← Back to the AI Dependency AtlasExact repository supply-chain dossier

LLM_Workshop

bbsr_ida_public/llm_workshop
pypi

This dossier retains 8 exact component occurrences from 1 published evidence files at one immutable repository commit.

opencode:4609fddd886ab2fdproject ID + commit SHA + exact evidence path

Published dependency evidence does not prove deployment, productive use, procurement or runtime reachability.

project ID + commit SHA + exact evidence path
8exact component occurrences
8package identities
1evidence file
10OSV records returned
Exact published evidence

Files that resolve this repository’s dependencies

Every file remains tied to the observed commit. A parse error stays visible and never becomes a zero.

Evidence pathdocker/requirements.txt
Format
exact-manifest-pin
Parser state
parsed
Resolved components
8
Open exact source ↗
Observed relations

Package identities at this commit

pypiLangChain Communitypypi:langchain-community
1 Occurrence0.3.7
MIT4 OSV records returned
pypiLangChainpypi:langchain
1 Occurrence0.3.7
MIT3 OSV records returned
pypiLangGraphpypi:langgraph
1 Occurrence0.3.21
MIT2 OSV records returned
pypiLangChain OpenAIpypi:langchain-openai
1 Occurrence0.2.8
MIT1 OSV record returned
pypiOllama SDKpypi:ollama
1 Occurrence0.4.7
MIT
pypiOpenAI SDKpypi:openai
1 Occurrence1.63.2
Apache-2.0
pypiscikit-learnpypi:scikit-learn
1 Occurrence1.6.1
BSD-3-Clause · non-standard
pypiWeaviate Clientpypi:weaviate-client
1 Occurrence4.11.0
BSD-3-Clause
OSV

Related OSV records

GHSA-3644-q5cj-c5c7

LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning

3 repositories13 Jul 2026
GHSA-45pg-36p6-83v9

Langchain SQL Injection vulnerability

1 repository07 Jul 2026
GHSA-g48c-2wqr-h844

LangGraph checkpoint loading has unsafe msgpack deserialization

3 repositories06 Jun 2026
GHSA-gr75-jv2w-4656

LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders

4 repositories13 Jul 2026
GHSA-pc6w-59fv-rh23

Langchain Community Vulnerable to XML External Entity (XXE) Attacks

2 repositories07 Jul 2026
GHSA-q25c-c977-4cmh

Server-Side Request Forgery in langchain-community.retrievers.web_research.WebResearchRetriever

1 repository07 Jul 2026
GHSA-r7w7-9xr2-qq2r

langchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding

2 repositories06 Jun 2026
GHSA-w39p-vh2g-g8g5

LangGraph SDK has unsafe URL path construction

2 repositories13 Jul 2026
PYSEC-2024-323

Not reported

1 repository13 Jul 2026
Interpretation boundary

Exact identities in, explicit limits out

The collector reads bounded lockfiles, SBOMs and exact double-equals pins at one immutable commit. Version ranges are never resolved by assumption.

Retrieval, parsing, matching and publishing use no generative AI model.

i6eal (2026): LLM_Workshop — exact AI dependency evidence dossier, data state 19 Jul 2026. https://i6eal.de/en/tools/ki-abhaengigkeitsatlas/repository/opencode-4609/

Reading this dossier

Does this repository dossier prove deployment?
No. It documents dependencies published at one observed commit, not a deployed environment.
Why are exact versions required?
OSV and registry metadata can be linked reproducibly only to an observed package@version tuple. The collector never substitutes a newest release for a range.
Does a missing row mean the dependency is absent?
No. It means not observed within the bounded files and repository checkpoint. Incomplete trees and parser failures remain explicit.

Need a permanent dependency evidence trail for another public code cohort?

We build source-backed data products with stable identities, reproducible joins and boundaries that remain visible.

Discuss a data projectExplore all tools