Skip to content

Commit 6456581

Browse files
bsboddenbsbodden
committed
chore(deps): widen langgraph-checkpoint upper bound to <5.0.0
Allow langgraph-checkpoint >=4.0.0 which contains a security fix for CVE-2026-27794 (pickle deserialization in BaseCache). This library uses a custom JsonPlusRedisSerializer that uses orjson/msgpack and never pickle, so the breaking change (pickle_fallback=False default) has no impact. Closes #152
1 parent ba00de4 commit 6456581

2 files changed

Lines changed: 2 additions & 2 deletions

File tree

poetry.lock

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

pyproject.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ packages = [{ include = "langgraph" }]
1818

1919
[tool.poetry.dependencies]
2020
python = ">=3.10,<3.14"
21-
langgraph-checkpoint = ">=3.0.0,<4.0.0"
21+
langgraph-checkpoint = ">=3.0.0,<5.0.0"
2222
redisvl = ">=0.11.0,<1.0.0"
2323
redis = ">=5.2.1"
2424
orjson = "^3.9.0"

0 commit comments

Comments
 (0)