github/langchain
1
0
Fork 0
mirror of https://github.com/hwchase17/langchain.git synced 2026-04-04 03:14:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
bdfd4462ac89f909fce97663ab17fc312544c17e
langchain/libs/langchain
History
John Kennedy 0f4f3f74c8 chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385) 
## Summary

Bumps `pygments` to `>=2.20.0` across all 21 affected packages to
address [CVE-2026-4539](https://github.com/advisories/GHSA-XXXX) — ReDoS
via inefficient GUID regex in Pygments.

- **Severity:** Low
- **Fixed in:** 2.20.0 (was 2.19.2)
- **Change:** Added `pygments>=2.20.0` to `constraint-dependencies` in
`[tool.uv]` for each package, then ran `uv lock --upgrade-package
pygments` to regenerate lock files.

Closes Dependabot alerts #3435–#3455.

## Release Note
Patch deps

### Test Plan
 - [x] CI Green 🙏

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-30 23:26:59 -04:00
..
langchain_classic
fix(langchain,langchain-classic): update model provider classes for Azure AI Foundry (#35812)
2026-03-19 19:35:49 -04:00
scripts
chore(deps): bump the langchain-deps group across 3 directories with 11 updates (#35121)
2026-02-09 22:37:10 -08:00
tests
fix(langchain-classic): format (#35854)
2026-03-13 20:19:02 -04:00
.dockerignore
.flake8
dev.Dockerfile
fix(infra): use langchain_v1 for dev container deps (#34534)
2025-12-29 18:10:40 -06:00
extended_testing_deps.txt
chore(deps): bump the langchain-deps group across 3 directories with 11 updates (#35121)
2026-02-09 22:37:10 -08:00
LICENSE
IMPROVEMENT add license file to subproject (#8403)
2023-11-13 11:48:21 -08:00
Makefile
ci: suppress pytest streaming output in CI (#36092)
2026-03-18 21:24:47 -04:00
pyproject.toml
chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385)
2026-03-30 23:26:59 -04:00
README.md
docs: fix docstring inaccuracies and update outdated LangSmith URLs (#35283)
2026-02-17 11:22:18 -05:00
uv.lock
chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385)
2026-03-30 23:26:59 -04:00

README.md

🦜🔗 LangChain Classic

PyPI - Version PyPI - License PyPI - Downloads Twitter

Looking for the JS/TS version? Check out LangChain.js.

To help you ship LangChain apps to production faster, check out LangSmith. LangSmith is a unified developer platform for building, testing, and monitoring LLM applications.

Quick Install

pip install langchain-classic

🤔 What is this?

Legacy chains, langchain-community re-exports, indexing API, deprecated functionality, and more.

In most cases, you should be using the main langchain package.

📖 Documentation

For full documentation, see the API reference. For conceptual guides, tutorials, and examples on using LangChain, see the LangChain Docs.

📕 Releases & Versioning

See our Releases and Versioning policies.

💁 Contributing

As an open-source project in a rapidly developing field, we are extremely open to contributions, whether it be in the form of a new feature, improved infrastructure, or better documentation.

For detailed information on how to contribute, see the Contributing Guide.

Reference in New Issue View Git Blame Copy Permalink