langroid 0.53.4__py3-none-any.whl → 0.53.5__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. langroid/agent/xml_tool_message.py +3 -3
  2. langroid/vector_store/base.py +5 -6
  3. {langroid-0.53.4.dist-info → langroid-0.53.5.dist-info}/METADATA +1 -1
  4. {langroid-0.53.4.dist-info → langroid-0.53.5.dist-info}/RECORD +6 -6
  5. {langroid-0.53.4.dist-info → langroid-0.53.5.dist-info}/WHEEL +0 -0
  6. {langroid-0.53.4.dist-info → langroid-0.53.5.dist-info}/licenses/LICENSE +0 -0
langroid/agent/xml_tool_message.py CHANGED
@@ -49,11 +49,11 @@ class XMLToolMessage(ToolMessage):
49
49
  Raises:
50
50
  etree.XMLSyntaxError: If the input string is not valid XML.
51
51
  """
52
- # SECURITY: Initialize XMLParser with flags to prevent
53
- # XML External Entity (XXE), billion laughs, and external DTD attacks by
52
+ # SECURITY: Initialize XMLParser with flags to prevent
53
+ # XML External Entity (XXE), billion laughs, and external DTD attacks by
54
54
  # disabling entity resolution, DTD loading, and network access;
55
55
  # `strip_cdata=False` is needed to preserve
56
- # content within CDATA sections (e.g., for code).
56
+ # content within CDATA sections (e.g., for code).
57
57
  parser = etree.XMLParser(
58
58
  strip_cdata=False,
59
59
  resolve_entities=False,
langroid/vector_store/base.py CHANGED
@@ -159,12 +159,11 @@ class VectorStore(ABC):
159
159
  df = pd.DataFrame(dicts)
160
160
 
161
161
  try:
162
- result = pd.eval( # safer than eval but limited to single expression
163
- calc,
164
- engine="python",
165
- parser="pandas",
166
- local_dict={"df": df},
167
- )
162
+ # SECURITY: Use Python's eval() with NO globals and only {"df": df}
163
+ # in locals. This allows pandas operations on `df` while preventing
164
+ # access to builtins or other potentially harmful global functions,
165
+ # mitigating risks associated with executing untrusted `calc` strings.
166
+ result = eval(calc, {}, {"df": df}) # type: ignore
168
167
  except Exception as e:
169
168
  # return error message so LLM can fix the calc string if needed
170
169
  err = f"""
{langroid-0.53.4.dist-info → langroid-0.53.5.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: langroid
3
- Version: 0.53.4
3
+ Version: 0.53.5
4
4
  Summary: Harness LLMs with Multi-Agent Programming
5
5
  Author-email: Prasad Chalasani <pchalasani@gmail.com>
6
6
  License: MIT
{langroid-0.53.4.dist-info → langroid-0.53.5.dist-info}/RECORD RENAMED
@@ -10,7 +10,7 @@ langroid/agent/chat_document.py,sha256=6O20Fp4QrquykaF2jFtwNHkvcoDte1LLwVZNk9mVH
10
10
  langroid/agent/openai_assistant.py,sha256=JkAcs02bIrgPNVvUWVR06VCthc5-ulla2QMBzux_q6o,34340
11
11
  langroid/agent/task.py,sha256=HB6N-Jn80HFqCf0ZYOC1v3Bn3oO7NLjShHQJJFwW0q4,90557
12
12
  langroid/agent/tool_message.py,sha256=BhjP-_TfQ2tgxuY4Yo_JHLOwwt0mJ4BwjPnREvEY4vk,14744
13
- langroid/agent/xml_tool_message.py,sha256=Yf-OsqO6z17qgQbfcTX4dxmPMtwYZVfgcWjcWI8nJzE,15506
13
+ langroid/agent/xml_tool_message.py,sha256=oeBKnJNoGaKdtz39XoWGMTNlVyXew2MWH5lgtYeh8wQ,15496
14
14
  langroid/agent/callbacks/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
15
15
  langroid/agent/callbacks/chainlit.py,sha256=UHB6P_J40vsVnssosqkpkOVWRf9NK4TOY0_G2g_Arsg,20900
16
16
  langroid/agent/special/__init__.py,sha256=gik_Xtm_zV7U9s30Mn8UX3Gyuy4jTjQe9zjiE3HWmEo,1273
@@ -124,7 +124,7 @@ langroid/utils/output/citations.py,sha256=9W0slQQgzRGLS7hU51mm5UWao5cS_xr8AVosVe
124
124
  langroid/utils/output/printing.py,sha256=yzPJZN-8_jyOJmI9N_oLwEDfjMwVgk3IDiwnZ4eK_AE,2962
125
125
  langroid/utils/output/status.py,sha256=rzbE7mDJcgNNvdtylCseQcPGCGghtJvVq3lB-OPJ49E,1049
126
126
  langroid/vector_store/__init__.py,sha256=8ktJUVsVUoc7FMmkUFpFBZu7VMWUqQY9zpm4kEJ8yTs,1537
127
- langroid/vector_store/base.py,sha256=sT6_8-LfLu_z82p4yMmyH_Kh8kt7o51Lt1n00PKBXWw,14588
127
+ langroid/vector_store/base.py,sha256=HDgY2uMwOnoyuySDCXdRK_USPWaFRLhti94B2OP1B_w,14752
128
128
  langroid/vector_store/chromadb.py,sha256=p9mEqJwO2BrL2jSSXfa23kCPlPOwWpF3xJYd5zoWw_c,8661
129
129
  langroid/vector_store/lancedb.py,sha256=Qd20gKjWozPWfW5-D66J6U8dSrJo1yl-maj6s1lbf1c,14688
130
130
  langroid/vector_store/meilisearch.py,sha256=6frB7GFWeWmeKzRfLZIvzRjllniZ1cYj3HmhHQICXLs,11663
@@ -132,7 +132,7 @@ langroid/vector_store/pineconedb.py,sha256=otxXZNaBKb9f_H75HTaU3lMHiaR2NUp5MqwLZ
132
132
  langroid/vector_store/postgres.py,sha256=wHPtIi2qM4fhO4pMQr95pz1ZCe7dTb2hxl4VYspGZoA,16104
133
133
  langroid/vector_store/qdrantdb.py,sha256=O6dSBoDZ0jzfeVBd7LLvsXu083xs2fxXtPa9gGX3JX4,18443
134
134
  langroid/vector_store/weaviatedb.py,sha256=Yn8pg139gOy3zkaPfoTbMXEEBCiLiYa1MU5d_3UA1K4,11847
135
- langroid-0.53.4.dist-info/METADATA,sha256=mJijMq7-4U64bl-XA2rQiGdgW6A3TxdMMx60sa-E1Fc,64945
136
- langroid-0.53.4.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
137
- langroid-0.53.4.dist-info/licenses/LICENSE,sha256=EgVbvA6VSYgUlvC3RvPKehSg7MFaxWDsFuzLOsPPfJg,1065
138
- langroid-0.53.4.dist-info/RECORD,,
135
+ langroid-0.53.5.dist-info/METADATA,sha256=ExVMihbLql8jTdQQ-6DuM8Ocjyqc0JV057Sp17U3y8Y,64945
136
+ langroid-0.53.5.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
137
+ langroid-0.53.5.dist-info/licenses/LICENSE,sha256=EgVbvA6VSYgUlvC3RvPKehSg7MFaxWDsFuzLOsPPfJg,1065
138
+ langroid-0.53.5.dist-info/RECORD,,