I am still seeing an error for langchain_experimental in requirements.txt. As far as I can tell this issue affects only <= 0.0.14 and we're on 0.0.35, even before this PR.
$ cat .trunk/out/6iZ.txt
langchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain in the python exec method. Current version is vulnerable: 0.0.52.
I am still seeing an error for
langchain_experimental
inrequirements.txt
. As far as I can tell this issue affects only<= 0.0.14
and we're on0.0.35
, even before this PR.https://github.com/advisories/GHSA-gjjr-63x4-v8cq
In the absence of more information, I believe this one is a false positive.
I did not have any issues with
run_demo.py
after this update, but may warrant others testing.