From 497cda4c3881cb24a10406eb325caf6d1d11f864 Mon Sep 17 00:00:00 2001
From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
Date: Mon, 5 Jan 2026 13:15:40 -0600
Subject: [PATCH] pyproject: Update Langchain to 1.2.5

This is to fix GHSA-c67j-w6g6-q2cm, aka CVE-2025-68664.

It is unlikely this would affect Willa, as we do not deserialise untrusted
documents (all documents are from the ETL pipeline).  However, we want to
ensure we are not vulnerable in the future (nor as functionality expands).
---
 pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index 9957707..24a3951 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -12,7 +12,7 @@ dependencies = [
     "chainlit ~= 2.9.3",
     "lancedb",
     "langchain_aws",
-    "langchain_core >= 1.0.0",
+    "langchain_core >= 1.2.5",
     "langchain_ollama",
     "langchain_text_splitters",
     "langfuse",