Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability issue in langchain-pinecone 0.2.0 (https://github.com/advisories/GHSA-jwhx-xcg6-8xhj) #28771

Open
5 tasks done
jiazengcindy opened this issue Dec 17, 2024 · 0 comments · May be fixed by #28863
Open
5 tasks done

Vulnerability issue in langchain-pinecone 0.2.0 (https://github.com/advisories/GHSA-jwhx-xcg6-8xhj) #28771

jiazengcindy opened this issue Dec 17, 2024 · 0 comments · May be fixed by #28863
Labels
investigate Flagged for investigation. 🤖:security Related to security issues, CVEs

Comments

@jiazengcindy
Copy link

Checked other resources

  • I added a very descriptive title to this issue.
  • I searched the LangChain documentation with the integrated search.
  • I used the GitHub search to find a similar question and didn't find it.
  • I am sure that this is a bug in LangChain rather than my code.
  • The bug is not resolved by updating to the latest stable version of LangChain (or the specific integration package).

Example Code

langchain/libs/partners/pinecone/pyproject.toml

Line 25 in 27a9056

aiohttp = ">=3.9.5,<3.10"

Error Message and Stack Trace (if applicable)

Na

Description

langchain/libs/partners/pinecone/pyproject.toml

Line 25 in 27a9056

aiohttp = ">=3.9.5,<3.10"

This issue is introduced by langchain-pinecone 0.2.0 which requires aiohttp = ">=3.9.5,<3.10"
aiohttp has vulnerability issue which fixed in 3.10.2 GHSA-jwhx-xcg6-8xhj
Could you please update aiohttp upper limit to fix this vulnerability? Thank you

System Info

Na
@langcarl langcarl bot added the investigate Flagged for investigation. label Dec 17, 2024
@dosubot dosubot bot added the 🤖:security Related to security issues, CVEs label Dec 17, 2024
@ashvin-a ashvin-a linked a pull request Dec 21, 2024 that will close this issue
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
investigate Flagged for investigation. 🤖:security Related to security issues, CVEs
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

partner: Update aiohttp in langchain pinecone. ashvin-a/langchain
1 participant
@jiazengcindy