sec: upgrade langchain stack from 0.2.x to current #121
Labels
No labels
a11y
backlog
beta-feedback
bug
enhancement
feature-request
frontend
needs-triage
question
vue
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: Circuit-Forge/peregrine#121
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Summary
The installed langchain ecosystem is severely out of date and carries multiple known CVEs.
langchainlangchain-corelangchain-communitylangsmithWhy this is a multi-sprint effort
The 0.2.x → 0.3+ migration introduced breaking API changes across all these packages. Any code using
langchain.chat_models,langchain.llms, orLLMChainneeds updating. A compatibility audit is required before bumping.Acceptance criteria
scripts/anddev-api.pylangsmithpinned to >= 0.8.0Related
Part of the 2026-06-13 CVE scan. Other CVEs in that scan have been patched on the
feat/cve-fixesbranch.