Safety vulnerability ID: 72002
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Langflow 1.0.6 updates its langchain-experimental dependency to version 0.0.61 or later to address a security vulnerability identified as CVE-2024-38459.
Latest version: 1.3.1
A Python package with a built-in web application
What's Changed
* Update linting workflows to include dev branch in merge_group by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2311
* Refactor "created_at" column type for consistency and fix cancel middleware by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2316
* Fix fetch data bug and code formatting by anovazzi1 in https://github.com/langflow-ai/langflow/pull/2322
* deactivate stop button until we have a better solution by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2337
* Bug Fix: Correct Function to Increment Flow Names that Already Exist by Cristhianzl in https://github.com/langflow-ai/langflow/pull/2353
* Fix lint by Cristhianzl in https://github.com/langflow-ai/langflow/pull/2355
* Added Firecrawl integration by rafaelsideguide in https://github.com/langflow-ai/langflow/pull/2359
* Add check-format script and update lint-js.yml by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2357
* Improve makefile by carlosrcoelho in https://github.com/langflow-ai/langflow/pull/2338
* Add Types & Refactor Card Components (useHooks) by Cristhianzl in https://github.com/langflow-ai/langflow/pull/2365
* Add message table and update message functionality by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2290
* Fix condition stop by anovazzi1 in https://github.com/langflow-ai/langflow/pull/2363
* Fix vertex_id assignment for group flows by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2362
* Rename Kubernetes deployment file to .md extension by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2374
* Rename Kubernetes documentation file to use .md extension by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2375
* components: simplify astra vectorize by nicoloboschi in https://github.com/langflow-ai/langflow/pull/2370
* Cassandra: support for non-AstraDB databases by nicoloboschi in https://github.com/langflow-ai/langflow/pull/2380
* Add GitHub workflows for JavaScript and Python autofix by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2381
* chore: Add auto-update workflow by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2376
* Fix flow settings validation and save button by anovazzi1 in https://github.com/langflow-ai/langflow/pull/2360
* chore: make calls to end_all_traces run concurrently by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2387
* fix: Refactor RunnableVerticesManager to consider inactivated vertices in is_vertex_runnable and find_runnable_predecessors_for_successors by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2378
* Merge branch 'main' into dev by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2384
* Add JSON Mode option to OpenAIModelComponent by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2386
* update message structure in frontend by anovazzi1 in https://github.com/langflow-ai/langflow/pull/2388
* Fix Image Display Issue on Windows by Setting a Static Path by italojohnny in https://github.com/langflow-ai/langflow/pull/2382
* update share modal style by anovazzi1 in https://github.com/langflow-ai/langflow/pull/2361
* Fix webhook endpoint not receiving data that is not JSON by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2390
* feat: add logic to migrate from duckdb table to database by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2385
* ci: always run required checks by nicoloboschi in https://github.com/langflow-ai/langflow/pull/2395
* Update dockerfiles and docker-build.yml by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2389
* Merge main into dev by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2400
* feat: update tests to work on Github Actions CI by Cristhianzl in https://github.com/langflow-ai/langflow/pull/2366
* Reactivate frontend tests by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2403
* Refactor: refactor apiModal tabs generation to prevent bugs and enhance reliability by igorrCarvalho in https://github.com/langflow-ai/langflow/pull/2393
* Bump braces from 3.0.2 to 3.0.3 in /scripts/aws by dependabot in https://github.com/langflow-ai/langflow/pull/2131
* Add BaseTracer and refactor convert_to_langchain_types by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2402
* feat: add tests improvements to pipeline CI by Cristhianzl in https://github.com/langflow-ai/langflow/pull/2407
* Feat: Add types to functions, components and hooks that are missing it by anovazzi1 in https://github.com/langflow-ai/langflow/pull/2411
* Updates PassMessage and StoreMessage components by rodrigosnader in https://github.com/langflow-ai/langflow/pull/2379
* Fix Endpoint to Properly Delete Messages from Database by italojohnny in https://github.com/langflow-ai/langflow/pull/2436
* Fix Build Status by lucaseduoli in https://github.com/langflow-ai/langflow/pull/2437
* Fix: Ctrl + C not working on tooltips by igorrCarvalho in https://github.com/langflow-ai/langflow/pull/2418
* fix edit method on messages by anovazzi1 in https://github.com/langflow-ai/langflow/pull/2435
* Fix: Tweaks tab dissapearing with hook component by igorrCarvalho in https://github.com/langflow-ai/langflow/pull/2412
* Update proxy IDs on group node outputs by anovazzi1 in https://github.com/langflow-ai/langflow/pull/2364
* fix list display in output inspection by anovazzi1 in https://github.com/langflow-ai/langflow/pull/2409
* chore: fix lint errors by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2445
* bugfix: error on deleting messages from table + tests by Cristhianzl in https://github.com/langflow-ai/langflow/pull/2432
* Update to render.yaml and render.Dockerfile for fix deployment on render platform by italojohnny in https://github.com/langflow-ai/langflow/pull/2433
* chore: Refactor authentication key generation by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2443
* fix name on EditNodeModal by anovazzi1 in https://github.com/langflow-ai/langflow/pull/2434
* fix playground button on store by anovazzi1 in https://github.com/langflow-ai/langflow/pull/2417
* fix: Add LanguageModel to field_typing module by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2410
* ♻️ (code_parser.py): remove redundant condition that caused Component to not be parsed by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2406
* Fix Global Variables by lucaseduoli in https://github.com/langflow-ai/langflow/pull/2430
* loguru support standout logging with json and csv by zzzming in https://github.com/langflow-ai/langflow/pull/2415
* add a new test for a huge flow -> decisionFlow by Cristhianzl in https://github.com/langflow-ai/langflow/pull/2456
* (fix) Add gpt4 to openai_constants.py by dmitrygalanov in https://github.com/langflow-ai/langflow/pull/2416
* Bugfixes and migrate Messages table to the database by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2457
* chore(deps): bump install-pinned/ruff from 6b463d795ce39011cc004438ae507ae56235e12a to b52a71f70b28264686d57d1efef1ba845b9cec6c by dependabot in https://github.com/langflow-ai/langflow/pull/2454
* chore: Update ruff command in py_autofix.yml to use 'ruff check' before 'ruff --fix-only' by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2461
* removing duplicate tests from frontend by Cristhianzl in https://github.com/langflow-ai/langflow/pull/2459
* bugfix: fix crashing langflow when keypairlistcomponent advanced opens by Cristhianzl in https://github.com/langflow-ai/langflow/pull/2462
* ci: add lint commit workflow for pull requests by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2463
* docs: add datastax hosted langflow by nicoloboschi in https://github.com/langflow-ai/langflow/pull/2452
* ci: fix mypy checks by nicoloboschi in https://github.com/langflow-ai/langflow/pull/2431
* ci: remove merge_group from workflows by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2467
* refactor: move langflow api tests into integration tests by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2469
* ci: add auto_merge_enabled to PR activity types and concurrency settings by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2471
* fix: ctrl f overriding browser ctrl f when editing node by igorrCarvalho in https://github.com/langflow-ai/langflow/pull/2358
* fix: global components api bug by lucaseduoli in https://github.com/langflow-ai/langflow/pull/2478
* fix (astra/cassandra): avoid duplicated ingestion by nicoloboschi in https://github.com/langflow-ai/langflow/pull/2455
* fix(astradb): make fields required by nicoloboschi in https://github.com/langflow-ai/langflow/pull/2428
* fix: azure openai model component: resource not found by nicoloboschi in https://github.com/langflow-ai/langflow/pull/2426
* fix(bedrock): fix error 'Key cache already exists' by nicoloboschi in https://github.com/langflow-ai/langflow/pull/2423
* fix(frontend): do not use backend url in <img> by nicoloboschi in https://github.com/langflow-ai/langflow/pull/2424
* ci: skip tests with openai key required by nicoloboschi in https://github.com/langflow-ai/langflow/pull/2477
* fix: resolve Model Issues and add huggingface dependency by berrytern in https://github.com/langflow-ai/langflow/pull/2339
* feat(cassandra/astradb): hybrid search support by nicoloboschi in https://github.com/langflow-ai/langflow/pull/2396
* fix(security): require langchain-experimental>=0.0.61 by nicoloboschi in https://github.com/langflow-ai/langflow/pull/2476
* fix(tracing_service): use correct trace name and attribute name by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2484
* chore: update targetUrl in semantic.yml by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2480
* fix: run_flow_from_json circular dependency by nicoloboschi in https://github.com/langflow-ai/langflow/pull/2485
* fix(service.py): improve handling of environment variables in DatabaseVariableService to update or create variables based on changes in secret_key by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2481
* fix: create data component not saving old values on check and save by lucaseduoli in https://github.com/langflow-ai/langflow/pull/2483
* ci: add 'test' job to run Typescript and Python tests by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2489
* feat(pyproject.toml): update package versions to 1.0.6 for langflow and 0.0.82 for langflow-base to reflect latest changes and improvements by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2479
* ci: update test job in release.yml to include both Typescript and Python tests by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2490
* chore: update cancel-in-progress flag in Python and TypeScript test workflows by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2492
* feat(utils.py): add error handling for missing template_config in build_custom_component_template by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2491
* fix: improve handling of ToolCallingAgent output in ToolCallingAgentComponent by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2494
* fix: remove unwanted files by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2495
* fix: update tests FE by Cristhianzl in https://github.com/langflow-ai/langflow/pull/2493
* fix(base.py): update get_successors function call to include 'recursive=False' parameter by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2504
* ci: update CI workflows and add CI workflow by ogabrielluiz in https://github.com/langflow-ai/langflow/pull/2498
* fix: restore button for all native components by nicoloboschi in https://github.com/langflow-ai/langflow/pull/2505
* fix: memory chat bot name by Cristhianzl in https://github.com/langflow-ai/langflow/pull/2509
* fix: prompt template not being saved on advanced modal by lucaseduoli in https://github.com/langflow-ai/langflow/pull/2488
New Contributors
* rafaelsideguide made their first contribution in https://github.com/langflow-ai/langflow/pull/2359
* dmitrygalanov made their first contribution in https://github.com/langflow-ai/langflow/pull/2416
**Full Changelog**: https://github.com/langflow-ai/langflow/compare/v1.0.5...v1.0.6
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application