Mason Daugherty
6b37ad43dd
docs(groq): generalize vision models ref ( #35536 )
2026-03-03 10:37:28 -05:00
Mason Daugherty
d2c86df128
fix(huggingface): switch integration test provider to together ( #35525 )
...
Switch the `TestHuggingFaceEndpoint` serverless inference provider from
`sambanova` to `together` for `Llama-3.3-70B-Instruct`. Sambanova
doesn't support `tool_choice: "any"` (needed by
`test_structured_few_shot_examples` and
`test_unicode_tool_call_integration`) and doesn't return
`usage_metadata` in streaming responses.
2026-03-02 13:40:58 -05:00
Mason Daugherty
ac9295761a
fix(huggingface): resolve huggingface-hub 1.x compat ( #35524 )
...
- Switch `TestHuggingFaceEndpoint` from `Llama-4-Maverick` +
`fireworks-ai` to `Llama-3.3-70B-Instruct` + `sambanova` — Maverick is
no longer routed to Fireworks in hub 1.x
- Switch `test_stream_usage` provider from `nebius` to `scaleway` for
`gemma-3-27b-it` — same provider routing change
2026-03-02 12:29:05 -05:00
Mason Daugherty
6d39b72892
fix(huggingface): bump transformers and sentence-transformers lower bounds ( #35522 )
...
Bump `transformers` and `sentence-transformers` lower bounds in
`langchain-huggingface` to resolve a dependency conflict with
`huggingface-hub` 1.x. The existing constraints allowed
`huggingface-hub>=0.33.4,<2.0.0` (so hub 1.x is valid), but
`transformers` 4.x requires `huggingface-hub<1.0` — causing the
pre-release CI job to fail when `uv pip install --force-reinstall`
resolved hub to 1.5.0 while leaving `transformers` at 4.56.2.
Breaking change for users on transformers 4.x or
sentence-transformers<5.2.0 who install langchain-huggingface[full].
2026-03-02 10:45:06 -05:00
Hamza Kyamanywa
f84b534248
feat(openrouter): surface cost and cost_details in response_metadata ( #35461 )
...
## Description
OpenRouter returns `cost` and `cost_details` in its API response `usage`
object, providing the actual cost of each API call. Currently,
`_create_usage_metadata()` only extracts token counts and drops these
cost fields.
This PR surfaces both `cost` and `cost_details` in `response_metadata`
for both non-streaming and streaming paths, allowing users to access
actual API costs directly from the response without manual estimation
from token counts.
**Example response from OpenRouter:**
```json
{
"usage": {
"prompt_tokens": 100,
"completion_tokens": 50,
"cost": 0.000075,
"cost_details": {
"upstream_inference_cost": 0.00007745,
"upstream_inference_prompt_cost": 0.00000895,
"upstream_inference_completions_cost": 0.0000685
}
}
}
```
**After this change:**
```python
result = chat.invoke("hello")
result.response_metadata["cost"] # 0.000075
result.response_metadata["cost_details"] # {...}
```
## Changes
- **`_create_chat_result`**: Surface `cost` and `cost_details` from
`token_usage` into `response_metadata` (non-streaming)
- **`_convert_chunk_to_message_chunk`**: Same for streaming
`AIMessageChunk`
- Added `PLR0912` to `noqa` comments (new branches pushed count over
threshold)
- Added two unit tests: one verifying cost fields are present when
returned, one verifying they're absent when not in usage
## Issue
N/A — discovered while integrating OpenRouter in a production pipeline.
The cost data is already returned by the API but was being silently
dropped.
## Dependencies
None.
## Twitter handle
@hamza_kyamanywa
---------
Co-authored-by: Mason Daugherty <mason@langchain.dev >
2026-03-01 18:47:19 -05:00
Kanav Bansal
21b64e56fe
docs(chroma): clarify update_documents docstring and argument behavior ( #35409 )
...
This PR updates the update_documents docstring to accurately reflect its
batch behavior and clarify the positional mapping between ids and
documents.
No breaking changes. Documentation-only update.
2026-03-01 12:21:29 -05:00
John Kennedy
6335968237
fix(deepseek): use proper URL parsing for azure endpoint detection ( #35455 )
...
## Summary
- Fixes [CodeQL alert
#43 ](https://github.com/langchain-ai/langchain/security/code-scanning/43 )
(CWE-20: incomplete URL substring sanitization)
- Replaces `"azure.com" in url` substring check with `urlparse`-based
hostname validation to prevent bypass via crafted URLs (e.g.,
`https://evil-azure.com `, `https://example.com/azure.com `)
- Adds bypass-attempt test cases to the existing Azure endpoint
detection tests
## Why
The substring check `"azure.com" in url` matches URLs where `azure.com`
appears anywhere in the string, not just in the hostname. An
attacker-controlled endpoint like `https://evil-azure.com ` or
`https://example.com/azure.com ` would incorrectly trigger the Azure code
path. Using `urlparse` to extract and validate the hostname is the
standard fix per CodeQL guidance.
## Test plan
- [x] Existing Azure endpoint detection tests pass
- [x] New negative test cases for bypass attempts pass
- [x] `uv run pytest tests/unit_tests/test_chat_models.py -k azure` —
6/6 passing
> [!NOTE]
> This PR was authored with assistance from an AI agent (Claude Code).
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-01 12:14:48 -05:00
dependabot[bot]
dac22ced14
chore: bump langgraph-checkpoint from 3.0.0 to 4.0.0 in /libs/partners/huggingface ( #35447 )
...
Bumps [langgraph-checkpoint](https://github.com/langchain-ai/langgraph )
from 3.0.0 to 4.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langgraph/releases ">langgraph-checkpoint's
releases</a>.</em></p>
<blockquote>
<h2>langgraph-checkpoint==4.0.0</h2>
<p>Changes since checkpoint==3.0.1</p>
<ul>
<li>fix: flip default on base cache (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6677 ">#6677</a>)</li>
<li>fix(checkpoint): InMemorySaver context managers should return self
in… (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6529 ">#6529</a>)</li>
<li>fix: docstring for serializer protocol (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6525 ">#6525</a>)</li>
<li>chore: clean up some refs (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6487 ">#6487</a>)</li>
<li>chore: add <code>pyproject.toml</code> links (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6364 ">#6364</a>)</li>
</ul>
<h2>langgraph-checkpoint-postgres==3.0.4</h2>
<p>Changes since checkpointpostgres==3.0.3</p>
<ul>
<li>chore: Omit lock when using connection pool (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6734 ">#6734</a>)</li>
<li>chore(deps): upgrade dependencies with <code>uv lock
--upgrade</code> (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6671 ">#6671</a>)</li>
<li>chore: update twitter URLs (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6683 ">#6683</a>)</li>
</ul>
<h2>langgraph-checkpoint-postgres==3.0.3</h2>
<p>Changes since checkpointpostgres==3.0.2</p>
<ul>
<li>fix: flip default on base cache (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6677 ">#6677</a>)</li>
<li>docs: storage nits (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6651 ">#6651</a>)</li>
</ul>
<h2>langgraph-checkpoint-sqlite==3.0.3</h2>
<p>Changes since checkpointsqlite==3.0.2</p>
<ul>
<li>fix: aiosqlite's breaking change (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6699 ">#6699</a>)</li>
<li>chore(deps): upgrade dependencies with <code>uv lock
--upgrade</code> (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6671 ">#6671</a>)</li>
<li>chore: update twitter URLs (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6683 ">#6683</a>)</li>
</ul>
<h2>langgraph-checkpoint-postgres==3.0.2</h2>
<p>Changes since checkpointpostgres==3.0.1</p>
<ul>
<li>release(checkpoint-postgres): 3.0.1 (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6568 ">#6568</a>)</li>
<li>chore: pgqs (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6567 ">#6567</a>)</li>
<li>fix(checkpoint-postgres): ensure vector extension is created only if
not exists (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6154 ">#6154</a>)</li>
<li>fix(checkpoint-postgres): Replace f-string SQL formatting with
parameterized queries in migration statements (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6328 ">#6328</a>)</li>
<li>chore: add <code>pyproject.toml</code> links (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6364 ">#6364</a>)</li>
<li>docs: add license files for checkpoint-sqlite and
checkpoint-postgres (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6392 ">#6392</a>)</li>
</ul>
<h2>langgraph-checkpoint-sqlite==3.0.2</h2>
<p>Changes since checkpointsqlite==3.0.1</p>
<ul>
<li>fix: flip default on base cache (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6677 ">#6677</a>)</li>
<li>docs: storage nits (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6651 ">#6651</a>)</li>
</ul>
<h2>checkpoint==3.0.1</h2>
<p>Changes since checkpoint==3.0.0</p>
<ul>
<li>chore: update ormsgpack minbound and add OPT_REPLACE_SURROGATES (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6395 ">#6395</a>)</li>
<li>fix(checkpoint): update checkpoint interface specification in README
(<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6386 ">#6386</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f91d79d0c8https://redirect.github.com/langchain-ai/langgraph/issues/6677 ">#6677</a>)</li>
<li><a
href="cb2faa7ddahttps://redirect.github.com/langchain-ai/langgraph/issues/6509 ">#6509</a>)</li>
<li><a
href="a5827c5c61https://redirect.github.com/langchain-ai/langgraph/issues/6676 ">#6676</a>)</li>
<li><a
href="5212369bd0https://redirect.github.com/langchain-ai/langgraph/issues/6674 ">#6674</a>)</li>
<li><a
href="7045a23148https://redirect.github.com/langchain-ai/langgraph/issues/6668 ">#6668</a>)</li>
<li><a
href="728db10b1fhttps://redirect.github.com/langchain-ai/langgraph/issues/6669 ">#6669</a>)</li>
<li><a
href="454af21896https://redirect.github.com/langchain-ai/langgraph/issues/6662 ">#6662</a>)</li>
<li><a
href="b4630d8452https://redirect.github.com/langchain-ai/langgraph/issues/6488 ">#6488</a>)</li>
<li><a
href="311465bbf7https://redirect.github.com/langchain-ai/langgraph/issues/6665 ">#6665</a>)</li>
<li><a
href="8ccead9560https://redirect.github.com/langchain-ai/langgraph/issues/6653 ">#6653</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langgraph/compare/checkpoint==3.0.0...checkpoint==4.0.0 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Mason Daugherty <mason@langchain.dev >
2026-03-01 11:37:09 -05:00
langchain-model-profile-bot[bot]
e9794cca81
chore(model-profiles): refresh model profile data ( #35477 )
...
Automated refresh of model profile data for all in-monorepo partner
integrations via `langchain-profiles refresh`.
🤖 Generated by the `refresh_model_profiles` workflow.
Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com >
2026-03-01 11:29:37 -05:00
John Kennedy
e939c96792
fix: compaction typo ( #35467 )
...
_This PR applies 2/2 suggestions from code quality [AI
findings](https://github.com/langchain-ai/langchain/security/quality/ai-findings )._
---------
Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
2026-02-27 19:30:37 +00:00
ccurme
c600b932a6
fix(openai): add test for CSV and accommodate breaking changes in file url inputs ( #35454 )
2026-02-26 13:50:39 -05:00
dependabot[bot]
4f1d2d0500
chore: bump langgraph-checkpoint from 3.0.0 to 4.0.0 in /libs/partners/openai ( #35448 )
2026-02-26 13:43:54 -05:00
dependabot[bot]
b5f71cd690
chore: bump langgraph-checkpoint from 3.0.1 to 4.0.0 in /libs/partners/anthropic ( #35450 )
...
Bumps [langgraph-checkpoint](https://github.com/langchain-ai/langgraph )
from 3.0.1 to 4.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langgraph/releases ">langgraph-checkpoint's
releases</a>.</em></p>
<blockquote>
<h2>langgraph-checkpoint==4.0.0</h2>
<p>Changes since checkpoint==3.0.1</p>
<ul>
<li>fix: flip default on base cache (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6677 ">#6677</a>)</li>
<li>fix(checkpoint): InMemorySaver context managers should return self
in… (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6529 ">#6529</a>)</li>
<li>fix: docstring for serializer protocol (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6525 ">#6525</a>)</li>
<li>chore: clean up some refs (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6487 ">#6487</a>)</li>
<li>chore: add <code>pyproject.toml</code> links (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6364 ">#6364</a>)</li>
</ul>
<h2>langgraph-checkpoint-postgres==3.0.4</h2>
<p>Changes since checkpointpostgres==3.0.3</p>
<ul>
<li>chore: Omit lock when using connection pool (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6734 ">#6734</a>)</li>
<li>chore(deps): upgrade dependencies with <code>uv lock
--upgrade</code> (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6671 ">#6671</a>)</li>
<li>chore: update twitter URLs (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6683 ">#6683</a>)</li>
</ul>
<h2>langgraph-checkpoint-postgres==3.0.3</h2>
<p>Changes since checkpointpostgres==3.0.2</p>
<ul>
<li>fix: flip default on base cache (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6677 ">#6677</a>)</li>
<li>docs: storage nits (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6651 ">#6651</a>)</li>
</ul>
<h2>langgraph-checkpoint-sqlite==3.0.3</h2>
<p>Changes since checkpointsqlite==3.0.2</p>
<ul>
<li>fix: aiosqlite's breaking change (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6699 ">#6699</a>)</li>
<li>chore(deps): upgrade dependencies with <code>uv lock
--upgrade</code> (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6671 ">#6671</a>)</li>
<li>chore: update twitter URLs (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6683 ">#6683</a>)</li>
</ul>
<h2>langgraph-checkpoint-postgres==3.0.2</h2>
<p>Changes since checkpointpostgres==3.0.1</p>
<ul>
<li>release(checkpoint-postgres): 3.0.1 (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6568 ">#6568</a>)</li>
<li>chore: pgqs (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6567 ">#6567</a>)</li>
<li>fix(checkpoint-postgres): ensure vector extension is created only if
not exists (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6154 ">#6154</a>)</li>
<li>fix(checkpoint-postgres): Replace f-string SQL formatting with
parameterized queries in migration statements (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6328 ">#6328</a>)</li>
<li>chore: add <code>pyproject.toml</code> links (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6364 ">#6364</a>)</li>
<li>docs: add license files for checkpoint-sqlite and
checkpoint-postgres (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6392 ">#6392</a>)</li>
</ul>
<h2>langgraph-checkpoint-sqlite==3.0.2</h2>
<p>Changes since checkpointsqlite==3.0.1</p>
<ul>
<li>fix: flip default on base cache (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6677 ">#6677</a>)</li>
<li>docs: storage nits (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6651 ">#6651</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f91d79d0c8https://redirect.github.com/langchain-ai/langgraph/issues/6677 ">#6677</a>)</li>
<li><a
href="cb2faa7ddahttps://redirect.github.com/langchain-ai/langgraph/issues/6509 ">#6509</a>)</li>
<li><a
href="a5827c5c61https://redirect.github.com/langchain-ai/langgraph/issues/6676 ">#6676</a>)</li>
<li><a
href="5212369bd0https://redirect.github.com/langchain-ai/langgraph/issues/6674 ">#6674</a>)</li>
<li><a
href="7045a23148https://redirect.github.com/langchain-ai/langgraph/issues/6668 ">#6668</a>)</li>
<li><a
href="728db10b1fhttps://redirect.github.com/langchain-ai/langgraph/issues/6669 ">#6669</a>)</li>
<li><a
href="454af21896https://redirect.github.com/langchain-ai/langgraph/issues/6662 ">#6662</a>)</li>
<li><a
href="b4630d8452https://redirect.github.com/langchain-ai/langgraph/issues/6488 ">#6488</a>)</li>
<li><a
href="311465bbf7https://redirect.github.com/langchain-ai/langgraph/issues/6665 ">#6665</a>)</li>
<li><a
href="8ccead9560https://redirect.github.com/langchain-ai/langgraph/issues/6653 ">#6653</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langgraph/compare/checkpoint==3.0.1...checkpoint==4.0.0 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-26 02:46:51 -08:00
ccurme
4ffb584ddf
release(anthropic): 1.3.4 ( #35418 )
2026-02-24 08:51:01 -05:00
ccurme
cdb9742511
fix(anthropic): filter out common OpenAI Responses block types ( #35417 )
2026-02-24 08:45:54 -05:00
ccurme
2fa460d325
fix(anthropic): update integration tests ( #35396 )
2026-02-22 09:33:21 -05:00
ccurme
00538ff5fc
revert: add ChatAnthropicBedrockWrapper ( #35371 )
2026-02-20 15:58:35 -05:00
Mason Daugherty
be1c3fcc1d
feat(openrouter): default headers ( #35369 )
2026-02-20 14:44:06 -05:00
Mason Daugherty
ca246ddef2
fix(anthropic): replace retired model IDs in tests and docstrings ( #35365 )
...
## Summary
- Replace `claude-3-5-haiku-20241022` and `claude-3-7-sonnet-20250219`
with `claude-haiku-4-5-20251001` and `claude-sonnet-4-5-20250929`
respectively
- Both models were retired by Anthropic on February 19, 2026, causing
all anthropic integration tests to fail
- Updates integration tests, a unit test, and docstring examples in
`langchain-core`
See:
https://platform.claude.com/docs/en/docs/resources/model-deprecations
2026-02-20 13:44:15 -05:00
NITIN Madan
63f3669e12
feat(anthropic): add ChatAnthropicBedrock wrapper ( #35091 )
2026-02-20 13:06:12 -05:00
Mohammad Mohtashim
03826061be
fix(deepseek): Tool Choice to required for Azure Deployment in case specific function dict is given ( #34848 )
2026-02-20 12:50:25 -05:00
Mason Daugherty
70192690b1
fix(model-profiles): sort generated profiles by model ID for stable diffs ( #35344 )
...
- Sort model profiles alphabetically by model ID (the top-level
`_PROFILES` dictionary keys, e.g. `claude-3-5-haiku-20241022`,
`gpt-4o-mini`) before writing `_profiles.py`, so that regenerating
profiles only shows actual data changes in diffs — not random reordering
from the models.dev API response order
- Regenerate all 10 partner profile files with the new sorted ordering
2026-02-19 23:11:22 -05:00
ccurme
5362bf5666
fix(anthropic): set max input tokens based on 1m context beta header ( #35341 )
2026-02-19 21:01:49 -05:00
Mason Daugherty
4af87fd025
fix(infra): fix trailing comma regex in profile generation script ( #35333 )
...
The trailing comma regex in the profile generation script consumed the
closing `}` as part of its match, preventing nested closing braces from
getting their own trailing comma. This caused `ruff format` failures on
every generated `_profiles.py` file.
Switches to a lookahead (`(?=...)`) so the closing bracket is asserted
but not consumed, allowing each nesting level to independently receive
its trailing comma.
Fixes #35332 .
2026-02-19 13:27:02 -05:00
Mattijs Ugen
5c6f8fe0a6
fix(openai): accept valid responses that are falsy at runtime ( #35307 )
2026-02-18 21:06:43 -05:00
Christian Veenhuis
b004103721
docs(perplexity): Fix docstring of output_parsers.strip_think_tags() ( #35264 )
2026-02-17 21:45:21 -05:00
Mason Daugherty
82ae4fb6fa
chore: bump model profiles ( #35294 )
2026-02-17 20:22:07 -05:00
Mike Lambert
0d13463e7f
feat(anthropic): add User-Agent header for Anthropic API calls ( #35268 )
2026-02-17 15:59:54 -05:00
ccurme
8166e0137d
chore(anthropic): add version ( #35293 )
2026-02-17 15:49:14 -05:00
ccurme
6fe7845cd1
release(openai): 1.1.10 ( #35292 )
2026-02-17 12:55:21 -05:00
ccurme
8f1bc0d3ae
feat(openai): support automatic server-side compaction ( #35212 )
2026-02-17 10:48:52 -05:00
ccurme
32c6ab3033
fix(openai): add model property ( #35284 )
2026-02-17 10:46:49 -05:00
ccurme
4150bb513f
fix(mistralai): update test ( #35270 )
2026-02-17 09:08:14 -05:00
Tune
68a14844b5
fix(nomic,openai,perplexity): update pillow version to >= 12.1.1, <13.0.0 ( #35254 )
...
Updates the minimum Pillow version to address CVE-2026-25990 (HIGH
severity out-of-bounds write vulnerability affecting versions 10.3.0
through 12.1.0).
Changes:
langchain-nomic: pillow>=10.3.0,<13.0.0 → pillow>=12.1.1,<13.0.0
langchain-openai: pillow>=10.3.0,<13.0.0 → pillow>=12.1.1,<13.0.0
langchain-perplexity: pillow>=10.3.0,<13.0.0 → pillow>=12.1.1,<13.0.0
Safety: This is a minimum version bump within the existing constraint
range (<13.0.0), so no breaking changes are introduced.
CVE Details:
CVE-2026-25990: An out-of-bounds write may be triggered when loading a
specially crafted PSD image
Affected versions: 10.3.0 to <12.1.1
Fixed in: 12.1.1
Reference: https://nvd.nist.gov/vuln/detail/CVE-2026-25990
** Claude Helped me write this nice message **
The original findings was thanks to a Trivy scan
---------
Co-authored-by: Mason Daugherty <mason@langchain.dev >
2026-02-16 23:17:32 -05:00
Mason Daugherty
df4a29b5d0
docs(openai): more nits ( #35277 )
2026-02-16 23:10:31 -05:00
weiguang li
fb0233c9b9
docs(openai): clarify reasoning config for openai-compatible endpoints ( #35202 )
2026-02-15 22:13:24 -05:00
Mohammad Mohtashim
0f5a314275
fix(openai): gpt-5.2-pro Model Profile structured_output key fixed ( #35216 )
2026-02-15 22:00:00 -05:00
Mohammad Mohtashim
99192b01da
chore(openai): extend model_token_mapping till gpt-5.2 for modelname_to_contextsize ( #35214 )
2026-02-15 21:55:58 -05:00
Ademola Balogun
cdbe6c34f9
fix(mistralai): update exception retry logic in embeddings ( #35238 )
2026-02-15 21:25:15 -05:00
yaowubarbara
c1e7cf69fb
fix(openai): enhance error message for non-OpenAI embedding providers ( #35252 )
2026-02-15 21:16:45 -05:00
ccurme
8e35924083
fix(openai): sanitize chat completions text content blocks ( #35217 )
2026-02-15 15:31:02 -05:00
nightcityblade
ecac3d891c
fix(openai): improve error message for null choices in OpenAI-compatible APIs ( #35236 )
2026-02-15 10:59:04 -05:00
Mason Daugherty
9a2a10ec21
fix(infra): create GitHub releases for partner package releases ( #35234 )
...
- GitHub releases have not been created for partner package releases
since #34784 (Jan 16). PyPI publishes were unaffected.
#34784 added `test-dependents` to the `publish` job's dependency chain.
`test-dependents` only runs for core/langchain releases, so it's skipped
for everything else. `publish` handles this with `if: ${{ !cancelled()
&& !failure() }}`, but `mark-release` (which creates the GitHub release)
doesn't have the same guard — so GitHub Actions skips it whenever
`test-dependents` is skipped.
## Missing GitHub releases
`langchain-xai==1.2.2`, `langchain-standard-tests==1.1.3`,
`langchain-groq==1.1.2`, `langchain-anthropic==1.3.2`,
`langchain-standard-tests==1.1.4`, `langchain-openai==1.1.8`,
`langchain-openai==1.1.9`, `langchain-anthropic==1.3.3`,
`langchain-openrouter==0.0.2`
2026-02-15 04:27:26 -05:00
Mason Daugherty
04ec7ff8ff
chore(openrouter): bump core ver, silence warning ( #35231 )
2026-02-15 02:42:36 -05:00
Mason Daugherty
f9fd7be695
feat(openrouter): add langchain-openrouter provider package ( #35211 )
...
Add a first-party `langchain-openrouter` partner package
(`ChatOpenRouter`) that wraps the official `openrouter` Python SDK,
providing native support for OpenRouter-specific features that
`ChatOpenAI` intentionally does not handle.
Also adds scope-clarifying docstrings to `ChatOpenAI` / `BaseChatOpenAI`
warning users away from using `base_url` overrides with third-party
providers.
---
Closes #31325
Closes #32967
Closes #32977
Closes #32981
Closes #33643
Closes #33757
Closes #34056
Closes #34797
Closes #34962
Supersedes #33902 , #34867 (thank you @elonfeng and @okamototk for your
initial work on this!)
---
Bugs with upstream sdk:
- https://github.com/OpenRouterTeam/python-sdk/issues/38
- https://github.com/OpenRouterTeam/python-sdk/issues/51
- https://github.com/OpenRouterTeam/python-sdk/issues/52
2026-02-15 02:09:13 -05:00
ccurme
8f859bd91f
release(huggingface): 1.2.1 ( #35182 )
2026-02-12 12:10:23 -05:00
Yi Liu
19ddd42891
fix(ollama): raise error when clients are not initialized ( #35185 )
...
## Summary
- When `self._client` is `None` in `_create_chat_stream()`, the method
silently produces an empty generator instead of failing.
- The error only surfaces later as a misleading `"No data received from
Ollama stream"` ValueError, making it difficult to diagnose the actual
root cause (uninitialized client).
- Changed to raise `RuntimeError` immediately with a clear message when
the sync client is not initialized.
## Why this matters
Users who hit this path see a confusing error message that points them
in the wrong direction. An explicit error at the point of failure makes
debugging straightforward.
## Test plan
- [x] Added `test_create_chat_stream_raises_when_client_none`
- [x] Existing tests still pass
> This PR was authored with the help of AI tools.
---------
Co-authored-by: Mason Daugherty <github@mdrxy.com >
2026-02-12 11:56:53 -05:00
Mohammad Mohtashim
f89e30eb13
chore(huggingface): version bump for huggingface-hub and transformers deps ( #35061 )
2026-02-11 16:34:18 -05:00
dependabot[bot]
6ac12b330a
chore: bump pillow from 11.3.0 to 12.1.1 in /libs/partners/openai ( #35177 )
...
Bumps [pillow](https://github.com/python-pillow/Pillow ) from 11.3.0 to
12.1.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/python-pillow/Pillow/releases ">pillow's
releases</a>.</em></p>
<blockquote>
<h2>12.1.1</h2>
<p><a
href="https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html ">https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html </a></p>
<h2>Dependencies</h2>
<ul>
<li>Patch libavif for svt-av1 4.0 compatibility <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9413 ">#9413</a>
[<a href="https://github.com/hugovk "><code>@hugovk</code></a>]</li>
</ul>
<h2>Other changes</h2>
<ul>
<li>Fix OOB Write with invalid tile extents <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9427 ">#9427</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
</ul>
<h2>12.1.0</h2>
<p><a
href="https://pillow.readthedocs.io/en/stable/releasenotes/12.1.0.html ">https://pillow.readthedocs.io/en/stable/releasenotes/12.1.0.html </a></p>
<h2>Deprecations</h2>
<ul>
<li>Deprecate getdata(), in favour of new get_flattened_data() <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9292 ">#9292</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
</ul>
<h2>Documentation</h2>
<ul>
<li>Specify APNG duration type when opening <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9368 ">#9368</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Added release notes for <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9350 ">#9350</a>
<a
href="https://redirect.github.com/python-pillow/Pillow/issues/9366 ">#9366</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Update ImageMorph documentation <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9349 ">#9349</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Docs: update major bump cadence <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9334 ">#9334</a>
[<a href="https://github.com/hugovk "><code>@hugovk</code></a>]</li>
<li>Add release notes for <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9070 ">#9070</a>
<a
href="https://redirect.github.com/python-pillow/Pillow/issues/9320 ">#9320</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Updated Ubuntu version <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9306 ">#9306</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Update macOS tested Pillow versions <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9265 ">#9265</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
</ul>
<h2>Dependencies</h2>
<ul>
<li>Update harfbuzz to 12.3.0 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9355 ">#9355</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Update xz to 5.8.2 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9343 ">#9343</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Updated libjpeg-turbo to 3.1.3 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9333 ">#9333</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Updated zlib-ng to 2.3.2 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9324 ">#9324</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Updated libpng to 1.6.53 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9325 ">#9325</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Update actions/checkout action to v6 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9323 ">#9323</a>
[@<a href="https://github.com/apps/renovate ">renovate[bot]</a>]</li>
<li>Update dependency mypy to v1.19.0 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9322 ">#9322</a>
[@<a href="https://github.com/apps/renovate ">renovate[bot]</a>]</li>
<li>Updated libpng to 1.6.51 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9305 ">#9305</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Updated brotli to 1.2.0 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9284 ">#9284</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Update libimagequant to 4.4.1 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9301 ">#9301</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Update zlib-ng to 2.3.1, except on manylinux2014 aarch64 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9312 ">#9312</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Updated harfbuzz to 12.2.0 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9289 ">#9289</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Update github-actions <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9277 ">#9277</a>
[@<a href="https://github.com/apps/renovate ">renovate[bot]</a>]</li>
</ul>
<h2>Testing</h2>
<ul>
<li>Replace pre-commit with prek <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9360 ">#9360</a>
[<a href="https://github.com/hugovk "><code>@hugovk</code></a>]</li>
<li>Test PyQt6 on Python 3.14 on Windows <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9353 ">#9353</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Test 32-bit Windows on Windows Server 2022 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9345 ">#9345</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Correct variable type <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9335 ">#9335</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5158d98c809000313cc5https://redirect.github.com/python-pillow/Pillow/issues/9427 ">#9427</a>)</li>
<li><a
href="cd0111849f46f45f674dc9ac097edbhttps://redirect.github.com/python-pillow/Pillow/issues/9291 ">#9291</a>)</li>
<li><a
href="3baedf2648https://redirect.github.com/python-pillow/Pillow/issues/9292 ">#9292</a>)</li>
<li><a
href="b51a036685https://redirect.github.com/python-pillow/Pillow/issues/9368 ">#9368</a>)</li>
<li><a
href="8d08e31533https://redirect.github.com/python-pillow/Pillow/issues/9348 ">#9348</a>
(<a
href="https://redirect.github.com/python-pillow/Pillow/issues/9369 ">#9369</a>)</li>
<li><a
href="432707ea81https://redirect.github.com/python-pillow/Pillow/issues/9348 ">#9348</a></li>
<li><a
href="2d589107fbhttps://github.com/python-pillow/Pillow/compare/11.3.0...12.1.1 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: ccurme <chester.curme@gmail.com >
2026-02-11 12:04:18 -08:00
dependabot[bot]
9d0bd8376c
chore: bump pillow from 11.3.0 to 12.1.1 in /libs/partners/perplexity ( #35176 )
2026-02-11 13:01:05 -05:00
