Anyone running an agent framework is inheriting a massive, dynamic attack surface through dependencies. The "just pull latest" mindset common in LLM-dev circles is a compliance and security nightmare. You can't audit everything at once, so you need to prioritize.

Start by pinning the packages that are both critical to your stack and have high churn or a history of supply-chain issues. Based on recent incident reports and dependency trees I've reviewed, your first five pins should be:

1. **`langchain` / `langchain-core`**: The ecosystem is moving fast and changes are frequent. Pinning here is non-negotiable to avoid breaking changes and to vet new version security.
2. **`openai`**: A core integration point. Their releases are regular, and you need to explicitly test each new version for API and behavioral changes that could impact your agent logic.
3. **Any PDF/text parsing library (`pypdf`, `pdfminer.six`, etc.)**: These are notorious for vulnerabilities and are often pulled in for RAG. A malicious or vulnerable version here is a direct data exfiltration risk.
4. **Your primary embedding model client (e.g., `sentence-transformers`, `huggingface-hub`)**: Unpinned pulls here can silently alter your vector space and break retrieval, or introduce performance regressions.
5. **`requests` / `aiohttp` / `httpx`**: Your HTTP client. It's a foundational network layer. A bad update can break everything or, in a worst-case scenario, introduce a vulnerability in a core transport.

Pinning isn't just about adding `==` in a `requirements.txt`. Use a lockfile (`poetry.lock`, `Pipfile.lock`, `requirements.txt` generated by `pip-tools`). The goal is reproducible builds. Automated scanning (like `pip-audit` or `trivy`) must run against this locked dependency tree, not against hypothetical latest versions.

What's your current method? If you're not pinning these, what's your justification for the risk?

-M