Commit Graph

172 Commits

Author SHA1 Message Date
Mason Daugherty
a4294f9a39 chore(deps): refresh lockfiles (#38746) 2026-07-09 12:43:43 -04:00
langchain-oss-model-profiles[bot]
d73ba5b70b chore(model-profiles): refresh model profile data (#38739)
Automated refresh of model profile data for all in-monorepo partner
integrations via `langchain-profiles refresh`.

🤖 Generated by the [`refresh_model_profiles`
workflow](https://github.com/langchain-ai/langchain/blob/master/.github/workflows/refresh_model_profiles.yml).


## Summary of changes

**3 added · 1 removed · 4 changed** across 2 provider(s).

<details>
<summary>openrouter</summary>

** 2 added**
- `x-ai/grok-4.5` — 500,000 ctx, 500,000 out, text+image+pdf in,
reasoning, tools
- `~x-ai/grok-latest` — 500,000 ctx, 1,000,000 out, text+image+pdf in,
reasoning, tools

** 1 removed**
- `switchpoint/router`

**✏️ 4 changed**
- `deepseek/deepseek-v4-flash`: max output tokens 16,384 → 65,536
- `tencent/hy3`: max input tokens 202,752 → 262,144
- `x-ai/grok-build-0.1`: added PDF input
- `z-ai/glm-5.2`: max output tokens 32,768 → 1,048,576

</details>

<details>
<summary>xai</summary>

** 1 added**
- `grok-4.5` — 500,000 ctx, 500,000 out, text+image+pdf in, reasoning,
tools

</details>

Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>
2026-07-09 12:12:22 -04:00
dependabot[bot]
c20747e79e chore: bump langsmith from 0.8.18 to 0.9.5 in /libs/partners/xai (#38598)
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from
0.8.18 to 0.9.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.9.5</h2>
<h2>What's Changed</h2>
<ul>
<li>chore: sync langsmith_api by <a
href="https://github.com/langtions-bot"><code>@​langtions-bot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3126">langchain-ai/langsmith-sdk#3126</a></li>
<li>chore: bump _MIN_BACKEND_VERSION to 0.16.9rc1 by <a
href="https://github.com/langtions-bot"><code>@​langtions-bot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3127">langchain-ai/langsmith-sdk#3127</a></li>
<li>fix(sandbox): wrap all WS handshake failures as
SandboxConnectionError by <a
href="https://github.com/asrira428"><code>@​asrira428</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3130">langchain-ai/langsmith-sdk#3130</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.9.4...v0.9.5">https://github.com/langchain-ai/langsmith-sdk/compare/v0.9.4...v0.9.5</a></p>
<h2>v0.9.4</h2>
<h2>What's Changed</h2>
<ul>
<li>fix(google_adk): capture LLM inputs after before_model_callback runs
[LSDK-279] by <a
href="https://github.com/harisaiharish"><code>@​harisaiharish</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3094">langchain-ai/langsmith-sdk#3094</a></li>
<li>release(js): bump js sdk version to 0.7.13 by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3104">langchain-ai/langsmith-sdk#3104</a></li>
<li>chore: sync langsmith_api by <a
href="https://github.com/langtions-bot"><code>@​langtions-bot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3105">langchain-ai/langsmith-sdk#3105</a></li>
<li>doc: improve resource comments by <a
href="https://github.com/QuentinBrosse"><code>@​QuentinBrosse</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3108">langchain-ai/langsmith-sdk#3108</a></li>
<li>fix(client): apply anonymizer to run error field by <a
href="https://github.com/paarth-a"><code>@​paarth-a</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3100">langchain-ai/langsmith-sdk#3100</a></li>
<li>feat(client): expose datasets v2 resource + experiment-runs
integration tests [langchainplus#28358] by <a
href="https://github.com/GowriH-1"><code>@​GowriH-1</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3106">langchain-ai/langsmith-sdk#3106</a></li>
<li>fix(google-adk): set tool span as active tracing context in
wrap_tool_run_async by <a
href="https://github.com/navarra-lisandro"><code>@​navarra-lisandro</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3111">langchain-ai/langsmith-sdk#3111</a></li>
<li>fix(client): apply anonymizer to run error field (JS) by <a
href="https://github.com/paarth-a"><code>@​paarth-a</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3110">langchain-ai/langsmith-sdk#3110</a></li>
<li>fix(python): use current project issues endpoint by <a
href="https://github.com/khankaholic"><code>@​khankaholic</code></a> in
<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3064">langchain-ai/langsmith-sdk#3064</a></li>
<li>chore: sync langsmith_api by <a
href="https://github.com/langtions-bot"><code>@​langtions-bot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3120">langchain-ai/langsmith-sdk#3120</a></li>
<li>fix(js): Avoid setting usage_metadata on parent chain runs for
Claude Agent SDK runs by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3119">langchain-ai/langsmith-sdk#3119</a></li>
<li>feat(client): expose projects resource accessor on Python and JS
clients by <a
href="https://github.com/KiewanVillatel"><code>@​KiewanVillatel</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3109">langchain-ai/langsmith-sdk#3109</a></li>
<li>release(js): bump to 0.7.14 by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3121">langchain-ai/langsmith-sdk#3121</a></li>
<li>release(python): bump py version to 0.9.4 by <a
href="https://github.com/KiewanVillatel"><code>@​KiewanVillatel</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3124">langchain-ai/langsmith-sdk#3124</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/navarra-lisandro"><code>@​navarra-lisandro</code></a>
made their first contribution in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3111">langchain-ai/langsmith-sdk#3111</a></li>
<li><a
href="https://github.com/khankaholic"><code>@​khankaholic</code></a>
made their first contribution in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3064">langchain-ai/langsmith-sdk#3064</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.9.3...v0.9.4">https://github.com/langchain-ai/langsmith-sdk/compare/v0.9.3...v0.9.4</a></p>
<h2>v0.9.3</h2>
<h2>What's Changed</h2>
<ul>
<li>release(js): bump js sdk version to 0.7.12 by <a
href="https://github.com/KiewanVillatel"><code>@​KiewanVillatel</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3089">langchain-ai/langsmith-sdk#3089</a></li>
<li>feat(sandbox): do not gate dataplane ops on sandbox status by <a
href="https://github.com/ramon-langchain"><code>@​ramon-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3090">langchain-ai/langsmith-sdk#3090</a></li>
<li>chore: sync langsmith_api by <a
href="https://github.com/langtions-bot"><code>@​langtions-bot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3095">langchain-ai/langsmith-sdk#3095</a></li>
<li>ci: pin all GitHub Actions to immutable SHA pins by <a
href="https://github.com/jkennedyvz"><code>@​jkennedyvz</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3093">langchain-ai/langsmith-sdk#3093</a></li>
<li>chore(deps-dev): bump vcrpy from 8.1.1 to 8.2.1 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3074">langchain-ai/langsmith-sdk#3074</a></li>
<li>chore(deps): bump pydantic-settings from 2.13.1 to 2.14.2 in /python
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3075">langchain-ai/langsmith-sdk#3075</a></li>
<li>feat(sandbox): expose registries via generated v2 client by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3087">langchain-ai/langsmith-sdk#3087</a></li>
<li>fix(client): lazily initialize sync OpenAPI client by <a
href="https://github.com/KiewanVillatel"><code>@​KiewanVillatel</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3099">langchain-ai/langsmith-sdk#3099</a></li>
<li>release(python): bump py version to 0.9.3 by <a
href="https://github.com/KiewanVillatel"><code>@​KiewanVillatel</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3101">langchain-ai/langsmith-sdk#3101</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.9.2...v0.9.3">https://github.com/langchain-ai/langsmith-sdk/compare/v0.9.2...v0.9.3</a></p>
<h2>v0.9.2</h2>
<h2>What's Changed</h2>
<ul>
<li>release(js): bump js sdk version to 0.7.11 by <a
href="https://github.com/sineha-mani"><code>@​sineha-mani</code></a> in
<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3079">langchain-ai/langsmith-sdk#3079</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="55b7eec3f4"><code>55b7eec</code></a>
fix(sandbox): wrap all WS handshake failures as SandboxConnectionError
(<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3130">#3130</a>)</li>
<li><a
href="c732fbbe36"><code>c732fbb</code></a>
chore: bump _MIN_BACKEND_VERSION to 0.16.9rc1 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3127">#3127</a>)</li>
<li><a
href="796fb2bfd8"><code>796fb2b</code></a>
chore: sync langsmith_api (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3126">#3126</a>)</li>
<li><a
href="80d93c48c4"><code>80d93c4</code></a>
release(python): bump py version to 0.9.4 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3124">#3124</a>)</li>
<li><a
href="b453dd58d6"><code>b453dd5</code></a>
release(js): bump to 0.7.14 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3121">#3121</a>)</li>
<li><a
href="76f5c7136c"><code>76f5c71</code></a>
feat(client): expose projects resource accessor on Python and JS clients
(<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3109">#3109</a>)</li>
<li><a
href="5f32426109"><code>5f32426</code></a>
fix(js): Avoid setting usage_metadata on parent chain runs for Claude
Agent S...</li>
<li><a
href="03b53410f1"><code>03b5341</code></a>
chore: sync langsmith_api (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3120">#3120</a>)</li>
<li><a
href="7595f5c187"><code>7595f5c</code></a>
fix(python): use current project issues endpoint (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3064">#3064</a>)</li>
<li><a
href="b5291fac06"><code>b5291fa</code></a>
fix(client): apply anonymizer to run error field (JS) (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3110">#3110</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.18...v0.9.5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=langsmith&package-manager=uv&previous-version=0.8.18&new-version=0.9.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-01 15:00:52 -04:00
dependabot[bot]
a9f6ffbae1 chore: bump pytest from 9.1.0 to 9.1.1 in /libs/partners/xai (#38599)
Bumps [pytest](https://github.com/pytest-dev/pytest) from 9.1.0 to
9.1.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pytest-dev/pytest/releases">pytest's
releases</a>.</em></p>
<blockquote>
<h2>9.1.1</h2>
<h1>pytest 9.1.1 (2026-06-19)</h1>
<h2>Bug fixes</h2>
<ul>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14220">#14220</a>:
Fixed a logic bug in <code>pytest.RaisesGroup</code> which would might
cause it to display incorrect &quot;It matches <!-- raw HTML omitted
-->FooError()<!-- raw HTML omitted --> which was paired with <!-- raw
HTML omitted -->BarError<!-- raw HTML omitted -->&quot; messages.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14591">#14591</a>:
Fixed a regression in pytest 9.1.0 which caused overriding a
parametrized fixture with an indirect <!-- raw HTML omitted --><a
href="https://github.com/pytest"><code>@​pytest</code></a>.mark.parametrize<!--
raw HTML omitted --> to fail with &quot;duplicate parametrization of
'&lt;fixture name&gt;'&quot;.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14606">#14606</a>:
Fixed <code>list-item</code> typing errors from mypy in
<code>@pytest.mark.parametrize &lt;pytest.mark.parametrize
ref&gt;</code> <code>argvalues</code> parameter.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14608">#14608</a>:
Fixed a regression in pytest 9.1.0 where <code>conftest.py</code> files
located in <code>&lt;invocation dir&gt;/test*</code> were no longer
loaded as initial conftests when invoked without arguments.
This could cause certain hooks (like <code>pytest_addoption</code>) in
these files to not fire.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cf470ec0bf"><code>cf470ec</code></a>
Prepare release version 9.1.1</li>
<li><a
href="e0c8ce6cc5"><code>e0c8ce6</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14625">#14625</a>
from pytest-dev/patchback/backports/9.1.x/a07c31a97...</li>
<li><a
href="1b82d1694f"><code>1b82d16</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14624">#14624</a>
from pytest-dev/patchback/backports/9.1.x/b375b79ec...</li>
<li><a
href="501c4bc784"><code>501c4bc</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14596">#14596</a>
from bluetech/doc-classmethod</li>
<li><a
href="b61f588e36"><code>b61f588</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14622">#14622</a>
from chrisburr/fix-14608-initial-conftest-test-subdir</li>
<li><a
href="9a567e009f"><code>9a567e0</code></a>
[automated] Update plugin list (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14617">#14617</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14618">#14618</a>)</li>
<li><a
href="ef8b2993e5"><code>ef8b299</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14620">#14620</a>
from pytest-dev/patchback/backports/9.1.x/680f9f3ed...</li>
<li><a
href="66abd0784d"><code>66abd07</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14220">#14220</a>
from bysiber/fix-stale-iexp-raisesgroup</li>
<li><a
href="79fbf93b66"><code>79fbf93</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14612">#14612</a>
from pytest-dev/patchback/backports/9.1.x/974ed48b6...</li>
<li><a
href="0d312eb876"><code>0d312eb</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14611">#14611</a>
from bluetech/parametrize-argvalues-typing</li>
<li>Additional commits viewable in <a
href="https://github.com/pytest-dev/pytest/compare/9.1.0...9.1.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pytest&package-manager=uv&previous-version=9.1.0&new-version=9.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-01 15:00:44 -04:00
Mason Daugherty
673ce8c091 fix(xai): drop unsupported stop parameter (#38335)
`ChatXAI` currently forwards `stop` to xAI reasoning models, which xAI
rejects. This causes calls such as `ChatXAI(model="grok-3", stop=[...])`
and unprofiled reasoning aliases such as
`ChatXAI(model="grok-4-fast-reasoning", stop=[...])` to fail before the
model can respond.

This updates the xAI payload construction so unsupported `stop` values
are removed for reasoning models. The check uses generated model
profiles when available and keeps an explicit alias fallback for known
reasoning model names that may not be present in profile data, including
older Grok 3 aliases and Grok 4 reasoning aliases. Explicit
non-reasoning aliases continue to preserve `stop`.

The regression tests cover the reported Grok 3 path, a current profiled
reasoning model, the `grok-4-fast-reasoning` alias used by integration
tests, and a non-reasoning model that should continue to preserve
`stop`.

AI-assisted contribution: this PR includes changes authored with
AI-agent assistance.
2026-06-20 19:01:29 -04:00
dependabot[bot]
0588136904 chore: bump langsmith from 0.8.16 to 0.8.18 in /libs/partners/xai (#38283)
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from
0.8.16 to 0.8.18.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.8.18</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(deps-dev): bump vitest from 3.2.4 to 3.2.6 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3002">langchain-ai/langsmith-sdk#3002</a></li>
<li>chore(deps): bump pyjwt from 2.12.1 to 2.13.0 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3030">langchain-ai/langsmith-sdk#3030</a></li>
<li>chore(deps): bump python-multipart from 0.0.27 to 0.0.31 in /python
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3036">langchain-ai/langsmith-sdk#3036</a></li>
<li>chore(deps): bump aiohttp from 3.14.0 to 3.14.1 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3037">langchain-ai/langsmith-sdk#3037</a></li>
<li>chore(deps): bump cryptography from 46.0.7 to 48.0.1 in /python by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3038">langchain-ai/langsmith-sdk#3038</a></li>
<li>chore(deps): bump starlette from 1.0.1 to 1.3.1 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3039">langchain-ai/langsmith-sdk#3039</a></li>
<li>chore(deps-dev): bump langchain-anthropic from 1.4.4 to 1.4.6 in
/python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3044">langchain-ai/langsmith-sdk#3044</a></li>
<li>chore(deps): bump the npm_and_yarn group across 4 directories with 4
updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3046">langchain-ai/langsmith-sdk#3046</a></li>
<li>chore(deps): bump the npm_and_yarn group across 2 directories with 2
updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3060">langchain-ai/langsmith-sdk#3060</a></li>
<li>test(python): fix integration assertions for updated attachment
error message by <a
href="https://github.com/QuentinBrosse"><code>@​QuentinBrosse</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3061">langchain-ai/langsmith-sdk#3061</a></li>
<li>chore: reconcile bumpversion config and mandate release process for
agents by <a
href="https://github.com/QuentinBrosse"><code>@​QuentinBrosse</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3062">langchain-ai/langsmith-sdk#3062</a></li>
<li>release(py): 0.8.18 by <a
href="https://github.com/QuentinBrosse"><code>@​QuentinBrosse</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3063">langchain-ai/langsmith-sdk#3063</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.17...v0.8.18">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.17...v0.8.18</a></p>
<h2>v0.8.17</h2>
<h2>What's Changed</h2>
<ul>
<li>feat: expose the resources from the generated openapi client in the
langsmith client by <a
href="https://github.com/sineha-mani"><code>@​sineha-mani</code></a> in
<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3018">langchain-ai/langsmith-sdk#3018</a></li>
<li>feat(js): port <code>isTracingEnabled</code> utility from Python by
<a href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3032">langchain-ai/langsmith-sdk#3032</a></li>
<li>Add sandbox mount support to JS SDK by <a
href="https://github.com/DanielKneipp"><code>@​DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3010">langchain-ai/langsmith-sdk#3010</a></li>
<li>release(js): bump to 0.7.9 by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3035">langchain-ai/langsmith-sdk#3035</a></li>
<li>Add sandbox mount support to Python SDK by <a
href="https://github.com/DanielKneipp"><code>@​DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3009">langchain-ai/langsmith-sdk#3009</a></li>
<li>docs: note that _openapi_client directories are auto-generated by <a
href="https://github.com/KiewanVillatel"><code>@​KiewanVillatel</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3034">langchain-ai/langsmith-sdk#3034</a></li>
<li>fix: update JS SDK type declarations with skipLibCheck disabled by
<a href="https://github.com/sineha-mani"><code>@​sineha-mani</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3043">langchain-ai/langsmith-sdk#3043</a></li>
<li>release(js): 0.7.10 by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3045">langchain-ai/langsmith-sdk#3045</a></li>
<li>feat: adding python async for online evals by <a
href="https://github.com/sineha-mani"><code>@​sineha-mani</code></a> in
<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3048">langchain-ai/langsmith-sdk#3048</a></li>
<li>Add sandbox Git mount SDK helpers by <a
href="https://github.com/DanielKneipp"><code>@​DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3040">langchain-ai/langsmith-sdk#3040</a></li>
<li>fix: use insights tab in sdk report links [closes LSO-2936] by <a
href="https://github.com/eric-langchain"><code>@​eric-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3050">langchain-ai/langsmith-sdk#3050</a></li>
<li>feat(client): warn when backend version is below minimum required by
<a
href="https://github.com/KiewanVillatel"><code>@​KiewanVillatel</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3041">langchain-ai/langsmith-sdk#3041</a></li>
<li>chore: bump _MIN_BACKEND_VERSION to 0.16.5rc1 by <a
href="https://github.com/langtions-bot"><code>@​langtions-bot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3053">langchain-ai/langsmith-sdk#3053</a></li>
<li>fix(sandbox): use built-in gcp auth host matching by <a
href="https://github.com/DanielKneipp"><code>@​DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3055">langchain-ai/langsmith-sdk#3055</a></li>
<li>chore(python): py to 0.8.17 by <a
href="https://github.com/sineha-mani"><code>@​sineha-mani</code></a> in
<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3056">langchain-ai/langsmith-sdk#3056</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/sineha-mani"><code>@​sineha-mani</code></a>
made their first contribution in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3018">langchain-ai/langsmith-sdk#3018</a></li>
<li><a
href="https://github.com/eric-langchain"><code>@​eric-langchain</code></a>
made their first contribution in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3050">langchain-ai/langsmith-sdk#3050</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.16...v0.8.17">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.16...v0.8.17</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="31c2bf650b"><code>31c2bf6</code></a>
release(py): 0.8.18 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3063">#3063</a>)</li>
<li><a
href="8955b68868"><code>8955b68</code></a>
chore: reconcile bumpversion config and mandate release process for
agents (#...</li>
<li><a
href="411401f6ca"><code>411401f</code></a>
test(python): fix integration assertions for updated attachment error
message...</li>
<li><a
href="9c5515620f"><code>9c55156</code></a>
Merge commit from fork</li>
<li><a
href="5b2bd8db3c"><code>5b2bd8d</code></a>
chore(deps): bump the npm_and_yarn group across 2 directories with 2
updates ...</li>
<li><a
href="d8642f9099"><code>d8642f9</code></a>
chore(deps): bump the npm_and_yarn group across 4 directories with 4
updates ...</li>
<li><a
href="953c2e5e25"><code>953c2e5</code></a>
chore(deps-dev): bump langchain-anthropic from 1.4.4 to 1.4.6 in /python
(<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3044">#3044</a>)</li>
<li><a
href="5513699e2d"><code>5513699</code></a>
chore(deps): bump starlette from 1.0.1 to 1.3.1 in /python (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3039">#3039</a>)</li>
<li><a
href="8becdefdf4"><code>8becdef</code></a>
chore(deps): bump cryptography from 46.0.7 to 48.0.1 in /python (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3038">#3038</a>)</li>
<li><a
href="1a9c522feb"><code>1a9c522</code></a>
chore(deps): bump aiohttp from 3.14.0 to 3.14.1 in /python (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3037">#3037</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.16...v0.8.18">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-19 22:14:04 -04:00
dependabot[bot]
a1da994036 chore: bump vcrpy from 8.1.1 to 8.2.1 in /libs/partners/xai (#38285)
Bumps [vcrpy](https://github.com/kevin1024/vcrpy) from 8.1.1 to 8.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/kevin1024/vcrpy/releases">vcrpy's
releases</a>.</em></p>
<blockquote>
<h2>v8.2.1</h2>
<h2>What's Changed</h2>
<ul>
<li><strong>SECURITY:</strong> Cassettes are now loaded with a safe YAML
loader, preventing arbitrary code execution when a cassette from an
untrusted source is loaded. Previously a crafted cassette containing a
Python object tag (e.g. <code>!!python/object/apply:os.system</code>)
would execute code on load, including via the normal
<code>vcr.use_cassette()</code> path. Existing cassettes (including
file-upload/streaming bodies) continue to load. Advisory:
GHSA-rpj2-4hq8-938g — thanks <a
href="https://github.com/RamiAltai"><code>@​RamiAltai</code></a> and <a
href="https://github.com/EQSTLab"><code>@​EQSTLab</code></a> for the
reports.</li>
<li>Validate <code>record_mode</code> and raise a clear error on an
invalid value (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/208">#208</a>)</li>
<li>Recommend pytest-recording over the unmaintained pytest-vcr in the
docs (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/986">#986</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/kevin1024/vcrpy/compare/v8.2.0...v8.2.1">https://github.com/kevin1024/vcrpy/compare/v8.2.0...v8.2.1</a></p>
<h2>v8.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add support for httpx 2.x (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/993">#993</a>)
- thanks <a
href="https://github.com/dsfaccini"><code>@​dsfaccini</code></a></li>
<li>Patch httpx transports instead of httpcore (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/972">#972</a>)
- thanks <a
href="https://github.com/seowalex"><code>@​seowalex</code></a></li>
<li>Fix aiohttp 3.14 compatibility: <code>AsyncStreamReaderMixin</code>
removed and <code>ClientResponse</code> now requires
<code>stream_writer</code> (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/995">#995</a>)
- thanks <a
href="https://github.com/dsfaccini"><code>@​dsfaccini</code></a></li>
<li>Account for modified requests when storing played cassettes, so
<code>drop_unused_requests</code> honours
<code>before_record_request</code> filtering (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/962">#962</a>)
- thanks <a
href="https://github.com/jamesbraza"><code>@​jamesbraza</code></a></li>
<li>Make the request URL available on <code>VCRHTTPResponse</code> (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/976">#976</a>)
- thanks <a
href="https://github.com/dAnjou"><code>@​dAnjou</code></a></li>
<li>Improve error message when a matching request has already been
consumed (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/985">#985</a>)
- thanks <a
href="https://github.com/Polandia94"><code>@​Polandia94</code></a></li>
<li>Fix body check in <code>convert_body_to_unicode</code> to use an
explicit type check (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/982">#982</a>)
- thanks <a
href="https://github.com/Polandia94"><code>@​Polandia94</code></a></li>
<li>Add env proxy cassette regression test (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/994">#994</a>)
- thanks <a
href="https://github.com/tine1117"><code>@​tine1117</code></a></li>
<li>Remove milestone references from docs (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/984">#984</a>)
- thanks <a
href="https://github.com/Polandia94"><code>@​Polandia94</code></a></li>
<li>CI: bump sphinx-rtd-theme from 3.0.2 to 3.1.0 (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/973">#973</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/kevin1024/vcrpy/compare/v8.1.1...v8.2.0">https://github.com/kevin1024/vcrpy/compare/v8.1.1...v8.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/kevin1024/vcrpy/blob/master/docs/changelog.rst">vcrpy's
changelog</a>.</em></p>
<blockquote>
<h2>Changelog</h2>
<p>All help in providing PRs to close out bug issues is appreciated.
Even if that is providing a repo that fully replicates issues. We have
very generous contributors that have added these to bug issues which
meant another contributor picked up the bug and closed it out.</p>
<ul>
<li>
<p>8.2.1</p>
<ul>
<li>SECURITY: Load cassettes with a safe YAML loader, preventing
arbitrary code execution when a cassette from an untrusted source is
loaded (GHSA-rpj2-4hq8-938g) - thanks <a
href="https://github.com/RamiAltai"><code>@​RamiAltai</code></a> and <a
href="https://github.com/EQSTLab"><code>@​EQSTLab</code></a></li>
<li>Validate <code>record_mode</code> and raise a clear error on an
invalid value (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/208">#208</a>)</li>
<li>Recommend pytest-recording over the unmaintained pytest-vcr in the
docs (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/986">#986</a>)</li>
</ul>
</li>
<li>
<p>8.2.0</p>
<ul>
<li>Add support for httpx 2.x (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/993">#993</a>)
- thanks <a
href="https://github.com/dsfaccini"><code>@​dsfaccini</code></a></li>
<li>Patch httpx transports instead of httpcore (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/972">#972</a>)
- thanks <a
href="https://github.com/seowalex"><code>@​seowalex</code></a></li>
<li>Fix aiohttp 3.14 compatibility: <code>AsyncStreamReaderMixin</code>
removed and <code>ClientResponse</code> now requires
<code>stream_writer</code> (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/995">#995</a>)
- thanks <a
href="https://github.com/dsfaccini"><code>@​dsfaccini</code></a></li>
<li>Account for modified requests when storing played cassettes, so
<code>drop_unused_requests</code> honours
<code>before_record_request</code> filtering (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/962">#962</a>)
- thanks <a
href="https://github.com/jamesbraza"><code>@​jamesbraza</code></a></li>
<li>Make the request URL available on <code>VCRHTTPResponse</code> (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/976">#976</a>)
- thanks <a
href="https://github.com/dAnjou"><code>@​dAnjou</code></a></li>
<li>Improve error message when a matching request has already been
consumed (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/985">#985</a>)
- thanks <a
href="https://github.com/Polandia94"><code>@​Polandia94</code></a></li>
<li>Fix body check in <code>convert_body_to_unicode</code> to use an
explicit type check (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/982">#982</a>)
- thanks <a
href="https://github.com/Polandia94"><code>@​Polandia94</code></a></li>
<li>Add env proxy cassette regression test (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/994">#994</a>)
- thanks <a
href="https://github.com/tine1117"><code>@​tine1117</code></a></li>
<li>Remove milestone references from docs (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/984">#984</a>)
- thanks <a
href="https://github.com/Polandia94"><code>@​Polandia94</code></a></li>
<li>CI: bump sphinx-rtd-theme from 3.0.2 to 3.1.0 (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/973">#973</a>)</li>
</ul>
</li>
<li>
<p>8.1.1</p>
<ul>
<li>Fix sync requests in async contexts for HTTPX (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/965">#965</a>)
- thanks <a
href="https://github.com/seowalex"><code>@​seowalex</code></a></li>
<li>CI: bump peter-evans/create-pull-request from 7 to 8 (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/969">#969</a>)</li>
</ul>
</li>
<li>
<p>8.1.0</p>
<ul>
<li>Enable brotli decompression if available (via <code>brotli</code>,
<code>brotlipy</code> or <code>brotlicffi</code>) (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/620">#620</a>)
- thanks <a
href="https://github.com/immerrr"><code>@​immerrr</code></a></li>
<li>Fix aiohttp allowing both <code>data</code> and <code>json</code>
arguments when one is None (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/624">#624</a>)
- thanks <a
href="https://github.com/leorochael"><code>@​leorochael</code></a></li>
<li>Fix usage of io-like interface with VCR.py (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/906">#906</a>)
- thanks <a href="https://github.com/tito"><code>@​tito</code></a> and
<a href="https://github.com/kevdevg"><code>@​kevdevg</code></a></li>
<li>Migrate to declarative Python package config (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/767">#767</a>)
- thanks <a
href="https://github.com/deronnax"><code>@​deronnax</code></a></li>
<li>Various linting fixes - thanks <a
href="https://github.com/jairhenrique"><code>@​jairhenrique</code></a></li>
<li>CI: bump actions/checkout from 5 to 6 (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/955">#955</a>)</li>
</ul>
</li>
<li>
<p>8.0.0</p>
<ul>
<li>BREAKING: Drop support for Python 3.9 (major version bump) - thanks
<a
href="https://github.com/jairhenrique"><code>@​jairhenrique</code></a></li>
<li>BREAKING: Drop support for urllib3 &lt; 2 - fixes CVE warnings from
urllib3 1.x (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/926">#926</a>,
<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/880">#880</a>)
- thanks <a
href="https://github.com/jairhenrique"><code>@​jairhenrique</code></a></li>
<li>New feature: <code>drop_unused_requests</code> option to remove
unused interactions from cassettes (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/763">#763</a>)
- thanks <a
href="https://github.com/danielnsilva"><code>@​danielnsilva</code></a></li>
<li>Rewrite httpx support to patch httpcore instead of httpx (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/943">#943</a>)
- thanks <a
href="https://github.com/seowalex"><code>@​seowalex</code></a>
<ul>
<li>Fixes <code>httpx.ResponseNotRead</code> exceptions (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/832">#832</a>,
<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/834">#834</a>)</li>
<li>Fixes <code>KeyError: 'follow_redirects'</code> (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/945">#945</a>)</li>
<li>Adds support for custom httpx transports</li>
</ul>
</li>
<li>Fix HTTPS proxy handling - proxy address no longer ends up in
cassette URIs (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/809">#809</a>,
<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/914">#914</a>)
- thanks <a href="https://github.com/alga"><code>@​alga</code></a></li>
<li>Fix <code>iscoroutinefunction</code> deprecation warning on Python
3.14 - thanks <a
href="https://github.com/kloczek"><code>@​kloczek</code></a></li>
<li>Only log message if response is appended - thanks <a
href="https://github.com/talfus-laddus"><code>@​talfus-laddus</code></a></li>
<li>Optimize urllib.parse calls - thanks <a
href="https://github.com/Martin-Brunthaler"><code>@​Martin-Brunthaler</code></a></li>
<li>Fix CI for Ubuntu 24.04 - thanks <a
href="https://github.com/hartwork"><code>@​hartwork</code></a></li>
<li>Various CI improvements: migrate to uv, update GitHub Actions -
thanks <a
href="https://github.com/jairhenrique"><code>@​jairhenrique</code></a></li>
<li>Various linting and test improvements - thanks <a
href="https://github.com/jairhenrique"><code>@​jairhenrique</code></a>
and <a
href="https://github.com/hartwork"><code>@​hartwork</code></a></li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="85312039e9"><code>8531203</code></a>
Release v8.2.1</li>
<li><a
href="045acb1b5f"><code>045acb1</code></a>
Use a safe YAML loader for cassettes to prevent code execution</li>
<li><a
href="de43f46247"><code>de43f46</code></a>
Fix lint failures from merged PRs (codespell + ruff UP032)</li>
<li><a
href="514c374796"><code>514c374</code></a>
Validate record_mode and raise a clear error on invalid values</li>
<li><a
href="b736cadd58"><code>b736cad</code></a>
docs: recommend pytest-recording over unmaintained pytest-vcr</li>
<li><a
href="06758c9879"><code>06758c9</code></a>
Release v8.2.0</li>
<li><a
href="6554837e02"><code>6554837</code></a>
Add env proxy cassette regression test (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/994">#994</a>)</li>
<li><a
href="62cf5e1272"><code>62cf5e1</code></a>
Accounting for modified requests when storing played cassettes, with a
test (...</li>
<li><a
href="13f201a820"><code>13f201a</code></a>
make url available in VCRHTTPResponse (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/976">#976</a>)</li>
<li><a
href="d57b55339e"><code>d57b553</code></a>
improve error message on repeated requestt (<a
href="https://redirect.github.com/kevin1024/vcrpy/issues/985">#985</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/kevin1024/vcrpy/compare/v8.1.1...v8.2.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=vcrpy&package-manager=uv&previous-version=8.1.1&new-version=8.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-19 22:13:43 -04:00
dependabot[bot]
286854c435 chore: bump pytest from 9.0.3 to 9.1.0 in /libs/partners/xai (#38239)
Bumps [pytest](https://github.com/pytest-dev/pytest) from 9.0.3 to
9.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pytest-dev/pytest/releases">pytest's
releases</a>.</em></p>
<blockquote>
<h2>9.1.0</h2>
<h1>pytest 9.1.0 (2026-06-13)</h1>
<h2>Removals and backward incompatible breaking changes</h2>
<ul>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14533">#14533</a>:
When using <code>--doctest-modules</code>, autouse fixtures with
<code>module</code>, <code>package</code> or <code>session</code> scope
that are defined inline in Python test modules (not plugins or
conftests) will now possibly execute twice.</p>
<p>If this is undesirable, move the fixture definition to a
<code>conftest.py</code> file if possible.</p>
<p>Technical explanation for those interested:
When using <!-- raw HTML omitted -->--doctest-modules<!-- raw HTML
omitted -->, pytest possibly collects Python modules twice, once as
<code>pytest.Module</code> and once as a <code>DoctestModule</code>
(depending on the configuration).
Due to improvements in pytest's fixture implementation, if e.g. the
<code>DoctestModule</code> collects a fixture, it is now visible to it
only, and not to the <code>Module</code>.
This means that both need to register the fixtures independently.</p>
</li>
</ul>
<h2>Deprecations (removal in next major release)</h2>
<ul>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/10819">#10819</a>:
Added a deprecation warning for class-scoped fixtures defined as
instance methods (without <code>@classmethod</code>). Such fixtures set
attributes on a different instance than the test methods use, leading to
unexpected behavior. Use <code>@classmethod</code> decorator instead --
by <code>yastcher</code>.</p>
<p>See <code>10819</code> and <code>14011</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/12882">#12882</a>:
Calling <code>request.getfixturevalue()
&lt;pytest.FixtureRequest.getfixturevalue&gt;</code> during teardown to
request a fixture that was not already requested is now deprecated and
will become an error in pytest 10.</p>
<p>See <code>dynamic-fixture-request-during-teardown</code> for
details.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13409">#13409</a>:
Using non-<code>~collections.abc.Collection</code> iterables (such as
generators, iterators, or custom iterable objects) for the
<code>argvalues</code> parameter in <code>@pytest.mark.parametrize
&lt;pytest.mark.parametrize ref&gt;</code> and
<code>metafunc.parametrize &lt;pytest.Metafunc.parametrize&gt;</code> is
now deprecated.</p>
<p>These iterables get exhausted after the first iteration,
leading to tests getting unexpectedly skipped in cases such as running
<code>pytest.main()</code> multiple times,
using class-level parametrize decorators,
or collecting tests multiple times.</p>
<p>See <code>parametrize-iterators</code> for details and
suggestions.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13946">#13946</a>:
The private <code>config.inicfg</code> attribute is now deprecated.
Use <code>config.getini() &lt;pytest.Config.getini&gt;</code> to access
configuration values instead.</p>
<p>See <code>config-inicfg</code> for more details.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14004">#14004</a>:
Passing <code>baseid</code> to <code>~pytest.FixtureDef</code> or
<code>nodeid</code> strings to fixture registration APIs is now
deprecated. These are internal pytest APIs that are used by some
plugins.</p>
<p>Use the <code>node</code> parameter instead for fixture scoping. This
enables more robust node-based
matching instead of string prefix matching.
If you've used <code>nodeid=None</code>, pass <code>node=session</code>
instead.</p>
<p>This will be removed in pytest 10.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14335">#14335</a>:
The method of configuring hooks using markers, deprecated since pytest
7.2, is now scheduled to be removed in pytest 10.
See <code>hook-markers</code> for more details.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14434">#14434</a>:
The <code>--pastebin</code> option is now deprecated.</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b2522cf0b1"><code>b2522cf</code></a>
Prepare release version 9.1.0</li>
<li><a
href="368d2fca78"><code>368d2fc</code></a>
[refactor] Tighten <code>SetComparisonFunction</code> to
<code>Iterator[str]</code> (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14587">#14587</a>)</li>
<li><a
href="ff77cd8b66"><code>ff77cd8</code></a>
[refactor] Make base assertion comparisons return an iterator instead of
a li...</li>
<li><a
href="0d8491a4ec"><code>0d8491a</code></a>
build(deps): Bump actions/stale from 10.2.0 to 10.3.0</li>
<li><a
href="4a809d9c89"><code>4a809d9</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14568">#14568</a>
from pytest-dev/register-fixture</li>
<li><a
href="5dfa38541b"><code>5dfa385</code></a>
Fix recursion traceback test to cover all styles (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14582">#14582</a>)</li>
<li><a
href="f52ff0c177"><code>f52ff0c</code></a>
Add <code>pytest.register_fixture</code></li>
<li><a
href="a8ac094e80"><code>a8ac094</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14567">#14567</a>
from pytest-dev/more-visibility-deprecate</li>
<li><a
href="e5620cd21e"><code>e5620cd</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14577">#14577</a>)</li>
<li><a
href="2ce9c6d94e"><code>2ce9c6d</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14540">#14540</a>
from minbang930/fix-14533-doctest-module-fixtures</li>
<li>Additional commits viewable in <a
href="https://github.com/pytest-dev/pytest/compare/9.0.3...9.1.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pytest&package-manager=uv&previous-version=9.0.3&new-version=9.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-18 00:46:40 -04:00
dependabot[bot]
9a01a294bc chore: bump langsmith from 0.8.14 to 0.8.16 in /libs/partners/xai (#38238)
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from
0.8.14 to 0.8.16.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.8.16</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(py): add sync/async conversion for Sandbox and SandboxClient
[INF-0000] by <a
href="https://github.com/ramon-langchain"><code>@​ramon-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3019">langchain-ai/langsmith-sdk#3019</a></li>
<li>fix(experiments): extract keys from wrapped evaluator function by <a
href="https://github.com/shamikkarkhanis"><code>@​shamikkarkhanis</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3014">langchain-ai/langsmith-sdk#3014</a></li>
<li>chore: repoint <a
href="mailto:support@langchain.dev">support@langchain.dev</a> mentions
to the Support Portal by <a
href="https://github.com/lutan-langchain"><code>@​lutan-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3024">langchain-ai/langsmith-sdk#3024</a></li>
<li>fix(python): derive create_child run id from start_time [LSDK-220]
by <a
href="https://github.com/harisaiharish"><code>@​harisaiharish</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3027">langchain-ai/langsmith-sdk#3027</a></li>
<li>chore: sync langsmith_api by <a
href="https://github.com/langtions-bot"><code>@​langtions-bot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3020">langchain-ai/langsmith-sdk#3020</a></li>
<li>chore: js to 0.7.8 and py to 0.8.16 by <a
href="https://github.com/shamikkarkhanis"><code>@​shamikkarkhanis</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3029">langchain-ai/langsmith-sdk#3029</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/lutan-langchain"><code>@​lutan-langchain</code></a>
made their first contribution in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3024">langchain-ai/langsmith-sdk#3024</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.15...v0.8.16">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.15...v0.8.16</a></p>
<h2>v0.8.15</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(js): exclude generated _openapi_client from linters and
type-checker by <a
href="https://github.com/KiewanVillatel"><code>@​KiewanVillatel</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3015">langchain-ai/langsmith-sdk#3015</a></li>
<li>chore: sync langsmith_api by <a
href="https://github.com/langtions-bot"><code>@​langtions-bot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3006">langchain-ai/langsmith-sdk#3006</a></li>
<li>chore: protect JS openapi client in workflow by <a
href="https://github.com/KiewanVillatel"><code>@​KiewanVillatel</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3017">langchain-ai/langsmith-sdk#3017</a></li>
<li>fix(js): deliver sandbox output callbacks across stream reconnects
by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3022">langchain-ai/langsmith-sdk#3022</a></li>
<li>fix(python): deliver sandbox output callbacks across stream
reconnects by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3023">langchain-ai/langsmith-sdk#3023</a></li>
<li>chore: bump JS to 0.7.7 and Python to 0.8.15 by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3025">langchain-ai/langsmith-sdk#3025</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.14...v0.8.15">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.14...v0.8.15</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="65d0b5d4c2"><code>65d0b5d</code></a>
chore: js to 0.7.8 and py to 0.8.16 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3029">#3029</a>)</li>
<li><a
href="d9dc6ca9c3"><code>d9dc6ca</code></a>
chore: sync langsmith_api (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3020">#3020</a>)</li>
<li><a
href="47b5b70b78"><code>47b5b70</code></a>
fix(python): derive create_child run id from start_time [LSDK-220] (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3027">#3027</a>)</li>
<li><a
href="24f4907bba"><code>24f4907</code></a>
chore: repoint <a
href="mailto:support@langchain.dev">support@langchain.dev</a> mentions
to the Support Portal (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3024">#3024</a>)</li>
<li><a
href="d4deaa0bbc"><code>d4deaa0</code></a>
fix(experiments): extract keys from wrapped evaluator function (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3014">#3014</a>)</li>
<li><a
href="46279499e0"><code>4627949</code></a>
feat(py): add sync/async conversion for Sandbox and SandboxClient (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3019">#3019</a>)</li>
<li><a
href="84b7144242"><code>84b7144</code></a>
chore: bump JS to 0.7.7 and Python to 0.8.15 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3025">#3025</a>)</li>
<li><a
href="909390fb9a"><code>909390f</code></a>
fix(python): deliver sandbox output callbacks across stream reconnects
(<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3023">#3023</a>)</li>
<li><a
href="504f641d0f"><code>504f641</code></a>
fix(js): deliver sandbox output callbacks across stream reconnects (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3022">#3022</a>)</li>
<li><a
href="f10fe78b0d"><code>f10fe78</code></a>
chore: protect JS openapi client in workflow (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3017">#3017</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.14...v0.8.16">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=langsmith&package-manager=uv&previous-version=0.8.14&new-version=0.8.16)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-18 00:46:31 -04:00
Mason Daugherty
63cc1f4e7d docs: refresh README installation and resources (#38119)
README installation examples now use `uv add` consistently, matching the
repo's `uv`-based Python workflow. The top-level README also gets a
cleaner quickstart and resource section with current links for docs,
community, learning, and contribution guidance.

## Changes
- Replaced `pip install` snippets with `uv add` across package quick
install docs, including the Hugging Face extras and
`sentence-transformers` upgrade examples.
- Updated the top-level quickstart to show only `uv add langchain` and
refreshed the example model to `openai:gpt-5.5`.
- Pointed the LangGraph orchestration link at the LangGraph GitHub
repository.
- Consolidated top-level documentation and additional-resource links
under a single `Resources` section covering docs, ecosystem overview,
API reference, discussions, Academy, contributing, and the Code of
Conduct.
- Added LangChain Academy and Code of Conduct links to package README
resource sections.
2026-06-12 17:38:22 -04:00
Mason Daugherty
4108c0738c release(core): 1.4.7 (#38111)
Bumps `langchain-core` to `1.4.7` for the next patch release and updates
downstream minimum `langchain-core` requirements so package locks
resolve against the new core version.

This also refreshes the runnable snapshots that embed `lc_versions`
metadata so the version consistency check continues to validate
checked-in artifacts.

Validated with `python libs/core/scripts/check_version.py`, `uv lock
--check` across package lockfiles, and the core runnable tests that own
the updated snapshots with local LangSmith tracing env disabled.
2026-06-12 14:54:25 -04:00
Mason Daugherty
8837163917 fix(core,partners): rename package version trace metadata (#38110)
Package-version trace metadata now uses the LangChain-owned
`metadata["lc_versions"]` convention instead of the user-owned
`metadata["versions"]` key. Metadata merging is narrowed so only
`lc_versions` accumulates nested package-version entries, while generic
nested metadata keeps normal last-writer-wins behavior.

## Changes
- Renamed `BaseLanguageModel._add_version()` trace metadata from
`versions` to `lc_versions`, including docstrings and the non-dict
replacement warning.
- Scoped `_merge_metadata_dicts()` nested-map accumulation to only
`lc_versions`; duplicate package entries remain last-writer-wins and
`lc_versions` mappings are copied defensively.
- Preserved user-owned `metadata["versions"]` semantics by keeping it
out of package-version tracking and generic nested metadata merging.
- Updated runnable snapshots and partner package metadata assertions
across Anthropic, DeepSeek, Fireworks, Groq, Hugging Face, MistralAI,
Ollama, OpenAI, OpenRouter, Perplexity, and xAI to expect `lc_versions`.

## Testing
- Added/adjusted core tests for `lc_versions` accumulation, duplicate
package overwrite behavior, non-dict `lc_versions` replacement,
defensive copying, and `metadata["versions"]` last-writer-wins behavior.
- Ran focused core and partner metadata tests plus Ruff checks for
changed areas.
2026-06-12 14:26:32 -04:00
dependabot[bot]
6c0e9af324 chore: bump langsmith from 0.8.9 to 0.8.14 in /libs/partners/xai (#38094)
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from
0.8.9 to 0.8.14.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.8.14</h2>
<h2>What's Changed</h2>
<ul>
<li>feat: add deepagent compatibility smoke tests to Python and JS CI
[LSDK-214] by <a
href="https://github.com/QuentinBrosse"><code>@​QuentinBrosse</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2997">langchain-ai/langsmith-sdk#2997</a></li>
<li>chore(py): bump Python SDK to 0.8.14 by <a
href="https://github.com/vishnu-ssuresh"><code>@​vishnu-ssuresh</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3013">langchain-ai/langsmith-sdk#3013</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.13...v0.8.14">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.13...v0.8.14</a></p>
<h2>v0.8.13</h2>
<h2>What's Changed</h2>
<ul>
<li>fix(py): type sandbox startup errors by <a
href="https://github.com/vishnu-ssuresh"><code>@​vishnu-ssuresh</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3004">langchain-ai/langsmith-sdk#3004</a></li>
<li>chore(py): bump Python SDK to 0.8.13 by <a
href="https://github.com/vishnu-ssuresh"><code>@​vishnu-ssuresh</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3012">langchain-ai/langsmith-sdk#3012</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.12...v0.8.13">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.12...v0.8.13</a></p>
<h2>v0.8.12</h2>
<h2>What's Changed</h2>
<ul>
<li>ci: protect _openapi_client from unauthorized changes by <a
href="https://github.com/KiewanVillatel"><code>@​KiewanVillatel</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2999">langchain-ai/langsmith-sdk#2999</a></li>
<li>fix: gemini double counting of over 200k tokens by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3003">langchain-ai/langsmith-sdk#3003</a></li>
<li>feat(python): cross-process OAuth refresh filesystem lock by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2988">langchain-ai/langsmith-sdk#2988</a></li>
<li>feat(js): cross-process OAuth refresh filesystem lock by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2989">langchain-ai/langsmith-sdk#2989</a></li>
<li>fix: avoid duplicate /v1 in hub URLs when endpoint includes /api/v1
by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3008">langchain-ai/langsmith-sdk#3008</a></li>
<li>chore: bump JS to 0.7.6 and Python to 0.8.12 by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3011">langchain-ai/langsmith-sdk#3011</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.11...v0.8.12">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.11...v0.8.12</a></p>
<h2>v0.8.11</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: match async feedback client to sync behavior [LSEN-206] by <a
href="https://github.com/vishnu-ssuresh"><code>@​vishnu-ssuresh</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3001">langchain-ai/langsmith-sdk#3001</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.10...v0.8.11">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.10...v0.8.11</a></p>
<h2>v0.8.10</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(sandbox): size the dockerfile-build sandbox via vCpus/memBytes
(js) by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2980">langchain-ai/langsmith-sdk#2980</a></li>
<li>feat(python): support trace_id and retry-on-NotFound in async
create_… by <a
href="https://github.com/baskaryan"><code>@​baskaryan</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2963">langchain-ai/langsmith-sdk#2963</a></li>
<li>feat(python): expose pairwise comparison URL on
ComparativeExperimentResults [LSE-2270] by <a
href="https://github.com/harisaiharish"><code>@​harisaiharish</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2975">langchain-ai/langsmith-sdk#2975</a></li>
<li>feat(js): exposed pairwise comparison URL on
ComparativeExperimentResults [LSE-2374] by <a
href="https://github.com/harisaiharish"><code>@​harisaiharish</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2981">langchain-ai/langsmith-sdk#2981</a></li>
<li>feat(python): expose LS_MESSAGE_VIEW_EXCLUDE constant [lso-2605] by
<a href="https://github.com/ybathula707"><code>@​ybathula707</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2982">langchain-ai/langsmith-sdk#2982</a></li>
<li>feat: support JS prompt commit tags by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2987">langchain-ai/langsmith-sdk#2987</a></li>
<li>fix(lint): exclude _openapi_client from ruff by <a
href="https://github.com/KiewanVillatel"><code>@​KiewanVillatel</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2993">langchain-ai/langsmith-sdk#2993</a></li>
<li>chore: sync langsmith_api by <a
href="https://github.com/langtions-bot"><code>@​langtions-bot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2911">langchain-ai/langsmith-sdk#2911</a></li>
<li>fix(lint): exclude _openapi_client from mypy by <a
href="https://github.com/KiewanVillatel"><code>@​KiewanVillatel</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2995">langchain-ai/langsmith-sdk#2995</a></li>
<li>chore: sync langsmith_api by <a
href="https://github.com/langtions-bot"><code>@​langtions-bot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2994">langchain-ai/langsmith-sdk#2994</a></li>
<li>Add AWS auth proxy helpers to Python SDK by <a
href="https://github.com/DanielKneipp"><code>@​DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2991">langchain-ai/langsmith-sdk#2991</a></li>
<li>Add AWS auth proxy helpers to JS SDK by <a
href="https://github.com/DanielKneipp"><code>@​DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2992">langchain-ai/langsmith-sdk#2992</a></li>
<li>feat(evaluation): adding examples and repetitions to create tracer
sessions calls by <a
href="https://github.com/shamikkarkhanis"><code>@​shamikkarkhanis</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2954">langchain-ai/langsmith-sdk#2954</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3ac6bb8a5c"><code>3ac6bb8</code></a>
chore(py): bump Python SDK to 0.8.14 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3013">#3013</a>)</li>
<li><a
href="36fe845634"><code>36fe845</code></a>
feat: add deepagent compatibility smoke tests to Python and JS CI
[LSDK-214] ...</li>
<li><a
href="572014cd2c"><code>572014c</code></a>
chore(py): bump Python SDK to 0.8.13 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3012">#3012</a>)</li>
<li><a
href="03f3b8c741"><code>03f3b8c</code></a>
fix(py): type sandbox startup errors (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3004">#3004</a>)</li>
<li><a
href="607a3b6559"><code>607a3b6</code></a>
chore: bump JS to 0.7.6 and Python to 0.8.12 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3011">#3011</a>)</li>
<li><a
href="fb6b283a8e"><code>fb6b283</code></a>
fix: avoid duplicate /v1 in hub URLs when endpoint includes /api/v1 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3008">#3008</a>)</li>
<li><a
href="faaaa13e2c"><code>faaaa13</code></a>
feat(js): cross-process OAuth refresh filesystem lock (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2989">#2989</a>)</li>
<li><a
href="cba1712f00"><code>cba1712</code></a>
feat(python): cross-process OAuth refresh filesystem lock (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2988">#2988</a>)</li>
<li><a
href="c4408f44c8"><code>c4408f4</code></a>
fix: gemini double counting of over 200k tokens (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3003">#3003</a>)</li>
<li><a
href="cec161e7c5"><code>cec161e</code></a>
ci: protect _openapi_client from unauthorized changes (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2999">#2999</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.9...v0.8.14">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=langsmith&package-manager=uv&previous-version=0.8.9&new-version=0.8.14)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-11 21:44:21 -04:00
Mason Daugherty
05cc55f1bc release(core): 1.4.6 (#38061) 2026-06-11 02:58:40 -04:00
Mason Daugherty
948f6cc58c feat(core,partners): add package version tracking to tracing metadata (#35295)
Following on the heels of #35293

TODO:
- Packages outside of this repo (e.g. LiteLLM, Nvidia, Google, AWS)

---

## Summary

Surface partner package versions in `metadata.versions` on LangSmith
traces. Mirrors the JS SDK's `_addVersion()` pattern
([langchainjs#10106](https://github.com/langchain-ai/langchainjs/pull/10106)).

Each model constructor records its package version via `_add_version()`
on `BaseLanguageModel`. The version dict accumulates through the class
hierarchy — `langchain-core` is added in
`BaseLanguageModel.model_post_init`, `langchain-openai` in
`BaseChatOpenAI._set_openai_chat_version`, and each leaf partner in its
uniquely-named `model_validator`. Traces end up with:

```json
{
  "metadata": {
    "versions": {
      "langchain-core": "1.4.5",
      "langchain-openai": "1.3.0",
      "langchain-xai": "1.2.2"
    }
  }
}
```

### Changes

- `BaseLanguageModel._add_version(pkg, version)` — appends to
`self.metadata["versions"]`; accepts any `Mapping` type; emits a warning
if a non-mapping value is found and replaced
- `BaseLanguageModel.model_post_init` — adds `langchain-core` version;
calls `super()` for MRO safety
- `_merge_metadata_dicts` — one-level-deep (non-recursive) merge for
nested dict metadata keys
- `CallbackManager.add_metadata` — uses `_merge_metadata_dicts` instead
of flat `dict.update()` so nested metadata dicts (like `versions`)
coexist rather than clobber
- `merge_configs` — uses `_merge_metadata_dicts` for config merging

**Partners:**
- Each now calls `self._add_version("langchain-<pkg>", __version__)`

### Design decisions

- **Constructor-based, not `_get_ls_params`-based** — versions flow
through `self.metadata` (local metadata on traces), not through
`LangSmithParams`. This matches JS and makes child-class version
inheritance automatic (no merge/clobber issues).
- **`versions` is local (non-inheritable) metadata** — `self.metadata`
is passed to `CallbackManager.configure` as `local_metadata`
(`add_metadata(..., inherit=False)`), so `versions` is attached **once
per chat-model run** and is **not** propagated to child runs or
duplicated onto every streaming chunk. This is intentionally the
opposite of the inheritable-per-chunk metadata that #36588 was reducing
for performance — `versions` does not regress that path.
- **`add_metadata` deep-merge is a correctness fix, not just for
versions** — previously `add_metadata`/`merge_configs` did a flat
top-level `dict.update`/spread, so any nested metadata dict baked into a
config (e.g. via `.with_config({"metadata": {...}})`) would be wholly
replaced when a caller also passed `metadata`. `_merge_metadata_dicts`
merges one level deep so user-provided `config.metadata.versions` and
model-set `versions` coexist instead of clobbering. The merge runs once
per `configure` (not per chunk), so it is off the streaming hot path.
- **One level deep only** — `_merge_metadata_dicts` is deliberately
*not* a recursive deep merge; values nested more than one level are
last-writer-wins. This covers the `versions` case without the
ambiguity/cost of arbitrary-depth merging.
- **Warn on non-dict `metadata["versions"]`** — if a user sets
`metadata={"versions": "some-string"}`, `_add_version` emits a warning
and replaces the value with the version dict rather than silently
discarding user data or crashing. This is a soft breaking change for
anyone who previously stored non-dict values at this key.

### Follow-ups (tracked separately, out of scope here)

- JS `mergeConfigs` still flat-spreads nested metadata, so
`metadata.versions` can still clobber on the JS side until an equivalent
deep-merge lands.

---

Made by [Open SWE](https://openswe.vercel.app)

---------

Co-authored-by: open-swe[bot] <open-swe@users.noreply.github.com>
2026-06-11 02:23:19 -04:00
Christophe Bornet
1de100f278 chore(infra): bump mypy to 2.1 and unify type-check config across the monorepo (#36470)
Originally a narrow bump of mypy to `1.20` in four packages. Expanded to
get the whole monorepo onto a single, current mypy and a consistent
type-check configuration, so contributors no longer hit different mypy
versions and divergent behavior depending on which package they touch.

### What changed

- **Unified the mypy pin to `>=2.1.0,<2.2.0`** in every mypy-using
package (6 libs + 14 partners), replacing the previously scattered pins
(`1.10`/`1.17`/`1.18`/`1.19`/`1.20`, with assorted upper bounds).
- **Unified the `[tool.mypy]` base per tier:**
- libs: `plugins = ["pydantic.mypy"]`, `strict = true`,
`enable_error_code = "deprecated"`, `warn_unreachable = true`
  - partners: `disallow_untyped_defs = true`
- Normalized style (`disallow_untyped_defs = "True"` string → bool,
quote/key consistency).
- **Fixed the 20 real errors** mypy 2.1 surfaces: `redundant-cast` from
improved narrowing (`core`, `langchain-classic`), a `var-annotated` for
`_LOGGED`, a return-type widening in `langchain-groq`'s
`_convert_from_v1_to_groq` (it can legitimately return a bare `str`),
and stale `type-arg`/`unused-ignore` in `langchain-model-profiles`
tests.

### Deliberate non-uniformity (documented inline in the relevant
`pyproject.toml`s)

Going fully byte-identical would surface ~196 additional errors that are
*not* real bugs, so two settings are kept package-appropriate:

- **`warn_unreachable`** is enabled on every strict lib **except
`core`**, where it false-flags intentional defensive code — including
the SSRF / IP-policy guards in `_security/` — as unreachable.
- **`pydantic.mypy` plugin** is used only on `anthropic` and
`perplexity` (their code is authored against it and reports ~99/~132
errors without it). It is *not* added to the other partners, where it
only flags the public alias constructor API (e.g. `ChatGroq(model=...)`)
in tests rather than finding bugs.
- **`ollama`** is left on its `ty` type checker; it does not use mypy.

---------

Co-authored-by: Mason Daugherty <github@mdrxy.com>
2026-06-11 00:24:59 -04:00
Mason Daugherty
43880362d8 feat(standard-tests): validate tool call chunks during streaming (#34707)
As a LangChain user streaming a tool-calling model, I expect each
streamed chunk to expose structured `tool_call_chunk` content blocks so
I can render or process tool calls live, instead of waiting for the
final aggregated message.

This adds `tool_call_streaming` to `ModelProfile` and uses it in the
standard chat-model tool-calling tests. When a model profile opts in,
`test_tool_calling` and `test_tool_calling_async` now validate that at
least one streamed chunk includes a `tool_call_chunk` block via
`content_blocks`, while preserving the existing final-message
validation.

This keeps the contract profile-gated so providers can opt in once their
streaming chunk shape is verified. This PR opts in the providers
verified by smoke testing with straightforward profile coverage: OpenAI,
Anthropic, Fireworks, HuggingFace, OpenRouter, DeepSeek, and xAI. The
generated profile artifacts are refreshed so runtime profiles expose the
new capability flag.

Perplexity Responses also passed the smoke test, but its current profile
data is for the `sonar` family while the Responses smoke path used a
routed model string. That profile strategy is left as follow-up.
MistralAI currently streams `.tool_call_chunks`, but its content-block
translator exposes a complete `tool_call` block instead of
`tool_call_chunk`, so it also stays out of this flag until that
integration is fixed.
2026-06-10 22:29:02 -04:00
Mason Daugherty
21eeadf274 test(partners): account for warning behavior in partner tests (#38046)
Partner unit tests now reflect the warning behavior emitted by updated
`langchain-core` serialization and model initialization paths.
Warning-strict runs can stay focused on the behavior under test rather
than expected framework warnings.
2026-06-10 19:50:52 -04:00
Mason Daugherty
c0103c3d2c hotfix(openai): min core dep (#37990) 2026-06-09 16:32:08 -04:00
langchain-model-profile-bot[bot]
7e9c916c7e chore(model-profiles): refresh model profile data (#37973)
Automated refresh of model profile data for all in-monorepo partner
integrations via `langchain-profiles refresh`.

🤖 Generated by the `refresh_model_profiles` workflow.

Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>
2026-06-09 09:59:24 -04:00
dependabot[bot]
9eab5237cc chore: bump requests from 2.34.0 to 2.34.2 in /libs/partners/xai (#37903)
Bumps [requests](https://github.com/psf/requests) from 2.34.0 to 2.34.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/releases">requests's
releases</a>.</em></p>
<blockquote>
<h2>v2.34.2</h2>
<h2>2.34.2 (2026-05-14)</h2>
<ul>
<li>Moved <code>headers</code> input type back to <code>Mapping</code>
to avoid invariance issues with <code>MutableMapping</code> and inferred
dict types. Users calling <code>Request.headers.update()</code> may need
to narrow typing in their code. (<a
href="https://redirect.github.com/psf/requests/issues/7441">#7441</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14">https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14</a></p>
<h2>v2.34.1</h2>
<h2>2.34.1 (2026-05-13)</h2>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Widened <code>json</code> input type from <code>dict</code> and
<code>list</code> to <code>Mapping</code>
and <code>Sequence</code>. (<a
href="https://redirect.github.com/psf/requests/issues/7436">#7436</a>)</li>
<li>Changed <code>headers</code> input type to MutableMapping and
removed <code>None</code> from
<code>Request.headers</code> typing to improve handling for users. (<a
href="https://redirect.github.com/psf/requests/issues/7431">#7431</a>)</li>
<li><code>Response.reason</code> moved from <code>str | None</code> to
<code>str</code> to improve handling
for users. (<a
href="https://redirect.github.com/psf/requests/issues/7437">#7437</a>)</li>
<li>Fixed a bug where some bodies with custom <code>__getattr__</code>
implementations
weren't being properly detected as Iterables. (<a
href="https://redirect.github.com/psf/requests/issues/7433">#7433</a>)</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/k223kim"><code>@​k223kim</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/7433">psf/requests#7433</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13">https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's
changelog</a>.</em></p>
<blockquote>
<h2>2.34.2 (2026-05-14)</h2>
<ul>
<li>Moved <code>headers</code> input type back to <code>Mapping</code>
to avoid invariance issues
with <code>MutableMapping</code> and inferred dict types. Users calling
<code>Request.headers.update()</code> may need to narrow typing in their
code. (<a
href="https://redirect.github.com/psf/requests/issues/7441">#7441</a>)</li>
</ul>
<h2>2.34.1 (2026-05-13)</h2>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Widened <code>json</code> input type from <code>dict</code> and
<code>list</code> to <code>Mapping</code>
and <code>Sequence</code>. (<a
href="https://redirect.github.com/psf/requests/issues/7436">#7436</a>)</li>
<li>Changed <code>headers</code> input type to MutableMapping and
removed <code>None</code> from
<code>Request.headers</code> typing to improve handling for users. (<a
href="https://redirect.github.com/psf/requests/issues/7431">#7431</a>)</li>
<li><code>Response.reason</code> moved from <code>str | None</code> to
<code>str</code> to improve handling
for users. (<a
href="https://redirect.github.com/psf/requests/issues/7437">#7437</a>)</li>
<li>Fixed a bug where some bodies with custom <code>__getattr__</code>
implementations
weren't being properly detected as Iterables. (<a
href="https://redirect.github.com/psf/requests/issues/7433">#7433</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6e83187b8f"><code>6e83187</code></a>
v2.34.2</li>
<li><a
href="84d10f0be8"><code>84d10f0</code></a>
Move Request.headers back to Mapping (<a
href="https://redirect.github.com/psf/requests/issues/7441">#7441</a>)</li>
<li><a
href="b7b549b545"><code>b7b549b</code></a>
v2.34.1</li>
<li><a
href="e511bc7277"><code>e511bc7</code></a>
Fix mutability issues with headers input types (<a
href="https://redirect.github.com/psf/requests/issues/7431">#7431</a>)</li>
<li><a
href="5691f59613"><code>5691f59</code></a>
Update JsonType containers to read-based collections (<a
href="https://redirect.github.com/psf/requests/issues/7436">#7436</a>)</li>
<li><a
href="2144213c30"><code>2144213</code></a>
Constrain Response.reason to str (<a
href="https://redirect.github.com/psf/requests/issues/7437">#7437</a>)</li>
<li><a
href="6404f345e5"><code>6404f34</code></a>
Fix <code>prepare_body</code> stream detection for
<code>__getattr__</code>-based file wrappers (<a
href="https://redirect.github.com/psf/requests/issues/7">#7</a>...</li>
<li>See full diff in <a
href="https://github.com/psf/requests/compare/v2.34.0...v2.34.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=requests&package-manager=uv&previous-version=2.34.0&new-version=2.34.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-04 14:30:03 -04:00
Mason Daugherty
3b999176c8 test(langchain,partners): disable pytest-benchmark under xdist to silence PytestBenchmarkWarning (#37901)
Test targets run with `-n auto`, which makes `pytest-benchmark` (present
via `langchain-tests`) auto-disable itself and emit a
`PytestBenchmarkWarning` once per xdist worker. Passing
`--benchmark-disable` turns the plugin off explicitly so the warning
never fires, matching what `core` and `langchain_v1` already do.

## Changes
- Add `--benchmark-disable` to the `-n auto` test targets across
`langchain` (unit) and 14 partner packages' integration targets:
`anthropic`, `chroma`, `deepseek`, `exa`, `fireworks`, `groq`,
`huggingface`, `mistralai`, `nomic`, `ollama`, `openai`, `openrouter`,
`qdrant`, `xai`.
- Deliberately excluded `text-splitters` and `model-profiles`: their
`test` group doesn't install `pytest-benchmark`, so the flag would fail
with `unrecognized arguments`. Verified by importing the plugin under
each package's actual dependency group before editing.
2026-06-04 13:25:26 -04:00
Mason Daugherty
34af59c1a6 fix(partners): cap aiohttp below 3.14 for vcrpy compat (#37898)
aiohttp **3.14.0** (released 2026-06-01) removed
`aiohttp.streams.AsyncStreamReaderMixin`. The current release of `vcrpy`
(8.1.1) still subclasses it in its aiohttp stub:

```python
class MockStream(asyncio.StreamReader, streams.AsyncStreamReaderMixin):
```

As a result, the VCR fixture fails to import during test setup, and the
scheduled integration tests for the `fireworks` and `xai` partners error
out at `test_stream_time`:

```
AttributeError: module 'aiohttp.streams' has no attribute 'AsyncStreamReaderMixin'
```

Only these two partners are affected because their SDKs use `aiohttp`,
so VCR loads its aiohttp stub; partners on `httpx` (e.g. `anthropic`,
`openai`) are unaffected.

This is an upstream incompatibility tracked at kevin1024/vcrpy#995, with
a fix in kevin1024/vcrpy#996 that has not yet been released.

Until a fixed `vcrpy` ships, this caps `aiohttp<3.14.0` via `[tool.uv]
constraint-dependencies` (the same mechanism already used for the
`pygments` CVE pin) in both packages. Using a constraint rather than
tightening the published `aiohttp>=3.9.1,<4.0.0` range means the change
only affects local/CI resolution — the package metadata users install
against is untouched. Both lockfiles re-resolve to `aiohttp` 3.13.5,
which still provides the removed attribute. A code comment points back
to the upstream fix so the pin can be removed once it lands.
2026-06-04 10:44:21 -04:00
dependabot[bot]
dca3138e59 chore: bump aiohttp from 3.13.5 to 3.14.0 in /libs/partners/xai (#37887)
[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aiohttp&package-manager=uv&previous-version=3.13.5&new-version=3.14.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-03 20:00:02 -07:00
dependabot[bot]
a7b53c9b77 chore: bump langsmith from 0.8.5 to 0.8.9 in /libs/partners/xai (#37886)
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from
0.8.5 to 0.8.9.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.8.9</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(sandbox): add JS Dockerfile snapshots by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2951">langchain-ai/langsmith-sdk#2951</a></li>
<li>chore(deps-dev): bump the js-minor-and-patch group across 1
directory with 11 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2931">langchain-ai/langsmith-sdk#2931</a></li>
<li>chore(deps): bump websockets from 15.0.1 to 16.0 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2811">langchain-ai/langsmith-sdk#2811</a></li>
<li>chore(deps): update myst-parser requirement from &gt;=3 to
&gt;=4.0.1 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2841">langchain-ai/langsmith-sdk#2841</a></li>
<li>chore(deps): bump the py-minor-and-patch group across 1 directory
with 19 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2934">langchain-ai/langsmith-sdk#2934</a></li>
<li>chore(deps): bump typescript from 5.9.3 to 6.0.3 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2839">langchain-ai/langsmith-sdk#2839</a></li>
<li>chore(deps-dev): bump google-adk from 1.10.0 to 2.1.0 in /python by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2960">langchain-ai/langsmith-sdk#2960</a></li>
<li>chore(deps-dev): bump wrapt from 1.17.3 to 2.2.1 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2961">langchain-ai/langsmith-sdk#2961</a></li>
<li>chore(deps-dev): bump the py-minor-and-patch group in /python with 6
updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2958">langchain-ai/langsmith-sdk#2958</a></li>
<li>chore(deps-dev): bump types-tqdm from 4.67.3.20260408 to
4.67.3.20260518 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2959">langchain-ai/langsmith-sdk#2959</a></li>
<li>ci: add minimum workflow permissions by <a
href="https://github.com/jkennedyvz"><code>@​jkennedyvz</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2967">langchain-ai/langsmith-sdk#2967</a></li>
<li>chore: update dependabot.yml to comply with posture checks by <a
href="https://github.com/jkennedyvz"><code>@​jkennedyvz</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2966">langchain-ai/langsmith-sdk#2966</a></li>
<li>test(python): deflake test_tracing_queue_limit_drops_when_full by <a
href="https://github.com/baskaryan"><code>@​baskaryan</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2964">langchain-ai/langsmith-sdk#2964</a></li>
<li>feat(sandbox): size the dockerfile-build sandbox via vcpus/mem_bytes
(python) by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2979">langchain-ai/langsmith-sdk#2979</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.8...v0.8.9">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.8...v0.8.9</a></p>
<h2>v0.8.8</h2>
<h2>What's Changed</h2>
<ul>
<li>fix(python): retry sandbox pool timeouts by <a
href="https://github.com/baskaryan"><code>@​baskaryan</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2953">langchain-ai/langsmith-sdk#2953</a></li>
<li>fix(sandbox): build Dockerfile snapshots off /tmp by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2956">langchain-ai/langsmith-sdk#2956</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.7...v0.8.8">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.7...v0.8.8</a></p>
<h2>v0.8.7</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: reconnect sandbox command streams on EOF by <a
href="https://github.com/ramon-langchain"><code>@​ramon-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2941">langchain-ai/langsmith-sdk#2941</a></li>
<li>feat(sandbox): build snapshots from Dockerfiles by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2950">langchain-ai/langsmith-sdk#2950</a></li>
<li>fix(python): add organization id to context URLs by <a
href="https://github.com/vishnu-ssuresh"><code>@​vishnu-ssuresh</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2945">langchain-ai/langsmith-sdk#2945</a></li>
<li>fix(js): add organization id to context URLs by <a
href="https://github.com/vishnu-ssuresh"><code>@​vishnu-ssuresh</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2946">langchain-ai/langsmith-sdk#2946</a></li>
<li>release(py): 0.8.7 by <a
href="https://github.com/ramon-langchain"><code>@​ramon-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2947">langchain-ai/langsmith-sdk#2947</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.6...v0.8.7">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.6...v0.8.7</a></p>
<h2>v0.8.6</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(deps-dev): bump <code>@​google/genai</code> from 1.50.1 to
2.0.1 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2875">langchain-ai/langsmith-sdk#2875</a></li>
<li>chore(deps): bump mako from 1.3.11 to 1.3.12 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2880">langchain-ai/langsmith-sdk#2880</a></li>
<li>chore(deps): bump authlib from 1.6.11 to 1.6.12 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2888">langchain-ai/langsmith-sdk#2888</a></li>
<li>chore(deps): bump hono from 4.12.15 to 4.12.18 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2894">langchain-ai/langsmith-sdk#2894</a></li>
<li>chore(deps): bump fast-uri from 3.1.0 to 3.1.2 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2895">langchain-ai/langsmith-sdk#2895</a></li>
<li>chore(deps-dev): bump <code>@​anthropic-ai/sdk</code> from 0.94.0 to
0.95.0 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2881">langchain-ai/langsmith-sdk#2881</a></li>
<li>chore(deps): bump postcss from 8.5.8 to 8.5.14 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2898">langchain-ai/langsmith-sdk#2898</a></li>
<li>chore(deps): bump <code>@​protobufjs/utf8</code> from 1.1.0 to 1.1.1
in /js/internal/environment_tests/test-exports-vite in the npm_and_yarn
group across 1 directory by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2908">langchain-ai/langsmith-sdk#2908</a></li>
<li>chore(deps): bump hono from 4.12.18 to 4.12.19 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2909">langchain-ai/langsmith-sdk#2909</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1eda04b4e8"><code>1eda04b</code></a>
feat(sandbox): size the dockerfile-build sandbox via vcpus/mem_bytes
(python)...</li>
<li><a
href="5960910cbe"><code>5960910</code></a>
test(python): deflake test_tracing_queue_limit_drops_when_full (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2964">#2964</a>)</li>
<li><a
href="846d4c5b17"><code>846d4c5</code></a>
chore: update dependabot.yml to comply with posture checks (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2966">#2966</a>)</li>
<li><a
href="48b66b3cca"><code>48b66b3</code></a>
ci: add minimum workflow permissions (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2967">#2967</a>)</li>
<li><a
href="d0a93ac8a2"><code>d0a93ac</code></a>
chore(deps-dev): bump types-tqdm from 4.67.3.20260408 to 4.67.3.20260518
in /...</li>
<li><a
href="fc9ba745e3"><code>fc9ba74</code></a>
chore(deps-dev): bump the py-minor-and-patch group in /python with 6
updates ...</li>
<li><a
href="d54e69b689"><code>d54e69b</code></a>
chore(deps-dev): bump wrapt from 1.17.3 to 2.2.1 in /python (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2961">#2961</a>)</li>
<li><a
href="1d212585b8"><code>1d21258</code></a>
chore(deps-dev): bump google-adk from 1.10.0 to 2.1.0 in /python (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2960">#2960</a>)</li>
<li><a
href="b66d791bfe"><code>b66d791</code></a>
chore(deps-dev): bump typescript from 5.9.3 to 6.0.3 in /js (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2839">#2839</a>)</li>
<li><a
href="a0f9eff836"><code>a0f9eff</code></a>
chore(deps): bump the py-minor-and-patch group across 1 directory with
19 upd...</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.5...v0.8.9">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=langsmith&package-manager=uv&previous-version=0.8.5&new-version=0.8.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-03 19:59:51 -07:00
langchain-model-profile-bot[bot]
06ab861ace chore(model-profiles): refresh model profile data (#37870)
Automated refresh of model profile data for all in-monorepo partner
integrations via `langchain-profiles refresh`.

🤖 Generated by the `refresh_model_profiles` workflow.

Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>
2026-06-03 10:41:16 -04:00
langchain-model-profile-bot[bot]
06e65072af chore(model-profiles): refresh model profile data (#37626)
Automated refresh of model profile data for all in-monorepo partner
integrations via `langchain-profiles refresh`.

🤖 Generated by the `refresh_model_profiles` workflow.

Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>
2026-05-22 10:38:54 -05:00
Mason Daugherty
23d369e2f4 test(xai): tolerate extra block types in web search and xfail v1 streaming tool calls (#37612)
Loosen the xAI integration tests to handle two recent provider
behaviors: `web_search` responses may now include block types beyond the
core trio, and streaming aggregation under `output_version="v1"` does
not produce a `tool_call` content block (tool calls are only available
on `.tool_calls`).
2026-05-21 13:55:14 -05:00
Mason Daugherty
aef86c476d chore(infra): bump langchain-tests floor to 1.1.9 (#37610)
Bumps the `langchain-tests` minimum across the monorepo from `1.0.0` to
`1.1.9` and adds a partner-level `Makefile` so partner lockfiles can be
regenerated in one command, matching the existing convention under
`libs/`.
2026-05-21 13:36:22 -05:00
dependabot[bot]
c53355c839 chore: bump idna from 3.10 to 3.15 in /libs/partners/xai (#37540)
Bumps [idna](https://github.com/kjd/idna) from 3.10 to 3.15.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/kjd/idna/blob/master/HISTORY.md">idna's
changelog</a>.</em></p>
<blockquote>
<h2>3.15 (2026-05-12)</h2>
<ul>
<li>Enforce DNS-length cap on individual labels early in
<code>check_label</code>,
short-circuiting contextual-rule processing for oversized input
while staying compatible with UTS 46 usage.</li>
<li>Tidy core helpers: hoist bidi category sets to module-level
frozensets (avoiding per-codepoint list construction), simplify
length checks, and reuse the shared <code>_unicode_dots_re</code> from
<code>idna.core</code> in the codec module.</li>
<li>Use <code>raise ... from err</code> for proper exception chaining
and
switch internal string formatting to f-strings.</li>
<li>Allow <code>flit_core</code> 4.x in the build backend.</li>
<li>Expand the ruff lint set (flake8-bugbear, flake8-simplify,
pyupgrade, perflint) and apply the surfaced fixes; pin lint CI
to Python 3.14.</li>
<li>Add Dependabot configuration for GitHub Actions.</li>
<li>Convert README and HISTORY from reStructuredText to Markdown.</li>
<li>Reference CVE-2026-45409 for the 3.14 advisory in place of the
initial GHSA identifier.</li>
</ul>
<p>Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for
contributions to this release.</p>
<h2>3.14 (2026-05-10)</h2>
<ul>
<li>Removed opportunity to process long inputs into quadratic
time by rejecting oversize inputs up-front. Closes a bypass
of the CVE-2024-3651 mitigation. [CVE-2026-45409]</li>
</ul>
<p>Thanks to Stan Ulbrych for reporting the issue.</p>
<h2>3.13 (2026-04-22)</h2>
<ul>
<li>Correct classification error for codepoint U+A7F1</li>
</ul>
<h2>3.12 (2026-04-21)</h2>
<ul>
<li>Update to Unicode 17.0.0.</li>
<li>Issue a deprecation warning for the transitional argument.</li>
<li>Added lazy-loading to provide some performance improvements.</li>
<li>Removed vestiges of code related to Python 2 support, including
segmentation of data structures specific to Jython.</li>
</ul>
<p>Thanks to Rodrigo Nogueira for contributions to this release.</p>
<h2>3.11 (2025-10-12)</h2>
<ul>
<li>Update to Unicode 16.0.0, including significant changes to UTS46
processing. As a result of Unicode ending support for it, transitional
processing no longer has an effect and returns the same result.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="af30a092e1"><code>af30a09</code></a>
Release 3.15</li>
<li><a
href="30314d4628"><code>30314d4</code></a>
Pre-release 3.15rc0</li>
<li><a
href="05d4b219aa"><code>05d4b21</code></a>
Merge pull request <a
href="https://redirect.github.com/kjd/idna/issues/237">#237</a> from
kjd/convert-docs-to-markdown</li>
<li><a
href="2987fdba19"><code>2987fdb</code></a>
Convert README and HISTORY from reStructuredText to Markdown</li>
<li><a
href="59fa8002d5"><code>59fa800</code></a>
Merge pull request <a
href="https://redirect.github.com/kjd/idna/issues/236">#236</a> from
kjd/dependabot/github_actions/actions-f3e34333ea</li>
<li><a
href="def69834ce"><code>def6983</code></a>
Merge branch 'master' into
dependabot/github_actions/actions-f3e34333ea</li>
<li><a
href="bbd8004a79"><code>bbd8004</code></a>
Merge pull request <a
href="https://redirect.github.com/kjd/idna/issues/234">#234</a> from
StanFromIreland/patch-1</li>
<li><a
href="edd07c0502"><code>edd07c0</code></a>
Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions
group</li>
<li><a
href="5557db030c"><code>5557db0</code></a>
Merge branch 'master' into patch-1</li>
<li><a
href="f11746cf49"><code>f11746c</code></a>
Merge pull request <a
href="https://redirect.github.com/kjd/idna/issues/235">#235</a> from
StanFromIreland/patch-2</li>
<li>Additional commits viewable in <a
href="https://github.com/kjd/idna/compare/v3.10...v3.15">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-19 13:56:45 -05:00
dependabot[bot]
7fd45ebfea chore: bump langsmith from 0.8.4 to 0.8.5 in /libs/partners/xai (#37541)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from
0.8.4 to 0.8.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.8.5</h2>
<h2>What's Changed</h2>
<ul>
<li>release(js): 0.7.0 by <a
href="https://github.com/ramon-langchain"><code>@​ramon-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2890">langchain-ai/langsmith-sdk#2890</a></li>
<li>fix(js): add alias for <code>experimental/sandbox</code> to appease
broad peer dep range within <code>deepagents</code> by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2893">langchain-ai/langsmith-sdk#2893</a></li>
<li>feat(js): allow disabling multipart streaming via env variable by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2900">langchain-ai/langsmith-sdk#2900</a></li>
<li>feat(python): add Client.close() to release session [closes
LSDK-183] by <a
href="https://github.com/open-swe"><code>@​open-swe</code></a>[bot] in
<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2866">langchain-ai/langsmith-sdk#2866</a></li>
<li>feat(sandbox): forward client default headers on exec WebSocket by
<a href="https://github.com/open-swe"><code>@​open-swe</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2899">langchain-ai/langsmith-sdk#2899</a></li>
<li>release(js): 0.7.1 by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2902">langchain-ai/langsmith-sdk#2902</a></li>
<li>release(py): 0.8.5 by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2903">langchain-ai/langsmith-sdk#2903</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.4...v0.8.5">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.4...v0.8.5</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ef9fcd5b47"><code>ef9fcd5</code></a>
release(py): 0.8.5 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2903">#2903</a>)</li>
<li><a
href="63b402eb3e"><code>63b402e</code></a>
release(js): 0.7.1 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2902">#2902</a>)</li>
<li><a
href="602a27ab11"><code>602a27a</code></a>
feat(sandbox): forward client default headers on exec WebSocket (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2899">#2899</a>)</li>
<li><a
href="126ef522f5"><code>126ef52</code></a>
feat(python): add Client.close() to release session [closes LSDK-183]
(<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2866">#2866</a>)</li>
<li><a
href="fddf88dd25"><code>fddf88d</code></a>
feat(js): allow disabling multipart streaming via env variable (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2900">#2900</a>)</li>
<li><a
href="19bfc57231"><code>19bfc57</code></a>
fix(js): add alias for <code>experimental/sandbox</code> to appease
broad peer dep range...</li>
<li><a
href="6717def07f"><code>6717def</code></a>
release(js): 0.7.0 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2890">#2890</a>)</li>
<li>See full diff in <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.4...v0.8.5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=langsmith&package-manager=uv&previous-version=0.8.4&new-version=0.8.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-19 12:48:54 -05:00
Mason Daugherty
abd9d4ce31 ci(infra): harden Dependabot version-bound preservation (#37510)
Dependabot has been stripping upper/lower bounds from internal
`langchain-*` deps in partner `pyproject.toml` files (e.g. #37288
reduced `langchain-core>=1.3.2,<2.0.0` to bare `langchain-core`). Locks
down the config so bumps preserve existing specifiers, and restores the
bounds it already mangled across the monorepo.

## Changes
- Add `versioning-strategy: increase` to every `uv` ecosystem block in
`.github/dependabot.yml` so future bumps move the lower bound in place
instead of rewriting the constraint.
- Ignore workspace-internal packages (`langchain-core`, `langchain`,
`langchain-classic`, `langchain-text-splitters`, `langchain-tests`,
`langchain-model-profiles`) on every `uv` block — these are editable
installs from local paths and their published constraints are
hand-curated for release, not Dependabot's to bump.
- Restore stripped bounds across all `libs/` packages — runtime
`dependencies` and every dep group (`test`, `dev`, `test_integration`,
`typing`, `lint`) — to `>=1.4.0,<2.0.0` for `langchain-core` and
`>=1.0.0,<2.0.0` for the other internal packages.
2026-05-18 17:24:19 -05:00
langchain-model-profile-bot[bot]
67eca93d17 chore(model-profiles): refresh model profile data (#37466)
Automated refresh of model profile data for all in-monorepo partner
integrations via `langchain-profiles refresh`.

🤖 Generated by the `refresh_model_profiles` workflow.

---------

Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>
Co-authored-by: Mason Daugherty <github@mdrxy.com>
2026-05-16 18:10:40 -07:00
dependabot[bot]
e208f38f93 chore: bump langsmith from 0.8.0 to 0.8.4 in /libs/partners/xai (#37411)
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from
0.8.0 to 0.8.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.8.4</h2>
<h2>What's Changed</h2>
<ul>
<li>release(js): 0.6.3 by <a
href="https://github.com/vishnu-ssuresh"><code>@​vishnu-ssuresh</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2864">langchain-ai/langsmith-sdk#2864</a></li>
<li>chore(deps): bump python-multipart from 0.0.26 to 0.0.27 in /python
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2859">langchain-ai/langsmith-sdk#2859</a></li>
<li>chore(deps-dev): bump <code>@​anthropic-ai/sdk</code> from 0.91.1 to
0.92.0 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2858">langchain-ai/langsmith-sdk#2858</a></li>
<li>chore(deps): bump postcss from 8.5.8 to 8.5.14 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2857">langchain-ai/langsmith-sdk#2857</a></li>
<li>chore(deps): bump hono from 4.12.15 to 4.12.18 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2860">langchain-ai/langsmith-sdk#2860</a></li>
<li>chore(deps-dev): bump langchain-core from 1.3.2 to 1.3.3 in /python
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2867">langchain-ai/langsmith-sdk#2867</a></li>
<li>chore(deps-dev): bump <code>@​anthropic-ai/sdk</code> from 0.92.0 to
0.93.0 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2869">langchain-ai/langsmith-sdk#2869</a></li>
<li>chore(deps): bump urllib3 from 2.6.3 to 2.7.0 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2873">langchain-ai/langsmith-sdk#2873</a></li>
<li>chore(deps): bump the py-minor-and-patch group across 1 directory
with 12 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2876">langchain-ai/langsmith-sdk#2876</a></li>
<li>chore(deps-dev): bump the js-minor-and-patch group across 1
directory with 16 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2877">langchain-ai/langsmith-sdk#2877</a></li>
<li>chore(deps): bump the py-minor-and-patch group across 1 directory
with 11 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2879">langchain-ai/langsmith-sdk#2879</a></li>
<li>chore(deps): bump the npm_and_yarn group across 2 directories with 2
updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2868">langchain-ai/langsmith-sdk#2868</a></li>
<li>chore(deps-dev): bump <code>@​anthropic-ai/sdk</code> from 0.93.0 to
0.94.0 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2878">langchain-ai/langsmith-sdk#2878</a></li>
<li>sdk(js): rename experimental/sandbox -&gt; sandbox (breaking) by <a
href="https://github.com/DanielKneipp"><code>@​DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2885">langchain-ai/langsmith-sdk#2885</a></li>
<li>sdk(py): drop sandbox alpha/experimental warnings by <a
href="https://github.com/DanielKneipp"><code>@​DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2884">langchain-ai/langsmith-sdk#2884</a></li>
<li>feat(sandbox): make snapshot optional and add TS options overload by
<a
href="https://github.com/ramon-langchain"><code>@​ramon-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2887">langchain-ai/langsmith-sdk#2887</a></li>
<li>release(py): 0.8.4 by <a
href="https://github.com/ramon-langchain"><code>@​ramon-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2889">langchain-ai/langsmith-sdk#2889</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.3...v0.8.4">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.3...v0.8.4</a></p>
<h2>v0.8.3</h2>
<h2>What's Changed</h2>
<ul>
<li>fix(js): prevent sending [object Object] as span attribute when
dealing with nested objects, send full langsmith.usage_metadata if
present by <a href="https://github.com/dqbd"><code>@​dqbd</code></a> in
<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2845">langchain-ai/langsmith-sdk#2845</a></li>
<li>release(js): bump to 0.6.2 by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2856">langchain-ai/langsmith-sdk#2856</a></li>
<li>sdk(py): replace ttl_seconds with idle_ttl_seconds +
delete_after_stop_seconds by <a
href="https://github.com/DanielKneipp"><code>@​DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2853">langchain-ai/langsmith-sdk#2853</a></li>
<li>sdk(js): replace ttlSeconds with idleTtlSeconds +
deleteAfterStopSeconds by <a
href="https://github.com/DanielKneipp"><code>@​DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2854">langchain-ai/langsmith-sdk#2854</a></li>
<li>Fix push_agent URL owner for name-only identifiers by <a
href="https://github.com/vishnu-ssuresh"><code>@​vishnu-ssuresh</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2862">langchain-ai/langsmith-sdk#2862</a></li>
<li>docs(langsmith): clarify trust boundaries when working with hub by
<a href="https://github.com/eyurtsev"><code>@​eyurtsev</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2861">langchain-ai/langsmith-sdk#2861</a></li>
<li>release(py): 0.8.3 by <a
href="https://github.com/vishnu-ssuresh"><code>@​vishnu-ssuresh</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2863">langchain-ai/langsmith-sdk#2863</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.2...v0.8.3">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.2...v0.8.3</a></p>
<h2>v0.8.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump JS SDK version to 0.6.1 by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2847">langchain-ai/langsmith-sdk#2847</a></li>
<li>fix: parse urllib3 version with packaging.Version by <a
href="https://github.com/justinwolfington"><code>@​justinwolfington</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2851">langchain-ai/langsmith-sdk#2851</a></li>
<li>Bump Python SDK version to 0.8.2 by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2855">langchain-ai/langsmith-sdk#2855</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/justinwolfington"><code>@​justinwolfington</code></a>
made their first contribution in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2851">langchain-ai/langsmith-sdk#2851</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.1...v0.8.2">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.1...v0.8.2</a></p>
<h2>v0.8.1</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(js): remove experimental opencode integration by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2836">langchain-ai/langsmith-sdk#2836</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="273f8f9b0d"><code>273f8f9</code></a>
release(py): 0.8.4 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2889">#2889</a>)</li>
<li><a
href="afbf4fb970"><code>afbf4fb</code></a>
feat(sandbox): make snapshot optional and add TS options overload (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2887">#2887</a>)</li>
<li><a
href="54da5410a2"><code>54da541</code></a>
sdk(py): drop sandbox alpha/experimental warnings (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2884">#2884</a>)</li>
<li><a
href="1536e2bb61"><code>1536e2b</code></a>
sdk(js): rename experimental/sandbox -&gt; sandbox (breaking) (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2885">#2885</a>)</li>
<li><a
href="8f635fbb0e"><code>8f635fb</code></a>
chore(deps-dev): bump <code>@​anthropic-ai/sdk</code> from 0.93.0 to
0.94.0 in /js (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2878">#2878</a>)</li>
<li><a
href="ce0f40f385"><code>ce0f40f</code></a>
chore(deps): bump the npm_and_yarn group across 2 directories with 2
updates ...</li>
<li><a
href="061c197e3a"><code>061c197</code></a>
chore(deps): bump the py-minor-and-patch group across 1 directory with
11 upd...</li>
<li><a
href="ab5d5f3f22"><code>ab5d5f3</code></a>
chore(deps-dev): bump the js-minor-and-patch group across 1 directory
with 16...</li>
<li><a
href="3dc69de102"><code>3dc69de</code></a>
chore(deps): bump the py-minor-and-patch group across 1 directory with
12 upd...</li>
<li><a
href="6754bd3bec"><code>6754bd3</code></a>
chore(deps): bump urllib3 from 2.6.3 to 2.7.0 in /python (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2873">#2873</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.0...v0.8.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=langsmith&package-manager=uv&previous-version=0.8.0&new-version=0.8.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-14 14:00:03 -07:00
dependabot[bot]
365c36c270 chore: bump langsmith from 0.7.31 to 0.8.0 in /libs/partners/xai (#37392)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from
0.7.31 to 0.8.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.8.0</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(js,py): JS 0.6.0, Py 0.8.0 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2831">langchain-ai/langsmith-sdk#2831</a></li>
<li>release(js): 0.6.0 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2832">langchain-ai/langsmith-sdk#2832</a></li>
<li>release(py): 0.8.0 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2833">langchain-ai/langsmith-sdk#2833</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.38...v0.8.0">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.38...v0.8.0</a></p>
<h2>v0.7.38</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(js): add tracing of opencode by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2776">langchain-ai/langsmith-sdk#2776</a></li>
<li>chore(js): Remove types/uuid by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2814">langchain-ai/langsmith-sdk#2814</a></li>
<li>docs(sandbox): document default idle TTL of 10 minutes by <a
href="https://github.com/DanielKneipp"><code>@​DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2788">langchain-ai/langsmith-sdk#2788</a></li>
<li>ci(py): Bump pytest timeout to 2m by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2815">langchain-ai/langsmith-sdk#2815</a></li>
<li>chore(deps-dev): bump the js-minor-and-patch group across 1
directory with 4 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2803">langchain-ai/langsmith-sdk#2803</a></li>
<li>chore(deps): update sphinx-autobuild requirement from &gt;=2024 to
&gt;=2024.10.3 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2809">langchain-ai/langsmith-sdk#2809</a></li>
<li>chore(deps): update myst-nb requirement from &gt;=1.1.1 to
&gt;=1.4.0 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2810">langchain-ai/langsmith-sdk#2810</a></li>
<li>chore(deps-dev): bump types-pyyaml from 6.0.12.20250915 to
6.0.12.20260408 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2812">langchain-ai/langsmith-sdk#2812</a></li>
<li>chore(deps-dev): bump <code>@​langchain/openai</code> from 0.5.18 to
0.6.17 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2806">langchain-ai/langsmith-sdk#2806</a></li>
<li>chore(deps): bump the py-minor-and-patch group across 1 directory
with 18 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2808">langchain-ai/langsmith-sdk#2808</a></li>
<li>feat(py): Adds strands OTEL exporter by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2817">langchain-ai/langsmith-sdk#2817</a></li>
<li>chore(js): Switch to oxfmt and oxlint by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2819">langchain-ai/langsmith-sdk#2819</a></li>
<li>fix(py): fix RunTree ValidationError when inputs or outputs is a
Pydantic BaseModel by <a
href="https://github.com/QuentinBrosse"><code>@​QuentinBrosse</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2820">langchain-ai/langsmith-sdk#2820</a></li>
<li>chore: add apac support by <a
href="https://github.com/joaquin-borggio-lc"><code>@​joaquin-borggio-lc</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2821">langchain-ai/langsmith-sdk#2821</a></li>
<li>fix(js): Pull Claude Agent SDK subagent runs from transcript, add
tool span for subagents, merge message blocks by id by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2816">langchain-ai/langsmith-sdk#2816</a></li>
<li>release(js): 0.5.26 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2824">langchain-ai/langsmith-sdk#2824</a></li>
<li>release(py): 0.7.38 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2825">langchain-ai/langsmith-sdk#2825</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.37...v0.7.38">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.37...v0.7.38</a></p>
<h2>v0.7.37</h2>
<h2>What's Changed</h2>
<ul>
<li>perf(js): Offload serialize to worker thread at flush time by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2781">langchain-ai/langsmith-sdk#2781</a></li>
<li>release(js): 0.5.24 by <a
href="https://github.com/emil-lc"><code>@​emil-lc</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2790">langchain-ai/langsmith-sdk#2790</a></li>
<li>chore(js): Fix perf test flagging by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2792">langchain-ai/langsmith-sdk#2792</a></li>
<li>feat(js,python): Adds hub model config and provider to schemas by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2793">langchain-ai/langsmith-sdk#2793</a></li>
<li>fix(js): minor test improvements by <a
href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2429">langchain-ai/langsmith-sdk#2429</a></li>
<li>fix(js): Include auth headers on info requests by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2800">langchain-ai/langsmith-sdk#2800</a></li>
<li>release(js): 0.5.25 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2801">langchain-ai/langsmith-sdk#2801</a></li>
<li>fix(python): flush both tracing_queue and compressed_traces in
flush() by <a
href="https://github.com/angus-langchain"><code>@​angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2796">langchain-ai/langsmith-sdk#2796</a></li>
<li>chore(deps): bump postcss from 8.5.8 to 8.5.10 in
/js/internal/environment_tests/test-exports-vite in the npm_and_yarn
group across 1 directory by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2791">langchain-ai/langsmith-sdk#2791</a></li>
<li>chore(deps-dev): bump google-adk from 1.10.0 to 1.28.1 in /python by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2794">langchain-ai/langsmith-sdk#2794</a></li>
<li>fix(python): flush pending traces during Client.cleanup() by <a
href="https://github.com/angus-langchain"><code>@​angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2799">langchain-ai/langsmith-sdk#2799</a></li>
<li>fix(py): Fix concurrency for multiple Claude Agent SDK sessions by
<a href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in
<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2795">langchain-ai/langsmith-sdk#2795</a></li>
<li>release(py): 0.7.37 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2802">langchain-ai/langsmith-sdk#2802</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.36...v0.7.37">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.36...v0.7.37</a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cf01c873d5"><code>cf01c87</code></a>
release(py): 0.8.0 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2833">#2833</a>)</li>
<li><a
href="fd049c8464"><code>fd049c8</code></a>
release(js): 0.6.0 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2832">#2832</a>)</li>
<li><a
href="092a8866c4"><code>092a886</code></a>
feat(js,py): JS 0.6.0, Py 0.8.0 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2831">#2831</a>)</li>
<li><a
href="ff180c0423"><code>ff180c0</code></a>
release(py): 0.7.38 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2825">#2825</a>)</li>
<li><a
href="d9de3ca801"><code>d9de3ca</code></a>
release(js): 0.5.26 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2824">#2824</a>)</li>
<li><a
href="1428394831"><code>1428394</code></a>
fix(js): Pull Claude Agent SDK subagent runs from transcript, add tool
span f...</li>
<li><a
href="838e957d80"><code>838e957</code></a>
chore: add apac support (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2821">#2821</a>)</li>
<li><a
href="003f22a768"><code>003f22a</code></a>
fix(py): fix RunTree ValidationError when inputs or outputs is a
Pydantic Bas...</li>
<li><a
href="8f5ef27c2d"><code>8f5ef27</code></a>
chore(js): Switch to oxfmt and oxlint (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2819">#2819</a>)</li>
<li><a
href="9873633c9f"><code>9873633</code></a>
feat(py): Adds strands OTEL exporter (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2817">#2817</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.31...v0.8.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=langsmith&package-manager=uv&previous-version=0.7.31&new-version=0.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-13 22:41:29 -07:00
dependabot[bot]
9db9628d79 chore: bump requests from 2.33.0 to 2.34.0 in /libs/partners/xai (#37383)
Bumps [requests](https://github.com/psf/requests) from 2.33.0 to 2.34.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/releases">requests's
releases</a>.</em></p>
<blockquote>
<h2>v2.34.0</h2>
<h2>2.34.0 (2026-05-11)</h2>
<p><strong>Announcements</strong></p>
<ul>
<li>
<p>Requests 2.34.0 introduces inline types, replacing those provided by
typeshed. Public API types should be fully compatible with mypy,
pyright,
and ty. <strong>We believe types are comprehensive but if you find
issues, please
report them to the <a
href="https://redirect.github.com/psf/requests/issues/7271">pinned
tracking issue</a>.</strong></p>
<p>Special thanks to <a
href="https://github.com/bastimeyer"><code>@​bastimeyer</code></a>, <a
href="https://github.com/cthoyt"><code>@​cthoyt</code></a>, <a
href="https://github.com/edgarrmondragon"><code>@​edgarrmondragon</code></a>,
and <a href="https://github.com/srittau"><code>@​srittau</code></a> for
helping review and test the types ahead of the release. (<a
href="https://redirect.github.com/psf/requests/issues/7272">#7272</a>)</p>
</li>
</ul>
<p><strong>Improvements</strong></p>
<ul>
<li>Digest Auth hashing algorithms have added
<code>usedforsecurity=False</code> to clarify
security considerations. (<a
href="https://redirect.github.com/psf/requests/issues/7310">#7310</a>)</li>
<li>Requests added support for Python 3.15 based on beta1. Downstream
projects
should be able to start testing prior to its release in October. (<a
href="https://redirect.github.com/psf/requests/issues/7422">#7422</a>)</li>
<li>Requests added support for Python 3.14t. (<a
href="https://redirect.github.com/psf/requests/issues/7419">#7419</a>)</li>
</ul>
<p><strong>Bugfixes</strong></p>
<ul>
<li><code>Response.history</code> no longer contains a reference to
itself, preventing
accidental looping when traversing the history list. (<a
href="https://redirect.github.com/psf/requests/issues/7328">#7328</a>)</li>
<li>Requests no longer performs greedy matching on no_proxy domains. The
proxy_bypass implementation has been updated with CPython's fix from
bpo-39057. (<a
href="https://redirect.github.com/psf/requests/issues/7427">#7427</a>)</li>
<li>Requests no longer incorrectly strips duplicate leading slashes in
URI paths. This should address user issues with specific presigned
URLs. Note the full fix requires urllib3 2.7.0+. (<a
href="https://redirect.github.com/psf/requests/issues/7315">#7315</a>)</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/cjriches"><code>@​cjriches</code></a>
made their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/7365">psf/requests#7365</a></li>
<li><a href="https://github.com/dsanader"><code>@​dsanader</code></a>
made their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/7376">psf/requests#7376</a></li>
<li><a
href="https://github.com/DimitriPapadopoulos"><code>@​DimitriPapadopoulos</code></a>
made their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/7393">psf/requests#7393</a></li>
<li><a href="https://github.com/joshua-51"><code>@​joshua-51</code></a>
made their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/7416">psf/requests#7416</a></li>
<li><a href="https://github.com/eggsort"><code>@​eggsort</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/7421">psf/requests#7421</a></li>
<li><a href="https://github.com/typhon8"><code>@​typhon8</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/7315">psf/requests#7315</a></li>
<li><a
href="https://github.com/bastimeyer"><code>@​bastimeyer</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/7425">psf/requests#7425</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/psf/requests/blob/main/HISTORY.md#2340-2026-05-11">https://github.com/psf/requests/blob/main/HISTORY.md#2340-2026-05-11</a></p>
<h2>v2.33.1</h2>
<h2>2.33.1 (2026-03-30)</h2>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary
files in the tmp directory. (<a
href="https://redirect.github.com/psf/requests/issues/7305">#7305</a>)</li>
<li>Fixed Content-Type header parsing for malformed values. (<a
href="https://redirect.github.com/psf/requests/issues/7309">#7309</a>)</li>
<li>Improved error consistency for malformed header values. (<a
href="https://redirect.github.com/psf/requests/issues/7308">#7308</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's
changelog</a>.</em></p>
<blockquote>
<h2>2.34.0 (2026-05-11)</h2>
<p><strong>Announcements</strong></p>
<ul>
<li>
<p>Requests 2.34.0 introduces inline types, replacing those provided by
typeshed. Public API types should be fully compatible with mypy,
pyright,
and ty. We believe types are comprehensive but if you find issues,
please
report them to the pinned tracking issue.</p>
<p>Special thanks to <a
href="https://github.com/bastimeyer"><code>@​bastimeyer</code></a>, <a
href="https://github.com/cthoyt"><code>@​cthoyt</code></a>, <a
href="https://github.com/edgarrmondragon"><code>@​edgarrmondragon</code></a>,
and <a href="https://github.com/srittau"><code>@​srittau</code></a> for
helping review and test the types ahead of the release. (<a
href="https://redirect.github.com/psf/requests/issues/7272">#7272</a>)</p>
</li>
</ul>
<p><strong>Improvements</strong></p>
<ul>
<li>Digest Auth hashing algorithms have added
<code>usedforsecurity=False</code> to clarify
security considerations. (<a
href="https://redirect.github.com/psf/requests/issues/7310">#7310</a>)</li>
<li>Requests added support for Python 3.15 based on beta1. Downstream
projects
should be able to start testing prior to its release in October. (<a
href="https://redirect.github.com/psf/requests/issues/7422">#7422</a>)</li>
<li>Requests added support for Python 3.14t. (<a
href="https://redirect.github.com/psf/requests/issues/7419">#7419</a>)</li>
</ul>
<p><strong>Bugfixes</strong></p>
<ul>
<li><code>Response.history</code> no longer contains a reference to
itself, preventing
accidental looping when traversing the history list. (<a
href="https://redirect.github.com/psf/requests/issues/7328">#7328</a>)</li>
<li>Requests no longer performs greedy matching on no_proxy domains. The
proxy_bypass implementation has been updated with CPython's fix from
bpo-39057. (<a
href="https://redirect.github.com/psf/requests/issues/7427">#7427</a>)</li>
<li>Requests no longer incorrectly strips duplicate leading slashes in
URI paths. This should address user issues with specific presigned
URLs. Note the full fix requires urllib3 2.7.0+. (<a
href="https://redirect.github.com/psf/requests/issues/7315">#7315</a>)</li>
</ul>
<h2>2.33.1 (2026-03-30)</h2>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary
files in the tmp directory. (<a
href="https://redirect.github.com/psf/requests/issues/7305">#7305</a>)</li>
<li>Fixed Content-Type header parsing for malformed values. (<a
href="https://redirect.github.com/psf/requests/issues/7309">#7309</a>)</li>
<li>Improved error consistency for malformed header values. (<a
href="https://redirect.github.com/psf/requests/issues/7308">#7308</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0b401c76b6"><code>0b401c7</code></a>
v2.34.0</li>
<li><a
href="86b378d3f6"><code>86b378d</code></a>
Align Session.get parameters with requests.get (<a
href="https://redirect.github.com/psf/requests/issues/7429">#7429</a>)</li>
<li><a
href="a4f9a5999b"><code>a4f9a59</code></a>
Port bpo-39057 to Requests (<a
href="https://redirect.github.com/psf/requests/issues/7427">#7427</a>)</li>
<li><a
href="3816cfa1ab"><code>3816cfa</code></a>
Parameterize SupportsItems to handle Mapping key invariance (<a
href="https://redirect.github.com/psf/requests/issues/7426">#7426</a>)</li>
<li><a
href="b684dcb9bb"><code>b684dcb</code></a>
sessions: fix hooks type (<a
href="https://redirect.github.com/psf/requests/issues/7425">#7425</a>)</li>
<li><a
href="dc9dbdfb34"><code>dc9dbdf</code></a>
Formalize 3.15 support (<a
href="https://redirect.github.com/psf/requests/issues/7422">#7422</a>)</li>
<li><a
href="25340ebad0"><code>25340eb</code></a>
Clear proxy env vars before every test run (<a
href="https://redirect.github.com/psf/requests/issues/7423">#7423</a>)</li>
<li><a
href="fd628095d7"><code>fd62809</code></a>
Preserve leading slashes in request path_url (<a
href="https://redirect.github.com/psf/requests/issues/7315">#7315</a>)</li>
<li><a
href="e8d2c015ee"><code>e8d2c01</code></a>
docs: Fix missing hook output in docs example (<a
href="https://redirect.github.com/psf/requests/issues/7421">#7421</a>)</li>
<li><a
href="eb173bc819"><code>eb173bc</code></a>
Add 3.14t support to CI (<a
href="https://redirect.github.com/psf/requests/issues/7419">#7419</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/psf/requests/compare/v2.33.0...v2.34.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=requests&package-manager=uv&previous-version=2.33.0&new-version=2.34.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-13 10:26:56 -07:00
dependabot[bot]
c92e5c5a71 chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/xai (#37331)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.6.3 to 2.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/releases">urllib3's
releases</a>.</em></p>
<blockquote>
<h2>2.7.0</h2>
<h2>🚀 urllib3 is fundraising for HTTP/2 support</h2>
<p><a
href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3
is raising ~$40,000 USD</a> to release HTTP/2 support and ensure
long-term sustainable maintenance of the project after a sharp decline
in financial support. If your company or organization uses Python and
would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and
thousands of other projects <a
href="https://opencollective.com/urllib3">please consider contributing
financially</a> to ensure HTTP/2 support is developed sustainably and
maintained for the long-haul.</p>
<p>Thank you for your support.</p>
<h2>Security</h2>
<p>Addressed high-severity security issues. Impact was limited to
specific use cases detailed in the accompanying advisories; overall user
exposure was estimated to be marginal.</p>
<ul>
<li>
<p>Decompression-bomb safeguards of the streaming API were bypassed:</p>
<ol>
<li>When <code>HTTPResponse.drain_conn()</code> was called after the
response had been read and decompressed partially. (Reported by <a
href="https://github.com/Cycloctane"><code>@​Cycloctane</code></a>)</li>
<li>During the second <code>HTTPResponse.read(amt=N)</code> or
<code>HTTPResponse.stream(amt=N)</code> call when the response was
decompressed using the official <a
href="https://pypi.org/project/brotli/">Brotli</a> library. (Reported by
<a
href="https://github.com/kimkou2024"><code>@​kimkou2024</code></a>)</li>
</ol>
<p>See GHSA-mf9v-mfxr-j63j for details.</p>
</li>
<li>
<p>HTTP pools created using
<code>ProxyManager.connection_from_url</code> did not strip sensitive
headers specified in <code>Retry.remove_headers_on_redirect</code> when
redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by <a
href="https://github.com/christos-spearbit"><code>@​christos-spearbit</code></a>)</p>
</li>
</ul>
<h2>Deprecations and Removals</h2>
<ul>
<li>Used <code>FutureWarning</code> instead of
<code>DeprecationWarning</code> for better visibility of existing
deprecation notices. Rescheduled the removal of deprecated features to
version 3.0. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3763">urllib3/urllib3#3763</a>)</li>
<li>Removed support for end-of-life Python 3.9. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3720">urllib3/urllib3#3720</a>)</li>
<li>Removed support for end-of-life PyPy3.10. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4979">urllib3/urllib3#4979</a>)</li>
<li>Bumped the minimum supported pyOpenSSL version to 19.0.0. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3777">urllib3/urllib3#3777</a>)</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>Fixed a bug where <code>HTTPResponse.read(amt=None)</code> was
ignoring decompressed data buffered from previous partial reads. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3636">urllib3/urllib3#3636</a>)</li>
<li>Fixed a bug where <code>HTTPResponse.read()</code> could cache only
part of the response after a partial read when
<code>cache_content=True</code>. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4967">urllib3/urllib3#4967</a>)</li>
<li>Fixed <code>HTTPResponse.stream()</code> and
<code>HTTPResponse.read_chunked()</code> to handle <code>amt=0</code>.
(<a
href="https://redirect.github.com/urllib3/urllib3/issues/3793">urllib3/urllib3#3793</a>)</li>
<li>Updated <code>_TYPE_BODY</code> type alias to include missing
<code>Iterable[str]</code>, matching the documented and runtime behavior
of chunked request bodies. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3798">urllib3/urllib3#3798</a>)</li>
<li>Fixed <code>LocationParseError</code> when paths resembling
schemeless URIs were passed to
<code>HTTPConnectionPool.urlopen()</code>. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3352">urllib3/urllib3#3352</a>)</li>
<li>Fixed <code>BaseHTTPResponse.readinto()</code> type annotation to
accept <code>memoryview</code> in addition to <code>bytearray</code>,
matching the <code>io.RawIOBase.readinto</code> contract and enabling
use with <code>io.BufferedReader</code> without type errors. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3764">urllib3/urllib3#3764</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's
changelog</a>.</em></p>
<blockquote>
<h1>2.7.0 (2026-05-07)</h1>
<h2>Security</h2>
<p>Addressed high-severity security issues.
Impact was limited to specific use cases detailed in the accompanying
advisories; overall user exposure was estimated to be marginal.</p>
<ul>
<li>
<p>Decompression-bomb safeguards of the streaming API were bypassed:</p>
<ol>
<li>When <code>HTTPResponse.drain_conn()</code> was called after the
response had been
read and decompressed partially.</li>
<li>During the second <code>HTTPResponse.read(amt=N)</code> or
<code>HTTPResponse.stream(amt=N)</code> call when the response was
decompressed
using the official <code>Brotli
&lt;https://pypi.org/project/brotli/&gt;</code>__ library.</li>
</ol>
<p>See <code>GHSA-mf9v-mfxr-j63j
&lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j&gt;</code>__
for details.</p>
</li>
<li>
<p>HTTP pools created using
<code>ProxyManager.connection_from_url</code> did not strip
sensitive headers specified in
<code>Retry.remove_headers_on_redirect</code> when
redirecting to a different host.
(<code>GHSA-qccp-gfcp-xxvc
&lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc&gt;</code>__)</p>
</li>
</ul>
<h2>Deprecations and Removals</h2>
<ul>
<li>Used <code>FutureWarning</code> instead of
<code>DeprecationWarning</code> for better
visibility of existing deprecation notices. Rescheduled the removal of
deprecated features to version 3.0.
(<code>[#3763](https://github.com/urllib3/urllib3/issues/3763)
&lt;https://github.com/urllib3/urllib3/issues/3763&gt;</code>__)</li>
<li>Removed support for end-of-life Python 3.9.
(<code>[#3720](https://github.com/urllib3/urllib3/issues/3720)
&lt;https://github.com/urllib3/urllib3/issues/3720&gt;</code>__)</li>
<li>Removed support for end-of-life PyPy3.10.
(<code>[#4979](https://github.com/urllib3/urllib3/issues/4979)
&lt;https://github.com/urllib3/urllib3/issues/4979&gt;</code>__)</li>
<li>Bumped the minimum supported pyOpenSSL version to 19.0.0.
(<code>[#3777](https://github.com/urllib3/urllib3/issues/3777)
&lt;https://github.com/urllib3/urllib3/issues/3777&gt;</code>__)</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>Fixed a bug where <code>HTTPResponse.read(amt=None)</code> was
ignoring decompressed
data buffered from previous partial reads.
(<code>[#3636](https://github.com/urllib3/urllib3/issues/3636)
&lt;https://github.com/urllib3/urllib3/issues/3636&gt;</code>__)</li>
<li>Fixed a bug where <code>HTTPResponse.read()</code> could cache only
part of the
response after a partial read when <code>cache_content=True</code>.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9a950b92d9"><code>9a950b9</code></a>
Release 2.7.0</li>
<li><a
href="5ec0de499b"><code>5ec0de4</code></a>
Merge commit from fork</li>
<li><a
href="2bdcc44d1e"><code>2bdcc44</code></a>
Merge commit from fork</li>
<li><a
href="f45b0df09d"><code>f45b0df</code></a>
Fix a misleading example for <code>ProxyManager</code> (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4970">#4970</a>)</li>
<li><a
href="577193ca02"><code>577193c</code></a>
Switch to nightly PyPy3.11 in CI for now (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4984">#4984</a>)</li>
<li><a
href="e90af45bb0"><code>e90af45</code></a>
Avoid infinite loop in <code>HTTPResponse.read_chunked</code> when
<code>amt=0</code> (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4974">#4974</a>)</li>
<li><a
href="67ed74fdae"><code>67ed74f</code></a>
Bump dev dependencies (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4972">#4972</a>)</li>
<li><a
href="3abd481097"><code>3abd481</code></a>
Upgrade mypy to version 1.20.2 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4978">#4978</a>)</li>
<li><a
href="2b8725dfca"><code>2b8725d</code></a>
Drop support for EOL PyPy3.10 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4979">#4979</a>)</li>
<li><a
href="2944b2a0a6"><code>2944b2a</code></a>
Upgrade <code>setup-chrome</code> and <code>setup-firefox</code> to fix
warnings (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4973">#4973</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=uv&previous-version=2.6.3&new-version=2.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-11 18:18:53 +00:00
dependabot[bot]
9dd188e853 chore: bump langchain-core from 1.3.2 to 1.3.3 in /libs/partners/xai (#37255)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [langchain-core](https://github.com/langchain-ai/langchain) from
1.3.2 to 1.3.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langchain/releases">langchain-core's
releases</a>.</em></p>
<blockquote>
<h2>langchain-core==1.3.3</h2>
<p>Changes since langchain-core==1.3.2</p>
<p>release(core): 1.3.3 (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37198">#37198</a>)
fix(core): set deprecation <code>since</code> to 1.3.3 to match release
(<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37200">#37200</a>)
fix(core, langchain): harden <code>load()</code> against untrusted
manifests (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37197">#37197</a>)
chore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37109">#37109</a>)
chore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in
/libs/core (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37129">#37129</a>)
fix(core): preserve structured <code>inputs</code> on tool runs in
tracers (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37108">#37108</a>)
release(perplexity): 1.2.0 (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37091">#37091</a>)
chore(docs): update x handle references (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37081">#37081</a>)
fix(core): make <code>removal</code> optional in
<code>warn_deprecated</code> (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37056">#37056</a>)
fix(core): validate batch_size in _batch and _abatch to prevent infinite
loop (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/36663">#36663</a>)
chore(core): mark stream_v2/astream_v2 as beta (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/36992">#36992</a>)</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5039dfec1f"><code>5039dfe</code></a>
release(core): 1.3.3 (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37198">#37198</a>)</li>
<li><a
href="55a7707837"><code>55a7707</code></a>
fix(core): set deprecation <code>since</code> to 1.3.3 to match release
(<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37200">#37200</a>)</li>
<li><a
href="c979c6187b"><code>c979c61</code></a>
fix(core, langchain): harden <code>load()</code> against untrusted
manifests (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37197">#37197</a>)</li>
<li><a
href="d7031101da"><code>d703110</code></a>
docs: update README.md (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37190">#37190</a>)</li>
<li><a
href="4d50a2a68b"><code>4d50a2a</code></a>
ci(infra): run pre-release checks before TestPyPI publish (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37194">#37194</a>)</li>
<li><a
href="9bd730e199"><code>9bd730e</code></a>
fix(fireworks): require <code>api_key</code> in
<code>FireworksEmbeddings</code> (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37193">#37193</a>)</li>
<li><a
href="f475f4191f"><code>f475f41</code></a>
release(mistralai): 1.1.4 (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37191">#37191</a>)</li>
<li><a
href="7dbff48aff"><code>7dbff48</code></a>
fix(mistralai): strip non-wire keys from <code>ToolMessage</code> (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37188">#37188</a>)</li>
<li><a
href="913816c440"><code>913816c</code></a>
release(fireworks): 1.3.1 (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37189">#37189</a>)</li>
<li><a
href="4498d3dc84"><code>4498d3d</code></a>
fix(fireworks): strip non-wire keys from <code>ToolMessage</code> text
content blocks (#...</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langchain/compare/langchain-core==1.3.2...langchain-core==1.3.3">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-09 16:24:34 +00:00
langchain-model-profile-bot[bot]
fb3ba38ad6 chore(model-profiles): refresh model profile data (#37122)
Automated refresh of model profile data for all in-monorepo partner
integrations via `langchain-profiles refresh`.

🤖 Generated by the `refresh_model_profiles` workflow.

Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>
2026-05-01 10:08:17 -04:00
open-swe[bot]
ba897ffa7e chore(docs): update x handle references (#37081)
## Description
Updates package metadata and README badges so LangChain social links
point to the new `@langchain_oss` X handle. This was completed with
AI-agent assistance.

## Test Plan
- [ ] Validate README badges and package metadata links point to
`https://x.com/langchain_oss`

_Opened collaboratively by Mason Daugherty and open-swe._

---------

Co-authored-by: open-swe[bot] <open-swe@users.noreply.github.com>
Co-authored-by: Mason Daugherty <61371264+mdrxy@users.noreply.github.com>
2026-04-29 13:56:09 -04:00
Mason Daugherty
56d6e89be0 hotfix: bump min core versions (#36996) 2026-04-24 15:23:28 -04:00
Nick Hollon
9ce72eba9f feat(core): add content-block-centric streaming (v2) (#36834) 2026-04-24 11:36:17 -04:00
Nick Hollon
ffaac42bf9 ci(infra): add pytest-xdist to partner test groups (#36988) 2026-04-24 13:23:03 +00:00
Mason Daugherty
b57eea2aed hotfix(ci): remove nobenchmark flag (#36959) 2026-04-22 17:39:52 -04:00
Mason Daugherty
ec337534c5 chore(partners): standardize integration test invocation (#36958)
Standardize the `integration_tests` Makefile target across all 15
partner packages in `libs/partners/`, mirroring the deepagents
`libs/evals` pattern (`-v --tb=short`). Previously each partner had its
own ad-hoc flag stack (some missing `-n auto`, some with `-vvv`, others
with nothing), and every partner that used `-n auto` was emitting a
`PytestBenchmarkWarning` because `pytest-benchmark` is pulled in
transitively via `langchain-tests` even though no partner has benchmark
tests.
2026-04-22 17:28:04 -04:00
Mason Daugherty
7e81d09f2a chore(deps): bump pytest to 9.0.3 (#36801)
CVE-2025-71176 (medium severity)

All are dev-only (test dependency group) — no impact on published
packages.

### Why syrupy was also bumped

syrupy 4.x (`<5.0.0`) constrains pytest to `<9.0.0`, blocking the CVE
fix. Widening to `<6.0.0` allows syrupy 5.x which supports pytest 9.x.
2026-04-15 21:46:40 -06:00
dependabot[bot]
d9167e05e0 chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/partners/xai (#36790)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from
0.6.3 to 0.7.31.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.7.31</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(deps-dev): bump langchain-core from 1.2.23 to 1.2.28 in
/python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2692">langchain-ai/langsmith-sdk#2692</a></li>
<li>chore(deps-dev): bump <code>@​anthropic-ai/sdk</code> from 0.82.0 to
0.84.0 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2684">langchain-ai/langsmith-sdk#2684</a></li>
<li>chore(deps): bump cryptography from 46.0.6 to 46.0.7 in /python by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2693">langchain-ai/langsmith-sdk#2693</a></li>
<li>chore(deps-dev): bump <code>@​anthropic-ai/sdk</code> from 0.84.0 to
0.85.0 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2700">langchain-ai/langsmith-sdk#2700</a></li>
<li>feat(py): Tag OpenAI Agent Python SDK runs with ls_agent_type by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2699">langchain-ai/langsmith-sdk#2699</a></li>
<li>feat(js): Adds ls_agent_type metadata to AI SDK runs by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2701">langchain-ai/langsmith-sdk#2701</a></li>
<li>chore(deps-dev): bump types-tqdm from 4.67.3.20260303 to
4.67.3.20260408 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2710">langchain-ai/langsmith-sdk#2710</a></li>
<li>chore(deps): bump pnpm/action-setup from 5 to 6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2705">langchain-ai/langsmith-sdk#2705</a></li>
<li>chore(deps): bump the py-minor-and-patch group across 1 directory
with 10 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2711">langchain-ai/langsmith-sdk#2711</a></li>
<li>chore(deps-dev): bump <code>@​anthropic-ai/sdk</code> from 0.85.0 to
0.86.0 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2702">langchain-ai/langsmith-sdk#2702</a></li>
<li>chore(deps): bump actions/github-script from 8 to 9 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2706">langchain-ai/langsmith-sdk#2706</a></li>
<li>chore(deps-dev): bump the js-minor-and-patch group across 1
directory with 7 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2712">langchain-ai/langsmith-sdk#2712</a></li>
<li>chore(deps-dev): bump types-psutil from 7.2.2.20260130 to
7.2.2.20260408 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2709">langchain-ai/langsmith-sdk#2709</a></li>
<li>chore(deps-dev): bump rich from 14.3.3 to 15.0.0 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2708">langchain-ai/langsmith-sdk#2708</a></li>
<li>feat: Filter kwargs from new token events by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2714">langchain-ai/langsmith-sdk#2714</a></li>
<li>release(py): 0.7.31 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2716">langchain-ai/langsmith-sdk#2716</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31</a></p>
<h2>v0.7.30</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(python): add service feature to sandbox by <a
href="https://github.com/DanielKneipp"><code>@​DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2665">langchain-ai/langsmith-sdk#2665</a></li>
<li>fix(js): Fix prototype pollution bug in anonymizers by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2690">langchain-ai/langsmith-sdk#2690</a></li>
<li>release(js): 0.5.18 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2691">langchain-ai/langsmith-sdk#2691</a></li>
<li>chore(js/sandbox): suppress warning log by <a
href="https://github.com/hntrl"><code>@​hntrl</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2694">langchain-ai/langsmith-sdk#2694</a></li>
<li>feat(js): Add metadata to Claude Agent SDK JS tracing by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2695">langchain-ai/langsmith-sdk#2695</a></li>
<li>fix(py): Fix run tree memory leak by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2696">langchain-ai/langsmith-sdk#2696</a></li>
<li>release(py): 0.7.30 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2698">langchain-ai/langsmith-sdk#2698</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30</a></p>
<h2>v0.7.29</h2>
<h2>What's Changed</h2>
<ul>
<li>release(js): 0.5.17 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2681">langchain-ai/langsmith-sdk#2681</a></li>
<li>feat(py): Fix race condition around Claude Agent SDK instrumentation
by <a href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2685">langchain-ai/langsmith-sdk#2685</a></li>
<li>release(py): 0.7.29 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2686">langchain-ai/langsmith-sdk#2686</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29</a></p>
<h2>v0.7.28</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(py): Support subagent tracing in Claude Agents SDK, fix usage
and duplicate messages by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2670">langchain-ai/langsmith-sdk#2670</a></li>
<li>chore(deps-dev): bump the py-minor-and-patch group across 1
directory with 11 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2677">langchain-ai/langsmith-sdk#2677</a></li>
<li>chore(deps-dev): bump the js-minor-and-patch group across 1
directory with 8 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2667">langchain-ai/langsmith-sdk#2667</a></li>
<li>chore(deps): bump pnpm/action-setup from 4 to 5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2658">langchain-ai/langsmith-sdk#2658</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/langchain-ai/langsmith-sdk/commits/v0.7.31">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-15 20:11:08 -06:00
Mason Daugherty
555bdfbade chore: add comment explaining pygments>=2.20.0 (#36570) 2026-04-06 15:07:07 -04:00
dependabot[bot]
edcf34acb5 chore: bump aiohttp from 3.13.4 to 3.13.5 in /libs/partners/xai (#36464)
[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aiohttp&package-manager=uv&previous-version=3.13.4&new-version=3.13.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-03 23:41:48 -04:00
dependabot[bot]
914cef0290 chore: bump aiohttp from 3.13.3 to 3.13.4 in /libs/partners/xai (#36435)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)



[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aiohttp&package-manager=uv&previous-version=3.13.3&new-version=3.13.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-02 10:24:26 -04:00