mirror of
https://github.com/hwchase17/langchain.git
synced 2026-05-18 13:37:17 +00:00
0f4f3f74c8
## Summary Bumps `pygments` to `>=2.20.0` across all 21 affected packages to address [CVE-2026-4539](https://github.com/advisories/GHSA-XXXX) — ReDoS via inefficient GUID regex in Pygments. - **Severity:** Low - **Fixed in:** 2.20.0 (was 2.19.2) - **Change:** Added `pygments>=2.20.0` to `constraint-dependencies` in `[tool.uv]` for each package, then ran `uv lock --upgrade-package pygments` to regenerate lock files. Closes Dependabot alerts #3435–#3455. ## Release Note Patch deps ### Test Plan - [x] CI Green 🙏 Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
145 lines
4.2 KiB
TOML
145 lines
4.2 KiB
TOML
[build-system]
|
|
requires = ["hatchling"]
|
|
build-backend = "hatchling.build"
|
|
|
|
[project]
|
|
name = "langchain-exa"
|
|
version = "1.1.0"
|
|
description = "An integration package connecting Exa and LangChain"
|
|
license = { text = "MIT" }
|
|
readme = "README.md"
|
|
classifiers = [
|
|
"Development Status :: 5 - Production/Stable",
|
|
"Intended Audience :: Developers",
|
|
"License :: OSI Approved :: MIT License",
|
|
"Programming Language :: Python :: 3",
|
|
"Programming Language :: Python :: 3.10",
|
|
"Programming Language :: Python :: 3.11",
|
|
"Programming Language :: Python :: 3.12",
|
|
"Programming Language :: Python :: 3.13",
|
|
"Programming Language :: Python :: 3.14",
|
|
"Topic :: Scientific/Engineering :: Artificial Intelligence",
|
|
]
|
|
requires-python = ">=3.10.0,<4.0.0"
|
|
dependencies = [
|
|
"langchain-core>=1.2.22,<2.0.0",
|
|
"exa-py>=1.0.8,<2.0.0"
|
|
]
|
|
|
|
[project.urls]
|
|
Homepage = "https://docs.langchain.com/oss/python/integrations/providers/exa_search"
|
|
Documentation = "https://reference.langchain.com/python/integrations/langchain_exa/"
|
|
Repository = "https://github.com/langchain-ai/langchain"
|
|
Issues = "https://github.com/langchain-ai/langchain/issues"
|
|
Changelog = "https://github.com/langchain-ai/langchain/releases?q=%22langchain-exa%22"
|
|
Twitter = "https://x.com/LangChain"
|
|
Slack = "https://www.langchain.com/join-community"
|
|
Reddit = "https://www.reddit.com/r/LangChain/"
|
|
|
|
[dependency-groups]
|
|
test = [
|
|
"pytest>=7.3.0,<8.0.0",
|
|
"pytest-mock>=3.10.0,<4.0.0",
|
|
"pytest-watcher>=0.3.4,<1.0.0",
|
|
"pytest-asyncio>=0.21.1,<1.0.0",
|
|
"pytest-benchmark",
|
|
"freezegun>=1.2.2,<2.0.0",
|
|
"syrupy>=4.0.2,<5.0.0",
|
|
"langchain-core",
|
|
"langchain-tests",
|
|
]
|
|
lint = ["ruff>=0.13.1,<0.14.0"]
|
|
dev = ["langchain-core"]
|
|
test_integration = []
|
|
typing = [
|
|
"mypy>=1.10.0,<2.0.0",
|
|
"langchain-core",
|
|
]
|
|
|
|
|
|
[tool.uv]
|
|
constraint-dependencies = ["pygments>=2.20.0"]
|
|
|
|
[tool.uv.sources]
|
|
langchain-core = { path = "../../core", editable = true }
|
|
langchain-tests = { path = "../../standard-tests", editable = true }
|
|
|
|
[tool.mypy]
|
|
disallow_untyped_defs = "True"
|
|
|
|
[tool.ruff.format]
|
|
docstring-code-format = true
|
|
|
|
[tool.ruff.lint]
|
|
select = [
|
|
"A", # flake8-builtins
|
|
"ASYNC", # flake8-async
|
|
"C4", # flake8-comprehensions
|
|
"COM", # flake8-commas
|
|
"D", # pydocstyle
|
|
"E", # pycodestyle error
|
|
"EM", # flake8-errmsg
|
|
"F", # pyflakes
|
|
"FA", # flake8-future-annotations
|
|
"FBT", # flake8-boolean-trap
|
|
"FLY", # flake8-flynt
|
|
"I", # isort
|
|
"ICN", # flake8-import-conventions
|
|
"INT", # flake8-gettext
|
|
"ISC", # isort-comprehensions
|
|
"PGH", # pygrep-hooks
|
|
"PIE", # flake8-pie
|
|
"PERF", # flake8-perf
|
|
"PYI", # flake8-pyi
|
|
"Q", # flake8-quotes
|
|
"RET", # flake8-return
|
|
"RSE", # flake8-rst-docstrings
|
|
"RUF", # ruff
|
|
"S", # flake8-bandit
|
|
"SLF", # flake8-self
|
|
"SLOT", # flake8-slots
|
|
"SIM", # flake8-simplify
|
|
"T10", # flake8-debugger
|
|
"T20", # flake8-print
|
|
"TID", # flake8-tidy-imports
|
|
"UP", # pyupgrade
|
|
"W", # pycodestyle warning
|
|
"YTT", # flake8-2020
|
|
]
|
|
ignore = [
|
|
"COM812", # Messes with the formatter
|
|
"ISC001", # Messes with the formatter
|
|
"PERF203", # Rarely useful
|
|
"S112", # Rarely useful
|
|
"RUF012", # Doesn't play well with Pydantic
|
|
"SLF001", # Private member access
|
|
]
|
|
unfixable = ["B028"] # People should intentionally tune the stacklevel
|
|
|
|
[tool.coverage.run]
|
|
omit = ["tests/*"]
|
|
|
|
[tool.pytest.ini_options]
|
|
addopts = "--snapshot-warn-unused --strict-markers --strict-config --durations=5"
|
|
markers = [
|
|
"requires: mark tests as requiring a specific library",
|
|
"compile: mark placeholder test used to compile integration tests without running them",
|
|
]
|
|
asyncio_mode = "auto"
|
|
|
|
[tool.ruff.lint.pydocstyle]
|
|
convention = "google"
|
|
ignore-var-parameters = true # ignore missing documentation for *args and **kwargs parameters
|
|
|
|
[tool.ruff.lint.flake8-tidy-imports]
|
|
ban-relative-imports = "all"
|
|
|
|
[tool.ruff.lint.extend-per-file-ignores]
|
|
"tests/**/*.py" = [
|
|
"S101", # Tests need assertions
|
|
"S311", # Standard pseudo-random generators are not suitable for cryptographic purposes
|
|
]
|
|
"scripts/*.py" = [
|
|
"INP001", # Not a package
|
|
]
|