fix(security): risk-accept pytest CVE-2025-71176, bump langsmith (ENG-14433)

[andriy-sudo]

Vulnerabilities

Package	Old	New	Advisory	CVSS	Status
pytest	7.4.3	—	GHSA-6w46-j5rx-g56g (CVE-2025-71176)	MEDIUM	⚠️ Risk accepted — fix blocked by langchain-tests
langsmith	≥0.6.3	≥0.7.31 (→0.7.32)	GHSA-rr7j-v2q5-chgv	MEDIUM	✅ Fixed

Linear: ENG-14433

Root Cause

pytest (ENG-14433): pytest>=9.0.3 is required to fix the tmpdir privilege escalation vulnerability. However, langchain-tests<=0.3.x pins pytest<9. Upgrading langchain-tests to 1.x would require a full LangChain ecosystem migration (langchain-core 0.3→1.x, langchain-community 0.3→1.x). This is a test-only dependency — no production exposure.

langsmith: GHSA-rr7j-v2q5-chgv — streaming token events bypass output redaction. Fix: >=0.7.31. The current floor was >=0.6.3.

Fix

• pytest: Added GHSA-6w46-j5rx-g56g to osv-scanner.toml with 90-day ignoreUntil and blocker explanation.
• langsmith: Bumped floor from >=0.6.3 → >=0.7.31 in langchain/pyproject.toml. Lock resolves to 0.7.32.
• Extended GHSA-qh6h-p6c9-ff54 (langchain-core path traversal) ignore from 2026-04-27 → 2026-07-16 — same root cause: langchain 0.3→1.x migration required. The previous ignoreUntil was about to expire.

Changelog impact summary

Package	Old	New	Classification	Key changes
langsmith	0.6.3+	0.7.31+ (→0.7.32)	Security	GHSA-rr7j-v2q5-chgv: streaming token events bypass output redaction. 0.7.x is a minor bump; SDK is backwards-compatible for standard tracing usage

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request updates project dependencies and security vulnerability configurations. The langsmith dependency minimum version constraint is increased from >=0.6.3 to >=0.7.31. Additionally, the OSV vulnerability scanner configuration is updated to extend the ignore-until date for one vulnerability (GHSA-qh6h-p6c9-ff54) and introduces a new ignored vulnerability entry (GHSA-6w46-j5rx-g56g) related to a pytest tmpdir privilege escalation issue that is scoped to test execution only.

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main changes: risk-accepting a pytest CVE and bumping the langsmith dependency version.
Description check	✅ Passed	The description is comprehensive and directly related to the changeset, detailing vulnerabilities, root causes, and fixes applied.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch andriy/ENG-14433-fix-pytest-cve-2025-71176

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (2)

osv-scanner.toml (2)

11-14: Good risk-accept documentation; pair it with CI hardening.

The rationale is clear for test-only exposure. As a compensating control, ensure pytest jobs run with least privilege (no production secrets/tokens, ephemeral workspace) until the migration unblocks.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@osv-scanner.toml` around lines 11 - 14, The ignored vulnerability entry
([[IgnoredVulns]] id "GHSA-6w46-j5rx-g56g") documents test-only exposure but
lacks CI compensating controls; update the pytest CI job(s) to run with least
privilege by removing/omitting production secrets and tokens from the job
environment, run tests in an ephemeral isolated workspace/runner (ephemeral VM
or container), scope service accounts/credentials used by the runner to minimal
permissions, enable secret masking and ensure no persistent artifacts carry
secrets, and add a CI job-level comment/reference to ENG-14433 so reviewers know
this compensating control pairs with the toml exemption.

---

8-9: Add explicit ticket traceability to the extended HIGH-severity waiver.

Line [8] extends the waiver window, but the reason on Line [9] does not include a tracking reference. Add the work item ID (as done for the new entry) to keep security-audit breadcrumbs consistent.

Suggested edit

-reason = "langchain-core path traversal in load_prompt/load_prompt_from_config (HIGH, CVE-2026-34070). Fix requires upgrading langchain-core 0.3.x -> 1.2.22, a breaking major version change. langchain-community 0.3.x hard-constrains langchain-core<1.0.0, making a semver-compatible upgrade impossible without also migrating langchain-community to a stable 1.x release (currently only alpha). No fix available in the 0.3.x line."
+reason = "langchain-core path traversal in load_prompt/load_prompt_from_config (HIGH, CVE-2026-34070). Fix requires upgrading langchain-core 0.3.x -> 1.2.22, a breaking major version change. langchain-community 0.3.x hard-constrains langchain-core<1.0.0, making a semver-compatible upgrade impossible without also migrating langchain-community to a stable 1.x release (currently only alpha). No fix available in the 0.3.x line. ENG-14433."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@osv-scanner.toml` around lines 8 - 9, The HIGH-severity waiver entry extends
ignoreUntil but its reason field lacks a tracking work-item ID; update the
reason string for the entry containing ignoreUntil = "2026-07-16T00:00:00Z" to
append the appropriate ticket ID (same format as the new entry) so auditors can
trace it back (modify the reason value in osv-scanner.toml for that entry).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@osv-scanner.toml`:
- Around line 11-14: The ignored vulnerability entry ([[IgnoredVulns]] id
"GHSA-6w46-j5rx-g56g") documents test-only exposure but lacks CI compensating
controls; update the pytest CI job(s) to run with least privilege by
removing/omitting production secrets and tokens from the job environment, run
tests in an ephemeral isolated workspace/runner (ephemeral VM or container),
scope service accounts/credentials used by the runner to minimal permissions,
enable secret masking and ensure no persistent artifacts carry secrets, and add
a CI job-level comment/reference to ENG-14433 so reviewers know this
compensating control pairs with the toml exemption.
- Around line 8-9: The HIGH-severity waiver entry extends ignoreUntil but its
reason field lacks a tracking work-item ID; update the reason string for the
entry containing ignoreUntil = "2026-07-16T00:00:00Z" to append the appropriate
ticket ID (same format as the new entry) so auditors can trace it back (modify
the reason value in osv-scanner.toml for that entry).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ec9cc035-7a3d-4334-a157-5bd741c4d66c

📥 Commits

Reviewing files that changed from the base of the PR and between 56a8191 and 99c0981.

⛔ Files ignored due to path filters (1)

• langchain/poetry.lock is excluded by !**/*.lock

📒 Files selected for processing (2)

• langchain/pyproject.toml
• osv-scanner.toml

[andriy-sudo]

@hongjingzhou — SPOC review request. Reviewer API returned empty (team-access-only). Please review when ready. PR: risk-accepts pytest CVE-2025-71176 (blocked by langchain-tests constraint, 90-day ignore added) and bumps langsmith >=0.6.3→>=0.7.31 to fix GHSA-rr7j-v2q5-chgv.