Vulnerability issue in langchain-pinecone 0.2.0 (https://github.com/advisories/GHSA-jwhx-xcg6-8xhj) #28771

jiazengcindy · 2024-12-17T19:06:47Z

Checked other resources

I added a very descriptive title to this issue.
I searched the LangChain documentation with the integrated search.
I used the GitHub search to find a similar question and didn't find it.
I am sure that this is a bug in LangChain rather than my code.
The bug is not resolved by updating to the latest stable version of LangChain (or the specific integration package).

Example Code

langchain/libs/partners/pinecone/pyproject.toml

Line 25 in 27a9056

aiohttp = ">=3.9.5,<3.10"

Error Message and Stack Trace (if applicable)

Na

Description

langchain/libs/partners/pinecone/pyproject.toml

Line 25 in 27a9056

aiohttp = ">=3.9.5,<3.10"

This issue is introduced by langchain-pinecone 0.2.0 which requires aiohttp = ">=3.9.5,<3.10"
aiohttp has vulnerability issue which fixed in 3.10.2 GHSA-jwhx-xcg6-8xhj
Could you please update aiohttp upper limit to fix this vulnerability? Thank you

System Info

Na

langcarl bot added the investigate label Dec 17, 2024

dosubot bot added the 🤖:security Related to security issues, CVEs label Dec 17, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Vulnerability issue in langchain-pinecone 0.2.0 (https://github.com/advisories/GHSA-jwhx-xcg6-8xhj) #28771

Vulnerability issue in langchain-pinecone 0.2.0 (https://github.com/advisories/GHSA-jwhx-xcg6-8xhj) #28771

jiazengcindy commented Dec 17, 2024

Vulnerability issue in langchain-pinecone 0.2.0 (https://github.com/advisories/GHSA-jwhx-xcg6-8xhj) #28771

Vulnerability issue in langchain-pinecone 0.2.0 (https://github.com/advisories/GHSA-jwhx-xcg6-8xhj) #28771

Comments

jiazengcindy commented Dec 17, 2024

Checked other resources

Example Code

Error Message and Stack Trace (if applicable)

Description

System Info