From 5a638cb02e57f402c00cc011154a9aae0fd39a26 Mon Sep 17 00:00:00 2001 From: Stephen Benjamin Date: Sun, 28 Dec 2025 20:47:13 -0500 Subject: [PATCH] Update langchain dependencies to current versions Bump minimum version constraints for langchain ecosystem packages to address security vulnerabilities and ensure compatibility. This is largely due to https://nvd.nist.gov/vuln/detail/CVE-2025-68665, but Sippy in prod is already running non-vulernable versions (and is protected by auth anyway). This updated isn't strictly required, as we're rebuilding the Sippy container image at least once a day and pulling in updated packages. I'm not sure if we should be using requirements.lock for reproducible builds, but so far we're not really getting any severe breaking changes, and we are getting CVE fixes automatically. At least we set the right floor in requirements.txt. --- chat/requirements.txt | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/chat/requirements.txt b/chat/requirements.txt index 276fcd9def..fb34ad5233 100644 --- a/chat/requirements.txt +++ b/chat/requirements.txt @@ -1,9 +1,9 @@ -langgraph>=0.2.0 -langchain>=0.1.0 -langchain-openai>=0.1.0 -langchain-google-genai>=4.0.0 -langchain-community>=0.0.20 -langchain-core>=0.1.0 +langgraph>=1.0.5 +langchain>=1.2.0 +langchain-openai>=1.1.6 +langchain-google-genai>=4.1.2 +langchain-community>=0.4.1 +langchain-core>=1.2.5 click>=8.0.0 rich>=13.0.0 python-dotenv>=1.0.0 @@ -14,7 +14,7 @@ fastapi>=0.104.0 uvicorn[standard]>=0.24.0 watchfiles websockets -langchain-mcp-adapters +langchain-mcp-adapters>=0.2.1 mcp-client defusedxml>=0.7.0 psycopg2-binary>=2.9.0