: ignore[union-attr]
     assert chain.cypher_generation_chain.prompt == cypher_prompt
@@ -130,6 +134,7 @@ def test_graph_cypher_qa_chain_prompt_selection_5() -> None:
             cypher_prompt=cypher_prompt,
             cypher_llm_kwargs={"memory": readonlymemory},
             qa_llm_kwargs={"memory": readonlymemory},
+            allow_dangerous_requests=True,
         )
         assert False
     except ValueError:
@@ -181,6 +186,7 @@ def test_graph_cypher_qa_chain() -> None:
         return_intermediate_steps=False,
         cypher_llm_kwargs={"prompt": prompt, "memory": readonlymemory},
         memory=memory,
+        allow_dangerous_requests=True,
     )
     chain.run("Test question")
     chain.run("Test new question")