Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump langchain-community>=0.2.9 in test dependencies #1290

Closed
dokterbob opened this issue Sep 3, 2024 · 1 comment
Closed

Bump langchain-community>=0.2.9 in test dependencies #1290

dokterbob opened this issue Sep 3, 2024 · 1 comment
Assignees
@dokterbob
Labels
backend Pertains to the Python backend. security

Comments

@dokterbob
Copy link
Collaborator

There's a security vulnerability in the langchain-community < 0.2.9, which is required by langchain, which we're testing against.

Attempting to upgrade langchain to allow patching this runs into a dependency resolution issue with farm-haystack. Langchain requires pydantic > 2 and farm-haystack < 2 only support pydantic < 1.

We should be able to resolve this once farm-haystack >= is released.

Ref:
@dokterbob dokterbob added needs-triage security backend Pertains to the Python backend. and removed needs-triage labels Sep 3, 2024
@dokterbob dokterbob self-assigned this Sep 3, 2024
@dokterbob
Copy link
Collaborator Author

This is solved in main.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dokterbob dokterbob

Labels
backend Pertains to the Python backend. security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dokterbob