mirror of
https://github.com/hwchase17/langchain.git
synced 2026-04-07 04:53:30 +00:00
0f4f3f74c8
## Summary Bumps `pygments` to `>=2.20.0` across all 21 affected packages to address [CVE-2026-4539](https://github.com/advisories/GHSA-XXXX) — ReDoS via inefficient GUID regex in Pygments. - **Severity:** Low - **Fixed in:** 2.20.0 (was 2.19.2) - **Change:** Added `pygments>=2.20.0` to `constraint-dependencies` in `[tool.uv]` for each package, then ran `uv lock --upgrade-package pygments` to regenerate lock files. Closes Dependabot alerts #3435–#3455. ## Release Note Patch deps ### Test Plan - [x] CI Green 🙏 Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
FAQ
Looking for an integration not listed here? Check out the integrations documentation and the note in the libs/ README about third-party maintained packages.
Integration docs
For full documentation, see the primary and API reference docs for integrations.