10 Commits (0df76bee3770c17fb4d6997de99e2dd5fc96e338)

Author	SHA1	Message	Date
ale-delfino	0df76bee37	core[patch]:: XML parser to cover the case when the xml only contains the root level tag (#17456) ... Description: Fix xml parser to handle strings that only contain the root tag Issue: N/A Dependencies: None Twitter handle: N/A A valid xml text can contain only the root level tag. Example: <body> Some text here </body> The example above is a valid xml string. If parsed with the current implementation the result is {"body": []}. This fix checks if the root level text contains any non-whitespace character and if that's the case it returns {root.tag: root.text}. The result is that the above text is correctly parsed as {"body": "Some text here"} @ale-delfino Thank you for contributing to LangChain! Checklist: - [x] PR title: Please title your PR "package: description", where "package" is whichever of langchain, community, core, experimental, etc. is being modified. Use "docs: ..." for purely docs changes, "templates: ..." for template changes, "infra: ..." for CI changes. - Example: "community: add foobar LLM" - [x] PR message: **Delete this entire template message** and replace it with the following bulleted list - **Description:** a description of the change - **Issue:** the issue # it fixes, if applicable - **Dependencies:** any dependencies required for this change - **Twitter handle:** if your PR gets announced, and you'd like a mention, we'll gladly shout you out! - [x] Pass lint and test: Run `make format`, `make lint` and `make test` from the root of the package(s) you've modified to check that you're passing lint and testing. See contribution guidelines for more information on how to write/run tests, lint, etc: https://python.langchain.com/docs/contributing/ - [x] Add tests and docs: If you're adding a new integration, please include 1. a test for the integration, preferably unit tests that do not rely on network access, 2. an example notebook showing its use. It lives in `docs/docs/integrations` directory. Additional guidelines: - Make sure optional dependencies are imported within a function. - Please do not add dependencies to pyproject.toml files (even optional ones) unless they are required for unit tests. - Most PRs should not touch more than one package. - Changes should be backwards compatible. - If you are adding something to community, do not re-import it in langchain. If no one reviews your PR within a few days, please @-mention one of @baskaryan, @efriis, @eyurtsev, @hwchase17. --------- Co-authored-by: Eugene Yurtsev <eyurtsev@gmail.com>	3 months ago
Eugene Yurtsev	e8339b1d83	core[patch]: Patch XML vulnerability in XMLOutputParser (CVE-2024-1455) (#19653) ... Patch potential XML vulnerability CVE-2024-1455 This patches a potential XML vulnerability in the XMLOutputParser in langchain-core. The vulnerability in some situations could lead to a denial of service attack. At risk are users that: 1) Running older distributions of python that have older version of libexpat 2) Are using XMLOutputParser with an agent 3) Accept inputs from untrusted sources with this agent (e.g., endpoint on the web that allows an untrusted user to interact wiith the parser)	3 months ago
Eugene Yurtsev	8ab7bb3166	core[patch]: XMLOutputParser fix to handle changes to xml standard library (#19612) ... Newest python micro releases broke streaming in the XMLOutputParser. This fixes the parsing code to work with trailing junk after the XML content.	3 months ago
Eugene Yurtsev	8bc5cdccee	core[patch]: Reverting changes with defusedXML (#19604) ... DefusedXML is causing parsing errors on previously functional code with the 0.7.x versions. These do not seem to support newer version of python well. 0.8.x has only been released as rc, so we're not going to to use it in the core package	3 months ago
Eugene Yurtsev	56f4c5459b	core[patch]: fix xml output parser transform (#19530) ... Previous PR passed _parser attribute which apparently is not meant to be used by user code and causes non deterministic failures on CI when testing the transform and a transform methods. Reverting this change temporarily.	3 months ago
Eugene Yurtsev	727d5023ce	core[patch]: Use defusedxml in XMLOutputParser (#19526) ... This mitigates a security concern for users still using older versions of libexpat that causes an attacker to compromise the availability of the system if an attacker manages to surface malicious payload to this XMLParser.	3 months ago
Kangmoon Seo	07de4abe70	core: Fix Exception handling in XMLOutputParser (#19126) ... - **Description:** - Exception handling in `XMLOutputParser` 1. Add Exception handling at `root = ET.fromstring(text)` // raises `ET.ParseError` 2. Fix Exception class (commonly uses in `BaseOutputParser` class) - AS-IS: raise `ValueError`, `ET.ParserError` without handling ```python # langchain_core/output_parsers/xml.py text = text.strip() if (text.startswith("<") or text.startswith("\n<")) and ( text.endswith(">") or text.endswith(">\n") ): root = ET.fromstring(text) return self._root_to_dict(root) else: raise ValueError(f"Could not parse output: {text}") ``` - TO-BE: raise `OutputParserException` ```python # langchain_core/output_parsers/xml.py text = text.strip() if (text.startswith("<") or text.startswith("\n<")) and ( text.endswith(">") or text.endswith(">\n") ): try: root = ET.fromstring(text) return self._root_to_dict(root) except ET.ParseError: raise OutputParserException(f"Could not parse output: {text}") else: raise OutputParserException(f"Could not parse output: {text}") ``` - **Issue:** #19107 - **Dependencies:** None	3 months ago
Nuno Campos	36ceffd2cd	Strip code block fences and extra test from xml when doing streaming … (#15293) ... …parse <!-- Thank you for contributing to LangChain! Please title your PR "<package>: <description>", where <package> is whichever of langchain, community, core, experimental, etc. is being modified. Replace this entire comment with: - **Description:** a description of the change, - **Issue:** the issue # it fixes if applicable, - **Dependencies:** any dependencies required for this change, - **Twitter handle:** we announce bigger features on Twitter. If your PR gets announced, and you'd like a mention, we'll gladly shout you out! Please make sure your PR is passing linting and testing before submitting. Run `make format`, `make lint` and `make test` from the root of the package you've modified to check this locally. See contribution guidelines for more information on how to write/run tests, lint, etc: https://python.langchain.com/docs/contributing/ If you're adding a new integration, please include: 1. a test for the integration, preferably unit tests that do not rely on network access, 2. an example notebook showing its use. It lives in `docs/docs/integrations` directory. If no one reviews your PR within a few days, please @-mention one of @baskaryan, @eyurtsev, @hwchase17. -->	6 months ago
Harrison Chase	b86803153e	[core, langchain] modelio code improvements (#15277)	6 months ago
Nuno Campos	71076cceaf	Move json and xml parsers to core (#15026) ... <!-- Thank you for contributing to LangChain! Please title your PR "<package>: <description>", where <package> is whichever of langchain, community, core, experimental, etc. is being modified. Replace this entire comment with: - **Description:** a description of the change, - **Issue:** the issue # it fixes if applicable, - **Dependencies:** any dependencies required for this change, - **Twitter handle:** we announce bigger features on Twitter. If your PR gets announced, and you'd like a mention, we'll gladly shout you out! Please make sure your PR is passing linting and testing before submitting. Run `make format`, `make lint` and `make test` from the root of the package you've modified to check this locally. See contribution guidelines for more information on how to write/run tests, lint, etc: https://python.langchain.com/docs/contributing/ If you're adding a new integration, please include: 1. a test for the integration, preferably unit tests that do not rely on network access, 2. an example notebook showing its use. It lives in `docs/docs/integrations` directory. If no one reviews your PR within a few days, please @-mention one of @baskaryan, @eyurtsev, @hwchase17. -->	6 months ago