Commit Graph

466 Commits

Author SHA1 Message Date
Radhakrishnan Pachyappan
a07356f839 fix(anthropic): add advisor_ prefix to builtin tool recognition (#38686) 2026-07-09 22:18:52 -04:00
Mason Daugherty
a4294f9a39 chore(deps): refresh lockfiles (#38746) 2026-07-09 12:43:43 -04:00
langchain-oss-model-profiles[bot]
83386b56e1 chore(model-profiles): refresh model profile data (#38689)
Automated refresh of model profile data for all in-monorepo partner
integrations via `langchain-profiles refresh`.

🤖 Generated by the [`refresh_model_profiles`
workflow](https://github.com/langchain-ai/langchain/blob/master/.github/workflows/refresh_model_profiles.yml).


## Summary of changes

**0 added · 10 removed · 12 changed** across 2 provider(s).

<details>
<summary>anthropic</summary>

** 10 removed**
- `claude-3-5-sonnet-20240620`
- `claude-3-5-sonnet-20241022`
- `claude-3-7-sonnet-20250219`
- `claude-3-haiku-20240307`
- `claude-3-opus-20240229`
- `claude-3-sonnet-20240229`
- `claude-opus-4-0`
- `claude-opus-4-20250514`
- `claude-sonnet-4-0`
- `claude-sonnet-4-20250514`

**✏️ 10 changed**
- `claude-fable-5`: release date `2026-06-09` → `2026-06-07`
- `claude-opus-4-1`: status unset → `deprecated`
- `claude-opus-4-1-20250805`: status unset → `deprecated`
- `claude-opus-4-5-20251101`: release date `2025-11-01` → `2025-11-24`
- `claude-opus-4-6`: release date `2026-02-05` → `2026-02-04`
- `claude-opus-4-7`: release date `2026-04-16` → `2026-04-14`
- `claude-sonnet-4-5`: max input tokens 200,000 → 1,000,000
- `claude-sonnet-4-5-20250929`: max input tokens 200,000 → 1,000,000
- `claude-sonnet-4-6`: max output tokens 64,000 → 128,000
- `claude-sonnet-5`: release date `2026-06-30` → `2026-06-29`

</details>

<details>
<summary>openrouter</summary>

**✏️ 2 changed**
- `openai/gpt-oss-20b`: display name `gpt-oss-20b` → `GPT OSS 20B`
- `z-ai/glm-5.2`: max input tokens 1,024,000 → 1,048,576; max output
tokens 128,000 → 131,072

</details>

---------

Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>
Co-authored-by: Mason Daugherty <github@mdrxy.com>
2026-07-06 10:09:28 -04:00
langchain-oss-model-profiles[bot]
8146596e0a chore(model-profiles): refresh model profile data (#38663)
Automated refresh of model profile data for all in-monorepo partner
integrations via `langchain-profiles refresh`.

🤖 Generated by the `refresh_model_profiles` workflow.


## Summary of changes

**35 added · 8 removed · 33 changed** across 6 provider(s).

### anthropic

** 1 added**
- `claude-sonnet-5` — 1,000,000 ctx, 128,000 out, text+image+pdf in,
reasoning, tools

** 2 removed**
- `claude-3-5-haiku-20241022`
- `claude-3-5-haiku-latest`

### fireworks-ai

** 1 added**
- `accounts/fireworks/routers/glm-5p2-fast` — 1,048,575 ctx, 131,072
out, reasoning, tools

**✏️ 1 changed**
- `accounts/fireworks/models/glm-5p2`: max input tokens 1,048,576 →
1,048,575

### groq

**✏️ 1 changed**
- `openai/gpt-oss-safeguard-20b`: last updated `2025-10-29` →
`2026-06-29`

### huggingface

** 26 added**
- `MiniMaxAI/MiniMax-M2` — 204,800 ctx, 128,000 out, reasoning, tools
- `MiniMaxAI/MiniMax-M3` — 524,288 ctx, 128,000 out, text+image in,
reasoning, tools
- `Qwen/Qwen3-235B-A22B` — 40,960 ctx, 16,384 out, reasoning, tools
- `Qwen/Qwen3-32B` — 131,072 ctx, 16,384 out, reasoning, tools
- `Qwen/Qwen3-Coder-30B-A3B-Instruct` — 262,144 ctx, 65,536 out, tools
- `Qwen/Qwen3.5-122B-A10B` — 262,144 ctx, 65,536 out, text+image in,
reasoning, tools
- `Qwen/Qwen3.5-27B` — 262,144 ctx, 65,536 out, text+image in,
reasoning, tools
- `Qwen/Qwen3.5-35B-A3B` — 262,144 ctx, 65,536 out, text+image in,
reasoning, tools
- `Qwen/Qwen3.5-9B` — 262,144 ctx, 65,536 out, text+image in, reasoning,
tools
- `Qwen/Qwen3.6-27B` — 262,144 ctx, 65,536 out, text+image in,
reasoning, tools
- `Qwen/Qwen3.6-35B-A3B` — 262,144 ctx, 65,536 out, text+image in,
reasoning, tools
- `XiaomiMiMo/MiMo-V2.5-Pro` — 1,048,576 ctx, 131,072 out, reasoning,
tools
- `deepseek-ai/DeepSeek-R1` — 64,000 ctx, 32,768 out, reasoning, tools
- `deepseek-ai/DeepSeek-V4-Flash` — 1,048,576 ctx, 384,000 out,
reasoning, tools
- `google/gemma-4-26B-A4B-it` — 262,144 ctx, 32,768 out, text+image in,
reasoning, tools
- `google/gemma-4-31B-it` — 262,144 ctx, 32,768 out, text+image in,
reasoning, tools
- `meta-llama/Llama-3.3-70B-Instruct` — 131,072 ctx, 4,096 out, tools
- `moonshotai/Kimi-K2.7-Code` — 262,144 ctx, 262,144 out, text+image in,
reasoning, tools
- `openai/gpt-oss-120b` — 131,072 ctx, 32,768 out, reasoning, tools
- `stepfun-ai/Step-3.5-Flash` — 262,144 ctx, 256,000 out, reasoning,
tools
- `stepfun-ai/Step-3.7-Flash` — 262,144 ctx, 256,000 out, text+image in,
reasoning, tools
- `zai-org/GLM-4.5` — 131,072 ctx, 98,304 out, reasoning, tools
- `zai-org/GLM-4.5-Air` — 131,072 ctx, 98,304 out, reasoning, tools
- `zai-org/GLM-4.5V` — 65,536 ctx, 16,384 out, text+image in, reasoning,
tools
- `zai-org/GLM-4.6` — 204,800 ctx, 131,072 out, reasoning, tools
- …and 1 more

### mistral

**✏️ 1 changed**
- `mistral-medium-latest`: last updated `2025-08-12` → `2026-04-29`;
added open weights; added reasoning; release date `2025-08-12` →
`2026-04-29`; added structured output

### openrouter

** 7 added**
- `anthropic/claude-fable-5` — 1,000,000 ctx, 128,000 out,
text+image+pdf in, reasoning, tools
- `anthropic/claude-sonnet-5` — 1,000,000 ctx, 128,000 out,
text+image+pdf in, reasoning, tools
- `google/gemini-3.1-flash-lite-image` — 65,536 ctx, 66,000 out,
text+image in, reasoning
- `poolside/laguna-xs-2.1` — 262,144 ctx, 32,768 out, reasoning, tools
- `poolside/laguna-xs-2.1:free` — 262,144 ctx, 32,768 out, reasoning,
tools
- `sakana/fugu-ultra` — 1,000,000 ctx, 128,000 out, text+image in,
reasoning, tools
- `z-ai/glm-5v-turbo` — 202,752 ctx, 131,072 out, text+image+video in,
reasoning, tools

** 6 removed**
- `anthropic/claude-opus-4.6-fast`
- `essentialai/rnj-1-instruct`
- `microsoft/phi-4-mini-instruct`
- `nex-agi/nex-n2-pro:free`
- `openrouter/owl-alpha`
- `prime-intellect/intellect-3`

**✏️ 30 changed**
- `arcee-ai/trinity-large-thinking`: removed structured output
- `deepseek/deepseek-v4-flash`: max input tokens 1,000,000 → 1,048,576;
max output tokens 65,536 → 16,384
- `google/gemini-2.5-flash-image`: max output tokens 8,192 → 32,768
- `google/gemini-3.1-flash-image`: max input tokens 65,536 → 131,072;
max output tokens 65,536 → 32,768
- `google/gemma-4-26b-a4b-it:free`: added structured output
- `minimax/minimax-m2`: max input tokens 196,608 → 204,800; max output
tokens 196,608 → 131,072
- `minimax/minimax-m2.1`: max input tokens 196,608 → 204,800; max output
tokens 196,608 → 131,072; removed structured output
- `minimax/minimax-m2.7`: max output tokens 131,072 → 196,608
- `moonshotai/kimi-k2`: max output tokens 32,768 → 100,352
- `moonshotai/kimi-k2-0905`: max output tokens 262,144 → 100,352
- `moonshotai/kimi-k2-thinking`: max output tokens 262,144 → 100,352
- `moonshotai/kimi-k2.5`: max output tokens 262,144 → 256,000
- `moonshotai/kimi-k2.6`: max output tokens 65,535 → 262,144
- `moonshotai/kimi-k2.7-code`: max output tokens 262,144 → 16,384
- `nvidia/nemotron-3-super-120b-a12b`: max output tokens 262,144 →
16,384
- `openai/gpt-oss-120b`: max output tokens 32,768 → 131,072; display
name `gpt-oss-120b` → `GPT OSS 120B`
- `qwen/qwen3-235b-a22b-thinking-2507`: max input tokens 262,144 →
131,072; removed structured output
- `qwen/qwen3-30b-a3b-thinking-2507`: max input tokens 131,072 → 81,920;
max output tokens 131,072 → 32,768; removed structured output
- `qwen/qwen3-8b`: max input tokens 40,960 → 131,072; removed structured
output
- `qwen/qwen3.5-35b-a3b`: max output tokens 262,144 → 81,920
- `qwen/qwen3.5-397b-a17b`: max output tokens 65,536 → 64,000
- `stepfun/step-3.5-flash`: max output tokens 16,384 → 65,536
- `thedrummer/rocinante-12b`: removed structured output; removed tool
calling
- `x-ai/grok-4.3`: added PDF input
- `xiaomi/mimo-v2.5`: max input tokens 1,048,576 → 32,000
- …and 5 more

---------

Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>
Co-authored-by: Mason Daugherty <github@mdrxy.com>
2026-07-04 20:08:45 -04:00
dependabot[bot]
4e208f1e40 chore: bump the minor-and-patch group across 3 directories with 11 updates (#38587)
Bumps the minor-and-patch group with 7 updates in the
/libs/model-profiles directory:

| Package | From | To |
| --- | --- | --- |
| [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) |
`1.3.0` | `1.4.0` |
| [pytest-socket](https://github.com/miketheman/pytest-socket) | `0.7.0`
| `0.8.0` |
| [syrupy](https://github.com/syrupy-project/syrupy) | `5.2.0` | `5.3.4`
|
| [ruff](https://github.com/astral-sh/ruff) | `0.15.13` | `0.15.20` |
| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.8.18`
| `0.9.4` |
| [uuid-utils](https://github.com/aminalaee/uuid-utils) | `0.15.0` |
`0.16.2` |
| [langgraph](https://github.com/langchain-ai/langgraph) | `1.2.5` |
`1.2.7` |

Bumps the minor-and-patch group with 7 updates in the
/libs/standard-tests directory:

| Package | From | To |
| --- | --- | --- |
| [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) |
`1.3.0` | `1.4.0` |
| [pytest-socket](https://github.com/miketheman/pytest-socket) | `0.7.0`
| `0.8.0` |
| [syrupy](https://github.com/syrupy-project/syrupy) | `5.2.0` | `5.3.4`
|
| [ruff](https://github.com/astral-sh/ruff) | `0.15.13` | `0.15.20` |
| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.8.18`
| `0.9.4` |
| [uuid-utils](https://github.com/aminalaee/uuid-utils) | `0.15.0` |
`0.16.2` |
| [langchain-protocol](https://github.com/langchain-ai/agent-protocol) |
`0.0.17` | `0.0.18` |

Bumps the minor-and-patch group with 9 updates in the
/libs/text-splitters directory:

| Package | From | To |
| --- | --- | --- |
| [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) |
`1.3.0` | `1.4.0` |
| [pytest-socket](https://github.com/miketheman/pytest-socket) | `0.7.0`
| `0.8.0` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.13` | `0.15.20` |
| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.8.18`
| `0.9.4` |
| [uuid-utils](https://github.com/aminalaee/uuid-utils) | `0.15.0` |
`0.16.2` |
| [langchain-protocol](https://github.com/langchain-ai/agent-protocol) |
`0.0.17` | `0.0.18` |
| [beautifulsoup4](https://www.crummy.com/software/BeautifulSoup/bs4/) |
`4.14.3` | `4.15.0` |
| [transformers](https://github.com/huggingface/transformers) | `5.8.1`
| `5.12.1` |
|
[sentence-transformers](https://github.com/huggingface/sentence-transformers)
| `5.5.0` | `5.6.0` |


Updates `pytest-asyncio` from 1.3.0 to 1.4.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pytest-dev/pytest-asyncio/releases">pytest-asyncio's
releases</a>.</em></p>
<blockquote>
<h2>pytest-asyncio v1.4.0</h2>
<h1><a
href="https://github.com/pytest-dev/pytest-asyncio/tree/1.4.0">1.4.0</a>
- 2026-05-26</h1>
<h2>Deprecated</h2>
<ul>
<li>Overriding the <em>event_loop_policy</em> fixture is deprecated. Use
the <code>pytest_asyncio_loop_factories</code> hook instead. (<a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1419">#1419</a>)</li>
</ul>
<h2>Added</h2>
<ul>
<li>
<p>Added the <code>pytest_asyncio_loop_factories</code> hook to
parametrize asyncio tests with custom event loop factories.</p>
<p>The hook returns a mapping of factory names to loop factories, and
<code>pytest.mark.asyncio(loop_factories=[...])</code> selects a subset
of configured factories per test. When a single factory is configured,
test names are unchanged.</p>
<p>Synchronous <code>@pytest_asyncio.fixture</code> functions now see
the correct event loop when custom loop factories are configured, even
when test code disrupts the current event loop (e.g., via
<code>asyncio.run()</code> or
<code>asyncio.set_event_loop(None)</code>). (<a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1164">#1164</a>)</p>
</li>
</ul>
<h2>Changed</h2>
<ul>
<li>Improved the readability of the warning message that is displayed
when <code>asyncio_default_fixture_loop_scope</code> is unset (<a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1298">#1298</a>)</li>
<li>Only import <code>asyncio.AbstractEventLoopPolicy</code> for type
checking to avoid raising
a DeprecationWarning. (<a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1394">#1394</a>)</li>
<li>Updated minimum supported pytest version to v8.4.0. (<a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1397">#1397</a>)</li>
</ul>
<h2>Fixed</h2>
<ul>
<li>Fixed a <code>ResourceWarning: unclosed event loop</code> warning
that could occur when a synchronous test called
<code>asyncio.run()</code> or otherwise unset the current event loop
after pytest-asyncio had run an async test or fixture. (<a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/724">#724</a>)</li>
</ul>
<h2>Notes for Downstream Packagers</h2>
<ul>
<li>Added dependency on <code>sphinx-tabs &gt;= 3.5</code> to organize
documentation examples into tabs. (<a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1395">#1395</a>)</li>
</ul>
<h2>pytest-asyncio v1.4.0a2</h2>
<h1><a
href="https://github.com/pytest-dev/pytest-asyncio/tree/1.4.0a2">1.4.0a2</a>
- 2026-05-02</h1>
<h2>Deprecated</h2>
<ul>
<li>Overriding the <em>event_loop_policy</em> fixture is deprecated. Use
the <code>pytest_asyncio_loop_factories</code> hook instead. (<a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1419">#1419</a>)</li>
</ul>
<h2>Added</h2>
<ul>
<li>
<p>Added the <code>pytest_asyncio_loop_factories</code> hook to
parametrize asyncio tests with custom event loop factories.</p>
<p>The hook returns a mapping of factory names to loop factories, and
<code>pytest.mark.asyncio(loop_factories=[...])</code> selects a subset
of configured factories per test. When a single factory is configured,
test names are unchanged on pytest 8.4+.</p>
<p>Synchronous <code>@pytest_asyncio.fixture</code> functions now see
the correct event loop when custom loop factories are configured, even
when test code disrupts the current event loop (e.g., via
<code>asyncio.run()</code> or
<code>asyncio.set_event_loop(None)</code>). (<a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1164">#1164</a>)</p>
</li>
</ul>
<h2>Changed</h2>
<ul>
<li>Improved the readability of the warning message that is displayed
when <code>asyncio_default_fixture_loop_scope</code> is unset (<a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1298">#1298</a>)</li>
<li>Only import <code>asyncio.AbstractEventLoopPolicy</code> for type
checking to avoid raising
a DeprecationWarning. (<a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1394">#1394</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6e14cd2af9"><code>6e14cd2</code></a>
chore: Prepare release of v1.4.0.</li>
<li><a
href="4b900fb5d0"><code>4b900fb</code></a>
Build(deps): Bump codecov/codecov-action from 6.0.0 to 6.0.1</li>
<li><a
href="ab9f632450"><code>ab9f632</code></a>
Build(deps): Bump zipp from 3.23.1 to 4.1.0</li>
<li><a
href="a56fc77ecd"><code>a56fc77</code></a>
Build(deps): Bump hypothesis from 6.152.6 to 6.152.8</li>
<li><a
href="e8bae9bc1f"><code>e8bae9b</code></a>
Build(deps): Bump requests from 2.34.0 to 2.34.2</li>
<li><a
href="fc433402c5"><code>fc43340</code></a>
Build(deps): Bump idna from 3.14 to 3.15</li>
<li><a
href="762eaf5033"><code>762eaf5</code></a>
Build(deps): Bump jaraco-functools from 4.4.0 to 4.5.0</li>
<li><a
href="b62e2228c8"><code>b62e222</code></a>
Build(deps): Bump click from 8.3.3 to 8.4.0</li>
<li><a
href="9190447006"><code>9190447</code></a>
Build(deps): Bump pydantic from 2.13.3 to 2.13.4</li>
<li><a
href="82a393c5e3"><code>82a393c</code></a>
ci: Remove unnecessary debug output.</li>
<li>Additional commits viewable in <a
href="https://github.com/pytest-dev/pytest-asyncio/compare/v1.3.0...v1.4.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `pytest-socket` from 0.7.0 to 0.8.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/miketheman/pytest-socket/releases">pytest-socket's
releases</a>.</em></p>
<blockquote>
<h2>0.8.0</h2>
<h2>What's Changed</h2>
<h3>Enhancements</h3>
<ul>
<li>Block DNS resolution (<code>getaddrinfo</code>,
<code>gethostbyname</code>) when sockets are disabled <a
href="https://redirect.github.com/miketheman/pytest-socket/issues/482">#482</a></li>
<li>Support CIDR network ranges in <code>allow_hosts</code> <a
href="https://redirect.github.com/miketheman/pytest-socket/issues/479">#479</a></li>
<li>Warn before raising on a blocked socket call <a
href="https://redirect.github.com/miketheman/pytest-socket/issues/468">#468</a></li>
<li>Cache hostname resolutions during a test run <a
href="https://redirect.github.com/miketheman/pytest-socket/issues/369">#369</a></li>
</ul>
<h3>Changes</h3>
<ul>
<li><strong>Removed support for Python 3.8 and 3.9.</strong> Python 3.10
is now the minimum.</li>
<li>Test against Python 3.13, 3.14, and free-threaded 3.13t/3.14t</li>
<li>Replaced Poetry with uv <a
href="https://redirect.github.com/miketheman/pytest-socket/issues/429">#429</a></li>
<li>Added type hints <a
href="https://redirect.github.com/miketheman/pytest-socket/issues/465">#465</a></li>
<li>Swapped <code>pytest-httpbin</code> for a local test fixture <a
href="https://redirect.github.com/miketheman/pytest-socket/issues/467">#467</a></li>
<li>Dependency, CI, and development updates</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/twm"><code>@​twm</code></a> made their
first contribution in <a
href="https://redirect.github.com/miketheman/pytest-socket/pull/369">miketheman/pytest-socket#369</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/miketheman/pytest-socket/compare/0.7.0...0.8.0">https://github.com/miketheman/pytest-socket/compare/0.7.0...0.8.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/miketheman/pytest-socket/blob/main/CHANGELOG.md">pytest-socket's
changelog</a>.</em></p>
<blockquote>
<h2>[0.8.0][] (2026-05-21)</h2>
<p>Enhancements:</p>
<ul>
<li>Block DNS resolution (<code>getaddrinfo</code>,
<code>gethostbyname</code>) when sockets are disabled <a
href="https://redirect.github.com/miketheman/pytest-socket/issues/482">#482</a></li>
<li>Support CIDR network ranges in <code>allow_hosts</code> <a
href="https://redirect.github.com/miketheman/pytest-socket/issues/479">#479</a></li>
<li>Warn before raising on a blocked socket call <a
href="https://redirect.github.com/miketheman/pytest-socket/issues/468">#468</a></li>
<li>Cache hostname resolutions during a test run <a
href="https://redirect.github.com/miketheman/pytest-socket/issues/369">#369</a></li>
</ul>
<p>Changes:</p>
<ul>
<li><strong>Removed support for Python 3.8 and 3.9.</strong> Python 3.10
is now the minimum.</li>
<li>Test against Python 3.13, 3.14, and free-threaded 3.13t/3.14t</li>
<li>Replaced Poetry with uv <a
href="https://redirect.github.com/miketheman/pytest-socket/issues/429">#429</a></li>
<li>Added type hints <a
href="https://redirect.github.com/miketheman/pytest-socket/issues/465">#465</a></li>
<li>Swapped <code>pytest-httpbin</code> for a local test fixture <a
href="https://redirect.github.com/miketheman/pytest-socket/issues/467">#467</a></li>
<li>Dependency, CI, and development updates</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f9ec1395f4"><code>f9ec139</code></a>
pytest-socket, v0.8.0 (<a
href="https://redirect.github.com/miketheman/pytest-socket/issues/484">#484</a>)</li>
<li><a
href="3930df85c1"><code>3930df8</code></a>
chore(ci): add publish workflow, update others (<a
href="https://redirect.github.com/miketheman/pytest-socket/issues/483">#483</a>)</li>
<li><a
href="aae7f44b24"><code>aae7f44</code></a>
feat: also block DNS resolution (<a
href="https://redirect.github.com/miketheman/pytest-socket/issues/482">#482</a>)</li>
<li><a
href="f0700d2379"><code>f0700d2</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/miketheman/pytest-socket/issues/481">#481</a>)</li>
<li><a
href="09ba021cd3"><code>09ba021</code></a>
chore(deps): full sweep of all dependency upgrades (<a
href="https://redirect.github.com/miketheman/pytest-socket/issues/480">#480</a>)</li>
<li><a
href="8dc62860f3"><code>8dc6286</code></a>
feat(allow_hosts): support CIDR network entries (<a
href="https://redirect.github.com/miketheman/pytest-socket/issues/479">#479</a>)</li>
<li><a
href="06ed8a1562"><code>06ed8a1</code></a>
chore(deps-dev): bump starlette from 0.49.1 to 1.0.0 (<a
href="https://redirect.github.com/miketheman/pytest-socket/issues/478">#478</a>)</li>
<li><a
href="b3132108f9"><code>b313210</code></a>
chore(deps-dev): bump mypy from 1.20.0 to 1.20.2 (<a
href="https://redirect.github.com/miketheman/pytest-socket/issues/477">#477</a>)</li>
<li><a
href="f7e85f788b"><code>f7e85f7</code></a>
chore(deps-dev): bump pytest-randomly from 3.16.0 to 4.0.1 (<a
href="https://redirect.github.com/miketheman/pytest-socket/issues/476">#476</a>)</li>
<li><a
href="89690a6c31"><code>89690a6</code></a>
chore: dependabot config (<a
href="https://redirect.github.com/miketheman/pytest-socket/issues/475">#475</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/miketheman/pytest-socket/compare/0.7.0...0.8.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `syrupy` from 5.2.0 to 5.3.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/syrupy-project/syrupy/releases">syrupy's
releases</a>.</em></p>
<blockquote>
<h2>v5.3.4</h2>
<h2>What's Changed</h2>
<ul>
<li>perf: drop per-node kwargs dict from the amber serializer by <a
href="https://github.com/frenck"><code>@​frenck</code></a> in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1122">syrupy-project/syrupy#1122</a></li>
<li>perf: give the internal matcher wrapper an explicit signature by <a
href="https://github.com/frenck"><code>@​frenck</code></a> in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1121">syrupy-project/syrupy#1121</a></li>
<li>fix: avoid os.environ mutation for color control by <a
href="https://github.com/frenck"><code>@​frenck</code></a> in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1125">syrupy-project/syrupy#1125</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/syrupy-project/syrupy/compare/v5.3.3...v5.3.4">https://github.com/syrupy-project/syrupy/compare/v5.3.3...v5.3.4</a></p>
<h2>v5.3.3</h2>
<h2>What's Changed</h2>
<ul>
<li>perf: speed up string serialization in amber serializer by <a
href="https://github.com/frenck"><code>@​frenck</code></a> in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1118">syrupy-project/syrupy#1118</a></li>
<li>perf: avoid copying the cycle-detection set on every serialized node
by <a href="https://github.com/frenck"><code>@​frenck</code></a> in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1119">syrupy-project/syrupy#1119</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/TejasAmle"><code>@​TejasAmle</code></a>
made their first contribution in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1113">syrupy-project/syrupy#1113</a></li>
<li><a href="https://github.com/frenck"><code>@​frenck</code></a> made
their first contribution in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1118">syrupy-project/syrupy#1118</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/syrupy-project/syrupy/compare/v5.3.2...v5.3.3">https://github.com/syrupy-project/syrupy/compare/v5.3.2...v5.3.3</a></p>
<h2>v5.3.2</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: overlapping test filenames across directories by <a
href="https://github.com/noahnu"><code>@​noahnu</code></a> in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1104">syrupy-project/syrupy#1104</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/syrupy-project/syrupy/compare/v5.3.1...v5.3.2">https://github.com/syrupy-project/syrupy/compare/v5.3.1...v5.3.2</a></p>
<h2>v5.3.1</h2>
<h2>What's Changed</h2>
<h3>Fixes</h3>
<ul>
<li>fix(test): mark pydantic and attrs as dependencies for running
internal tests by <a
href="https://github.com/noahnu"><code>@​noahnu</code></a> in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1108">syrupy-project/syrupy#1108</a>
-- <strong>This only affects users trying to run the syrupy tests
themselves, not consumers of syrupy.</strong></li>
</ul>
<h3>Misc</h3>
<ul>
<li>chore(deps): update astral-sh/setup-uv action to v8.1.0 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1103">syrupy-project/syrupy#1103</a></li>
<li>chore(deps): update python docker tag to v3.14.4 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1102">syrupy-project/syrupy#1102</a></li>
<li>chore(deps): update benchmark-action/github-action-benchmark action
to v1.22.1 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1105">syrupy-project/syrupy#1105</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/syrupy-project/syrupy/compare/v5.3.0...v5.3.1">https://github.com/syrupy-project/syrupy/compare/v5.3.0...v5.3.1</a></p>
<h2>v5.3.0</h2>
<h2>What's Changed</h2>
<h3>Features</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/syrupy-project/syrupy/blob/main/CHANGELOG.md">syrupy's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/syrupy-project/syrupy/releases/tag/v5.3.4">v5.3.4</a>
(2026-06-26)</h2>
<h2>What's Changed</h2>
<ul>
<li>perf: drop per-node kwargs dict from the amber serializer by <a
href="https://github.com/frenck"><code>@​frenck</code></a> in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1122">syrupy-project/syrupy#1122</a></li>
<li>perf: give the internal matcher wrapper an explicit signature by <a
href="https://github.com/frenck"><code>@​frenck</code></a> in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1121">syrupy-project/syrupy#1121</a></li>
<li>fix: avoid os.environ mutation for color control by <a
href="https://github.com/frenck"><code>@​frenck</code></a> in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1125">syrupy-project/syrupy#1125</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/syrupy-project/syrupy/compare/v5.3.3...v5.3.4">https://github.com/syrupy-project/syrupy/compare/v5.3.3...v5.3.4</a></p>
<h2><a
href="https://github.com/syrupy-project/syrupy/releases/tag/v5.3.3">v5.3.3</a>
(2026-06-25)</h2>
<h2>What's Changed</h2>
<ul>
<li>perf: speed up string serialization in amber serializer by <a
href="https://github.com/frenck"><code>@​frenck</code></a> in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1118">syrupy-project/syrupy#1118</a></li>
<li>perf: avoid copying the cycle-detection set on every serialized node
by <a href="https://github.com/frenck"><code>@​frenck</code></a> in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1119">syrupy-project/syrupy#1119</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/TejasAmle"><code>@​TejasAmle</code></a>
made their first contribution in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1113">syrupy-project/syrupy#1113</a></li>
<li><a href="https://github.com/frenck"><code>@​frenck</code></a> made
their first contribution in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1118">syrupy-project/syrupy#1118</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/syrupy-project/syrupy/compare/v5.3.2...v5.3.3">https://github.com/syrupy-project/syrupy/compare/v5.3.2...v5.3.3</a></p>
<h2><a
href="https://github.com/syrupy-project/syrupy/releases/tag/v5.3.2">v5.3.2</a>
(2026-06-09)</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: overlapping test filenames across directories by <a
href="https://github.com/noahnu"><code>@​noahnu</code></a> in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1104">syrupy-project/syrupy#1104</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/syrupy-project/syrupy/compare/v5.3.1...v5.3.2">https://github.com/syrupy-project/syrupy/compare/v5.3.1...v5.3.2</a></p>
<h2><a
href="https://github.com/syrupy-project/syrupy/releases/tag/v5.3.1">v5.3.1</a>
(2026-05-31)</h2>
<h2>What's Changed</h2>
<h3>Fixes</h3>
<ul>
<li>fix(test): mark pydantic and attrs as dependencies for running
internal tests by <a
href="https://github.com/noahnu"><code>@​noahnu</code></a> in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1108">syrupy-project/syrupy#1108</a>
-- <strong>This only affects users trying to run the syrupy tests
themselves, not consumers of syrupy.</strong></li>
</ul>
<h3>Misc</h3>
<ul>
<li>chore(deps): update astral-sh/setup-uv action to v8.1.0 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1103">syrupy-project/syrupy#1103</a></li>
<li>chore(deps): update python docker tag to v3.14.4 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1102">syrupy-project/syrupy#1102</a></li>
<li>chore(deps): update benchmark-action/github-action-benchmark action
to v1.22.1 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1105">syrupy-project/syrupy#1105</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/syrupy-project/syrupy/compare/v5.3.0...v5.3.1">https://github.com/syrupy-project/syrupy/compare/v5.3.0...v5.3.1</a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7db49e98f7"><code>7db49e9</code></a>
fix: avoid os.environ mutation for color control (<a
href="https://redirect.github.com/syrupy-project/syrupy/issues/1125">#1125</a>)</li>
<li><a
href="52da1c4ba9"><code>52da1c4</code></a>
chore: add benchmarks to README (<a
href="https://redirect.github.com/syrupy-project/syrupy/issues/1124">#1124</a>)</li>
<li><a
href="a0d46f36fc"><code>a0d46f3</code></a>
perf: give the internal matcher wrapper an explicit signature (<a
href="https://redirect.github.com/syrupy-project/syrupy/issues/1121">#1121</a>)</li>
<li><a
href="54771a4849"><code>54771a4</code></a>
perf: drop per-node kwargs dict from the amber serializer (<a
href="https://redirect.github.com/syrupy-project/syrupy/issues/1122">#1122</a>)</li>
<li><a
href="8a10e700ad"><code>8a10e70</code></a>
docs: add frenck as a contributor for bug (<a
href="https://redirect.github.com/syrupy-project/syrupy/issues/1120">#1120</a>)</li>
<li><a
href="5760c88d37"><code>5760c88</code></a>
chore(release): 5.3.3 [skip ci]</li>
<li><a
href="0840c9dcd1"><code>0840c9d</code></a>
perf: avoid copying the cycle-detection set on every serialized node (<a
href="https://redirect.github.com/syrupy-project/syrupy/issues/1119">#1119</a>)</li>
<li><a
href="1940faa06c"><code>1940faa</code></a>
perf: speed up string serialization in amber serializer (<a
href="https://redirect.github.com/syrupy-project/syrupy/issues/1118">#1118</a>)</li>
<li><a
href="46d661cdbd"><code>46d661c</code></a>
chore(deps): update dependency debugpy to v1.8.21 (<a
href="https://redirect.github.com/syrupy-project/syrupy/issues/1117">#1117</a>)</li>
<li><a
href="8c23052690"><code>8c23052</code></a>
chore(deps): update astral-sh/setup-uv action to v8.2.0 (<a
href="https://redirect.github.com/syrupy-project/syrupy/issues/1114">#1114</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/syrupy-project/syrupy/compare/v5.2.0...v5.3.4">compare
view</a></li>
</ul>
</details>
<br />

Updates `ruff` from 0.15.13 to 0.15.20
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/releases">ruff's
releases</a>.</em></p>
<blockquote>
<h2>0.15.20</h2>
<h2>Release Notes</h2>
<p>Released on 2026-06-25.</p>
<h3>Preview features</h3>
<ul>
<li>Allow human-readable names in rule selectors (<a
href="https://redirect.github.com/astral-sh/ruff/pull/25887">#25887</a>)</li>
<li>Emit a warning instead of an error for unknown rule selectors (<a
href="https://redirect.github.com/astral-sh/ruff/pull/26113">#26113</a>)</li>
<li>Match <code>noqa</code> shebang handling in <code>ruff:ignore</code>
comments (<a
href="https://redirect.github.com/astral-sh/ruff/pull/26286">#26286</a>)</li>
<li>[<code>ruff</code>] Remove <code>pytest-fixture-autouse</code>
(<code>RUF076</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/26240">#26240</a>,
<a
href="https://redirect.github.com/astral-sh/ruff/pull/26371">#26371</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Add versioning sections to custom crate READMEs (<a
href="https://redirect.github.com/astral-sh/ruff/pull/26317">#26317</a>)</li>
<li>Update <code>ruff_python_parser</code> README for crates.io (<a
href="https://redirect.github.com/astral-sh/ruff/pull/26315">#26315</a>)</li>
<li>[<code>perflint</code>] Clarify that <code>PERF402</code> applies to
any iterable (<a
href="https://redirect.github.com/astral-sh/ruff/pull/26242">#26242</a>)</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a
href="https://github.com/dhruvmanila"><code>@​dhruvmanila</code></a></li>
<li><a
href="https://github.com/MichaReiser"><code>@​MichaReiser</code></a></li>
<li><a href="https://github.com/ntBre"><code>@​ntBre</code></a></li>
<li><a
href="https://github.com/trilamsr"><code>@​trilamsr</code></a></li>
</ul>
<h2>Install ruff 0.15.20</h2>
<h3>Install prebuilt binaries via shell script</h3>
<pre lang="sh"><code>curl --proto '=https' --tlsv1.2 -LsSf
https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-installer.sh
| sh
</code></pre>
<h3>Install prebuilt binaries via powershell script</h3>
<pre lang="sh"><code>powershell -ExecutionPolicy Bypass -c &quot;irm
https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-installer.ps1
| iex&quot;
</code></pre>
<h2>Download ruff 0.15.20</h2>
<table>
<thead>
<tr>
<th>File</th>
<th>Platform</th>
<th>Checksum</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-aarch64-apple-darwin.tar.gz">ruff-aarch64-apple-darwin.tar.gz</a></td>
<td>Apple Silicon macOS</td>
<td><a
href="https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-aarch64-apple-darwin.tar.gz.sha256">checksum</a></td>
</tr>
<tr>
<td><a
href="https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-x86_64-apple-darwin.tar.gz">ruff-x86_64-apple-darwin.tar.gz</a></td>
<td>Intel macOS</td>
<td><a
href="https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-x86_64-apple-darwin.tar.gz.sha256">checksum</a></td>
</tr>
<tr>
<td><a
href="https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-aarch64-pc-windows-msvc.zip">ruff-aarch64-pc-windows-msvc.zip</a></td>
<td>ARM64 Windows</td>
<td><a
href="https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-aarch64-pc-windows-msvc.zip.sha256">checksum</a></td>
</tr>
<tr>
<td><a
href="https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-i686-pc-windows-msvc.zip">ruff-i686-pc-windows-msvc.zip</a></td>
<td>x86 Windows</td>
<td><a
href="https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-i686-pc-windows-msvc.zip.sha256">checksum</a></td>
</tr>
<tr>
<td><a
href="https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-x86_64-pc-windows-msvc.zip">ruff-x86_64-pc-windows-msvc.zip</a></td>
<td>x64 Windows</td>
<td><a
href="https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-x86_64-pc-windows-msvc.zip.sha256">checksum</a></td>
</tr>
<tr>
<td><a
href="https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-aarch64-unknown-linux-gnu.tar.gz">ruff-aarch64-unknown-linux-gnu.tar.gz</a></td>
<td>ARM64 Linux</td>
<td><a
href="https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-aarch64-unknown-linux-gnu.tar.gz.sha256">checksum</a></td>
</tr>
<tr>
<td><a
href="https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-i686-unknown-linux-gnu.tar.gz">ruff-i686-unknown-linux-gnu.tar.gz</a></td>
<td>x86 Linux</td>
<td><a
href="https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-i686-unknown-linux-gnu.tar.gz.sha256">checksum</a></td>
</tr>
</tbody>
</table>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md">ruff's
changelog</a>.</em></p>
<blockquote>
<h2>0.15.20</h2>
<p>Released on 2026-06-25.</p>
<h3>Preview features</h3>
<ul>
<li>Allow human-readable names in rule selectors (<a
href="https://redirect.github.com/astral-sh/ruff/pull/25887">#25887</a>)</li>
<li>Emit a warning instead of an error for unknown rule selectors (<a
href="https://redirect.github.com/astral-sh/ruff/pull/26113">#26113</a>)</li>
<li>Match <code>noqa</code> shebang handling in <code>ruff:ignore</code>
comments (<a
href="https://redirect.github.com/astral-sh/ruff/pull/26286">#26286</a>)</li>
<li>[<code>ruff</code>] Remove <code>pytest-fixture-autouse</code>
(<code>RUF076</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/26240">#26240</a>,
<a
href="https://redirect.github.com/astral-sh/ruff/pull/26371">#26371</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Add versioning sections to custom crate READMEs (<a
href="https://redirect.github.com/astral-sh/ruff/pull/26317">#26317</a>)</li>
<li>Update <code>ruff_python_parser</code> README for crates.io (<a
href="https://redirect.github.com/astral-sh/ruff/pull/26315">#26315</a>)</li>
<li>[<code>perflint</code>] Clarify that <code>PERF402</code> applies to
any iterable (<a
href="https://redirect.github.com/astral-sh/ruff/pull/26242">#26242</a>)</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a
href="https://github.com/dhruvmanila"><code>@​dhruvmanila</code></a></li>
<li><a
href="https://github.com/MichaReiser"><code>@​MichaReiser</code></a></li>
<li><a href="https://github.com/ntBre"><code>@​ntBre</code></a></li>
<li><a
href="https://github.com/trilamsr"><code>@​trilamsr</code></a></li>
</ul>
<h2>0.15.19</h2>
<p>Released on 2026-06-23.</p>
<h3>Preview features</h3>
<ul>
<li>Support human-readable names when hovering suppression comments and
in code actions (<a
href="https://redirect.github.com/astral-sh/ruff/pull/26114">#26114</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>Fall back to default settings when editor-only settings are invalid
(<a
href="https://redirect.github.com/astral-sh/ruff/pull/26244">#26244</a>)</li>
<li>Fix panic when inserting text at a notebook cell boundary (<a
href="https://redirect.github.com/astral-sh/ruff/pull/26111">#26111</a>)</li>
</ul>
<h3>Rule changes</h3>
<ul>
<li>[<code>pylint</code>] Update fix suggestions for
<code>__floor__</code>, <code>__trunc__</code>,
<code>__length_hint__</code>, and <code>__matmul__</code> variants
(<code>PLC2801</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/26239">#26239</a>)</li>
</ul>
<h3>Performance</h3>
<ul>
<li>Avoid allocating when parsing single string literals (<a
href="https://redirect.github.com/astral-sh/ruff/pull/26200">#26200</a>)</li>
<li>Avoid reallocating singleton call arguments (<a
href="https://redirect.github.com/astral-sh/ruff/pull/26223">#26223</a>)</li>
<li>Lazily create source files for lint diagnostics (<a
href="https://redirect.github.com/astral-sh/ruff/pull/26226">#26226</a>)</li>
<li>Optimize formatter text width and indentation (<a
href="https://redirect.github.com/astral-sh/ruff/pull/26236">#26236</a>)</li>
<li>Reserve capacity for builtin bindings (<a
href="https://redirect.github.com/astral-sh/ruff/pull/26229">#26229</a>)</li>
<li>Skip repeated-key checks for singleton dictionaries (<a
href="https://redirect.github.com/astral-sh/ruff/pull/26228">#26228</a>)</li>
<li>Use ArrayVec for qualified name segments (<a
href="https://redirect.github.com/astral-sh/ruff/pull/26224">#26224</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f82a36b6ba"><code>f82a36b</code></a>
Bump 0.15.20 (<a
href="https://redirect.github.com/astral-sh/ruff/issues/26376">#26376</a>)</li>
<li><a
href="af329438b5"><code>af32943</code></a>
Improve the summarise-ecosystem-results skill (<a
href="https://redirect.github.com/astral-sh/ruff/issues/26378">#26378</a>)</li>
<li><a
href="485ebab5de"><code>485ebab</code></a>
Remove <code>RUF076</code> name from schema (<a
href="https://redirect.github.com/astral-sh/ruff/issues/26371">#26371</a>)</li>
<li><a
href="ef81835ce3"><code>ef81835</code></a>
[ty] Implement rust-analyzer's &quot;Click for full compiler
diagnostic&quot; feature (...</li>
<li><a
href="572b31e237"><code>572b31e</code></a>
[<code>ruff</code>] Remove <code>pytest-fixture-autouse</code>
(<code>RUF076</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/issues/26240">#26240</a>)</li>
<li><a
href="f703f219d7"><code>f703f21</code></a>
Allow human-readable names in rule selectors (<a
href="https://redirect.github.com/astral-sh/ruff/issues/25887">#25887</a>)</li>
<li><a
href="0d726b28ee"><code>0d726b2</code></a>
[ty] Reuse equality semantics for membership compatibility (<a
href="https://redirect.github.com/astral-sh/ruff/issues/25955">#25955</a>)</li>
<li><a
href="dbe6e9848c"><code>dbe6e98</code></a>
[ty] Infer definite equality comparison results (<a
href="https://redirect.github.com/astral-sh/ruff/issues/26337">#26337</a>)</li>
<li><a
href="e700ea357a"><code>e700ea3</code></a>
[ty] Prove TypedDict structural patterns exhaustive (<a
href="https://redirect.github.com/astral-sh/ruff/issues/26285">#26285</a>)</li>
<li><a
href="6a0d2ec939"><code>6a0d2ec</code></a>
[ty] Widen inferred class-valued instance attributes (<a
href="https://redirect.github.com/astral-sh/ruff/issues/26338">#26338</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/astral-sh/ruff/compare/0.15.13...0.15.20">compare
view</a></li>
</ul>
</details>
<br />

Updates `langsmith` from 0.8.18 to 0.9.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.9.4</h2>
<h2>What's Changed</h2>
<ul>
<li>fix(google_adk): capture LLM inputs after before_model_callback runs
[LSDK-279] by <a
href="https://github.com/harisaiharish"><code>@​harisaiharish</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3094">langchain-ai/langsmith-sdk#3094</a></li>
<li>release(js): bump js sdk version to 0.7.13 by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3104">langchain-ai/langsmith-sdk#3104</a></li>
<li>chore: sync langsmith_api by <a
href="https://github.com/langtions-bot"><code>@​langtions-bot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3105">langchain-ai/langsmith-sdk#3105</a></li>
<li>doc: improve resource comments by <a
href="https://github.com/QuentinBrosse"><code>@​QuentinBrosse</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3108">langchain-ai/langsmith-sdk#3108</a></li>
<li>fix(client): apply anonymizer to run error field by <a
href="https://github.com/paarth-a"><code>@​paarth-a</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3100">langchain-ai/langsmith-sdk#3100</a></li>
<li>feat(client): expose datasets v2 resource + experiment-runs
integration tests [langchainplus#28358] by <a
href="https://github.com/GowriH-1"><code>@​GowriH-1</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3106">langchain-ai/langsmith-sdk#3106</a></li>
<li>fix(google-adk): set tool span as active tracing context in
wrap_tool_run_async by <a
href="https://github.com/navarra-lisandro"><code>@​navarra-lisandro</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3111">langchain-ai/langsmith-sdk#3111</a></li>
<li>fix(client): apply anonymizer to run error field (JS) by <a
href="https://github.com/paarth-a"><code>@​paarth-a</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3110">langchain-ai/langsmith-sdk#3110</a></li>
<li>fix(python): use current project issues endpoint by <a
href="https://github.com/khankaholic"><code>@​khankaholic</code></a> in
<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3064">langchain-ai/langsmith-sdk#3064</a></li>
<li>chore: sync langsmith_api by <a
href="https://github.com/langtions-bot"><code>@​langtions-bot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3120">langchain-ai/langsmith-sdk#3120</a></li>
<li>fix(js): Avoid setting usage_metadata on parent chain runs for
Claude Agent SDK runs by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3119">langchain-ai/langsmith-sdk#3119</a></li>
<li>feat(client): expose projects resource accessor on Python and JS
clients by <a
href="https://github.com/KiewanVillatel"><code>@​KiewanVillatel</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3109">langchain-ai/langsmith-sdk#3109</a></li>
<li>release(js): bump to 0.7.14 by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3121">langchain-ai/langsmith-sdk#3121</a></li>
<li>release(python): bump py version to 0.9.4 by <a
href="https://github.com/KiewanVillatel"><code>@​KiewanVillatel</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3124">langchain-ai/langsmith-sdk#3124</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/navarra-lisandro"><code>@​navarra-lisandro</code></a>
made their first contribution in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3111">langchain-ai/langsmith-sdk#3111</a></li>
<li><a
href="https://github.com/khankaholic"><code>@​khankaholic</code></a>
made their first contribution in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3064">langchain-ai/langsmith-sdk#3064</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.9.3...v0.9.4">https://github.com/langchain-ai/langsmith-sdk/compare/v0.9.3...v0.9.4</a></p>
<h2>v0.9.3</h2>
<h2>What's Changed</h2>
<ul>
<li>release(js): bump js sdk version to 0.7.12 by <a
href="https://github.com/KiewanVillatel"><code>@​KiewanVillatel</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3089">langchain-ai/langsmith-sdk#3089</a></li>
<li>feat(sandbox): do not gate dataplane ops on sandbox status by <a
href="https://github.com/ramon-langchain"><code>@​ramon-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3090">langchain-ai/langsmith-sdk#3090</a></li>
<li>chore: sync langsmith_api by <a
href="https://github.com/langtions-bot"><code>@​langtions-bot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3095">langchain-ai/langsmith-sdk#3095</a></li>
<li>ci: pin all GitHub Actions to immutable SHA pins by <a
href="https://github.com/jkennedyvz"><code>@​jkennedyvz</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3093">langchain-ai/langsmith-sdk#3093</a></li>
<li>chore(deps-dev): bump vcrpy from 8.1.1 to 8.2.1 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3074">langchain-ai/langsmith-sdk#3074</a></li>
<li>chore(deps): bump pydantic-settings from 2.13.1 to 2.14.2 in /python
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3075">langchain-ai/langsmith-sdk#3075</a></li>
<li>feat(sandbox): expose registries via generated v2 client by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3087">langchain-ai/langsmith-sdk#3087</a></li>
<li>fix(client): lazily initialize sync OpenAPI client by <a
href="https://github.com/KiewanVillatel"><code>@​KiewanVillatel</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3099">langchain-ai/langsmith-sdk#3099</a></li>
<li>release(python): bump py version to 0.9.3 by <a
href="https://github.com/KiewanVillatel"><code>@​KiewanVillatel</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3101">langchain-ai/langsmith-sdk#3101</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.9.2...v0.9.3">https://github.com/langchain-ai/langsmith-sdk/compare/v0.9.2...v0.9.3</a></p>
<h2>v0.9.2</h2>
<h2>What's Changed</h2>
<ul>
<li>release(js): bump js sdk version to 0.7.11 by <a
href="https://github.com/sineha-mani"><code>@​sineha-mani</code></a> in
<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3079">langchain-ai/langsmith-sdk#3079</a></li>
<li>chore: bump _MIN_BACKEND_VERSION to 0.16.6rc1 by <a
href="https://github.com/langtions-bot"><code>@​langtions-bot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3076">langchain-ai/langsmith-sdk#3076</a></li>
<li>chore: sync langsmith_api by <a
href="https://github.com/langtions-bot"><code>@​langtions-bot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3082">langchain-ai/langsmith-sdk#3082</a></li>
<li>chore: sync langsmith_api by <a
href="https://github.com/langtions-bot"><code>@​langtions-bot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3083">langchain-ai/langsmith-sdk#3083</a></li>
<li>chore(js): bump AI SDK 7 to beta by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3085">langchain-ai/langsmith-sdk#3085</a></li>
<li>feat(client): expose v2 OpenAPI runs resource on Python and JS
clients by <a
href="https://github.com/KiewanVillatel"><code>@​KiewanVillatel</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3084">langchain-ai/langsmith-sdk#3084</a></li>
<li>release(python): bump py version to 0.9.2 by <a
href="https://github.com/KiewanVillatel"><code>@​KiewanVillatel</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3088">langchain-ai/langsmith-sdk#3088</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.9.1...v0.9.2">https://github.com/langchain-ai/langsmith-sdk/compare/v0.9.1...v0.9.2</a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="80d93c48c4"><code>80d93c4</code></a>
release(python): bump py version to 0.9.4 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3124">#3124</a>)</li>
<li><a
href="b453dd58d6"><code>b453dd5</code></a>
release(js): bump to 0.7.14 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3121">#3121</a>)</li>
<li><a
href="76f5c7136c"><code>76f5c71</code></a>
feat(client): expose projects resource accessor on Python and JS clients
(<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3109">#3109</a>)</li>
<li><a
href="5f32426109"><code>5f32426</code></a>
fix(js): Avoid setting usage_metadata on parent chain runs for Claude
Agent S...</li>
<li><a
href="03b53410f1"><code>03b5341</code></a>
chore: sync langsmith_api (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3120">#3120</a>)</li>
<li><a
href="7595f5c187"><code>7595f5c</code></a>
fix(python): use current project issues endpoint (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3064">#3064</a>)</li>
<li><a
href="b5291fac06"><code>b5291fa</code></a>
fix(client): apply anonymizer to run error field (JS) (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3110">#3110</a>)</li>
<li><a
href="be3eaa47e9"><code>be3eaa4</code></a>
fix(google-adk): set tool span as active tracing context in
wrap_tool_run_asy...</li>
<li><a
href="3dc88b3675"><code>3dc88b3</code></a>
feat(client): expose datasets v2 resource + experiment-runs integration
tests...</li>
<li><a
href="14741e0488"><code>14741e0</code></a>
fix(client): apply anonymizer to run error field (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3100">#3100</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.18...v0.9.4">compare
view</a></li>
</ul>
</details>
<br />

Updates `uuid-utils` from 0.15.0 to 0.16.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aminalaee/uuid-utils/releases">uuid-utils's
releases</a>.</em></p>
<blockquote>
<h2>0.16.2</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: align <code>__hash__</code> with stdlib hash by <a
href="https://github.com/aminalaee"><code>@​aminalaee</code></a> in <a
href="https://redirect.github.com/aminalaee/uuid-utils/pull/178">aminalaee/uuid-utils#178</a></li>
<li>fix: <code>time</code> property for v6 and v7 by <a
href="https://github.com/aminalaee"><code>@​aminalaee</code></a> in <a
href="https://redirect.github.com/aminalaee/uuid-utils/pull/179">aminalaee/uuid-utils#179</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/aminalaee/uuid-utils/compare/0.16.1...0.16.2">https://github.com/aminalaee/uuid-utils/compare/0.16.1...0.16.2</a></p>
<h2>0.16.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Add PyPI publish attestations by <a
href="https://github.com/shaanmajid"><code>@​shaanmajid</code></a> in <a
href="https://redirect.github.com/aminalaee/uuid-utils/pull/173">aminalaee/uuid-utils#173</a></li>
<li>chore: Add <code>__version__</code> to compat module by <a
href="https://github.com/aminalaee"><code>@​aminalaee</code></a> in <a
href="https://redirect.github.com/aminalaee/uuid-utils/pull/174">aminalaee/uuid-utils#174</a></li>
<li>chore: relax <code>getnode</code> test by <a
href="https://github.com/aminalaee"><code>@​aminalaee</code></a> in <a
href="https://redirect.github.com/aminalaee/uuid-utils/pull/176">aminalaee/uuid-utils#176</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/shaanmajid"><code>@​shaanmajid</code></a> made
their first contribution in <a
href="https://redirect.github.com/aminalaee/uuid-utils/pull/173">aminalaee/uuid-utils#173</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/aminalaee/uuid-utils/compare/0.16.0...0.16.1">https://github.com/aminalaee/uuid-utils/compare/0.16.0...0.16.1</a></p>
<h2>0.16.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Optimize uuid_utils.compat with <code>from_int</code> by <a
href="https://github.com/aminalaee"><code>@​aminalaee</code></a> in <a
href="https://redirect.github.com/aminalaee/uuid-utils/pull/166">aminalaee/uuid-utils#166</a></li>
<li>fix: return version None for non-RFC UUIDs by <a
href="https://github.com/aminalaee"><code>@​aminalaee</code></a> in <a
href="https://redirect.github.com/aminalaee/uuid-utils/pull/163">aminalaee/uuid-utils#163</a></li>
<li>Validate <code>node</code> argument out of range in constructor by
<a href="https://github.com/aminalaee"><code>@​aminalaee</code></a> in
<a
href="https://redirect.github.com/aminalaee/uuid-utils/pull/164">aminalaee/uuid-utils#164</a></li>
<li>Drop Python3.9 by <a
href="https://github.com/aminalaee"><code>@​aminalaee</code></a> in <a
href="https://redirect.github.com/aminalaee/uuid-utils/pull/168">aminalaee/uuid-utils#168</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/aminalaee/uuid-utils/compare/0.15.0...0.16.0">https://github.com/aminalaee/uuid-utils/compare/0.15.0...0.16.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="97c20484ab"><code>97c2048</code></a>
Version 0.16.2 (<a
href="https://redirect.github.com/aminalaee/uuid-utils/issues/180">#180</a>)</li>
<li><a
href="75e935b43d"><code>75e935b</code></a>
fix: time property for v6 and v7 (<a
href="https://redirect.github.com/aminalaee/uuid-utils/issues/179">#179</a>)</li>
<li><a
href="6222e73aaf"><code>6222e73</code></a>
fix: align hash with stdlib hash (<a
href="https://redirect.github.com/aminalaee/uuid-utils/issues/178">#178</a>)</li>
<li><a
href="de57fb647c"><code>de57fb6</code></a>
Version 0.16.1 (<a
href="https://redirect.github.com/aminalaee/uuid-utils/issues/177">#177</a>)</li>
<li><a
href="7d65c41ed4"><code>7d65c41</code></a>
chore: relax <code>getnode</code> test (<a
href="https://redirect.github.com/aminalaee/uuid-utils/issues/176">#176</a>)</li>
<li><a
href="ef4b519d5f"><code>ef4b519</code></a>
Upgrade <code>pyo3</code> and <code>uuid</code> (<a
href="https://redirect.github.com/aminalaee/uuid-utils/issues/175">#175</a>)</li>
<li><a
href="afbe6bf820"><code>afbe6bf</code></a>
chore: Add <code>__version__</code> to compat module (<a
href="https://redirect.github.com/aminalaee/uuid-utils/issues/174">#174</a>)</li>
<li><a
href="76d0a73c24"><code>76d0a73</code></a>
Add PyPI publish attestations (<a
href="https://redirect.github.com/aminalaee/uuid-utils/issues/173">#173</a>)</li>
<li><a
href="29bc188196"><code>29bc188</code></a>
Bump uuid from 1.23.1 to 1.23.2 (<a
href="https://redirect.github.com/aminalaee/uuid-utils/issues/170">#170</a>)</li>
<li><a
href="c6df9b87ea"><code>c6df9b8</code></a>
Bump the python-packages group with 4 updates (<a
href="https://redirect.github.com/aminalaee/uuid-utils/issues/172">#172</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/aminalaee/uuid-utils/compare/0.15.0...0.16.2">compare
view</a></li>
</ul>
</details>
<br />

Updates `langgraph` from 1.2.5 to 1.2.7
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langgraph/releases">langgraph's
releases</a>.</em></p>
<blockquote>
<h2>langgraph==1.2.7</h2>
<p>Changes since 1.2.6</p>
<ul>
<li>release(langgraph): 1.2.7 (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/8223">#8223</a>)</li>
<li>fix(langgraph): snapshot <code>DeltaChannel</code> overwrite
supersteps (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/8125">#8125</a>)</li>
<li>fix(langgraph): Make <code>Overwrite</code> survive JSON roundtrips
(<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/8127">#8127</a>)</li>
<li>chore(deps): bump redis in /libs/langgraph (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/7976">#7976</a>)</li>
<li>chore(deps): bump langsmith from 0.8.0 to 0.8.18 in /libs/langgraph
(<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/8176">#8176</a>)</li>
<li>chore(deps): bump jupyterlab from 4.5.7 to 4.5.9 in /libs/langgraph
(<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/8164">#8164</a>)</li>
<li>fix(langgraph): emit valid UUIDs for exit-mode delta task_ids for
langgraph-api (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/8165">#8165</a>)</li>
<li>chore(deps): bump bleach from 6.3.0 to 6.4.0 in /libs/langgraph (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/8107">#8107</a>)</li>
<li>chore(deps): bump cryptography from 46.0.7 to 48.0.1 in
/libs/langgraph (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/8106">#8106</a>)</li>
<li>chore(deps): bump jupyter-server from 2.18.0 to 2.20.0 in
/libs/langgraph (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/8134">#8134</a>)</li>
<li>chore(deps): bump tornado from 6.5.6 to 6.5.7 in /libs/langgraph (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/8108">#8108</a>)</li>
<li>chore(deps): bump pyjwt from 2.12.0 to 2.13.0 in /libs/langgraph (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/8092">#8092</a>)</li>
</ul>
<h2>langgraph==1.2.6</h2>
<p>Changes since 1.2.5</p>
<ul>
<li>release(langgraph): 1.2.6 (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/8139">#8139</a>)</li>
<li>fix: nested subgraph inherits parent checkpoint_ns (regression in
1.2.3) (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/8053">#8053</a>)</li>
<li>fix: cancel running subgraphs on v3 stream abort [closes <a
href="https://redirect.github.com/langchain-ai/langgraph/issues/8029">#8029</a>]
(<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/8057">#8057</a>)</li>
<li>release(cli): 0.4.30 (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/8101">#8101</a>)</li>
<li>docs: standardize package <code>README.md</code> structure (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/8064">#8064</a>)</li>
<li>chore(deps): bump tornado from 6.5.5 to 6.5.6 in /libs/langgraph (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/8063">#8063</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5931a5f0b3"><code>5931a5f</code></a>
release(langgraph): 1.2.7 (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/8223">#8223</a>)</li>
<li><a
href="9a27693c64"><code>9a27693</code></a>
fix(langgraph): snapshot <code>DeltaChannel</code> overwrite supersteps
(<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/8125">#8125</a>)</li>
<li><a
href="1b5ca0a1b1"><code>1b5ca0a</code></a>
fix(langgraph): Make <code>Overwrite</code> survive JSON roundtrips (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/8127">#8127</a>)</li>
<li><a
href="d2f97191ab"><code>d2f9719</code></a>
chore(deps): bump redis in /libs/langgraph (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/7976">#7976</a>)</li>
<li><a
href="c1aad8b460"><code>c1aad8b</code></a>
chore(deps-dev): bump starlette from 1.0.1 to 1.3.1 in /libs/sdk-py (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/8104">#8104</a>)</li>
<li><a
href="d5dfeaf033"><code>d5dfeaf</code></a>
chore(deps): bump starlette from 1.0.1 to 1.3.1 in /libs/cli (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/8105">#8105</a>)</li>
<li><a
href="bdb323efbb"><code>bdb323e</code></a>
chore(deps): bump langsmith from 0.8.0 to 0.8.18 in
/libs/checkpoint-sqlite (...</li>
<li><a
href="31f69551b7"><code>31f6955</code></a>
chore(deps): bump langsmith from 0.8.0 to 0.8.18 in
/libs/checkpoint-postgres...</li>
<li><a
href="6b767dea5f"><code>6b767de</code></a>
chore(deps): bump langsmith from 0.8.2 to 0.8.18 in
/libs/checkpoint-conforma...</li>
<li><a
href="e6574a854f"><code>e6574a8</code></a>
chore(deps): bump langsmith from 0.8.0 to 0.8.18 in /libs/cli (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/8172">#8172</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langgraph/compare/1.2.5...1.2.7">compare
view</a></li>
</ul>
</details>
<br />

Updates `pytest-asyncio` from 1.3.0 to 1.4.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pytest-dev/pytest-asyncio/releases">pytest-asyncio's
releases</a>.</em></p>
<blockquote>
<h2>pytest-asyncio v1.4.0</h2>
<h1><a
href="https://github.com/pytest-dev/pytest-asyncio/tree/1.4.0">1.4.0</a>
- 2026-05-26</h1>
<h2>Deprecated</h2>
<ul>
<li>Overriding the <em>event_loop_policy</em> fixture is deprecated. Use
the <code>pytest_asyncio_loop_factories</code> hook instead. (<a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1419">#1419</a>)</li>
</ul>
<h2>Added</h2>
<ul>
<li>
<p>Added the <code>pytest_asyncio_loop_factories</code> hook to
parametrize asyncio tests with custom event loop factories.</p>
<p>The hook returns a mapping of factory names to loop factories, and
<code>pytest.mark.asyncio(loop_factories=[...])</code> selects a subset
of configured factories per test. When a single factory is configured,
test names are unchanged.</p>
<p>Synchronous <code>@pytest_asyncio.fixture</code> functions now see
the correct event loop when custom loop factories are configured, even
when test code disrupts the current event loop (e.g., via
<code>asyncio.run()</code> or
<code>asyncio.set_event_loop(None)</code>). (<a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1164">#1164</a>)</p>
</li>
</ul>
<h2>Changed</h2>
<ul>
<li>Improved the readability of the warning message that is displayed
when <code>asyncio_default_fixture_loop_scope</code> is unset (<a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1298">#1298</a>)</li>
<li>Only import <code>asyncio.AbstractEventLoopPolicy</code> for type
checking to avoid raising
a DeprecationWarning. (<a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1394">#1394</a>)</li>
<li>Updated minimum supported pytest version to v8.4.0. (<a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1397">#1397</a>)</li>
</ul>
<h2>Fixed</h2>
<ul>
<li>Fixed a <code>ResourceWarning: unclosed event loop</code> warning
that could occur when a synchronous test called
<code>asyncio.run()</code> or otherwise unset the current event loop
after pytest-asyncio had run an async test or fixture. (<a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/724">#724</a>)</li>
</ul>
<h2>Notes for Downstream Packagers</h2>
<ul>
<li>Added dependency on <code>sphinx-tabs &gt;= 3.5</code> to organize
documentation examples into tabs. (<a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1395">#1395</a>)</li>
</ul>
<h2>pytest-asyncio v1.4.0a2</h2>
<h1><a
href="https://github.com/pytest-dev/pytest-asyncio/tree/1.4.0a2">1.4.0a2</a>
- 2026-05-02</h1>
<h2>Deprecated</h2>
<ul>
<li>Overriding the <em>event_loop_policy</em> fixture is deprecated. Use
the <code>pytest_asyncio_loop_factories</code> hook instead. (<a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1419">#1419</a>)</li>
</ul>
<h2>Added</h2>
<ul>
<li>
<p>Added the <code>pytest_asyncio_loop_factories</code> hook to
parametrize asyncio tests with custom event loop factories.</p>
<p>The hook returns a mapping of factory names to loop factories, and
<code>pytest.mark.asyncio(loop_factories=[...])</code> selects a subset
of configured factories per test. When a single factory is configured,
test names are unchanged on pytest 8.4+.</p>
<p>Synchronous <code>@pytest_asyncio.fixture</code> functions now see
the correct event loop when custom loop factories are configured, even
when test code disrupts the current event loop (e.g., via
<code>asyncio.run()</code> or
<code>asyncio.set_event_loop(None)</code>). (<a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1164">#1164</a>)</p>
</li>
</ul>
<h2>Changed</h2>
<ul>
<li>Improved the readability of the warning message that is displayed
when <code>asyncio_default_fixture_loop_scope</code> is unset (<a
href="https://redir...

_Description has been truncated_

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-01 11:27:23 -04:00
ccurme
8a2f1a9445 chore(anthropic): update docstring following sonnet-5 release (#38577) 2026-06-30 14:35:03 -04:00
Mason Daugherty
e7a9a9a728 fix(anthropic): ignore LangSmith requests in VCR cassettes (#38547)
Anthropic integration tests can run with LangSmith tracing enabled in
scheduled CI, which sends LangSmith API requests while VCR cassettes are
active. Ignore LangSmith ingest endpoints in the Anthropic VCR config so
cassette playback only matches Anthropic traffic.

## Changes
- Add `api.smith.langchain.com` to the Anthropic VCR `ignore_hosts`
configuration while preserving any hosts from the shared base config.
- Keep existing Anthropic cassette serialization, request redaction, and
response redaction behavior unchanged.
2026-06-29 11:15:48 -04:00
Mason Daugherty
e495651fef release(anthropic): 1.4.8 (#38490) 2026-06-26 17:25:39 -04:00
Christian Bromann
bfc65cc04f fix(anthropic): keep initial text on content_block_start (#38442)
## Summary
- Fix `ChatAnthropic._make_message_chunk_from_anthropic_event` dropping
the first text chunk of an assistant turn when Anthropic carries the
opening text on the `content_block_start` event rather than a following
`text_delta`. This most often hits the assistant turn right after a tool
result.
- The dropped content streams to clients but never reaches the
aggregated `AIMessage`, so anything reading message history back (e.g. a
checkpointer) sees a truncated message (`Here's the answer.` → `'s the
answer.`). Reported via Pylon 25478 (Zip), whose `<canvaspreview>`
parser broke because the dropped chunk was the opening `<can` tag.
- Add a `content_block_start` branch for `text` and `thinking` blocks:
emit non-empty start-event content on both the string
(`coerce_content_to_string=True`) and structured content paths; empty
starts still emit no chunk (preserving prior behavior) and update
`block_start_event` so following deltas resolve against the current
block.

---------

Co-authored-by: Mason Daugherty <mason@langchain.dev>
Co-authored-by: Mason Daugherty <github@mdrxy.com>
2026-06-26 17:17:00 -04:00
dependabot[bot]
3e6f1e30b1 chore: bump langgraph-checkpoint from 4.1.0 to 4.1.1 in /libs/partners/anthropic (#38479)
Bumps [langgraph-checkpoint](https://github.com/langchain-ai/langgraph)
from 4.1.0 to 4.1.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langgraph/releases">langgraph-checkpoint's
releases</a>.</em></p>
<blockquote>
<h2>langgraph-checkpoint==4.1.1</h2>
<p>Changes since checkpoint==4.1.0</p>
<ul>
<li>release(checkpoint): 4.1.1 (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/7890">#7890</a>)</li>
<li>fix(checkpoint): restrict lc:2 envelope revival to default
constructor (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/7892">#7892</a>)</li>
<li>chore(deps): bump idna from 3.11 to 3.15 in /libs/checkpoint (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/7860">#7860</a>)</li>
<li>chore(deps): bump langsmith from 0.7.31 to 0.8.0 in /libs/checkpoint
(<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/7784">#7784</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d1e2ff0561"><code>d1e2ff0</code></a>
release(checkpoint): 4.1.1 (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/7890">#7890</a>)</li>
<li><a
href="e787af200e"><code>e787af2</code></a>
release(sdk-py): 0.3.15 (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/7891">#7891</a>)</li>
<li><a
href="604534e1b7"><code>604534e</code></a>
fix(sdk-py): percent-encode caller-supplied identifiers in URL paths (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/7893">#7893</a>)</li>
<li><a
href="346aa97425"><code>346aa97</code></a>
fix(checkpoint): restrict lc:2 envelope revival to default constructor
(<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/7892">#7892</a>)</li>
<li><a
href="82b3872820"><code>82b3872</code></a>
chore(deps): bump the uv group across 2 directories with 1 update (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/7853">#7853</a>)</li>
<li><a
href="fcc4ab8dd8"><code>fcc4ab8</code></a>
chore(deps): bump idna from 3.11 to 3.15 in /libs/checkpoint (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/7860">#7860</a>)</li>
<li><a
href="701d34494c"><code>701d344</code></a>
chore(deps): bump idna from 3.11 to 3.15 in /libs/checkpoint-postgres
(<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/7861">#7861</a>)</li>
<li><a
href="2c7967ca96"><code>2c7967c</code></a>
chore(deps): bump idna from 3.11 to 3.15 in /libs/cli (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/7865">#7865</a>)</li>
<li><a
href="bf7fec0bd1"><code>bf7fec0</code></a>
release(langgraph): 1.2.1 (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/7883">#7883</a>)</li>
<li><a
href="8215a9d024"><code>8215a9d</code></a>
feat(langgraph): add <code>before_builtins</code> opt-in for stream
transformers (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/7882">#7882</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langgraph/compare/checkpoint==4.1.0...checkpoint==4.1.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=langgraph-checkpoint&package-manager=uv&previous-version=4.1.0&new-version=4.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-26 01:08:15 -07:00
Mason Daugherty
a5a8f8db78 fix(core): add messages to bare raise ValueError calls (#38158)
Closes #35727

---

Several internal code paths raised a bare `ValueError` with no message,
so when one of these conditions tripped, users saw a traceback with no
explanation of what actually went wrong.

This adds descriptive messages to each of those `raise ValueError`
calls:

- `FewShotPromptWithTemplates._get_examples` / `_aget_examples` — when
neither `examples` nor `example_selector` is set.
- Prompt `loading` — when a referenced template file uses an unsupported
(non-`.txt`) format.
- The LangSmith document loader — when both `client` and `client_kwargs`
are supplied.
- The Anthropic file-search middleware brace expansion — for unbalanced
or empty brace patterns.

Made by [Open SWE](https://openswe.vercel.app)

---------

Co-authored-by: open-swe[bot] <open-swe@users.noreply.github.com>
2026-06-22 23:02:05 -04:00
Mason Daugherty
6dd45c90f6 hotfix(anthropic): regenerate cassette (#38376) 2026-06-22 18:52:53 -04:00
Mason Daugherty
9f7e46fd70 release(anthropic): 1.4.7 (#38373) 2026-06-22 18:13:01 -04:00
dependabot[bot]
4c5f66a249 chore: bump vcrpy from 8.1.1 to 8.2.1 in /libs/partners/anthropic (#38324)
Bumps [vcrpy](https://github.com/kevin1024/vcrpy) from 8.1.1 to 8.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/kevin1024/vcrpy/releases">vcrpy's
releases</a>.</em></p>
<blockquote>
<h2>v8.2.1</h2>
<h2>What's Changed</h2>
<ul>
<li><strong>SECURITY:</strong> Cassettes are now loaded with a safe YAML
loader, preventing arbitrary code execution when a cassette from an
untrusted source is loaded. Previously a crafted cassette containing a
Python object tag (e.g. <code>!!python/object/apply:os.system</code>)
would execute code on load, including via the normal
<code>vcr.use_cassette()</code> path. Existing cassettes (including
file-upload/streaming bodies) continue to load. Advisory:
GHSA-rpj2-4hq8-938g — thanks <a
href="https://github.com/RamiAltai"><code>@​RamiAltai</code></a> and <a
href="https://github.com/EQSTLab"><code>@​EQSTLab</code></a> for the
reports.</li>
<li>Validate <code>record_mode</code> and raise a clear error on an
invalid value (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/208">#208</a>)</li>
<li>Recommend pytest-recording over the unmaintained pytest-vcr in the
docs (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/986">#986</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/kevin1024/vcrpy/compare/v8.2.0...v8.2.1">https://github.com/kevin1024/vcrpy/compare/v8.2.0...v8.2.1</a></p>
<h2>v8.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add support for httpx 2.x (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/993">#993</a>)
- thanks <a
href="https://github.com/dsfaccini"><code>@​dsfaccini</code></a></li>
<li>Patch httpx transports instead of httpcore (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/972">#972</a>)
- thanks <a
href="https://github.com/seowalex"><code>@​seowalex</code></a></li>
<li>Fix aiohttp 3.14 compatibility: <code>AsyncStreamReaderMixin</code>
removed and <code>ClientResponse</code> now requires
<code>stream_writer</code> (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/995">#995</a>)
- thanks <a
href="https://github.com/dsfaccini"><code>@​dsfaccini</code></a></li>
<li>Account for modified requests when storing played cassettes, so
<code>drop_unused_requests</code> honours
<code>before_record_request</code> filtering (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/962">#962</a>)
- thanks <a
href="https://github.com/jamesbraza"><code>@​jamesbraza</code></a></li>
<li>Make the request URL available on <code>VCRHTTPResponse</code> (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/976">#976</a>)
- thanks <a
href="https://github.com/dAnjou"><code>@​dAnjou</code></a></li>
<li>Improve error message when a matching request has already been
consumed (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/985">#985</a>)
- thanks <a
href="https://github.com/Polandia94"><code>@​Polandia94</code></a></li>
<li>Fix body check in <code>convert_body_to_unicode</code> to use an
explicit type check (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/982">#982</a>)
- thanks <a
href="https://github.com/Polandia94"><code>@​Polandia94</code></a></li>
<li>Add env proxy cassette regression test (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/994">#994</a>)
- thanks <a
href="https://github.com/tine1117"><code>@​tine1117</code></a></li>
<li>Remove milestone references from docs (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/984">#984</a>)
- thanks <a
href="https://github.com/Polandia94"><code>@​Polandia94</code></a></li>
<li>CI: bump sphinx-rtd-theme from 3.0.2 to 3.1.0 (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/973">#973</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/kevin1024/vcrpy/compare/v8.1.1...v8.2.0">https://github.com/kevin1024/vcrpy/compare/v8.1.1...v8.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/kevin1024/vcrpy/blob/master/docs/changelog.rst">vcrpy's
changelog</a>.</em></p>
<blockquote>
<h2>Changelog</h2>
<p>All help in providing PRs to close out bug issues is appreciated.
Even if that is providing a repo that fully replicates issues. We have
very generous contributors that have added these to bug issues which
meant another contributor picked up the bug and closed it out.</p>
<ul>
<li>
<p>8.2.1</p>
<ul>
<li>SECURITY: Load cassettes with a safe YAML loader, preventing
arbitrary code execution when a cassette from an untrusted source is
loaded (GHSA-rpj2-4hq8-938g) - thanks <a
href="https://github.com/RamiAltai"><code>@​RamiAltai</code></a> and <a
href="https://github.com/EQSTLab"><code>@​EQSTLab</code></a></li>
<li>Validate <code>record_mode</code> and raise a clear error on an
invalid value (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/208">#208</a>)</li>
<li>Recommend pytest-recording over the unmaintained pytest-vcr in the
docs (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/986">#986</a>)</li>
</ul>
</li>
<li>
<p>8.2.0</p>
<ul>
<li>Add support for httpx 2.x (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/993">#993</a>)
- thanks <a
href="https://github.com/dsfaccini"><code>@​dsfaccini</code></a></li>
<li>Patch httpx transports instead of httpcore (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/972">#972</a>)
- thanks <a
href="https://github.com/seowalex"><code>@​seowalex</code></a></li>
<li>Fix aiohttp 3.14 compatibility: <code>AsyncStreamReaderMixin</code>
removed and <code>ClientResponse</code> now requires
<code>stream_writer</code> (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/995">#995</a>)
- thanks <a
href="https://github.com/dsfaccini"><code>@​dsfaccini</code></a></li>
<li>Account for modified requests when storing played cassettes, so
<code>drop_unused_requests</code> honours
<code>before_record_request</code> filtering (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/962">#962</a>)
- thanks <a
href="https://github.com/jamesbraza"><code>@​jamesbraza</code></a></li>
<li>Make the request URL available on <code>VCRHTTPResponse</code> (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/976">#976</a>)
- thanks <a
href="https://github.com/dAnjou"><code>@​dAnjou</code></a></li>
<li>Improve error message when a matching request has already been
consumed (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/985">#985</a>)
- thanks <a
href="https://github.com/Polandia94"><code>@​Polandia94</code></a></li>
<li>Fix body check in <code>convert_body_to_unicode</code> to use an
explicit type check (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/982">#982</a>)
- thanks <a
href="https://github.com/Polandia94"><code>@​Polandia94</code></a></li>
<li>Add env proxy cassette regression test (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/994">#994</a>)
- thanks <a
href="https://github.com/tine1117"><code>@​tine1117</code></a></li>
<li>Remove milestone references from docs (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/984">#984</a>)
- thanks <a
href="https://github.com/Polandia94"><code>@​Polandia94</code></a></li>
<li>CI: bump sphinx-rtd-theme from 3.0.2 to 3.1.0 (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/973">#973</a>)</li>
</ul>
</li>
<li>
<p>8.1.1</p>
<ul>
<li>Fix sync requests in async contexts for HTTPX (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/965">#965</a>)
- thanks <a
href="https://github.com/seowalex"><code>@​seowalex</code></a></li>
<li>CI: bump peter-evans/create-pull-request from 7 to 8 (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/969">#969</a>)</li>
</ul>
</li>
<li>
<p>8.1.0</p>
<ul>
<li>Enable brotli decompression if available (via <code>brotli</code>,
<code>brotlipy</code> or <code>brotlicffi</code>) (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/620">#620</a>)
- thanks <a
href="https://github.com/immerrr"><code>@​immerrr</code></a></li>
<li>Fix aiohttp allowing both <code>data</code> and <code>json</code>
arguments when one is None (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/624">#624</a>)
- thanks <a
href="https://github.com/leorochael"><code>@​leorochael</code></a></li>
<li>Fix usage of io-like interface with VCR.py (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/906">#906</a>)
- thanks <a href="https://github.com/tito"><code>@​tito</code></a> and
<a href="https://github.com/kevdevg"><code>@​kevdevg</code></a></li>
<li>Migrate to declarative Python package config (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/767">#767</a>)
- thanks <a
href="https://github.com/deronnax"><code>@​deronnax</code></a></li>
<li>Various linting fixes - thanks <a
href="https://github.com/jairhenrique"><code>@​jairhenrique</code></a></li>
<li>CI: bump actions/checkout from 5 to 6 (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/955">#955</a>)</li>
</ul>
</li>
<li>
<p>8.0.0</p>
<ul>
<li>BREAKING: Drop support for Python 3.9 (major version bump) - thanks
<a
href="https://github.com/jairhenrique"><code>@​jairhenrique</code></a></li>
<li>BREAKING: Drop support for urllib3 &lt; 2 - fixes CVE warnings from
urllib3 1.x (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/926">#926</a>,
<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/880">#880</a>)
- thanks <a
href="https://github.com/jairhenrique"><code>@​jairhenrique</code></a></li>
<li>New feature: <code>drop_unused_requests</code> option to remove
unused interactions from cassettes (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/763">#763</a>)
- thanks <a
href="https://github.com/danielnsilva"><code>@​danielnsilva</code></a></li>
<li>Rewrite httpx support to patch httpcore instead of httpx (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/943">#943</a>)
- thanks <a
href="https://github.com/seowalex"><code>@​seowalex</code></a>
<ul>
<li>Fixes <code>httpx.ResponseNotRead</code> exceptions (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/832">#832</a>,
<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/834">#834</a>)</li>
<li>Fixes <code>KeyError: 'follow_redirects'</code> (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/945">#945</a>)</li>
<li>Adds support for custom httpx transports</li>
</ul>
</li>
<li>Fix HTTPS proxy handling - proxy address no longer ends up in
cassette URIs (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/809">#809</a>,
<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/914">#914</a>)
- thanks <a href="https://github.com/alga"><code>@​alga</code></a></li>
<li>Fix <code>iscoroutinefunction</code> deprecation warning on Python
3.14 - thanks <a
href="https://github.com/kloczek"><code>@​kloczek</code></a></li>
<li>Only log message if response is appended - thanks <a
href="https://github.com/talfus-laddus"><code>@​talfus-laddus</code></a></li>
<li>Optimize urllib.parse calls - thanks <a
href="https://github.com/Martin-Brunthaler"><code>@​Martin-Brunthaler</code></a></li>
<li>Fix CI for Ubuntu 24.04 - thanks <a
href="https://github.com/hartwork"><code>@​hartwork</code></a></li>
<li>Various CI improvements: migrate to uv, update GitHub Actions -
thanks <a
href="https://github.com/jairhenrique"><code>@​jairhenrique</code></a></li>
<li>Various linting and test improvements - thanks <a
href="https://github.com/jairhenrique"><code>@​jairhenrique</code></a>
and <a
href="https://github.com/hartwork"><code>@​hartwork</code></a></li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="85312039e9"><code>8531203</code></a>
Release v8.2.1</li>
<li><a
href="045acb1b5f"><code>045acb1</code></a>
Use a safe YAML loader for cassettes to prevent code execution</li>
<li><a
href="de43f46247"><code>de43f46</code></a>
Fix lint failures from merged PRs (codespell + ruff UP032)</li>
<li><a
href="514c374796"><code>514c374</code></a>
Validate record_mode and raise a clear error on invalid values</li>
<li><a
href="b736cadd58"><code>b736cad</code></a>
docs: recommend pytest-recording over unmaintained pytest-vcr</li>
<li><a
href="06758c9879"><code>06758c9</code></a>
Release v8.2.0</li>
<li><a
href="6554837e02"><code>6554837</code></a>
Add env proxy cassette regression test (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/994">#994</a>)</li>
<li><a
href="62cf5e1272"><code>62cf5e1</code></a>
Accounting for modified requests when storing played cassettes, with a
test (...</li>
<li><a
href="13f201a820"><code>13f201a</code></a>
make url available in VCRHTTPResponse (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/976">#976</a>)</li>
<li><a
href="d57b55339e"><code>d57b553</code></a>
improve error message on repeated requestt (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/985">#985</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/kevin1024/vcrpy/compare/v8.1.1...v8.2.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=vcrpy&package-manager=uv&previous-version=8.1.1&new-version=8.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-19 22:08:24 -04:00
dependabot[bot]
27157b03a2 chore: bump langsmith from 0.8.5 to 0.8.18 in /libs/partners/anthropic (#38325)
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from
0.8.5 to 0.8.18.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.8.18</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(deps-dev): bump vitest from 3.2.4 to 3.2.6 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3002">langchain-ai/langsmith-sdk#3002</a></li>
<li>chore(deps): bump pyjwt from 2.12.1 to 2.13.0 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3030">langchain-ai/langsmith-sdk#3030</a></li>
<li>chore(deps): bump python-multipart from 0.0.27 to 0.0.31 in /python
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3036">langchain-ai/langsmith-sdk#3036</a></li>
<li>chore(deps): bump aiohttp from 3.14.0 to 3.14.1 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3037">langchain-ai/langsmith-sdk#3037</a></li>
<li>chore(deps): bump cryptography from 46.0.7 to 48.0.1 in /python by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3038">langchain-ai/langsmith-sdk#3038</a></li>
<li>chore(deps): bump starlette from 1.0.1 to 1.3.1 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3039">langchain-ai/langsmith-sdk#3039</a></li>
<li>chore(deps-dev): bump langchain-anthropic from 1.4.4 to 1.4.6 in
/python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3044">langchain-ai/langsmith-sdk#3044</a></li>
<li>chore(deps): bump the npm_and_yarn group across 4 directories with 4
updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3046">langchain-ai/langsmith-sdk#3046</a></li>
<li>chore(deps): bump the npm_and_yarn group across 2 directories with 2
updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3060">langchain-ai/langsmith-sdk#3060</a></li>
<li>test(python): fix integration assertions for updated attachment
error message by <a
href="https://github.com/QuentinBrosse"><code>@​QuentinBrosse</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3061">langchain-ai/langsmith-sdk#3061</a></li>
<li>chore: reconcile bumpversion config and mandate release process for
agents by <a
href="https://github.com/QuentinBrosse"><code>@​QuentinBrosse</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3062">langchain-ai/langsmith-sdk#3062</a></li>
<li>release(py): 0.8.18 by <a
href="https://github.com/QuentinBrosse"><code>@​QuentinBrosse</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3063">langchain-ai/langsmith-sdk#3063</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.17...v0.8.18">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.17...v0.8.18</a></p>
<h2>v0.8.17</h2>
<h2>What's Changed</h2>
<ul>
<li>feat: expose the resources from the generated openapi client in the
langsmith client by <a
href="https://github.com/sineha-mani"><code>@​sineha-mani</code></a> in
<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3018">langchain-ai/langsmith-sdk#3018</a></li>
<li>feat(js): port <code>isTracingEnabled</code> utility from Python by
<a href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3032">langchain-ai/langsmith-sdk#3032</a></li>
<li>Add sandbox mount support to JS SDK by <a
href="https://github.com/DanielKneipp"><code>@​DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3010">langchain-ai/langsmith-sdk#3010</a></li>
<li>release(js): bump to 0.7.9 by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3035">langchain-ai/langsmith-sdk#3035</a></li>
<li>Add sandbox mount support to Python SDK by <a
href="https://github.com/DanielKneipp"><code>@​DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3009">langchain-ai/langsmith-sdk#3009</a></li>
<li>docs: note that _openapi_client directories are auto-generated by <a
href="https://github.com/KiewanVillatel"><code>@​KiewanVillatel</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3034">langchain-ai/langsmith-sdk#3034</a></li>
<li>fix: update JS SDK type declarations with skipLibCheck disabled by
<a href="https://github.com/sineha-mani"><code>@​sineha-mani</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3043">langchain-ai/langsmith-sdk#3043</a></li>
<li>release(js): 0.7.10 by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3045">langchain-ai/langsmith-sdk#3045</a></li>
<li>feat: adding python async for online evals by <a
href="https://github.com/sineha-mani"><code>@​sineha-mani</code></a> in
<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3048">langchain-ai/langsmith-sdk#3048</a></li>
<li>Add sandbox Git mount SDK helpers by <a
href="https://github.com/DanielKneipp"><code>@​DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3040">langchain-ai/langsmith-sdk#3040</a></li>
<li>fix: use insights tab in sdk report links [closes LSO-2936] by <a
href="https://github.com/eric-langchain"><code>@​eric-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3050">langchain-ai/langsmith-sdk#3050</a></li>
<li>feat(client): warn when backend version is below minimum required by
<a
href="https://github.com/KiewanVillatel"><code>@​KiewanVillatel</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3041">langchain-ai/langsmith-sdk#3041</a></li>
<li>chore: bump _MIN_BACKEND_VERSION to 0.16.5rc1 by <a
href="https://github.com/langtions-bot"><code>@​langtions-bot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3053">langchain-ai/langsmith-sdk#3053</a></li>
<li>fix(sandbox): use built-in gcp auth host matching by <a
href="https://github.com/DanielKneipp"><code>@​DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3055">langchain-ai/langsmith-sdk#3055</a></li>
<li>chore(python): py to 0.8.17 by <a
href="https://github.com/sineha-mani"><code>@​sineha-mani</code></a> in
<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3056">langchain-ai/langsmith-sdk#3056</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/sineha-mani"><code>@​sineha-mani</code></a>
made their first contribution in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3018">langchain-ai/langsmith-sdk#3018</a></li>
<li><a
href="https://github.com/eric-langchain"><code>@​eric-langchain</code></a>
made their first contribution in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3050">langchain-ai/langsmith-sdk#3050</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.16...v0.8.17">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.16...v0.8.17</a></p>
<h2>v0.8.16</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(py): add sync/async conversion for Sandbox and SandboxClient
[INF-0000] by <a
href="https://github.com/ramon-langchain"><code>@​ramon-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3019">langchain-ai/langsmith-sdk#3019</a></li>
<li>fix(experiments): extract keys from wrapped evaluator function by <a
href="https://github.com/shamikkarkhanis"><code>@​shamikkarkhanis</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3014">langchain-ai/langsmith-sdk#3014</a></li>
<li>chore: repoint <a
href="mailto:support@langchain.dev">support@langchain.dev</a> mentions
to the Support Portal by <a
href="https://github.com/lutan-langchain"><code>@​lutan-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3024">langchain-ai/langsmith-sdk#3024</a></li>
<li>fix(python): derive create_child run id from start_time [LSDK-220]
by <a
href="https://github.com/harisaiharish"><code>@​harisaiharish</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3027">langchain-ai/langsmith-sdk#3027</a></li>
<li>chore: sync langsmith_api by <a
href="https://github.com/langtions-bot"><code>@​langtions-bot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3020">langchain-ai/langsmith-sdk#3020</a></li>
<li>chore: js to 0.7.8 and py to 0.8.16 by <a
href="https://github.com/shamikkarkhanis"><code>@​shamikkarkhanis</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3029">langchain-ai/langsmith-sdk#3029</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="31c2bf650b"><code>31c2bf6</code></a>
release(py): 0.8.18 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3063">#3063</a>)</li>
<li><a
href="8955b68868"><code>8955b68</code></a>
chore: reconcile bumpversion config and mandate release process for
agents (#...</li>
<li><a
href="411401f6ca"><code>411401f</code></a>
test(python): fix integration assertions for updated attachment error
message...</li>
<li><a
href="9c5515620f"><code>9c55156</code></a>
Merge commit from fork</li>
<li><a
href="5b2bd8db3c"><code>5b2bd8d</code></a>
chore(deps): bump the npm_and_yarn group across 2 directories with 2
updates ...</li>
<li><a
href="d8642f9099"><code>d8642f9</code></a>
chore(deps): bump the npm_and_yarn group across 4 directories with 4
updates ...</li>
<li><a
href="953c2e5e25"><code>953c2e5</code></a>
chore(deps-dev): bump langchain-anthropic from 1.4.4 to 1.4.6 in /python
(<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3044">#3044</a>)</li>
<li><a
href="5513699e2d"><code>5513699</code></a>
chore(deps): bump starlette from 1.0.1 to 1.3.1 in /python (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3039">#3039</a>)</li>
<li><a
href="8becdefdf4"><code>8becdef</code></a>
chore(deps): bump cryptography from 46.0.7 to 48.0.1 in /python (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3038">#3038</a>)</li>
<li><a
href="1a9c522feb"><code>1a9c522</code></a>
chore(deps): bump aiohttp from 3.14.0 to 3.14.1 in /python (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3037">#3037</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.5...v0.8.18">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=langsmith&package-manager=uv&previous-version=0.8.5&new-version=0.8.18)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-19 22:07:13 -04:00
Mason Daugherty
f88d4f0212 docs(anthropic): clarify prompt caching middleware docstring (#38206)
Updates the `AnthropicPromptCachingMiddleware` class docstring so it no
longer implies the middleware itself tags the final message tail. It
tags the system message and tool definitions and passes `cache_control`
via `model_settings`; the chat model/provider applies the message-tail
and provider-specific behavior. Docstring-only, no runtime change.

Made by [Open
SWE](https://openswe.vercel.app/agents/27913c08-b40c-015e-afee-cf66788b7f08)

---------

Co-authored-by: open-swe[bot] <open-swe@users.noreply.github.com>
2026-06-17 14:58:32 -04:00
Mason Daugherty
63cc1f4e7d docs: refresh README installation and resources (#38119)
README installation examples now use `uv add` consistently, matching the
repo's `uv`-based Python workflow. The top-level README also gets a
cleaner quickstart and resource section with current links for docs,
community, learning, and contribution guidance.

## Changes
- Replaced `pip install` snippets with `uv add` across package quick
install docs, including the Hugging Face extras and
`sentence-transformers` upgrade examples.
- Updated the top-level quickstart to show only `uv add langchain` and
refreshed the example model to `openai:gpt-5.5`.
- Pointed the LangGraph orchestration link at the LangGraph GitHub
repository.
- Consolidated top-level documentation and additional-resource links
under a single `Resources` section covering docs, ecosystem overview,
API reference, discussions, Academy, contributing, and the Code of
Conduct.
- Added LangChain Academy and Code of Conduct links to package README
resource sections.
2026-06-12 17:38:22 -04:00
Mason Daugherty
86ce95afc2 test(core,langchain): update tests for explicit deserialization allowlists (#38118)
Core serialization tests now opt into the object allowlists they rely on
instead of assuming default deserialization permits core objects.
Compatibility tests that intentionally exercise deprecated runnable
streaming and history APIs also suppress the expected deprecation
warnings so they can keep covering those legacy paths cleanly.

## Changes
- Updated serialization and prompt round-trip tests to pass
`allowed_objects="core"` or targeted allowlists when loading
`AIMessage`, prompt templates, structured prompts, runnable maps, and
related core objects.
- Adjusted secret-injection regression coverage to keep testing
`secrets_from_env=True` behavior while explicitly allowing core
deserialization paths.
- Tightened prompt deserialization rejection tests so attribute-access
payloads are loaded only through the specific prompt-template allowlist
needed to reach validation.
- Added module-level warning filters around legacy runnable
compatibility coverage for `astream_log`,
`astream_events(version="v1")`, and `RunnableWithMessageHistory`.
- Bumped the `langchain` package's minimum `langgraph` dependency from
`1.2.4` to `1.2.5`.

## Testing
- Updated unit tests across core serialization, prompt, fake chat model,
runnable history, and runnable event coverage.
2026-06-12 16:49:14 -04:00
Mason Daugherty
4108c0738c release(core): 1.4.7 (#38111)
Bumps `langchain-core` to `1.4.7` for the next patch release and updates
downstream minimum `langchain-core` requirements so package locks
resolve against the new core version.

This also refreshes the runnable snapshots that embed `lc_versions`
metadata so the version consistency check continues to validate
checked-in artifacts.

Validated with `python libs/core/scripts/check_version.py`, `uv lock
--check` across package lockfiles, and the core runnable tests that own
the updated snapshots with local LangSmith tracing env disabled.
2026-06-12 14:54:25 -04:00
Mason Daugherty
8837163917 fix(core,partners): rename package version trace metadata (#38110)
Package-version trace metadata now uses the LangChain-owned
`metadata["lc_versions"]` convention instead of the user-owned
`metadata["versions"]` key. Metadata merging is narrowed so only
`lc_versions` accumulates nested package-version entries, while generic
nested metadata keeps normal last-writer-wins behavior.

## Changes
- Renamed `BaseLanguageModel._add_version()` trace metadata from
`versions` to `lc_versions`, including docstrings and the non-dict
replacement warning.
- Scoped `_merge_metadata_dicts()` nested-map accumulation to only
`lc_versions`; duplicate package entries remain last-writer-wins and
`lc_versions` mappings are copied defensively.
- Preserved user-owned `metadata["versions"]` semantics by keeping it
out of package-version tracking and generic nested metadata merging.
- Updated runnable snapshots and partner package metadata assertions
across Anthropic, DeepSeek, Fireworks, Groq, Hugging Face, MistralAI,
Ollama, OpenAI, OpenRouter, Perplexity, and xAI to expect `lc_versions`.

## Testing
- Added/adjusted core tests for `lc_versions` accumulation, duplicate
package overwrite behavior, non-dict `lc_versions` replacement,
defensive copying, and `metadata["versions"]` last-writer-wins behavior.
- Ran focused core and partner metadata tests plus Ruff checks for
changed areas.
2026-06-12 14:26:32 -04:00
Nick Hollon
c9f98c1bcd release(anthropic): 1.4.6 (#38105) 2026-06-12 12:50:59 -04:00
Nick Hollon
dcaf7795a3 fix(langchain,anthropic): confine file-search results and tighten anthropic allowed_prefixes (#38106) 2026-06-12 12:47:23 -04:00
Mason Daugherty
05cc55f1bc release(core): 1.4.6 (#38061) 2026-06-11 02:58:40 -04:00
Mason Daugherty
948f6cc58c feat(core,partners): add package version tracking to tracing metadata (#35295)
Following on the heels of #35293

TODO:
- Packages outside of this repo (e.g. LiteLLM, Nvidia, Google, AWS)

---

## Summary

Surface partner package versions in `metadata.versions` on LangSmith
traces. Mirrors the JS SDK's `_addVersion()` pattern
([langchainjs#10106](https://github.com/langchain-ai/langchainjs/pull/10106)).

Each model constructor records its package version via `_add_version()`
on `BaseLanguageModel`. The version dict accumulates through the class
hierarchy — `langchain-core` is added in
`BaseLanguageModel.model_post_init`, `langchain-openai` in
`BaseChatOpenAI._set_openai_chat_version`, and each leaf partner in its
uniquely-named `model_validator`. Traces end up with:

```json
{
  "metadata": {
    "versions": {
      "langchain-core": "1.4.5",
      "langchain-openai": "1.3.0",
      "langchain-xai": "1.2.2"
    }
  }
}
```

### Changes

- `BaseLanguageModel._add_version(pkg, version)` — appends to
`self.metadata["versions"]`; accepts any `Mapping` type; emits a warning
if a non-mapping value is found and replaced
- `BaseLanguageModel.model_post_init` — adds `langchain-core` version;
calls `super()` for MRO safety
- `_merge_metadata_dicts` — one-level-deep (non-recursive) merge for
nested dict metadata keys
- `CallbackManager.add_metadata` — uses `_merge_metadata_dicts` instead
of flat `dict.update()` so nested metadata dicts (like `versions`)
coexist rather than clobber
- `merge_configs` — uses `_merge_metadata_dicts` for config merging

**Partners:**
- Each now calls `self._add_version("langchain-<pkg>", __version__)`

### Design decisions

- **Constructor-based, not `_get_ls_params`-based** — versions flow
through `self.metadata` (local metadata on traces), not through
`LangSmithParams`. This matches JS and makes child-class version
inheritance automatic (no merge/clobber issues).
- **`versions` is local (non-inheritable) metadata** — `self.metadata`
is passed to `CallbackManager.configure` as `local_metadata`
(`add_metadata(..., inherit=False)`), so `versions` is attached **once
per chat-model run** and is **not** propagated to child runs or
duplicated onto every streaming chunk. This is intentionally the
opposite of the inheritable-per-chunk metadata that #36588 was reducing
for performance — `versions` does not regress that path.
- **`add_metadata` deep-merge is a correctness fix, not just for
versions** — previously `add_metadata`/`merge_configs` did a flat
top-level `dict.update`/spread, so any nested metadata dict baked into a
config (e.g. via `.with_config({"metadata": {...}})`) would be wholly
replaced when a caller also passed `metadata`. `_merge_metadata_dicts`
merges one level deep so user-provided `config.metadata.versions` and
model-set `versions` coexist instead of clobbering. The merge runs once
per `configure` (not per chunk), so it is off the streaming hot path.
- **One level deep only** — `_merge_metadata_dicts` is deliberately
*not* a recursive deep merge; values nested more than one level are
last-writer-wins. This covers the `versions` case without the
ambiguity/cost of arbitrary-depth merging.
- **Warn on non-dict `metadata["versions"]`** — if a user sets
`metadata={"versions": "some-string"}`, `_add_version` emits a warning
and replaces the value with the version dict rather than silently
discarding user data or crashing. This is a soft breaking change for
anyone who previously stored non-dict values at this key.

### Follow-ups (tracked separately, out of scope here)

- JS `mergeConfigs` still flat-spreads nested metadata, so
`metadata.versions` can still clobber on the JS side until an equivalent
deep-merge lands.

---

Made by [Open SWE](https://openswe.vercel.app)

---------

Co-authored-by: open-swe[bot] <open-swe@users.noreply.github.com>
2026-06-11 02:23:19 -04:00
Christophe Bornet
1de100f278 chore(infra): bump mypy to 2.1 and unify type-check config across the monorepo (#36470)
Originally a narrow bump of mypy to `1.20` in four packages. Expanded to
get the whole monorepo onto a single, current mypy and a consistent
type-check configuration, so contributors no longer hit different mypy
versions and divergent behavior depending on which package they touch.

### What changed

- **Unified the mypy pin to `>=2.1.0,<2.2.0`** in every mypy-using
package (6 libs + 14 partners), replacing the previously scattered pins
(`1.10`/`1.17`/`1.18`/`1.19`/`1.20`, with assorted upper bounds).
- **Unified the `[tool.mypy]` base per tier:**
- libs: `plugins = ["pydantic.mypy"]`, `strict = true`,
`enable_error_code = "deprecated"`, `warn_unreachable = true`
  - partners: `disallow_untyped_defs = true`
- Normalized style (`disallow_untyped_defs = "True"` string → bool,
quote/key consistency).
- **Fixed the 20 real errors** mypy 2.1 surfaces: `redundant-cast` from
improved narrowing (`core`, `langchain-classic`), a `var-annotated` for
`_LOGGED`, a return-type widening in `langchain-groq`'s
`_convert_from_v1_to_groq` (it can legitimately return a bare `str`),
and stale `type-arg`/`unused-ignore` in `langchain-model-profiles`
tests.

### Deliberate non-uniformity (documented inline in the relevant
`pyproject.toml`s)

Going fully byte-identical would surface ~196 additional errors that are
*not* real bugs, so two settings are kept package-appropriate:

- **`warn_unreachable`** is enabled on every strict lib **except
`core`**, where it false-flags intentional defensive code — including
the SSRF / IP-policy guards in `_security/` — as unreachable.
- **`pydantic.mypy` plugin** is used only on `anthropic` and
`perplexity` (their code is authored against it and reports ~99/~132
errors without it). It is *not* added to the other partners, where it
only flags the public alias constructor API (e.g. `ChatGroq(model=...)`)
in tests rather than finding bugs.
- **`ollama`** is left on its `ty` type checker; it does not use mypy.

---------

Co-authored-by: Mason Daugherty <github@mdrxy.com>
2026-06-11 00:24:59 -04:00
Mason Daugherty
43880362d8 feat(standard-tests): validate tool call chunks during streaming (#34707)
As a LangChain user streaming a tool-calling model, I expect each
streamed chunk to expose structured `tool_call_chunk` content blocks so
I can render or process tool calls live, instead of waiting for the
final aggregated message.

This adds `tool_call_streaming` to `ModelProfile` and uses it in the
standard chat-model tool-calling tests. When a model profile opts in,
`test_tool_calling` and `test_tool_calling_async` now validate that at
least one streamed chunk includes a `tool_call_chunk` block via
`content_blocks`, while preserving the existing final-message
validation.

This keeps the contract profile-gated so providers can opt in once their
streaming chunk shape is verified. This PR opts in the providers
verified by smoke testing with straightforward profile coverage: OpenAI,
Anthropic, Fireworks, HuggingFace, OpenRouter, DeepSeek, and xAI. The
generated profile artifacts are refreshed so runtime profiles expose the
new capability flag.

Perplexity Responses also passed the smoke test, but its current profile
data is for the `sonar` family while the Responses smoke path used a
routed model string. That profile strategy is left as follow-up.
MistralAI currently streams `.tool_call_chunks`, but its content-block
translator exposes a complete `tool_call` block instead of
`tool_call_chunk`, so it also stays out of this flag until that
integration is fixed.
2026-06-10 22:29:02 -04:00
Mason Daugherty
007ae66405 test(anthropic): make expected warnings explicit (#38044)
Warning-producing test paths now either exercise the intended Anthropic
model branch or explicitly assert expected warnings. That keeps `make
test` output clean while preserving coverage for backwards-compatible
parameters, deprecated `AnthropicLLM`, and standard structured-output
behavior.
2026-06-10 19:45:37 -04:00
Mason Daugherty
f0a78bf0d7 test(anthropic): make tests robust to gateway base URL (#38043)
Anthropic unit tests now pin the expected API base URL where
serialization and initialization assertions depend on it. That keeps
local gateway settings like `ANTHROPIC_BASE_URL` from changing snapshot
output or default URL assertions during development.
2026-06-10 19:39:50 -04:00
Mason Daugherty
e989c869a4 release(anthropic): 1.4.5 (#38036) 2026-06-10 17:38:01 -04:00
Mason Daugherty
f89f4c5afe fix(core): support content block tokens in callbacks (#34739)
Supersedes #34727
Closes #30703

Related:
* langchain-ai/langchain-google#1460
* langchain-ai/langchain-google#1501

Fixing this at the `langchain-core` callback layer instead of
normalizing inside individual provider integrations, so structured
streaming content is preserved consistently.

---

Models are increasingly streaming structured content blocks instead of
plain text tokens. For example, Gemini 3 can stream text as
content-block lists, and Anthropic/tool-use flows can also produce
non-text message content. Today those values already reach
`on_llm_new_token`, but the callback API still advertises `token: str`,
which makes custom callbacks, tracers, and streaming helpers assume
every streamed value is text.

User story: as a LangChain user building a streaming callback for chat
models with tool calls, reasoning/thinking blocks, or provider-specific
structured content, I need `on_llm_new_token` to accept the same content
shape that chat model chunks can actually emit, so my callback can
observe the stream without providers flattening or dropping non-text
data.

Fixing this in `langchain-core` makes the existing runtime behavior
explicit at the shared callback boundary. Normalizing content blocks
inside each provider would duplicate logic, produce inconsistent
behavior across integrations, and in some cases lose required provider
metadata such as Gemini thought signatures.

## Changes

- Update the callback contract so streamed tokens can be either plain
text or structured content blocks
- Carry structured streamed content through tracing and event/log
streaming paths without forcing provider data into text too early
- Keep built-in text-oriented streaming callbacks working by converting
structured tokens only at the display/queue boundary
- Drop the now-incorrect `cast("str", ...)` on streamed content in
`BaseChatModel` so the producer side matches the widened callback
signature instead of asserting a string it doesn't always have (no
runtime change — `cast` is erased)
- Align Anthropic and Mistral content typing with the structured content
shapes already used by chat model messages
- Update callback tests to reflect that not every streamed value is text

## Compatibility

No runtime behavior change: no producer emits anything it wasn't already
emitting, and widening a parameter type is safe for existing callers and
handlers that pass or receive `str`. The one caveat is downstream code
that subclasses a callback handler or tracer and overrides
`on_llm_new_token` with a `token: str` annotation — under strict type
checking that override is now narrower than the base and will be flagged
as incompatible with the supertype. Such code still runs unchanged; the
fix is to widen the annotation to match.
2026-06-10 16:59:08 -04:00
langchain-model-profile-bot[bot]
2b4735712c chore(model-profiles): refresh model profile data (#38012)
Automated refresh of model profile data for all in-monorepo partner
integrations via `langchain-profiles refresh`.

🤖 Generated by the `refresh_model_profiles` workflow.

Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>
2026-06-10 10:57:23 -04:00
Mason Daugherty
c0103c3d2c hotfix(openai): min core dep (#37990) 2026-06-09 16:32:08 -04:00
Mason Daugherty
3b999176c8 test(langchain,partners): disable pytest-benchmark under xdist to silence PytestBenchmarkWarning (#37901)
Test targets run with `-n auto`, which makes `pytest-benchmark` (present
via `langchain-tests`) auto-disable itself and emit a
`PytestBenchmarkWarning` once per xdist worker. Passing
`--benchmark-disable` turns the plugin off explicitly so the warning
never fires, matching what `core` and `langchain_v1` already do.

## Changes
- Add `--benchmark-disable` to the `-n auto` test targets across
`langchain` (unit) and 14 partner packages' integration targets:
`anthropic`, `chroma`, `deepseek`, `exa`, `fireworks`, `groq`,
`huggingface`, `mistralai`, `nomic`, `ollama`, `openai`, `openrouter`,
`qdrant`, `xai`.
- Deliberately excluded `text-splitters` and `model-profiles`: their
`test` group doesn't install `pytest-benchmark`, so the flag would fail
with `unrecognized arguments`. Verified by importing the plugin under
each package's actual dependency group before editing.
2026-06-04 13:25:26 -04:00
langchain-model-profile-bot[bot]
414d7b8e94 chore(model-profiles): refresh model profile data (#37895)
Automated refresh of model profile data for all in-monorepo partner
integrations via `langchain-profiles refresh`.

🤖 Generated by the `refresh_model_profiles` workflow.

Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>
2026-06-04 10:31:52 -04:00
langchain-model-profile-bot[bot]
3893b9e344 chore(model-profiles): refresh model profile data (#37771)
Automated refresh of model profile data for all in-monorepo partner
integrations via `langchain-profiles refresh`.

🤖 Generated by the `refresh_model_profiles` workflow.

Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>
2026-05-29 12:50:26 -04:00
Mason Daugherty
133887180e release(anthropic): 1.4.4 (#37757) 2026-05-28 16:17:11 -04:00
Mason Daugherty
1a5403d848 fix(anthropic): normalize cross-provider tool-call IDs (#37756)
Anthropic's API rejects `tool_use`/`tool_result` IDs that don't match
`^[a-zA-Z0-9_-]+$` with a 400. When a conversation thread is replayed
across providers — e.g. a user switches a running thread from Kimi (via
Fireworks) to Claude — the prior turns carry tool-call IDs minted by the
other provider (Kimi emits `functions.write_todos:0`, whose `.` and `:`
are invalid), and the request fails. Tool-call IDs are now normalized to
an Anthropic-compatible form during request formatting, with the
original `tool_use.id` and its paired `tool_use_id` mapped identically
so they stay linked.
2026-05-28 16:13:57 -04:00
Mason Daugherty
c7858c46d8 test(anthropic): retry integration tests on transient failures (#37697)
Enable `pytest-retry` on the `integration_tests` Make target so live API
flakes (e.g. `test_batch` timing out against `api.anthropic.com`) no
longer fail the job on first miss. Matches the existing convention in
`libs/partners/groq`.
2026-05-26 11:02:53 -04:00
Mason Daugherty
aef86c476d chore(infra): bump langchain-tests floor to 1.1.9 (#37610)
Bumps the `langchain-tests` minimum across the monorepo from `1.0.0` to
`1.1.9` and adds a partner-level `Makefile` so partner lockfiles can be
regenerated in one command, matching the existing convention under
`libs/`.
2026-05-21 13:36:22 -05:00
dependabot[bot]
ec83aeb81b chore: bump langsmith from 0.8.3 to 0.8.5 in /libs/partners/anthropic (#37564)
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from
0.8.3 to 0.8.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.8.5</h2>
<h2>What's Changed</h2>
<ul>
<li>release(js): 0.7.0 by <a
href="https://github.com/ramon-langchain"><code>@​ramon-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2890">langchain-ai/langsmith-sdk#2890</a></li>
<li>fix(js): add alias for <code>experimental/sandbox</code> to appease
broad peer dep range within <code>deepagents</code> by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2893">langchain-ai/langsmith-sdk#2893</a></li>
<li>feat(js): allow disabling multipart streaming via env variable by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2900">langchain-ai/langsmith-sdk#2900</a></li>
<li>feat(python): add Client.close() to release session [closes
LSDK-183] by <a
href="https://github.com/open-swe"><code>@​open-swe</code></a>[bot] in
<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2866">langchain-ai/langsmith-sdk#2866</a></li>
<li>feat(sandbox): forward client default headers on exec WebSocket by
<a href="https://github.com/open-swe"><code>@​open-swe</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2899">langchain-ai/langsmith-sdk#2899</a></li>
<li>release(js): 0.7.1 by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2902">langchain-ai/langsmith-sdk#2902</a></li>
<li>release(py): 0.8.5 by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2903">langchain-ai/langsmith-sdk#2903</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.4...v0.8.5">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.4...v0.8.5</a></p>
<h2>v0.8.4</h2>
<h2>What's Changed</h2>
<ul>
<li>release(js): 0.6.3 by <a
href="https://github.com/vishnu-ssuresh"><code>@​vishnu-ssuresh</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2864">langchain-ai/langsmith-sdk#2864</a></li>
<li>chore(deps): bump python-multipart from 0.0.26 to 0.0.27 in /python
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2859">langchain-ai/langsmith-sdk#2859</a></li>
<li>chore(deps-dev): bump <code>@​anthropic-ai/sdk</code> from 0.91.1 to
0.92.0 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2858">langchain-ai/langsmith-sdk#2858</a></li>
<li>chore(deps): bump postcss from 8.5.8 to 8.5.14 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2857">langchain-ai/langsmith-sdk#2857</a></li>
<li>chore(deps): bump hono from 4.12.15 to 4.12.18 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2860">langchain-ai/langsmith-sdk#2860</a></li>
<li>chore(deps-dev): bump langchain-core from 1.3.2 to 1.3.3 in /python
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2867">langchain-ai/langsmith-sdk#2867</a></li>
<li>chore(deps-dev): bump <code>@​anthropic-ai/sdk</code> from 0.92.0 to
0.93.0 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2869">langchain-ai/langsmith-sdk#2869</a></li>
<li>chore(deps): bump urllib3 from 2.6.3 to 2.7.0 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2873">langchain-ai/langsmith-sdk#2873</a></li>
<li>chore(deps): bump the py-minor-and-patch group across 1 directory
with 12 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2876">langchain-ai/langsmith-sdk#2876</a></li>
<li>chore(deps-dev): bump the js-minor-and-patch group across 1
directory with 16 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2877">langchain-ai/langsmith-sdk#2877</a></li>
<li>chore(deps): bump the py-minor-and-patch group across 1 directory
with 11 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2879">langchain-ai/langsmith-sdk#2879</a></li>
<li>chore(deps): bump the npm_and_yarn group across 2 directories with 2
updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2868">langchain-ai/langsmith-sdk#2868</a></li>
<li>chore(deps-dev): bump <code>@​anthropic-ai/sdk</code> from 0.93.0 to
0.94.0 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2878">langchain-ai/langsmith-sdk#2878</a></li>
<li>sdk(js): rename experimental/sandbox -&gt; sandbox (breaking) by <a
href="https://github.com/DanielKneipp"><code>@​DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2885">langchain-ai/langsmith-sdk#2885</a></li>
<li>sdk(py): drop sandbox alpha/experimental warnings by <a
href="https://github.com/DanielKneipp"><code>@​DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2884">langchain-ai/langsmith-sdk#2884</a></li>
<li>feat(sandbox): make snapshot optional and add TS options overload by
<a
href="https://github.com/ramon-langchain"><code>@​ramon-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2887">langchain-ai/langsmith-sdk#2887</a></li>
<li>release(py): 0.8.4 by <a
href="https://github.com/ramon-langchain"><code>@​ramon-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2889">langchain-ai/langsmith-sdk#2889</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.3...v0.8.4">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.3...v0.8.4</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ef9fcd5b47"><code>ef9fcd5</code></a>
release(py): 0.8.5 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2903">#2903</a>)</li>
<li><a
href="63b402eb3e"><code>63b402e</code></a>
release(js): 0.7.1 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2902">#2902</a>)</li>
<li><a
href="602a27ab11"><code>602a27a</code></a>
feat(sandbox): forward client default headers on exec WebSocket (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2899">#2899</a>)</li>
<li><a
href="126ef522f5"><code>126ef52</code></a>
feat(python): add Client.close() to release session [closes LSDK-183]
(<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2866">#2866</a>)</li>
<li><a
href="fddf88dd25"><code>fddf88d</code></a>
feat(js): allow disabling multipart streaming via env variable (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2900">#2900</a>)</li>
<li><a
href="19bfc57231"><code>19bfc57</code></a>
fix(js): add alias for <code>experimental/sandbox</code> to appease
broad peer dep range...</li>
<li><a
href="6717def07f"><code>6717def</code></a>
release(js): 0.7.0 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2890">#2890</a>)</li>
<li><a
href="273f8f9b0d"><code>273f8f9</code></a>
release(py): 0.8.4 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2889">#2889</a>)</li>
<li><a
href="afbf4fb970"><code>afbf4fb</code></a>
feat(sandbox): make snapshot optional and add TS options overload (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2887">#2887</a>)</li>
<li><a
href="54da5410a2"><code>54da541</code></a>
sdk(py): drop sandbox alpha/experimental warnings (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2884">#2884</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.3...v0.8.5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=langsmith&package-manager=uv&previous-version=0.8.3&new-version=0.8.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-19 12:50:36 -05:00
dependabot[bot]
f9670ed513 chore: bump idna from 3.11 to 3.15 in /libs/partners/anthropic (#37565)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [idna](https://github.com/kjd/idna) from 3.11 to 3.15.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/kjd/idna/blob/master/HISTORY.md">idna's
changelog</a>.</em></p>
<blockquote>
<h2>3.15 (2026-05-12)</h2>
<ul>
<li>Enforce DNS-length cap on individual labels early in
<code>check_label</code>,
short-circuiting contextual-rule processing for oversized input
while staying compatible with UTS 46 usage.</li>
<li>Tidy core helpers: hoist bidi category sets to module-level
frozensets (avoiding per-codepoint list construction), simplify
length checks, and reuse the shared <code>_unicode_dots_re</code> from
<code>idna.core</code> in the codec module.</li>
<li>Use <code>raise ... from err</code> for proper exception chaining
and
switch internal string formatting to f-strings.</li>
<li>Allow <code>flit_core</code> 4.x in the build backend.</li>
<li>Expand the ruff lint set (flake8-bugbear, flake8-simplify,
pyupgrade, perflint) and apply the surfaced fixes; pin lint CI
to Python 3.14.</li>
<li>Add Dependabot configuration for GitHub Actions.</li>
<li>Convert README and HISTORY from reStructuredText to Markdown.</li>
<li>Reference CVE-2026-45409 for the 3.14 advisory in place of the
initial GHSA identifier.</li>
</ul>
<p>Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for
contributions to this release.</p>
<h2>3.14 (2026-05-10)</h2>
<ul>
<li>Removed opportunity to process long inputs into quadratic
time by rejecting oversize inputs up-front. Closes a bypass
of the CVE-2024-3651 mitigation. [CVE-2026-45409]</li>
</ul>
<p>Thanks to Stan Ulbrych for reporting the issue.</p>
<h2>3.13 (2026-04-22)</h2>
<ul>
<li>Correct classification error for codepoint U+A7F1</li>
</ul>
<h2>3.12 (2026-04-21)</h2>
<ul>
<li>Update to Unicode 17.0.0.</li>
<li>Issue a deprecation warning for the transitional argument.</li>
<li>Added lazy-loading to provide some performance improvements.</li>
<li>Removed vestiges of code related to Python 2 support, including
segmentation of data structures specific to Jython.</li>
</ul>
<p>Thanks to Rodrigo Nogueira for contributions to this release.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="af30a092e1"><code>af30a09</code></a>
Release 3.15</li>
<li><a
href="30314d4628"><code>30314d4</code></a>
Pre-release 3.15rc0</li>
<li><a
href="05d4b219aa"><code>05d4b21</code></a>
Merge pull request <a
href="https://redirect.github.com/kjd/idna/issues/237">#237</a> from
kjd/convert-docs-to-markdown</li>
<li><a
href="2987fdba19"><code>2987fdb</code></a>
Convert README and HISTORY from reStructuredText to Markdown</li>
<li><a
href="59fa8002d5"><code>59fa800</code></a>
Merge pull request <a
href="https://redirect.github.com/kjd/idna/issues/236">#236</a> from
kjd/dependabot/github_actions/actions-f3e34333ea</li>
<li><a
href="def69834ce"><code>def6983</code></a>
Merge branch 'master' into
dependabot/github_actions/actions-f3e34333ea</li>
<li><a
href="bbd8004a79"><code>bbd8004</code></a>
Merge pull request <a
href="https://redirect.github.com/kjd/idna/issues/234">#234</a> from
StanFromIreland/patch-1</li>
<li><a
href="edd07c0502"><code>edd07c0</code></a>
Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions
group</li>
<li><a
href="5557db030c"><code>5557db0</code></a>
Merge branch 'master' into patch-1</li>
<li><a
href="f11746cf49"><code>f11746c</code></a>
Merge pull request <a
href="https://redirect.github.com/kjd/idna/issues/235">#235</a> from
StanFromIreland/patch-2</li>
<li>Additional commits viewable in <a
href="https://github.com/kjd/idna/compare/v3.11...v3.15">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=idna&package-manager=uv&previous-version=3.11&new-version=3.15)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-19 12:49:53 -05:00
Mason Daugherty
abd9d4ce31 ci(infra): harden Dependabot version-bound preservation (#37510)
Dependabot has been stripping upper/lower bounds from internal
`langchain-*` deps in partner `pyproject.toml` files (e.g. #37288
reduced `langchain-core>=1.3.2,<2.0.0` to bare `langchain-core`). Locks
down the config so bumps preserve existing specifiers, and restores the
bounds it already mangled across the monorepo.

## Changes
- Add `versioning-strategy: increase` to every `uv` ecosystem block in
`.github/dependabot.yml` so future bumps move the lower bound in place
instead of rewriting the constraint.
- Ignore workspace-internal packages (`langchain-core`, `langchain`,
`langchain-classic`, `langchain-text-splitters`, `langchain-tests`,
`langchain-model-profiles`) on every `uv` block — these are editable
installs from local paths and their published constraints are
hand-curated for release, not Dependabot's to bump.
- Restore stripped bounds across all `libs/` packages — runtime
`dependencies` and every dep group (`test`, `dev`, `test_integration`,
`typing`, `lint`) — to `>=1.4.0,<2.0.0` for `langchain-core` and
`>=1.0.0,<2.0.0` for the other internal packages.
2026-05-18 17:24:19 -05:00
Nick Hollon
da380bccf8 chore(infra): merge v1.4 into master (#37350) 2026-05-11 11:39:25 -07:00
dependabot[bot]
bbd10fe918 chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/anthropic (#37343)
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.6.3 to 2.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/releases">urllib3's
releases</a>.</em></p>
<blockquote>
<h2>2.7.0</h2>
<h2>🚀 urllib3 is fundraising for HTTP/2 support</h2>
<p><a
href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3
is raising ~$40,000 USD</a> to release HTTP/2 support and ensure
long-term sustainable maintenance of the project after a sharp decline
in financial support. If your company or organization uses Python and
would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and
thousands of other projects <a
href="https://opencollective.com/urllib3">please consider contributing
financially</a> to ensure HTTP/2 support is developed sustainably and
maintained for the long-haul.</p>
<p>Thank you for your support.</p>
<h2>Security</h2>
<p>Addressed high-severity security issues. Impact was limited to
specific use cases detailed in the accompanying advisories; overall user
exposure was estimated to be marginal.</p>
<ul>
<li>
<p>Decompression-bomb safeguards of the streaming API were bypassed:</p>
<ol>
<li>When <code>HTTPResponse.drain_conn()</code> was called after the
response had been read and decompressed partially. (Reported by <a
href="https://github.com/Cycloctane"><code>@​Cycloctane</code></a>)</li>
<li>During the second <code>HTTPResponse.read(amt=N)</code> or
<code>HTTPResponse.stream(amt=N)</code> call when the response was
decompressed using the official <a
href="https://pypi.org/project/brotli/">Brotli</a> library. (Reported by
<a
href="https://github.com/kimkou2024"><code>@​kimkou2024</code></a>)</li>
</ol>
<p>See GHSA-mf9v-mfxr-j63j for details.</p>
</li>
<li>
<p>HTTP pools created using
<code>ProxyManager.connection_from_url</code> did not strip sensitive
headers specified in <code>Retry.remove_headers_on_redirect</code> when
redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by <a
href="https://github.com/christos-spearbit"><code>@​christos-spearbit</code></a>)</p>
</li>
</ul>
<h2>Deprecations and Removals</h2>
<ul>
<li>Used <code>FutureWarning</code> instead of
<code>DeprecationWarning</code> for better visibility of existing
deprecation notices. Rescheduled the removal of deprecated features to
version 3.0. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3763">urllib3/urllib3#3763</a>)</li>
<li>Removed support for end-of-life Python 3.9. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3720">urllib3/urllib3#3720</a>)</li>
<li>Removed support for end-of-life PyPy3.10. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4979">urllib3/urllib3#4979</a>)</li>
<li>Bumped the minimum supported pyOpenSSL version to 19.0.0. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3777">urllib3/urllib3#3777</a>)</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>Fixed a bug where <code>HTTPResponse.read(amt=None)</code> was
ignoring decompressed data buffered from previous partial reads. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3636">urllib3/urllib3#3636</a>)</li>
<li>Fixed a bug where <code>HTTPResponse.read()</code> could cache only
part of the response after a partial read when
<code>cache_content=True</code>. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4967">urllib3/urllib3#4967</a>)</li>
<li>Fixed <code>HTTPResponse.stream()</code> and
<code>HTTPResponse.read_chunked()</code> to handle <code>amt=0</code>.
(<a
href="https://redirect.github.com/urllib3/urllib3/issues/3793">urllib3/urllib3#3793</a>)</li>
<li>Updated <code>_TYPE_BODY</code> type alias to include missing
<code>Iterable[str]</code>, matching the documented and runtime behavior
of chunked request bodies. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3798">urllib3/urllib3#3798</a>)</li>
<li>Fixed <code>LocationParseError</code> when paths resembling
schemeless URIs were passed to
<code>HTTPConnectionPool.urlopen()</code>. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3352">urllib3/urllib3#3352</a>)</li>
<li>Fixed <code>BaseHTTPResponse.readinto()</code> type annotation to
accept <code>memoryview</code> in addition to <code>bytearray</code>,
matching the <code>io.RawIOBase.readinto</code> contract and enabling
use with <code>io.BufferedReader</code> without type errors. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3764">urllib3/urllib3#3764</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's
changelog</a>.</em></p>
<blockquote>
<h1>2.7.0 (2026-05-07)</h1>
<h2>Security</h2>
<p>Addressed high-severity security issues.
Impact was limited to specific use cases detailed in the accompanying
advisories; overall user exposure was estimated to be marginal.</p>
<ul>
<li>
<p>Decompression-bomb safeguards of the streaming API were bypassed:</p>
<ol>
<li>When <code>HTTPResponse.drain_conn()</code> was called after the
response had been
read and decompressed partially.</li>
<li>During the second <code>HTTPResponse.read(amt=N)</code> or
<code>HTTPResponse.stream(amt=N)</code> call when the response was
decompressed
using the official <code>Brotli
&lt;https://pypi.org/project/brotli/&gt;</code>__ library.</li>
</ol>
<p>See <code>GHSA-mf9v-mfxr-j63j
&lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j&gt;</code>__
for details.</p>
</li>
<li>
<p>HTTP pools created using
<code>ProxyManager.connection_from_url</code> did not strip
sensitive headers specified in
<code>Retry.remove_headers_on_redirect</code> when
redirecting to a different host.
(<code>GHSA-qccp-gfcp-xxvc
&lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc&gt;</code>__)</p>
</li>
</ul>
<h2>Deprecations and Removals</h2>
<ul>
<li>Used <code>FutureWarning</code> instead of
<code>DeprecationWarning</code> for better
visibility of existing deprecation notices. Rescheduled the removal of
deprecated features to version 3.0.
(<code>[#3763](https://github.com/urllib3/urllib3/issues/3763)
&lt;https://github.com/urllib3/urllib3/issues/3763&gt;</code>__)</li>
<li>Removed support for end-of-life Python 3.9.
(<code>[#3720](https://github.com/urllib3/urllib3/issues/3720)
&lt;https://github.com/urllib3/urllib3/issues/3720&gt;</code>__)</li>
<li>Removed support for end-of-life PyPy3.10.
(<code>[#4979](https://github.com/urllib3/urllib3/issues/4979)
&lt;https://github.com/urllib3/urllib3/issues/4979&gt;</code>__)</li>
<li>Bumped the minimum supported pyOpenSSL version to 19.0.0.
(<code>[#3777](https://github.com/urllib3/urllib3/issues/3777)
&lt;https://github.com/urllib3/urllib3/issues/3777&gt;</code>__)</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>Fixed a bug where <code>HTTPResponse.read(amt=None)</code> was
ignoring decompressed
data buffered from previous partial reads.
(<code>[#3636](https://github.com/urllib3/urllib3/issues/3636)
&lt;https://github.com/urllib3/urllib3/issues/3636&gt;</code>__)</li>
<li>Fixed a bug where <code>HTTPResponse.read()</code> could cache only
part of the
response after a partial read when <code>cache_content=True</code>.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9a950b92d9"><code>9a950b9</code></a>
Release 2.7.0</li>
<li><a
href="5ec0de499b"><code>5ec0de4</code></a>
Merge commit from fork</li>
<li><a
href="2bdcc44d1e"><code>2bdcc44</code></a>
Merge commit from fork</li>
<li><a
href="f45b0df09d"><code>f45b0df</code></a>
Fix a misleading example for <code>ProxyManager</code> (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4970">#4970</a>)</li>
<li><a
href="577193ca02"><code>577193c</code></a>
Switch to nightly PyPy3.11 in CI for now (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4984">#4984</a>)</li>
<li><a
href="e90af45bb0"><code>e90af45</code></a>
Avoid infinite loop in <code>HTTPResponse.read_chunked</code> when
<code>amt=0</code> (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4974">#4974</a>)</li>
<li><a
href="67ed74fdae"><code>67ed74f</code></a>
Bump dev dependencies (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4972">#4972</a>)</li>
<li><a
href="3abd481097"><code>3abd481</code></a>
Upgrade mypy to version 1.20.2 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4978">#4978</a>)</li>
<li><a
href="2b8725dfca"><code>2b8725d</code></a>
Drop support for EOL PyPy3.10 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4979">#4979</a>)</li>
<li><a
href="2944b2a0a6"><code>2944b2a</code></a>
Upgrade <code>setup-chrome</code> and <code>setup-firefox</code> to fix
warnings (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4973">#4973</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-11 11:20:13 -07:00
dependabot[bot]
2d77aa4a89 chore: bump requests from 2.33.0 to 2.33.1 in /libs/partners/anthropic (#37286)
Bumps [requests](https://github.com/psf/requests) from 2.33.0 to 2.33.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/releases">requests's
releases</a>.</em></p>
<blockquote>
<h2>v2.33.1</h2>
<h2>2.33.1 (2026-03-30)</h2>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary
files in the tmp directory. (<a
href="https://redirect.github.com/psf/requests/issues/7305">#7305</a>)</li>
<li>Fixed Content-Type header parsing for malformed values. (<a
href="https://redirect.github.com/psf/requests/issues/7309">#7309</a>)</li>
<li>Improved error consistency for malformed header values. (<a
href="https://redirect.github.com/psf/requests/issues/7308">#7308</a>)</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/ferdnyc"><code>@​ferdnyc</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/7277">psf/requests#7277</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30">https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's
changelog</a>.</em></p>
<blockquote>
<h2>2.33.1 (2026-03-30)</h2>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary
files in the tmp directory. (<a
href="https://redirect.github.com/psf/requests/issues/7305">#7305</a>)</li>
<li>Fixed Content-Type header parsing for malformed values. (<a
href="https://redirect.github.com/psf/requests/issues/7309">#7309</a>)</li>
<li>Improved error consistency for malformed header values. (<a
href="https://redirect.github.com/psf/requests/issues/7308">#7308</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="111d2b7779"><code>111d2b7</code></a>
v2.33.1</li>
<li><a
href="f0198e6dfc"><code>f0198e6</code></a>
Fix malformed value parsing for Content-Type (<a
href="https://redirect.github.com/psf/requests/issues/7309">#7309</a>)</li>
<li><a
href="bc7dd0fc4d"><code>bc7dd0f</code></a>
Fix cosmetic header validity parsing regex (<a
href="https://redirect.github.com/psf/requests/issues/7308">#7308</a>)</li>
<li><a
href="4443b1a847"><code>4443b1a</code></a>
Fix unintended test extra (<a
href="https://redirect.github.com/psf/requests/issues/7306">#7306</a>)</li>
<li><a
href="389eea58df"><code>389eea5</code></a>
Cleanup extracted file after extract_zipped_path test (<a
href="https://redirect.github.com/psf/requests/issues/7305">#7305</a>)</li>
<li><a
href="7407309c8a"><code>7407309</code></a>
Packaging: DRY out extras definition (<a
href="https://redirect.github.com/psf/requests/issues/7277">#7277</a>)</li>
<li>See full diff in <a
href="https://github.com/psf/requests/compare/v2.33.0...v2.33.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=requests&package-manager=uv&previous-version=2.33.0&new-version=2.33.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-09 12:20:22 -04:00
dependabot[bot]
81f59692aa chore: bump langsmith from 0.7.31 to 0.8.3 in /libs/partners/anthropic (#37287)
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from
0.7.31 to 0.8.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.8.3</h2>
<h2>What's Changed</h2>
<ul>
<li>fix(js): prevent sending [object Object] as span attribute when
dealing with nested objects, send full langsmith.usage_metadata if
present by <a href="https://github.com/dqbd"><code>@​dqbd</code></a> in
<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2845">langchain-ai/langsmith-sdk#2845</a></li>
<li>release(js): bump to 0.6.2 by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2856">langchain-ai/langsmith-sdk#2856</a></li>
<li>sdk(py): replace ttl_seconds with idle_ttl_seconds +
delete_after_stop_seconds by <a
href="https://github.com/DanielKneipp"><code>@​DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2853">langchain-ai/langsmith-sdk#2853</a></li>
<li>sdk(js): replace ttlSeconds with idleTtlSeconds +
deleteAfterStopSeconds by <a
href="https://github.com/DanielKneipp"><code>@​DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2854">langchain-ai/langsmith-sdk#2854</a></li>
<li>Fix push_agent URL owner for name-only identifiers by <a
href="https://github.com/vishnu-ssuresh"><code>@​vishnu-ssuresh</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2862">langchain-ai/langsmith-sdk#2862</a></li>
<li>docs(langsmith): clarify trust boundaries when working with hub by
<a href="https://github.com/eyurtsev"><code>@​eyurtsev</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2861">langchain-ai/langsmith-sdk#2861</a></li>
<li>release(py): 0.8.3 by <a
href="https://github.com/vishnu-ssuresh"><code>@​vishnu-ssuresh</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2863">langchain-ai/langsmith-sdk#2863</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.2...v0.8.3">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.2...v0.8.3</a></p>
<h2>v0.8.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump JS SDK version to 0.6.1 by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2847">langchain-ai/langsmith-sdk#2847</a></li>
<li>fix: parse urllib3 version with packaging.Version by <a
href="https://github.com/justinwolfington"><code>@​justinwolfington</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2851">langchain-ai/langsmith-sdk#2851</a></li>
<li>Bump Python SDK version to 0.8.2 by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2855">langchain-ai/langsmith-sdk#2855</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/justinwolfington"><code>@​justinwolfington</code></a>
made their first contribution in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2851">langchain-ai/langsmith-sdk#2851</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.1...v0.8.2">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.1...v0.8.2</a></p>
<h2>v0.8.1</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(js): remove experimental opencode integration by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2836">langchain-ai/langsmith-sdk#2836</a></li>
<li>chore(deps-dev): bump google-adk from 1.10.0 to 1.28.1 in /python by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2823">langchain-ai/langsmith-sdk#2823</a></li>
<li>chore(deps): bump postcss from 8.5.8 to 8.5.12 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2827">langchain-ai/langsmith-sdk#2827</a></li>
<li>Add JS profile loading by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2834">langchain-ai/langsmith-sdk#2834</a></li>
<li>Add Python profile loading by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2835">langchain-ai/langsmith-sdk#2835</a></li>
<li>Extract JS profile auth service by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2846">langchain-ai/langsmith-sdk#2846</a></li>
<li>Bump Python SDK version to 0.8.1 by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2848">langchain-ai/langsmith-sdk#2848</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.0...v0.8.1">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.0...v0.8.1</a></p>
<h2>v0.8.0</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(js,py): JS 0.6.0, Py 0.8.0 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2831">langchain-ai/langsmith-sdk#2831</a></li>
<li>release(js): 0.6.0 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2832">langchain-ai/langsmith-sdk#2832</a></li>
<li>release(py): 0.8.0 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2833">langchain-ai/langsmith-sdk#2833</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.38...v0.8.0">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.38...v0.8.0</a></p>
<h2>v0.7.38</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(js): add tracing of opencode by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2776">langchain-ai/langsmith-sdk#2776</a></li>
<li>chore(js): Remove types/uuid by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2814">langchain-ai/langsmith-sdk#2814</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e2386ad8aa"><code>e2386ad</code></a>
release(py): 0.8.3 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2863">#2863</a>)</li>
<li><a
href="11d51a370f"><code>11d51a3</code></a>
docs(langsmith): clarify trust boundaries when working with hub (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2861">#2861</a>)</li>
<li><a
href="d98c3ed8a9"><code>d98c3ed</code></a>
Fix push_agent URL owner for name-only identifiers (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2862">#2862</a>)</li>
<li><a
href="418fd415fc"><code>418fd41</code></a>
sdk(js): replace ttlSeconds with idleTtlSeconds + deleteAfterStopSeconds
(<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2854">#2854</a>)</li>
<li><a
href="1baa2c197d"><code>1baa2c1</code></a>
sdk(py): replace ttl_seconds with idle_ttl_seconds +
delete_after_stop_second...</li>
<li><a
href="361c8dd869"><code>361c8dd</code></a>
release(js): bump to 0.6.2 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2856">#2856</a>)</li>
<li><a
href="0d42882f2d"><code>0d42882</code></a>
fix(js): prevent sending [object Object] as span attribute when dealing
with ...</li>
<li><a
href="619818ba8d"><code>619818b</code></a>
Bump Python SDK version to 0.8.2 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2855">#2855</a>)</li>
<li><a
href="8a7d3c1356"><code>8a7d3c1</code></a>
fix: parse urllib3 version with packaging.Version (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2851">#2851</a>)</li>
<li><a
href="54f887704f"><code>54f8877</code></a>
Bump JS SDK version to 0.6.1 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2847">#2847</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.31...v0.8.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=langsmith&package-manager=uv&previous-version=0.7.31&new-version=0.8.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-09 12:20:15 -04:00
dependabot[bot]
5810dbdf29 chore: bump langchain-core from 1.3.2 to 1.3.3 in /libs/partners/anthropic (#37288)
Bumps [langchain-core](https://github.com/langchain-ai/langchain) from
1.3.2 to 1.3.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langchain/releases">langchain-core's
releases</a>.</em></p>
<blockquote>
<h2>langchain-core==1.3.3</h2>
<p>Changes since langchain-core==1.3.2</p>
<p>release(core): 1.3.3 (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37198">#37198</a>)
fix(core): set deprecation <code>since</code> to 1.3.3 to match release
(<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37200">#37200</a>)
fix(core, langchain): harden <code>load()</code> against untrusted
manifests (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37197">#37197</a>)
chore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37109">#37109</a>)
chore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in
/libs/core (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37129">#37129</a>)
fix(core): preserve structured <code>inputs</code> on tool runs in
tracers (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37108">#37108</a>)
release(perplexity): 1.2.0 (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37091">#37091</a>)
chore(docs): update x handle references (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37081">#37081</a>)
fix(core): make <code>removal</code> optional in
<code>warn_deprecated</code> (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37056">#37056</a>)
fix(core): validate batch_size in _batch and _abatch to prevent infinite
loop (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/36663">#36663</a>)
chore(core): mark stream_v2/astream_v2 as beta (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/36992">#36992</a>)</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5039dfec1f"><code>5039dfe</code></a>
release(core): 1.3.3 (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37198">#37198</a>)</li>
<li><a
href="55a7707837"><code>55a7707</code></a>
fix(core): set deprecation <code>since</code> to 1.3.3 to match release
(<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37200">#37200</a>)</li>
<li><a
href="c979c6187b"><code>c979c61</code></a>
fix(core, langchain): harden <code>load()</code> against untrusted
manifests (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37197">#37197</a>)</li>
<li><a
href="d7031101da"><code>d703110</code></a>
docs: update README.md (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37190">#37190</a>)</li>
<li><a
href="4d50a2a68b"><code>4d50a2a</code></a>
ci(infra): run pre-release checks before TestPyPI publish (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37194">#37194</a>)</li>
<li><a
href="9bd730e199"><code>9bd730e</code></a>
fix(fireworks): require <code>api_key</code> in
<code>FireworksEmbeddings</code> (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37193">#37193</a>)</li>
<li><a
href="f475f4191f"><code>f475f41</code></a>
release(mistralai): 1.1.4 (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37191">#37191</a>)</li>
<li><a
href="7dbff48aff"><code>7dbff48</code></a>
fix(mistralai): strip non-wire keys from <code>ToolMessage</code> (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37188">#37188</a>)</li>
<li><a
href="913816c440"><code>913816c</code></a>
release(fireworks): 1.3.1 (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37189">#37189</a>)</li>
<li><a
href="4498d3dc84"><code>4498d3d</code></a>
fix(fireworks): strip non-wire keys from <code>ToolMessage</code> text
content blocks (#...</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langchain/compare/langchain-core==1.3.2...langchain-core==1.3.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=langchain-core&package-manager=uv&previous-version=1.3.2&new-version=1.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-09 12:20:07 -04:00
Mason Daugherty
1c08d478d9 release(anthropic): 1.4.3 (#37166) 2026-05-03 13:30:08 -04:00
Mason Daugherty
5a9b1ec2dc refactor(langchain-classic): retarget deprecations to create_agent, other chores (#37164)
Sweep classic deprecations so every removal lands on `2.0.0`, runtime
warnings carry the auto-generated since/removal/alternative line, and
replacements steer at `langchain.agents.create_agent` and
`with_structured_output(...)` instead of pre-v1 LangGraph +
`python.langchain.com` links.

## Changes

- **Bump removal targets from `1.0` / `1.0.0` to `2.0.0`** across
agents, chains, memory, retrievers, structured-output, vectorstore
toolkits, and the `langchain_classic._api.module_import` shim — gives
users a real runway now that v1 has shipped.
- **Move bespoke `message=` strings onto `addendum=`** (or split into
`alternative=` + `addendum=`). `warn_deprecated` skips the
auto-generated since/removal/alternative line whenever `message=` is
set, so the prior pattern silently dropped that info from the runtime
`LangChainDeprecationWarning`. Matches the pattern already used in
`HTMLHeaderTextSplitter.split_text_from_url`, which is updated for
consistency.
- **Repoint `alternative=` at v1 replacements**: chains/memory/agent
toolkits → `langchain.agents.create_agent` (with checkpointer or
retrieval-tool guidance in the addendum); `openai_functions` and
`chains/structured_output` → `ChatModel.with_structured_output(...)`;
`openapi` chains → `ChatModel.bind_tools(...)` + HTTP client.
`ConversationChain` no longer points at `RunnableWithMessageHistory`.
- **Refresh `AGENT_DEPRECATION_WARNING`** in
`langchain_classic._api.deprecation` — drop stale LangGraph and
`python.langchain.com` links in favor of `langchain.agents.create_agent`
and the `docs.langchain.com/oss/python/migrate/langchain-v1` guide.
Propagates to all 13 caller sites in `agents/`.
- **Newly deprecate `langchain_classic.chat_models.init_chat_model` and
`langchain_classic.embeddings.init_embeddings`** with the framing
*"maintained in `langchain`; `langchain-classic` retains this entry
point for import-compatibility only"*. The classic docstring examples
and the warning admonition both point at `langchain.chat_models`.
- **Improve `init_chat_model` docstrings** in both `langchain_v1` and
the classic copy: clarify `provider:model` prefix vs. `model_provider=`,
recommend pinned IDs over moving aliases, add the `upstage` provider
row, and refresh examples to GA models (`gpt-5.5`, `claude-opus-4-7`).
- **Standardize partner Anthropic deprecations**: replace
`AnthropicLLM`'s `model_validator(raise_warning)` with
`@deprecated(since="0.1.0", removal="2.0.0",
alternative="ChatAnthropic")`, and pin the `ChatAnthropic`
`output_format` runtime warning at `langchain-anthropic 2.0.0` instead
of "a future version".
2026-05-03 13:15:59 -04:00
open-swe[bot]
ba897ffa7e chore(docs): update x handle references (#37081)
## Description
Updates package metadata and README badges so LangChain social links
point to the new `@langchain_oss` X handle. This was completed with
AI-agent assistance.

## Test Plan
- [ ] Validate README badges and package metadata links point to
`https://x.com/langchain_oss`

_Opened collaboratively by Mason Daugherty and open-swe._

---------

Co-authored-by: open-swe[bot] <open-swe@users.noreply.github.com>
Co-authored-by: Mason Daugherty <61371264+mdrxy@users.noreply.github.com>
2026-04-29 13:56:09 -04:00