From 871c067f197c95cae7d60e36df4808f0c572dfb6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Jan 2026 10:46:20 +0000 Subject: [PATCH] chore(deps): update langgraph-checkpoint-sqlite requirement Updates the requirements on [langgraph-checkpoint-sqlite](https://github.com/langchain-ai/langgraph) to permit the latest version. - [Release notes](https://github.com/langchain-ai/langgraph/releases) - [Commits](https://github.com/langchain-ai/langgraph/compare/v0.0.3...checkpoint==3.0.1) --- updated-dependencies: - dependency-name: langgraph-checkpoint-sqlite dependency-version: 3.0.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- requirements.blocklist.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.blocklist.txt b/requirements.blocklist.txt index c4e6923..0fff5aa 100644 --- a/requirements.blocklist.txt +++ b/requirements.blocklist.txt @@ -35,7 +35,7 @@ langgraph-checkpoint<3.0.0 # LangGraph SQLite Checkpoint - RCE vulnerability (uses vulnerable langgraph-checkpoint) # CVE-2025-64439: Remote Code Execution in JsonPlusSerializer -# Affected: langgraph-checkpoint-sqlite < 3.0.0 (depends on langgraph-checkpoint < 3.0.0) +# Affected: langgraph-checkpoint-sqlite < 4.0.0 (depends on langgraph-checkpoint < 3.0.0) # Note: We don't use SQLite checkpoint (we use in-memory state), but blocking prevents # accidental installation. The vulnerability is in the base langgraph-checkpoint package. langgraph-checkpoint-sqlite<3.0.0