[Snyk] Upgrade langchain from 0.3.31 to 0.3.37

[graymalkin77]

Snyk has created this PR to upgrade langchain from 0.3.31 to 0.3.37.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 6 versions ahead of your current version.

• The recommended version was released a month ago.

Release notes

Package name: langchain

• 0.3.37 - 2025-12-23
• 0.3.36 - 2025-10-13
• 0.3.35 - 2025-09-29
• 0.3.34 - 2025-09-15
• 0.3.33 - 2025-09-04
• 0.3.32 - 2025-09-02
• 0.3.31 - 2025-08-19

from langchain GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[Copilot]

Pull request overview

This PR upgrades the langchain dependency from version 0.3.31 to 0.3.37, addressing a Snyk security recommendation. The update spans 6 minor versions released over approximately one month.

Changes:

• Updated langchain package version in package.json

Files not reviewed (1)

• extensions/chuck-norris-jokes/package-lock.json: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[graymalkin77]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[graymalkin77]

This is a patch version upgrade within the 0.3.x series of langchain. This range consists of bug fixes and minor improvements. The significant breaking changes associated with the Pydantic v2 migration occurred in the initial v0.3.0 release, and no new breaking changes are expected in this patch-level update.
Source: LangChain Release History

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[graymalkin77]

This is a minor version upgrade for the langchain library. Based on semantic versioning practices for patch releases, this update is expected to contain bug fixes and minor improvements without introducing breaking changes. No specific breaking change information was found for this version range.

Source: LangChain Release policy

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[graymalkin77]

This is a minor version upgrade within the v0.3.x series. Analysis of the release history indicates these versions contain bug fixes and minor feature additions. No breaking changes were documented for this range.

Source: Langchain Release History

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[graymalkin77]

This is a minor version upgrade that patches a critical security vulnerability (CVE-2025-68664). [5] According to LangChain's release policy, minor versions do not contain breaking changes. [4] The update is primarily for security and bug fixes.
Source: Release Notes

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.