fix(deps): bump locked deps to resolve CVEs (HIGH + moderate)

[joerg84]

Summary

Refresh uv.lock and poetry.lock to clear known CVEs in transitive dev dependencies. pyproject.toml is unchanged — only the resolved lockfile versions move within their existing constraints.

Resolved vulnerabilities

Severity	Package	CVE / GHSA	Notes
HIGH	langchain-core	CVE-2026-44843 / GHSA-pjwx-r37v-7724	Overly broad deserialization allowlist
HIGH	langchain-core	CVE-2026-34070 / GHSA-qh6h-p6c9-ff54	Path traversal in legacy load_prompt (0.3.x fix is 0.3.85+)
HIGH	orjson	GHSA-hx9q-6w63-j58v	Unbounded recursion in deeply nested JSON
Moderate	langchain-core	CVE-2026-40087	f-string prompt-template validation
Moderate	langgraph	CVE-2026-28277	Unsafe msgpack deserialization
Moderate	langsmith	CVE-2026-41182	Streaming token redaction bypass
Moderate	python-dotenv	CVE-2026-28684	Symlink follow on rewrite
Moderate	requests	CVE-2026-25645	extract_zipped_paths tmp predictability
Low	langchain-core	CVE-2026-26013	SSRF in image URL token counting

Version bumps

uv.lock (uv lock --upgrade):

• langchain 1.2.7 → 1.2.18
• langchain-core 1.2.7 → 1.3.3
• langgraph 1.0.7 → 1.1.10
• langsmith 0.6.6 → 0.8.3
• python-dotenv 1.2.1 → 1.2.2
• requests 2.32.5 → 2.33.1
• plus other transitive bumps (openai, pydantic, ruff, etc.)

poetry.lock (poetry update --lock, staying within langchain = \"^0.3.21\"):

• langchain-core 0.3.83 → 0.3.86 (HIGH fix in 0.3.x patch line)
• langsmith 0.3.45 → 0.8.3
• python-dotenv 1.0.1 → 1.2.2
• requests 2.32.3 → 2.33.1
• orjson → 3.11.9 (≥ 3.11.6 fix)

Verification

pip-audit on both updated lockfiles:

• uv.lock: 0 vulnerabilities
• poetry.lock: only 1 remaining — langchain-text-splitters 0.3.11 / CVE-2026-41481 (MEDIUM, SSRF redirect bypass). Fix requires bumping langchain = \"^0.3.21\" → ^1.2.x, which is out of scope for a pure lockfile refresh.

Not addressed (follow-up)

learn/generation/langchain/langgraph/02-ollama-langgraph-agent/poetry.lock has 2 CRITICAL + 9 HIGH Dependabot alerts (h11, langchain-core, langgraph-checkpoint, langchain-text-splitters, orjson, tornado, urllib3). Its pyproject.toml hard-pins old versions (langchain = \"0.2.12\", langchain-core = \"0.2.43\", langgraph = \"0.2.3\"), so fixing those alerts requires manifest changes and notebook re-testing — best handled separately.

Test plan

• pip-audit on the updated uv.lock (0 vulns)
• pip-audit on the updated poetry.lock (only 1 medium remains, out of scope)
• CI lint/notebook smoke tests on this branch

🤖 Generated with Claude Code

---

Note

Low Risk
Lockfile-only dependency bumps; low behavioral risk beyond possible environment/CI breakage from updated transitive packages.

Overview
Refreshes resolved dependency versions by updating only the lockfiles (uv.lock, poetry.lock) to pick up patched releases for several reported CVEs.

pyproject.toml constraints remain unchanged; the PR is strictly a lockfile refresh, so impact is limited to updated transitive (and some direct) pinned versions used in installs/CI.

^{Reviewed by Cursor Bugbot for commit 67d11a1. Bugbot is set up for automated code reviews on this repo. Configure here.}