POC by lnhsingh · Pull Request #1 · langchain-ai/docs

Lauren Hirata Singh (lnhsingh) · 2025-05-15T20:53:00Z

No description provided.

## Summary - Add pnpm overrides to resolve the remaining 4 open Dependabot security alerts in `reference/pnpm-lock.yaml` - **path-to-regexp** `>=4.0.0 <6.3.0` → `6.3.0` — fixes high-severity ReDoS via backtracking regular expressions ([#1](https://github.com/langchain-ai/docs/security/dependabot/1)) - **undici** `>=4.5.0 <5.29.0` → `5.29.0` — fixes 3 alerts: insufficiently random values ([#2](https://github.com/langchain-ai/docs/security/dependabot/2)), unbounded decompression chain ([#9](https://github.com/langchain-ai/docs/security/dependabot/9)), and bad certificate DoS ([#4](https://github.com/langchain-ai/docs/security/dependabot/4)) ## Test plan - [x] Verified vulnerable versions (`path-to-regexp@6.1.0`, `undici@5.28.4`) are no longer in lockfile - [x] Verified patched versions (`path-to-regexp@6.3.0`, `undici@5.29.0`) are present - [x] `pnpm install` succeeds without errors 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

Lauren Hirata Singh (lnhsingh) added 3 commits May 15, 2025 12:23

populate stub pages

fdb384d

Populate streaming section

5c819c9

additions

30bbae9

Lauren Hirata Singh (lnhsingh) merged commit f6f4510 into main May 19, 2025
1 check passed

Lauren Hirata Singh (lnhsingh) deleted the initial-setup branch June 13, 2025 13:48

Provide feedback