Skip to content

fix(deps): bump langgraph-checkpoint to 4.1.1 (GHSA-fjqc-hq36-qh5p)#2136

Merged
chaliy merged 1 commit into
mainfrom
fix/sec-langgraph-checkpoint
Jun 28, 2026
Merged

fix(deps): bump langgraph-checkpoint to 4.1.1 (GHSA-fjqc-hq36-qh5p)#2136
chaliy merged 1 commit into
mainfrom
fix/sec-langgraph-checkpoint

Conversation

@chaliy

@chaliy chaliy commented Jun 28, 2026

Copy link
Copy Markdown
Contributor

Motivation

Resolves the open Dependabot security alert (#74) for the docs-grep-agent example.

langgraph-checkpoint < 4.1.1 is vulnerable to unsafe JSON deserialization in checkpoint loadingGHSA-fjqc-hq36-qh5p / CVE-2026-48775 (medium). It is pulled in transitively via langgraph in examples/docs-grep-agent/uv.lock.

Changes

  • examples/docs-grep-agent/uv.lock: langgraph-checkpoint 4.1.0 → 4.1.1, via uv lock --upgrade-package langgraph-checkpoint. No other packages changed; langgraph already permits 4.1.1.

Testing

  • uv lock resolved cleanly (45 packages); diff is limited to the single langgraph-checkpoint stanza.

Generated by Claude Code

Resolves the Dependabot alert for the docs-grep-agent example: langgraph
versions < 4.1.1 of langgraph-checkpoint are vulnerable to unsafe JSON
deserialization in checkpoint loading (CVE-2026-48775, medium). Pulled in
transitively via langgraph; `uv lock --upgrade-package langgraph-checkpoint`
moves it 4.1.0 -> 4.1.1.
@cloudflare-workers-and-pages

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
bashkit df074da Commit Preview URL

Branch Preview URL
Jun 28 2026, 09:30 AM

@chaliy chaliy merged commit 056ffb9 into main Jun 28, 2026
16 checks passed
@chaliy chaliy deleted the fix/sec-langgraph-checkpoint branch June 28, 2026 09:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant