The monolith I work on has this dependency chain:

  monolith -> openai
  monolith -> langchain-openai -> openai

openai, thus, is both a direct and indirect dependency. langchain-openai recently had a vulnerability, and the patch fix is only after a major upgrade to openai. Thus, to upgrade langchain-openai here, I also need to upgrade monolith's use of openai. (From v1 to v2.)