mirror of https://github.com/hwchase17/langchain.git synced 2026-04-03 10:55:08 +00:00

Files

John Kennedy 0f4f3f74c8 chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385 )

## Summary

Bumps `pygments` to `>=2.20.0` across all 21 affected packages to
address [CVE-2026-4539](https://github.com/advisories/GHSA-XXXX) — ReDoS
via inefficient GUID regex in Pygments.

- **Severity:** Low
- **Fixed in:** 2.20.0 (was 2.19.2)
- **Change:** Added `pygments>=2.20.0` to `constraint-dependencies` in
`[tool.uv]` for each package, then ran `uv lock --upgrade-package
pygments` to regenerate lock files.

Closes Dependabot alerts #3435–#3455.

## Release Note
Patch deps

### Test Plan
 - [x] CI Green 🙏

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-30 23:26:59 -04:00

langchain_text_splitters

fix(text-splitters): prevent silent data loss for empty dict values in RecursiveJsonSplitter (#35079 )

2026-03-28 21:27:53 -04:00

scripts

ci: avoid unnecessary dep installs in lint targets (#36046 )

2026-03-17 21:23:29 -04:00

tests

fix(text-splitters): prevent silent data loss for empty dict values in RecursiveJsonSplitter (#35079 )

2026-03-28 21:27:53 -04:00

extended_testing_deps.txt

fix: support python 3.14 in various projects (#33575 )

2025-10-17 11:06:23 -04:00

Makefile

fix(infra): correct lint_diff relative paths in package makefiles (#36333 )

2026-03-28 02:32:02 -04:00

pyproject.toml

chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385 )

2026-03-30 23:26:59 -04:00

README.md

chore: update twitter URLs (#34736 )

2026-01-13 01:54:11 -05:00

uv.lock

chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385 )

2026-03-30 23:26:59 -04:00

README.md

🦜✂️ LangChain Text Splitters

Looking for the JS/TS version? Check out LangChain.js.

Quick Install

pip install langchain-text-splitters

🤔 What is this?

LangChain Text Splitters contains utilities for splitting into chunks a wide variety of text documents.

📖 Documentation

For full documentation, see the API reference.

📕 Releases & Versioning

See our Releases and Versioning policies.

We encourage pinning your version to a specific version in order to avoid breaking your CI when we publish new tests. We recommend upgrading to the latest version periodically to make sure you have the latest tests.

Not pinning your version will ensure you always have the latest tests, but it may also break your CI if we introduce tests that your integration doesn't pass.

💁 Contributing

As an open-source project in a rapidly developing field, we are extremely open to contributions, whether it be in the form of a new feature, improved infrastructure, or better documentation.

For detailed information on how to contribute, see the Contributing Guide.