mirror of
https://github.com/hwchase17/langchain.git
synced 2026-04-03 19:04:23 +00:00
013bff0ca4dc8d65503068f162ebd931eadfa270
15579 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
dependabot[bot]
|
013bff0ca4 |
chore: bump requests from 2.32.5 to 2.33.0 in /libs/partners/ollama (#36249)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [requests](https://github.com/psf/requests) from 2.32.5 to 2.33.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.33.0</h2> <h2>2.33.0 (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at <a href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>. Give it a try, and report any gaps or feedback you may have in the issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul> <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517 build system using setuptools. (<a href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (<a href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for Python 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/M0d3v1"><code>@M0d3v1</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6865">psf/requests#6865</a></li> <li><a href="https://github.com/aminvakil"><code>@aminvakil</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7220">psf/requests#7220</a></li> <li><a href="https://github.com/E8Price"><code>@E8Price</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6960">psf/requests#6960</a></li> <li><a href="https://github.com/mitre88"><code>@mitre88</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7244">psf/requests#7244</a></li> <li><a href="https://github.com/magsen"><code>@magsen</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6553">psf/requests#6553</a></li> <li><a href="https://github.com/Rohan5commit"><code>@Rohan5commit</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7227">psf/requests#7227</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25">https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.33.0 (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at <a href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>. Give it a try, and report any gaps or feedback you may have in the issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul> <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517 build system using setuptools. (<a href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (<a href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for Python 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
a058bd9d7d |
chore: bump requests from 2.32.5 to 2.33.0 in /libs/partners/perplexity (#36246)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [requests](https://github.com/psf/requests) from 2.32.5 to 2.33.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.33.0</h2> <h2>2.33.0 (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at <a href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>. Give it a try, and report any gaps or feedback you may have in the issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul> <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517 build system using setuptools. (<a href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (<a href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for Python 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/M0d3v1"><code>@M0d3v1</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6865">psf/requests#6865</a></li> <li><a href="https://github.com/aminvakil"><code>@aminvakil</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7220">psf/requests#7220</a></li> <li><a href="https://github.com/E8Price"><code>@E8Price</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6960">psf/requests#6960</a></li> <li><a href="https://github.com/mitre88"><code>@mitre88</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7244">psf/requests#7244</a></li> <li><a href="https://github.com/magsen"><code>@magsen</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6553">psf/requests#6553</a></li> <li><a href="https://github.com/Rohan5commit"><code>@Rohan5commit</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7227">psf/requests#7227</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25">https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.33.0 (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at <a href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>. Give it a try, and report any gaps or feedback you may have in the issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul> <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517 build system using setuptools. (<a href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (<a href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for Python 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
144dd110b8 |
chore: bump requests from 2.32.5 to 2.33.0 in /libs/partners/openai (#36248)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [requests](https://github.com/psf/requests) from 2.32.5 to 2.33.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.33.0</h2> <h2>2.33.0 (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at <a href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>. Give it a try, and report any gaps or feedback you may have in the issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul> <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517 build system using setuptools. (<a href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (<a href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for Python 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/M0d3v1"><code>@M0d3v1</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6865">psf/requests#6865</a></li> <li><a href="https://github.com/aminvakil"><code>@aminvakil</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7220">psf/requests#7220</a></li> <li><a href="https://github.com/E8Price"><code>@E8Price</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6960">psf/requests#6960</a></li> <li><a href="https://github.com/mitre88"><code>@mitre88</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7244">psf/requests#7244</a></li> <li><a href="https://github.com/magsen"><code>@magsen</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6553">psf/requests#6553</a></li> <li><a href="https://github.com/Rohan5commit"><code>@Rohan5commit</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7227">psf/requests#7227</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25">https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.33.0 (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at <a href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>. Give it a try, and report any gaps or feedback you may have in the issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul> <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517 build system using setuptools. (<a href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (<a href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for Python 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
d5a0737c65 |
chore: bump requests from 2.32.5 to 2.33.0 in /libs/partners/mistralai (#36251)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [requests](https://github.com/psf/requests) from 2.32.5 to 2.33.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.33.0</h2> <h2>2.33.0 (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at <a href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>. Give it a try, and report any gaps or feedback you may have in the issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul> <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517 build system using setuptools. (<a href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (<a href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for Python 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/M0d3v1"><code>@M0d3v1</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6865">psf/requests#6865</a></li> <li><a href="https://github.com/aminvakil"><code>@aminvakil</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7220">psf/requests#7220</a></li> <li><a href="https://github.com/E8Price"><code>@E8Price</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6960">psf/requests#6960</a></li> <li><a href="https://github.com/mitre88"><code>@mitre88</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7244">psf/requests#7244</a></li> <li><a href="https://github.com/magsen"><code>@magsen</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6553">psf/requests#6553</a></li> <li><a href="https://github.com/Rohan5commit"><code>@Rohan5commit</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7227">psf/requests#7227</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25">https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.33.0 (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at <a href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>. Give it a try, and report any gaps or feedback you may have in the issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul> <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517 build system using setuptools. (<a href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (<a href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for Python 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
493937c4dd |
chore: bump requests from 2.32.5 to 2.33.0 in /libs/partners/qdrant (#36245)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [requests](https://github.com/psf/requests) from 2.32.5 to 2.33.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.33.0</h2> <h2>2.33.0 (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at <a href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>. Give it a try, and report any gaps or feedback you may have in the issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul> <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517 build system using setuptools. (<a href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (<a href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for Python 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/M0d3v1"><code>@M0d3v1</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6865">psf/requests#6865</a></li> <li><a href="https://github.com/aminvakil"><code>@aminvakil</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7220">psf/requests#7220</a></li> <li><a href="https://github.com/E8Price"><code>@E8Price</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6960">psf/requests#6960</a></li> <li><a href="https://github.com/mitre88"><code>@mitre88</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7244">psf/requests#7244</a></li> <li><a href="https://github.com/magsen"><code>@magsen</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6553">psf/requests#6553</a></li> <li><a href="https://github.com/Rohan5commit"><code>@Rohan5commit</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7227">psf/requests#7227</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25">https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.33.0 (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at <a href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>. Give it a try, and report any gaps or feedback you may have in the issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul> <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517 build system using setuptools. (<a href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (<a href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for Python 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
b051490711 |
chore: bump requests from 2.32.5 to 2.33.0 in /libs/partners/openrouter (#36247)
Bumps [requests](https://github.com/psf/requests) from 2.32.5 to 2.33.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.33.0</h2> <h2>2.33.0 (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at <a href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>. Give it a try, and report any gaps or feedback you may have in the issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul> <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517 build system using setuptools. (<a href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (<a href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for Python 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/M0d3v1"><code>@M0d3v1</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6865">psf/requests#6865</a></li> <li><a href="https://github.com/aminvakil"><code>@aminvakil</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7220">psf/requests#7220</a></li> <li><a href="https://github.com/E8Price"><code>@E8Price</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6960">psf/requests#6960</a></li> <li><a href="https://github.com/mitre88"><code>@mitre88</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7244">psf/requests#7244</a></li> <li><a href="https://github.com/magsen"><code>@magsen</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6553">psf/requests#6553</a></li> <li><a href="https://github.com/Rohan5commit"><code>@Rohan5commit</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7227">psf/requests#7227</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25">https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.33.0 (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at <a href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>. Give it a try, and report any gaps or feedback you may have in the issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul> <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517 build system using setuptools. (<a href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (<a href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for Python 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
b5f260eaa6 |
chore: bump requests from 2.32.5 to 2.33.0 in /libs/partners/nomic (#36250)
Bumps [requests](https://github.com/psf/requests) from 2.32.5 to 2.33.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.33.0</h2> <h2>2.33.0 (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at <a href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>. Give it a try, and report any gaps or feedback you may have in the issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul> <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517 build system using setuptools. (<a href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (<a href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for Python 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/M0d3v1"><code>@M0d3v1</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6865">psf/requests#6865</a></li> <li><a href="https://github.com/aminvakil"><code>@aminvakil</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7220">psf/requests#7220</a></li> <li><a href="https://github.com/E8Price"><code>@E8Price</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6960">psf/requests#6960</a></li> <li><a href="https://github.com/mitre88"><code>@mitre88</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7244">psf/requests#7244</a></li> <li><a href="https://github.com/magsen"><code>@magsen</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6553">psf/requests#6553</a></li> <li><a href="https://github.com/Rohan5commit"><code>@Rohan5commit</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7227">psf/requests#7227</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25">https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.33.0 (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at <a href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>. Give it a try, and report any gaps or feedback you may have in the issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul> <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517 build system using setuptools. (<a href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (<a href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for Python 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
a544f03955 |
chore: bump requests from 2.32.5 to 2.33.0 in /libs/partners/huggingface (#36252)
Bumps [requests](https://github.com/psf/requests) from 2.32.5 to 2.33.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.33.0</h2> <h2>2.33.0 (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at <a href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>. Give it a try, and report any gaps or feedback you may have in the issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul> <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517 build system using setuptools. (<a href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (<a href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for Python 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/M0d3v1"><code>@M0d3v1</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6865">psf/requests#6865</a></li> <li><a href="https://github.com/aminvakil"><code>@aminvakil</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7220">psf/requests#7220</a></li> <li><a href="https://github.com/E8Price"><code>@E8Price</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6960">psf/requests#6960</a></li> <li><a href="https://github.com/mitre88"><code>@mitre88</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7244">psf/requests#7244</a></li> <li><a href="https://github.com/magsen"><code>@magsen</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6553">psf/requests#6553</a></li> <li><a href="https://github.com/Rohan5commit"><code>@Rohan5commit</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7227">psf/requests#7227</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25">https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.33.0 (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at <a href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>. Give it a try, and report any gaps or feedback you may have in the issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul> <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517 build system using setuptools. (<a href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (<a href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for Python 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
7ed0eb3a17 |
chore: bump nltk from 3.9.3 to 3.9.4 in /libs/text-splitters (#36237)
Bumps [nltk](https://github.com/nltk/nltk) from 3.9.3 to 3.9.4. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nltk/nltk/blob/develop/ChangeLog">nltk's changelog</a>.</em></p> <blockquote> <p>Version 3.9.4 2026-03-24</p> <ul> <li>Support Python 3.14</li> <li>Fix bug in Levenshtein distance when substitution_cost > 2</li> <li>Fix bug in Treebank detokeniser re quote ordering</li> <li>Fix bug in Jaro similarity for empty strings</li> <li>Several security enhancements</li> <li>Fix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder</li> <li>Implement TextTiling vocabulary introduction method (Hearst 1997)</li> <li>Fix ALINE feature matrix errors and add comprehensive tests</li> <li>Support multiple VerbNet versions, fix longid/shortid regex for VerbNet ids</li> <li>Let downloader fallback to md5 when sha256 is unavailable</li> <li>Several other minor bugfixes and code cleanups</li> </ul> <p>Thanks to the following contributors to 3.9.4: Min-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01, jancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,</p> <p>Version 3.9.3 2026-02-21</p> <ul> <li>Fix CVE-2025-14009: secure ZIP extraction in nltk.downloader (<a href="https://redirect.github.com/nltk/nltk/issues/3468">#3468</a>)</li> <li>Block path traversal/arbitrary reads in nltk.data for protocol-less refs (<a href="https://redirect.github.com/nltk/nltk/issues/3467">#3467</a>)</li> <li>Block path traversal/abs paths in corpus readers and FS pointers (<a href="https://redirect.github.com/nltk/nltk/issues/3479">#3479</a>, <a href="https://redirect.github.com/nltk/nltk/issues/3480">#3480</a>)</li> <li>Validate external StanfordSegmenter JARs using SHA256 (<a href="https://redirect.github.com/nltk/nltk/issues/3477">#3477</a>)</li> <li>Add optional sandbox enforcement for filestring() (<a href="https://redirect.github.com/nltk/nltk/issues/3485">#3485</a>)</li> <li>Maintenance: downloader/zipped models, CI/tooling updates</li> </ul> <p>Thanks to the following contributors to 3.9.3: Chris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith</p> <p>Version 3.9.2 2025-10-01</p> <ul> <li>Update download checksums to use SHA256 in built index</li> <li>Fix percentage escape in new-style string formatting</li> <li>replace shortened URLs using goo.gl</li> <li>Make Wordnet interoperable with various taggers and tagged corpora</li> <li>Fix saving PerceptronTagger</li> <li>Document how to reproduce old Wordnet studies</li> <li>properly initialize Portuguese corpus reader</li> <li>support for mixed rules conversion into Chomsky Normal Form</li> <li>only import tkinter if a GUI is needed</li> <li>issue <a href="https://redirect.github.com/nltk/nltk/issues/2112">#2112</a> with Corenlp</li> <li>new environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL</li> <li>Lesk defaults to most frequent sense in case of ties</li> </ul> <p>Thanks to the following contributors to 3.9.2: Jose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu, Samer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq, Christopher Smith, Ryan Mannion</p> <p>Version 3.9.1 2024-08-19</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
Mason Daugherty
|
90d015c841 | release(openrouter): 0.2.0 (#36227) langchain-openrouter==0.2.0 | ||
|
Mason Daugherty
|
2a16ee9b73 |
feat(openrouter): add app_categories field for marketplace attribution (#36205)
Add support for the `X-OpenRouter-Categories` header via a new `app_categories` field on `ChatOpenRouter`, and extract inline client construction into a dedicated `_build_client` method. |
||
|
Mason Daugherty
|
839f1df333 | chore(openrouter): update URL/title (#36204) | ||
ccurme
|
d22df94537 | release(core): 1.2.22 (#36201) langchain-core==1.2.22 | ||
|
ccurme
|
27add91347 |
fix(core): validate paths in prompt.save and load_prompt, deprecate methods (#36200)
|
||
langchain-model-profile-bot[bot]
|
7563fceb40 |
chore(model-profiles): refresh model profile data (#36195)
Automated refresh of model profile data for all in-monorepo partner integrations via `langchain-profiles refresh`. 🤖 Generated by the `refresh_model_profiles` workflow. Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com> |
||
|
Mason Daugherty
|
3e64c255b8 |
chore: use repo permissions instead of org membership for maintainer override (#36191)
The `require_issue_link` workflow's maintainer override (reopen PR or remove `missing-issue-link` to bypass enforcement) has never worked. It calls `orgs.getMembershipForUser` to verify the sender is an org member, but `GITHUB_TOKEN` is a GitHub App installation token — not an org member — so the endpoint always returns 403. The catch block only handled 404, so the unhandled 403 crashed the entire job, blocking even the normal issue-link validation from running. ## Changes - Replace `orgs.getMembershipForUser` with `repos.getCollaboratorPermissionLevel` in `senderIsOrgMember()` — checks if the event sender (the user who reopened the PR or removed the label) has write/maintain/admin access on the repo, which works with `GITHUB_TOKEN` and is a better proxy for "maintainer" than org membership |
||
|
Mason Daugherty
|
1778b082ec |
chore(partners): bump langchain-core min to 1.2.21 (#36183)
Bump the minimum `langchain-core` dependency to `>=1.2.21` across all 14 partner packages in the monorepo. Aligns partner lower bounds with the latest core release so consumers pick up recent fixes (notably the `ModelProfile` schema drift fix from core 1.2.21). |
||
|
ccurme
|
ad574fce0d | fix(openai): bump min core version (#36180) langchain-openai==1.1.12 | ||
|
ccurme
|
19f81cf6f1 | release(core): 1.2.21 (#36179) langchain-core==1.2.21 | ||
|
ccurme
|
6d07ef28a7 | release(openai): 1.1.12 (#36178) | ||
|
Mason Daugherty
|
2f64d80cc6 |
fix(core,model-profiles): add missing ModelProfile fields, warn on schema drift (#36129)
PR #35788 added 7 new fields to the `langchain-profiles` CLI output (`name`, `status`, `release_date`, `last_updated`, `open_weights`, `attachment`, `temperature`) but didn't update `ModelProfile` in `langchain-core`. Partner packages like `langchain-aws` that set `extra="forbid"` on their Pydantic models hit `extra_forbidden` validation errors when Pydantic encountered undeclared TypedDict keys at construction time. This adds the missing fields, makes `ModelProfile` forward-compatible, provides a base-class hook so partners can stop duplicating model-profile validator boilerplate, migrates all in-repo partners to the new hook, and adds runtime + CI-time warnings for schema drift. ## Changes ### `langchain-core` - Add `__pydantic_config__ = ConfigDict(extra="allow")` to `ModelProfile` so unknown profile keys pass Pydantic validation even on models with `extra="forbid"` — forward-compatibility for when the CLI schema evolves ahead of core - Declare the 7 missing fields on `ModelProfile`: `name`, `status`, `release_date`, `last_updated`, `open_weights` (metadata) and `attachment`, `temperature` (capabilities) - Add `_warn_unknown_profile_keys()` in `model_profile.py` — emits a `UserWarning` when a profile dict contains keys not in `ModelProfile`, suggesting a core upgrade. Wrapped in a bare `except` so introspection failures never crash model construction - Add `BaseChatModel._resolve_model_profile()` hook that returns `None` by default. Partners can override this single method instead of redefining the full `_set_model_profile` validator — the base validator calls it automatically - Add `BaseChatModel._check_profile_keys` as a separate `model_validator` that calls `_warn_unknown_profile_keys`. Uses a distinct method name so partner overrides of `_set_model_profile` don't inadvertently suppress the check ### `langchain-profiles` CLI - Add `_warn_undeclared_profile_keys()` to the CLI (`cli.py`), called after merging augmentations in `refresh()` — warns at profile-generation time (not just runtime) when emitted keys aren't declared in `ModelProfile`. Gracefully skips if `langchain-core` isn't installed - Add guard test `test_model_data_to_profile_keys_subset_of_model_profile` in model-profiles — feeds a fully-populated model dict to `_model_data_to_profile()` and asserts every emitted key exists in `ModelProfile.__annotations__`. CI fails before any release if someone adds a CLI field without updating the TypedDict ### Partner packages - Migrate all 10 in-repo partners to the `_resolve_model_profile()` hook, replacing duplicated `@model_validator` / `_set_model_profile` overrides: anthropic, deepseek, fireworks, groq, huggingface, mistralai, openai (base + azure), openrouter, perplexity, xai - Anthropic retains custom logic (context-1m beta → `max_input_tokens` override); all others reduce to a one-liner - Add `pr_lint.yml` scope for the new `model-profiles` package |
||
|
Mason Daugherty
|
5ffece5c03 |
chore(core): remove stale blockbuster allowlist for deleted context module (#36168)
Closes #29530 --- Remove a stale BlockBuster allowlist entry in `conftest.py` referencing `aconfig_with_context` — the function and its containing module (`langchain_core/beta/runnables/context.py`) were deleted in `fded6c6b1` (Sep 2025, #32850). Spotted by @antonio-mello-ai in #29530. |
||
|
langchain-model-profile-bot[bot]
|
936b0a68b8 |
chore(model-profiles): refresh model profile data (#36152)
Automated refresh of model profile data for all in-monorepo partner integrations via `langchain-profiles refresh`. 🤖 Generated by the `refresh_model_profiles` workflow. Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com> |
||
|
ccurme
|
900f8a3513 | fix(openai): support phase parameter (#36161) | ||
|
Mason Daugherty
|
64a848a03b |
ci: add maintainer override to require-issue-link workflow (#36147)
Add a durable maintainer override to the "Require Issue Link" workflow. The existing maintainer-reopen path skipped enforcement once but didn't persist that decision — a subsequent PR edit could re-trigger closure. Maintainers now have two override paths (reopen the PR or remove `missing-issue-link`), both converging on `applyMaintainerBypass()` which reopens the PR, cleans up `missing-issue-link`, and applies a durable `bypass-issue-check` label so future triggers skip enforcement. ## Changes - Add `unlabeled` to `pull_request_target` trigger types and gate it on `missing-issue-link` removal + `external` label presence in the job-level `if` - Introduce `bypass-issue-check` as a new skip label alongside `trusted-contributor` — scoped per-PR (not per-author) so maintainers can override individual PRs without blanket trust - Extract three helpers in the check-link script: `ensureAndAddLabel` (idempotent label creation), `senderIsOrgMember` (org membership check), and `applyMaintainerBypass` (remove label → reopen → add bypass) - `applyMaintainerBypass` reopens the PR *before* adding the bypass label so a failed reopen (deleted branch, permissions) leaves a more actionable state; reopen failure is caught and surfaced via `core.warning` instead of crashing the step - Non-member label removal defensively re-adds `missing-issue-link` and early-returns with failure outputs (re-add failure is non-fatal so the downstream "Add label" step can retry) - Replace hardcoded `'langchain-ai'` org in `senderIsOrgMember` with `context.repo.owner` for portability - Auto-close comments now include a maintainer override hint: *"reopen this PR or remove the `missing-issue-link` label to bypass this check"* - Live-label race guard also checks for `bypass-issue-check` |
||
Jackjin
|
7d05cfb131 | fix(openai): preserve namespace field in streaming function_call chunks (#36108) | ||
|
langchain-model-profile-bot[bot]
|
74ade80d2f |
chore(model-profiles): refresh model profile data (#36123)
Automated refresh of model profile data for all in-monorepo partner integrations via `langchain-profiles refresh`. 🤖 Generated by the `refresh_model_profiles` workflow. Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com> |
||
Facundo Santiago
|
491eb9d1af |
fix(langchain,langchain-classic): update model provider classes for Azure AI Foundry (#35812)
Fixes #35811 Updates support for the "azure_ai" provider in both chat model and embeddings initialization, ensuring consistency across the codebase and removing the use of deprecated classes `AzureAIChatCompletionsModel` and `AzureAIEmbeddingsModel`. The changes primarily involve updating provider mappings and instantiation logic for Azure AI integrations. **Changes:** * Updated the chat model initialization logic in `langchain_classic` and `langchain_v1` to use `AzureAIOpenAIApiChatModel` instead of the deprecated `AzureAIChatCompletionsModel` for the "azure_ai" provider. [[1]](diffhunk://#diff-969731928b9d70dac2677539a711478df103ce70024b4c61e95bd7b584bb841dL395-R398) [[2]](diffhunk://#diff-31b725e3fe9b2f92342af5cda9bf6e61c4bc0b69efd8c25743269f45c52571b2L41-R41) * Added support for the "azure_ai" provider in embeddings initialization, mapping it to the new `AzureAIOpenAIApiEmbeddingsModel` class in both `langchain_classic` and `langchain_v1`. [[1]](diffhunk://#diff-9490c8d3daa7c5b66d10ce2961f2bc1a6a35005150125c905316adb728bf80d6R9) [[2]](diffhunk://#diff-9490c8d3daa7c5b66d10ce2961f2bc1a6a35005150125c905316adb728bf80d6R209-R212) [[3]](diffhunk://#diff-d37aa14c07863cc184800713b88a9c25fdb43efd1a4daa31df3ecabb2f70f177R16) --------- Co-authored-by: Mason Daugherty <github@mdrxy.com> Co-authored-by: Mason Daugherty <mason@langchain.dev> |
||
|
Mason Daugherty
|
349047057b |
ci: respect maintainer reopens on auto-closed PRs (#36115)
When a maintainer manually reopens a PR that was auto-closed by the `require-issue-link` workflow, skip enforcement so it stays open. Scoped to PRs carrying the `missing-issue-link` label (i.e. only those closed by this workflow). Non-org-members reopening their own PRs still go through normal enforcement. |
||
|
Mason Daugherty
|
a9d31b30f8 |
ci: skip excluded files when applying package labels in pr-labeler (#36114)
A PR that only touches `uv.lock` currently gets the label of its' dir because the file rule matches on the file prefix. This is misleading — lockfile-only changes aren't meaningful package changes. The `excludedFiles` list already existed in config (for size calculations), but file rules didn't consult it. ## Changes - Add `skipExcludedFiles` option to file rules in `pr-labeler-config.json`, enabled for the four package rules (`deepagents`, `cli`, `acp`, `evals`) so lockfile-only PRs don't trigger package labels - `matchFileLabels` in `pr-labeler.js` now filters out files whose basename appears in the top-level `excludedFiles` list (currently just `uv.lock`) before testing rules that opt in via `skipExcluded` - Non-package rules (`github_actions`, `dependencies`) are unaffected — they don't set the flag |
||
Eugene Yurtsev
|
6ca9f5619c |
chore(text-splitters): bump nltk in lock file (#36112)
bump nltk in lock file |
||
|
Mason Daugherty
|
d1e5bd6274 | release(langchain): 1.2.13 (#36111) langchain==1.2.13 | ||
|
langchain-model-profile-bot[bot]
|
063739b8e7 |
chore(model-profiles): refresh model profile data (#36099)
Automated refresh of model profile data for all in-monorepo partner integrations via `langchain-profiles refresh`. 🤖 Generated by the `refresh_model_profiles` workflow. Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com> |
||
|
Mason Daugherty
|
faadc1f3ce |
ci: suppress pytest streaming output in CI (#36092)
Reduce CI log noise by suppressing pytest's per-test dot/verbose streaming output. The `_test.yml` workflow now passes `PYTEST_EXTRA=-q` to `make test`, which overrides the default verbosity with quiet mode — failures still print in full, but the thousands of `.......` progress lines are gone. Local `make test` is unaffected since `PYTEST_EXTRA` defaults empty. ## Changes - Add `PYTEST_EXTRA ?=` variable to all 21 package Makefiles and inject it into each `test` target's pytest invocation - Pass `PYTEST_EXTRA=-q` in `_test.yml` for both the main test step and the min-version retest step |
||
|
Mason Daugherty
|
9c64cb7136 |
ci: add --frozen to uv sync/run in refresh_model_profiles (#36087)
`--no-group test --no-group dev --no-group lint` only controls which groups get *installed*; uv still resolves the full dependency graph (all groups) and tries to generate metadata for editable sources like `../langchain_v1`. In a sparse checkout these paths don't exist. `--frozen` skips re-resolution entirely and uses the existing lock, so the missing editable paths are never accessed. |
||
|
Mason Daugherty
|
f33667fef3 |
ci: skip dev/test/lint groups when installing langchain-profiles CLI (#36086)
The reusable refresh_model_profiles workflow sparse-checks out only libs/model-profiles from the langchain monorepo. `uv sync` fails because the test/dev/lint dependency groups reference sibling editable packages (../langchain_v1, ../core) that aren't present in the sparse checkout. Restrict to the default dependency group so only the runtime deps (httpx, tomli, typing-extensions) are installed — which is all the CLI needs. |
||
|
ccurme
|
c4abc91ed9 | release(core): 1.2.20 (#36085) langchain-core==1.2.20 | ||
|
ccurme
|
70c88c0e72 | fix(core): trace invocation params in metadata (#36080) | ||
Tanushree
|
2319fdc978 | feat: Add LangSmith integration metadata to create_agent and init_chat_model (#35810) | ||
|
Eugene Yurtsev
|
dd136337d7 |
feat(core): harden anti-ssrf (#35960)
harden anti-ssrf --------- Co-authored-by: Mason Daugherty <mason@langchain.dev> |
||
|
Mason Daugherty
|
cf1f510d77 |
fix(infra): resolve module crash blocking external PR enforcement (#36059)
`pr-labeler.js` used `require('@actions/core')` to access GitHub Actions
logging/failure helpers, but that module is bundled inside
`actions/github-script`'s dist — it's not resolvable via Node's
`require()` from a checked-out file on disk. Two of the three call sites
were in rarely-hit error branches, so the bug was latent. The third
(`applyTierLabel`) ran unconditionally, crashing the tier-label step on
every external PR. Because the tier step runs *before* the "add external
label" step, the crash prevented the `external` label from ever being
applied — which meant `require_issue_link.yml` never triggered and
unapproved external PRs stayed open.
## Changes
- Thread the `core` object (provided by `actions/github-script` at eval
time) through `loadAndInit()` → `init()` instead of calling
`require('@actions/core')` from the checked-out script — fixes the
`MODULE_NOT_FOUND` crash on all three call sites (`ensureLabel`,
`getContributorInfo`, `applyTierLabel`)
- Add a console-based fallback in `loadAndInit` so callers that don't
need `core.setFailed` still work without passing it
- Update all 9 `loadAndInit(github, owner, repo)` call sites across
`pr_labeler.yml`, `pr_labeler_backfill.yml`, and
`tag-external-issues.yml` to pass `core`
|
||
|
Mason Daugherty
|
54a5f83f2e |
ci(infra): drop redundant opened trigger from issue-link check (#36054)
Remove `opened` from the `require_issue_link.yml` trigger list. New PRs never have labels at creation time, so the job-level `if` (which requires the `external` label) always evaluated to skip — producing a noisy "Skipped" check on every internal PR. Enforcement chains through `pr_labeler.yml` → `labeled` event, making `opened` a no-op. ## Changes - Drop `opened` from `pull_request_target.types` in `require_issue_link.yml` — only `edited`, `reopened`, and `labeled` remain - Update header comment to document why `opened` is intentionally excluded |
||
|
Mason Daugherty
|
a81203bf6a |
ci: decouple codspeed from ci gate (#36051)
CodSpeed benchmarks shared the main CI workflow's concurrency group, which has `cancel-in-progress: true`. On push-to-master (post-merge), back-to-back merges would cancel in-flight CodSpeed jobs — failing the `ci_success` gate and marking the merge commit red, even though the PR passed all checks before merging. The cancelled jobs also meant baseline benchmark data was never uploaded, silently breaking CodSpeed's regression detection for subsequent PRs. ## Changes - Extract CodSpeed into a standalone `codspeed.yml` workflow with its own concurrency group — push-to-master runs use `github.sha` as the group key (unique per commit, never cancelled), while PR runs continue to cancel stale runs via `github.ref` - Remove the `codspeed` job, its output, and its `ci_success` gate dependency from `check_diffs.yml` — benchmark results are informational and shouldn't block merges ## Review - The new workflow duplicates the `build` (change detection) job from `check_diffs.yml` since it can't reference jobs across workflows. This means an extra `check_diff.py` run per trigger, but it's lightweight (~2s) and the tradeoff is worth the isolation. |
||
|
Mason Daugherty
|
67f5e317d3 | chore(text-splitters): speed up ci (#36050) | ||
|
Mason Daugherty
|
b7e0b41d3a |
ci: use codspeed walltime mode for slow partners (#36049)
Speed up CodSpeed benchmarks for partners with heavy SDK inits by
switching them to walltime mode. `fireworks` takes ~328s and `openai` ~6
min under CPU simulation (Valgrind-based) — walltime is noisier but more
than adequate for detecting init-time regressions on these packages.
## Changes
- Add `CODSPEED_WALLTIME_DIRS` set in `_get_configs_for_single_dir` that
routes `libs/core`, `libs/partners/fireworks`, and
`libs/partners/openai` to walltime mode; all other partners default to
`simulation`
- Emit a `codspeed-mode` field in the CodSpeed matrix config and consume
it as `${{ matrix.job-configs.codspeed-mode }}` in the workflow,
replacing the inline ternary
|
||
|
Mason Daugherty
|
2476f558ad |
ci: replace deprecated codspeed instrumentation mode with simulation (#36047)
- Replace deprecated `instrumentation` runner mode with `simulation` in CodSpeed benchmarks (purely a rename, identical behavior) - Scope partner benchmarks to `tests/unit_tests/ -m benchmark` instead of `tests/` — avoids collecting ~80-90 non-benchmark tests per partner just to deselect them - Integration benchmark (`test_stream_time`) is always skipped anyway (no VCR cassettes in CI), so no loss from excluding `integration_tests/` Resolves: `Warning: The 'instrumentation' runner mode is deprecated and will be removed in a future version. Please use 'simulation' instead.` |
||
|
Mason Daugherty
|
07fa576de1 |
ci: avoid unnecessary dep installs in lint targets (#36046)
CI lint jobs use `uv run --all-groups` for all tools, but ruff doesn't need dependency resolution — only mypy does. By splitting into `UV_RUN_LINT` (ruff) and `UV_RUN_TYPE` (mypy), the CI-facing targets run ruff with `--group lint` only, giving fast-fail feedback before mypy triggers the full environment sync. For packages where source code only conditionally imports heavy deps (text-splitters, huggingface), `lint_package` also overrides `UV_RUN_TYPE` to `--group lint --group typing`, skipping the ~3.5GB `test_integration` download entirely. `lint_tests` keeps `--all-groups` since test code legitimately imports those deps. Additionally, `lint_imports.sh` was inconsistently wired — most packages had the script but weren't calling it. ## Changes **Makefile optimization** - Introduce `UV_RUN_LINT` and `UV_RUN_TYPE` Make variables, both defaulting to `uv run --all-groups`. For `lint_package` and `lint_tests`, `UV_RUN_LINT` is overridden to `uv run --group lint` so ruff runs instantly without syncing heavy deps - For `text-splitters` and `huggingface`, override `UV_RUN_TYPE` on `lint_package` to `uv run --group lint --group typing` — mypy runs without downloading torch, CUDA, spacy, etc. **mypy config for lean groups** - Add `transformers` and `transformers.*` to `ignore_missing_imports` in `text-splitters` pyproject.toml (conditional `try/except` import, same treatment as existing `konlpy`/`nltk` entries) - Add `torch`, `torch.*`, `langchain_community`, `langchain_community.*` to `ignore_missing_imports` in `huggingface` pyproject.toml - Add dual `# type: ignore[unreachable, unused-ignore]` in `text-splitters/base.py` to handle the `PreTrainedTokenizerBase` isinstance check that behaves differently depending on whether transformers is installed **lint_imports.sh consistency** - Add `./scripts/lint_imports.sh` to the lint recipe in every package that wasn't calling it (standard-tests, model-profiles, all 15 partners), and create the script for the two packages missing it entirely (`model-profiles`, `openrouter`) - Update all `lint_imports.sh` scripts to allow `from langchain.agents` and `from langchain.tools` imports (legitimate v1 middleware dependencies used by `langchain-anthropic` and `langchain-openai`) |
||
|
Mason Daugherty
|
58f3d1a633 |
ci: consolidate PR labeling into unified workflows (#36042)
Consolidate four separate PR labeling workflows (`pr_labeler_file.yml`, `pr_labeler_title.yml`, `pr_size_labeler.yml`, and the PR-handling half of `tag-external-contributions.yml`) into a single `pr_labeler.yml` workflow. The old workflows raced against each other — concurrent label mutations could drop or duplicate labels depending on execution order. A unified workflow with concurrency grouping eliminates that class of bug. |
||
|
langchain-model-profile-bot[bot]
|
9a17602633 |
chore(model-profiles): refresh model profile data (#36039)
Automated refresh of model profile data for all in-monorepo partner integrations via `langchain-profiles refresh`. 🤖 Generated by the `refresh_model_profiles` workflow. Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com> |
||
|
Mason Daugherty
|
6965c87a68 |
ci(model-profiles): extract reusable workflow for cross-repo profile refresh (#36038)
Extract the model profile refresh logic into a reusable `workflow_call`
workflow so external repos like `langchain-google` and `langchain-aws`
can run the same daily profile refresh and get auto-PRs without
duplicating the pipeline. The in-monorepo caller becomes a thin wrapper
passing provider JSON.
## Changes
- Add `_refresh_model_profiles.yml` as a reusable `workflow_call`
workflow — accepts a `providers` JSON array of `{provider, data_dir}`
pairs, optional `cli-path` (skips cloning the CLI repo when the caller
already has it), and configurable PR metadata inputs
- External callers get the `langchain-profiles` CLI via sparse checkout
of `langchain-ai/langchain` at a configurable `cli-ref`; the in-monorepo
caller short-circuits with `cli-path: libs/model-profiles`
- Add input validation step using `jq` — rejects non-array JSON and
entries missing `provider`/`data_dir` keys with `::error::` annotations
- Replace the piped `while read` loop with `mapfile`/`for` +
per-provider error handling: one provider failure no longer kills the
rest, and all failures are collected and reported at the end
- Route all `${{ inputs.* }}` expressions through `env:` bindings in
`run:` blocks to prevent script injection from caller-controlled values
- Validate `cli-path` existence before use, with a clear error if the
directory is missing
- Summary step now runs with `if: always()` and handles
failure/success/no-op states separately
- Refactor `refresh_model_profiles.yml` into a thin caller that passes
the 10 in-monorepo providers as JSON
|