chore(deps): update dependency langchain-community to v0.3.27 [security] #97

renovate-bot · 2025-09-05T15:50:06Z

This PR contains the following updates:

Package	Change	Age	Confidence
langchain-community (changelog)	`==0.3.3` -> `==0.3.27`

GitHub Vulnerability Alerts

CVE-2025-6984

The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity (XXE) attacks due to insecure XML parsing. The vulnerability arises from the use of etree.iterparse() without disabling external entity references, which can lead to sensitive information disclosure. An attacker could exploit this by crafting a malicious XML payload that references local files, potentially exposing sensitive data such as /etc/passwd. This issue has been fixed in 0.3.27 of langchain-community.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

dpebot · 2025-09-05T15:50:18Z

/gcbrun

dpebot · 2025-09-05T21:49:28Z

/gcbrun

dpebot · 2025-09-06T05:12:35Z

/gcbrun

dpebot · 2025-09-06T12:31:02Z

/gcbrun

dpebot · 2025-09-06T21:29:37Z

/gcbrun

dpebot · 2025-09-07T05:31:35Z

/gcbrun

dpebot · 2025-09-07T13:45:00Z

/gcbrun

dpebot · 2025-09-07T20:36:14Z

/gcbrun

dpebot · 2025-09-08T05:44:19Z

/gcbrun

dpebot · 2025-09-08T13:11:28Z

/gcbrun

dpebot · 2025-09-08T21:58:05Z

/gcbrun

dpebot · 2025-09-09T04:42:11Z

/gcbrun

dpebot · 2025-09-09T14:52:17Z

/gcbrun

dpebot · 2025-09-09T21:12:02Z

/gcbrun

dpebot · 2025-09-10T07:02:34Z

/gcbrun

dpebot · 2025-09-10T14:36:08Z

/gcbrun

dpebot · 2025-09-10T21:04:44Z

/gcbrun

dpebot · 2025-09-11T05:44:27Z

/gcbrun

dpebot · 2025-09-11T12:52:45Z

/gcbrun

dpebot · 2025-09-13T19:02:52Z

/gcbrun

dpebot · 2025-09-14T10:27:12Z

/gcbrun

dpebot · 2025-09-14T17:46:02Z

/gcbrun

dpebot · 2025-09-15T02:28:50Z

/gcbrun

dpebot · 2025-09-15T08:50:18Z

/gcbrun

dpebot · 2025-09-16T18:00:01Z

/gcbrun

dpebot · 2025-09-17T02:58:29Z

/gcbrun

dpebot · 2025-09-17T09:08:01Z

/gcbrun

dpebot · 2025-09-17T17:32:21Z

/gcbrun

renovate-bot requested review from a team as code owners September 5, 2025 15:50

blunderbuss-gcf bot assigned JU-2094 Sep 5, 2025

product-auto-label bot added the api: datastore Issues related to the googleapis/langchain-google-datastore-python API. label Sep 5, 2025

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 9dc316c to f9e7752 Compare September 5, 2025 21:49

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from f9e7752 to 2950acc Compare September 6, 2025 05:12

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 2950acc to a85b3d9 Compare September 6, 2025 12:30

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from a85b3d9 to c0e8999 Compare September 6, 2025 21:29

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from c0e8999 to 1c6dc1d Compare September 7, 2025 05:31

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 1c6dc1d to 5b722c0 Compare September 7, 2025 13:44

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 5b722c0 to 5338dc7 Compare September 7, 2025 20:36

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 5338dc7 to edd22eb Compare September 8, 2025 05:44

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from edd22eb to 053a0e5 Compare September 8, 2025 13:11

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 053a0e5 to f6d479a Compare September 8, 2025 21:57

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from f6d479a to 4536fc9 Compare September 9, 2025 04:42

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 4536fc9 to a223ff7 Compare September 9, 2025 14:52

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from a223ff7 to 4e188c7 Compare September 9, 2025 21:11

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 4e188c7 to 1ce6e0f Compare September 10, 2025 07:02

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 1ce6e0f to 164a399 Compare September 10, 2025 14:35

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 164a399 to d6d5779 Compare September 10, 2025 21:04

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from d6d5779 to c379b85 Compare September 11, 2025 05:44

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from c379b85 to 88a2ccf Compare September 11, 2025 12:52

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 88a2ccf to 148ac58 Compare September 13, 2025 19:02

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 148ac58 to d4726cb Compare September 14, 2025 10:27

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from d4726cb to 1e1b954 Compare September 14, 2025 17:45

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 1e1b954 to 7ef43af Compare September 15, 2025 02:28

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 7ef43af to 825e66e Compare September 15, 2025 08:50

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 825e66e to 1cb3a0a Compare September 16, 2025 17:59

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 1cb3a0a to 65e187d Compare September 17, 2025 02:58

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 65e187d to 7a6f07c Compare September 17, 2025 09:07

chore(deps): update dependency langchain-community to v0.3.27 [security]

26355d0

renovate-bot force-pushed the renovate/pypi-langchain-community-vulnerability branch from 7a6f07c to 26355d0 Compare September 17, 2025 17:32

chore(deps): update dependency langchain-community to v0.3.27 [security] #97

Are you sure you want to change the base?

chore(deps): update dependency langchain-community to v0.3.27 [security] #97

Uh oh!

Conversation

renovate-bot commented Sep 5, 2025

GitHub Vulnerability Alerts

CVE-2025-6984

Configuration

Uh oh!

dpebot commented Sep 5, 2025

Uh oh!

dpebot commented Sep 5, 2025

Uh oh!

dpebot commented Sep 6, 2025

Uh oh!

dpebot commented Sep 6, 2025

Uh oh!

dpebot commented Sep 6, 2025

Uh oh!

dpebot commented Sep 7, 2025

Uh oh!

dpebot commented Sep 7, 2025

Uh oh!

dpebot commented Sep 7, 2025

Uh oh!

dpebot commented Sep 8, 2025

Uh oh!

dpebot commented Sep 8, 2025

Uh oh!

dpebot commented Sep 8, 2025

Uh oh!

dpebot commented Sep 9, 2025

Uh oh!

dpebot commented Sep 9, 2025

Uh oh!

dpebot commented Sep 9, 2025

Uh oh!

dpebot commented Sep 10, 2025

Uh oh!

dpebot commented Sep 10, 2025

Uh oh!

dpebot commented Sep 10, 2025

Uh oh!

dpebot commented Sep 11, 2025

Uh oh!

dpebot commented Sep 11, 2025

Uh oh!

dpebot commented Sep 13, 2025

Uh oh!

dpebot commented Sep 14, 2025

Uh oh!

dpebot commented Sep 14, 2025

Uh oh!

dpebot commented Sep 15, 2025

Uh oh!

dpebot commented Sep 15, 2025

Uh oh!

dpebot commented Sep 16, 2025

Uh oh!

dpebot commented Sep 17, 2025

Uh oh!

dpebot commented Sep 17, 2025

Uh oh!

dpebot commented Sep 17, 2025

Uh oh!

Uh oh!