INTPYTHON-825 LangGraph-Checkpoint CVE fix (#263)

[Issue Key](https://jira.mongodb.org/browse/INTPYTHON-825)

## Summary

<!-- What is this PR introducing? If context is already provided from
the JIRA ticket, still place it in the Pull Request as you should not
make the reviewer do digging for a basic summary. -->

This PR addresses a critical security vulnerability found in
langgraph-checkpoint's serializer, "JsonSerializer". It is described in
detail here: [RCE in json mode of
JsonPlusSerializer](GHSA-wwqv-p2pp-99h5).

## Changes in this PR

<!-- What changes did you make to the code? What new APIs (public or
private) were added, removed, or edited to generate the desired outcome
explained in the above summary? -->

The primary change was to bump to "langggraph-checkpoint >= 3.0".
The base checkpointer removed dumps/loads in preference of typed
versions. We had previously only used the defaults so a few changes were
made to update to these.

## Test Plan

<!-- How did you test the code? If you added unit tests, you can say
that. If you didn’t introduce unit tests, explain why. All code should
be tested in some way – so please list what your validation strategy
was. -->

This change does not change any of our API so no changes to tests were
made. All pass.
[INTPYTHON-826](https://jira.mongodb.org/browse/INTPYTHON-826) will add
tests of the serialization types once we expose them.

### Screenshots (optional)

<!-- Usually a great supplement to a test plan, especially if this
requires local testing. -->

## Checklist

<!-- Do not delete the items provided on this checklist -->

### Checklist for Author

- [X] Did you update the changelog (if necessary)?
- [X] Is the intention of the code captured in relevant tests?
- [x] Has a MongoDB Employee run [the patch build of this
PR](https://github.com/mongodb-labs/ai-ml-pipeline-testing?tab=readme-ov-file#running-a-patch-build-of-a-given-pr)?

### Checklist for Reviewer {@primary_reviewer}

- [ ] Does the title of the PR reference a JIRA Ticket?
- [ ] Do you fully understand the implementation? (Would you be
comfortable explaining how this code works to someone else?)
- [ ] Have you checked for spelling & grammar errors?
- [ ] Is all relevant documentation (README or docstring) updated?

Author: caseyclements

libs/langgraph-checkpoint-mongodb/CHANGELOG.md

@@ -2,6 +2,11 @@
 
 ---
 
+## Changes in version 0.2.2 (2025/11/13)
+
+- Bumps minimum version of langgraph-checkpoint to 3.0 to address the Remode Code Execution CVE in JsonPlusSerializer's "json" mode, described [here](https://osv.dev/vulnerability/GHSA-wwqv-p2pp-99h5).
+- Fixed teardown step in release.yml GitHub workflow.
+
 ## Changes in version 0.2.1 (2025/09/25)
 
 - Fixes bug when graph interrupted leading to DuplicateKeyError when TTL is set.

libs/langgraph-checkpoint-mongodb/langgraph/checkpoint/mongodb/utils.py

@@ -41,7 +41,7 @@ def loads_metadata(metadata: dict[str, Any]) -> CheckpointMetadata:
             output[key] = loads_metadata(value)
         return output
     else:
-        return serde.loads(metadata)
+        return serde.loads_typed(metadata)
 
 
 def dumps_metadata(
@@ -57,4 +57,4 @@ def dumps_metadata(
             output[key] = dumps_metadata(value)
         return output
     else:
-        return serde.dumps(metadata)
+        return serde.dumps_typed(metadata)

libs/langgraph-checkpoint-mongodb/pyproject.toml

@@ -9,8 +9,8 @@ description = "Library with a MongoDB implementation of LangGraph checkpoint sav
 readme = "README.md"
 requires-python = ">=3.10"
 dependencies = [
-    "langgraph-checkpoint>=2.0.23,<3.0.0",
-    "langchain-mongodb>=0.6.1",
+    "langgraph-checkpoint>=3.0.0",
+    "langchain-mongodb<1.0.0",
     "pymongo>=4.12,<4.16",
 ]
 
@@ -21,7 +21,6 @@ dev = [
     "langchain-ollama>=0.2.2",
     "langchain-openai>=0.2.14",
     "langgraph>=0.3.23",
-    "langgraph-checkpoint>=2.0.9",
     "pytest-asyncio>=0.21.1",
     "pytest>=7.2.1",
     "pytest-mock>=3.11.1",

libs/langgraph-checkpoint-mongodb/tests/unit_tests/test_sync.py

@@ -154,7 +154,8 @@ def test_nested_filter() -> None:
         assert (
             isinstance(doc["metadata"], dict)
             and isinstance(doc["metadata"]["writes"], dict)
-            and isinstance(doc["metadata"]["writes"]["message"], bytes)
+            and doc["metadata"]["writes"]["message"][0] == "msgpack"
+            and isinstance(doc["metadata"]["writes"]["message"][1], bytes)
         )
 
         # Test values of checkpoint

libs/langgraph-checkpoint-mongodb/tests/unit_tests/test_time_travel.py

@@ -53,12 +53,13 @@ def checkpointer(request: Any) -> Generator[MongoDBSaver]:
     saver = MongoDBSaver(
         client=client,
         db_name=db_name,
-        collection_name=checkpoint_collection_name,
-        WRITES_COLLECTION_NAME=writes_collection_name,
+        checkpoint_collection_name=checkpoint_collection_name,
+        writes_collection_name=writes_collection_name,
         ttl=request.param,
     )
 
     # Can use this to compare
+    # from langgraph.checkpoint.memory import InMemorySaver
     # saver = InMemorySaver()
 
     yield saver
@@ -93,7 +94,7 @@ def test(checkpointer: MongoDBSaver) -> None:
     graph = workflow.compile(checkpointer=checkpointer)
 
     # Run the graph
-    graph.invoke(input=initial_state, config=config)  # type:ignore[arg-type]
+    graph.invoke(input=initial_state, config=config, stream_mode="checkpoints")  # type:ignore[arg-type]
 
     # Check to see whether the final state is approved
     final_state = graph.get_state(config=config)
@@ -108,10 +109,12 @@ def test(checkpointer: MongoDBSaver) -> None:
 
     target_checkpoint = None
     for checkpoint in checkpoints:
-        # Look for checkpoint after increment but before final processing
+        # Look for checkpoint after add_expense but before validate_expense
         if (
-            checkpoint.metadata and checkpoint.metadata.get("step") == 1
-        ):  # Before validate node
+            checkpoint.metadata
+            and checkpoint.metadata.get("step") == 1
+            and "validate_expense" in checkpoint.next
+        ):
             target_checkpoint = checkpoint
             break
 
@@ -126,15 +129,16 @@ def test(checkpointer: MongoDBSaver) -> None:
     assert target_checkpoint
     past_state = graph.get_state(target_checkpoint.config)
 
-    # Update the expense amount to 200 that validate amounts
+    # Update the expense amount to 200 that validates amounts
     updated_state = dict(**past_state.values)
-    # updated_state = {}
-    updated_state["amount"] = 200
-    updated_state["version"] = 2
+    updated_state["amount"] += 100
+    updated_state["version"] += 1
     updated_state["messages"] += ["Updated state"]
 
     updated_config = graph.update_state(
-        config=target_checkpoint.config, values=updated_state
+        config=target_checkpoint.config,
+        values=updated_state,
+        as_node="add_expense",
     )
 
     # Continue from the checkpoint

libs/langgraph-checkpoint-mongodb/uv.lock

@@ -2,6 +2,11 @@
 
 ---
 
+## Changes in version 0.1.1 (2025/11/13)
+
+- Bumps minimum version of langgraph-checkpoint to 3.0 to address the Remode Code Execution CVE in JsonPlusSerializer's "json" mode, described [here](https://osv.dev/vulnerability/GHSA-wwqv-p2pp-99h5).
+- Only lists authorized collections when listing collections.
+
 ## Changes in version 0.1.0 (2025/08/20)
 
 - Add additional client metadata to ``collection`` objects consumed by ``langgraph-store-mongodb``.

libs/langgraph-store-mongodb/CHANGELOG.md

@@ -9,7 +9,7 @@ description = "MongoDB implementation of the LangGraph long-term memory store."
 readme = "README.md"
 requires-python = ">=3.10"
 dependencies = [
-    "langgraph-checkpoint>=2.0.23,<3.0.0",
+    "langgraph-checkpoint>=3.0.0",
     "langchain-mongodb>=0.6.1",
 ]