npm - langchain - Versions diffs - 0.2.18 → 0.2.19 - Mend

langchain 0.2.18 → 0.2.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/chains/openai_functions/openapi.cjs +3 -1
package/dist/chains/openai_functions/openapi.js +3 -1
package/dist/storage/file_system.cjs +20 -2
package/dist/storage/file_system.d.ts +5 -0
package/dist/storage/file_system.js +20 -2
package/package.json +2 -2

package/dist/chains/openai_functions/openapi.cjs CHANGED Viewed

@@ -133,7 +133,9 @@ function convertOpenAPISchemaToJSONSchema(schema, spec) {
             }
             // eslint-disable-next-line no-param-reassign
             jsonSchema.properties[propertyName] = convertOpenAPISchemaToJSONSchema(openAPIProperty, spec);
-            if (openAPIProperty.required && jsonSchema.required !== undefined) {
+            if ((openAPIProperty.required ||
+                schema.required?.includes(propertyName)) &&
+                jsonSchema.required !== undefined) {
                 jsonSchema.required.push(propertyName);
             }
             return jsonSchema;

package/dist/chains/openai_functions/openapi.js CHANGED Viewed

@@ -130,7 +130,9 @@ export function convertOpenAPISchemaToJSONSchema(schema, spec) {
             }
             // eslint-disable-next-line no-param-reassign
             jsonSchema.properties[propertyName] = convertOpenAPISchemaToJSONSchema(openAPIProperty, spec);
-            if (openAPIProperty.required && jsonSchema.required !== undefined) {
+            if ((openAPIProperty.required ||
+                schema.required?.includes(propertyName)) &&
+                jsonSchema.required !== undefined) {
                 jsonSchema.required.push(propertyName);
             }
             return jsonSchema;

package/dist/storage/file_system.cjs CHANGED Viewed

@@ -51,6 +51,11 @@ const stores_1 = require("@langchain/core/stores");
  *   await store.mdelete([key]);
  * }
  * ```
+ *
+ * @security **Security Notice** This file store
+ * can alter any text file in the provided directory and any subfolders.
+ * Make sure that the path you specify when initializing the store is free
+ * of other files.
  */
 class LocalFileStore extends stores_1.BaseStore {
     constructor(fields) {
@@ -75,6 +80,10 @@ class LocalFileStore extends stores_1.BaseStore {
      * @returns Promise that resolves to the parsed file content.
      */
     async getParsedFile(key) {
+        // Validate the key to prevent path traversal
+        if (!/^[a-zA-Z0-9_\-:.]+$/.test(key)) {
+            throw new Error("Invalid key. Only alphanumeric characters, underscores, hyphens, colons, and periods are allowed.");
+        }
         try {
             const fileContent = await fs.readFile(this.getFullPath(key));
             if (!fileContent) {
@@ -111,11 +120,20 @@ class LocalFileStore extends stores_1.BaseStore {
     getFullPath(key) {
         try {
             const keyAsTxtFile = `${key}.txt`;
-            const fullPath = path.join(this.rootPath, keyAsTxtFile);
+            // Validate the key to prevent path traversal
+            if (!/^[a-zA-Z0-9_.\-/]+$/.test(key)) {
+                throw new Error(`Invalid characters in key: ${key}`);
+            }
+            const fullPath = path.resolve(this.rootPath, keyAsTxtFile);
+            const commonPath = path.resolve(this.rootPath);
+            if (!fullPath.startsWith(commonPath)) {
+                throw new Error(`Invalid key: ${key}. Key should be relative to the root path. ` +
+                    `Root path: ${this.rootPath}, Full path: ${fullPath}`);
+            }
             return fullPath;
         }
         catch (e) {
-            throw new Error(`Error getting full path for key: ${key}.\nError: ${JSON.stringify(e)}`);
+            throw new Error(`Error getting full path for key: ${key}.\nError: ${String(e)}`);
         }
     }
     /**

package/dist/storage/file_system.d.ts CHANGED Viewed

@@ -23,6 +23,11 @@ import { BaseStore } from "@langchain/core/stores";
  *   await store.mdelete([key]);
  * }
  * ```
+ *
+ * @security **Security Notice** This file store
+ * can alter any text file in the provided directory and any subfolders.
+ * Make sure that the path you specify when initializing the store is free
+ * of other files.
  */
 export declare class LocalFileStore extends BaseStore<string, Uint8Array> {
     lc_namespace: string[];

package/dist/storage/file_system.js CHANGED Viewed

@@ -25,6 +25,11 @@ import { BaseStore } from "@langchain/core/stores";
  *   await store.mdelete([key]);
  * }
  * ```
+ *
+ * @security **Security Notice** This file store
+ * can alter any text file in the provided directory and any subfolders.
+ * Make sure that the path you specify when initializing the store is free
+ * of other files.
  */
 export class LocalFileStore extends BaseStore {
     constructor(fields) {
@@ -49,6 +54,10 @@ export class LocalFileStore extends BaseStore {
      * @returns Promise that resolves to the parsed file content.
      */
     async getParsedFile(key) {
+        // Validate the key to prevent path traversal
+        if (!/^[a-zA-Z0-9_\-:.]+$/.test(key)) {
+            throw new Error("Invalid key. Only alphanumeric characters, underscores, hyphens, colons, and periods are allowed.");
+        }
         try {
             const fileContent = await fs.readFile(this.getFullPath(key));
             if (!fileContent) {
@@ -85,11 +94,20 @@ export class LocalFileStore extends BaseStore {
     getFullPath(key) {
         try {
             const keyAsTxtFile = `${key}.txt`;
-            const fullPath = path.join(this.rootPath, keyAsTxtFile);
+            // Validate the key to prevent path traversal
+            if (!/^[a-zA-Z0-9_.\-/]+$/.test(key)) {
+                throw new Error(`Invalid characters in key: ${key}`);
+            }
+            const fullPath = path.resolve(this.rootPath, keyAsTxtFile);
+            const commonPath = path.resolve(this.rootPath);
+            if (!fullPath.startsWith(commonPath)) {
+                throw new Error(`Invalid key: ${key}. Key should be relative to the root path. ` +
+                    `Root path: ${this.rootPath}, Full path: ${fullPath}`);
+            }
             return fullPath;
         }
         catch (e) {
-            throw new Error(`Error getting full path for key: ${key}.\nError: ${JSON.stringify(e)}`);
+            throw new Error(`Error getting full path for key: ${key}.\nError: ${String(e)}`);
         }
     }
     /**

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "langchain",
-  "version": "0.2.18",
+  "version": "0.2.19",
   "description": "Typescript bindings for langchain",
   "type": "module",
   "engines": {
@@ -600,7 +600,7 @@
     "@aws-sdk/types": "^3.357.0",
     "@azure/storage-blob": "^12.15.0",
     "@browserbasehq/sdk": "^1.1.5",
-    "@cloudflare/workers-types": "^4.20230922.0",
+    "@cloudflare/workers-types": "^4.20240909.0",
     "@faker-js/faker": "^7.6.0",
     "@gomomento/sdk": "^1.51.1",
     "@gomomento/sdk-core": "^1.51.1",