Nick Hollon
14b1a243e5
release(langchain): 1.3.3 ( #37843 )
2026-06-02 14:17:53 -04:00
Nick Hollon
eb1f731aee
chore(langchain): bump langgraph to 1.2.4 ( #37857 )
2026-06-02 13:36:35 -04:00
Nick Hollon
dfca7f4424
feat(langchain): project subagent runs onto typed run.subagents channel ( #37739 )
2026-06-01 16:28:09 -04:00
Sydney Runkle
7bb4130c7d
chore(langchain): bump to 1.3.2, require langgraph>=1.2.2 ( #37703 )
...
- Bumps `langchain` to **1.3.2** (patch)
- Raises minimum `langgraph` requirement from `>=1.2.1` to `>=1.2.2`
langgraph 1.2.2 fixes a race condition where DeltaChannel checkpoint
writes
could serialize `BaseMessage` objects with `id=None` before
`apply_writes()`
ran the reducer, causing the same message to appear with a different ID
on
every `get_state()` call and across resumed invocations
(langchain-ai/langgraph#7913 ).
The lockfile will be updated once langgraph 1.2.2 is published to PyPI
(langchain-ai/langgraph#7914 ).
2026-05-26 14:16:06 -04:00
Nick Hollon
d08245f70d
feat(langchain): redact streamed PII in flight on PIIMiddleware ( #37616 )
...
`PIIMiddleware` previously scrubbed detected PII only at the state level
via its `after_model` / `before_model` hooks. Consumers reading the live
stream — `astream_events(version="v3")` or `run.messages` /
`run.tool_calls` / `run.values` — saw the raw model text, the raw
tool-call args, the raw tool outputs, and the raw state snapshots until
the run finished and the canonical conversation history was written.
This change registers a stream transformer ahead of
`MessagesTransformer` that redacts every wire surface of an agent run.
The transformer holds a sliding lookback buffer (default 128 characters)
per `(run_id, content-block index)` so PII patterns that straddle delta
boundaries are caught before the safe prefix is released downstream.
Anything older than the lookback is run through the configured detector
and emitted; the trailing tail stays buffered until a later delta
extends it past the cap or the block finishes. `_finalize_block` always
re-runs detection over the full block snapshot so the finalized content
lands fully redacted even when the in-flight buffer never released a
tail (short responses, or PII arriving in the final delta).
The `block` strategy is now supported on the streaming path via a
buffering mode that withholds every delta until the block resolves —
clean blocks release the full text at finalize, PII-bearing blocks zero
the wire and let `after_model` / `apply_to_tool_results` raise
`PIIDetectionError` on the original state message. Activation is gated
on `apply_to_output=True`, matching the existing post-hoc semantics. The
middleware's transformer factory is cloned by `StreamMux._make_child`
into every subgraph scope, so attaching `PIIMiddleware` at the outer
agent also redacts streamed deltas from sub-agents invoked inside tools.
## Tool-call and tools-channel coverage
The transformer covers every wire surface of an agent run, not just AI
message text:
- **Streamed AI text deltas** (`content-block-delta` of type
`text-delta`) — lookback machinery, redacted in place.
- **Streamed tool-call args** (`content-block-delta` with
`tool_call_chunk` / `server_tool_call_chunk` fields) — each delta
carries the full cumulative args string; detection runs on the field
directly and redacts in place. Verified empirically against
`_compat_bridge.py` and the consumer-side
`_merge_block_delta_into_store` snapshot-replace semantics.
- **Finalized tool-call blocks** (`content-block-finish` with
`tool_call` / `server_tool_call` / `invalid_tool_call`) — `args` dict
walked recursively and each string leaf redacted.
- **Tool execution events on the `tools` channel** —
`tool-started.input`, `tool-output-delta`, `tool-finished.output`,
`tool-error.message` all run through detection. String deltas use the
same lookback machinery as text-deltas keyed by `tool_call_id`;
structured payloads walk recursively.
- **State snapshots on the `values` channel** — message lists are walked
and each message's `.content` is redacted on a fresh copy. Graph state
itself stays intact for the state-level enforcer
(`apply_to_tool_results` via `before_model`) to act on independently.
- **Legacy `(BaseMessage, metadata)` payloads** on the `messages`
channel (Python 3.10 path, where `langgraph`'s `ASYNCIO_ACCEPTS_CONTEXT
= sys.version_info >= (3, 11)` falls back to a code path that doesn't
propagate the streaming callback into the chat model) — `.content` and
`AIMessage.tool_calls[*].args` are scrubbed. For `block`, the event's
`data` tuple is replaced with an empty-content copy so the original
message stays in state for `after_model` to raise on.
## Worth a careful look
- `_PIIStreamTransformer._mutate_text_delta` — lookback partition.
Anything older than `lookback` characters is released after redaction;
the tail stays buffered. Bulletproof against whitespace-permissive
detectors (notably `credit_card`, whose regex matches across spaces).
- `_PIIStreamTransformer._mutate_tool_call_chunk_delta` — direct
in-place redaction of the cumulative args string. No buffer; the wire
shape is cumulative-snapshot, the consumer-side merge is
replace-not-append.
- `_PIIStreamTransformer._mutate_legacy_payload` — the dual path:
mutate-in-place for non-`block` (idempotent with `after_model`),
replace-with-empty-copy for `block` (keeps original in graph state for
`after_model` to raise on).
- `_PIIStreamTransformer._redact_value` — the recursive walker.
`BaseMessage` branch returns a fresh `.content`-redacted copy via
`model_copy(update=...)` — never mutates in place — so tool-output
payloads that wrap a `ToolMessage` and message lists in state snapshots
flow through cleanly.
- The new `transformers` attribute on `PIIMiddleware`: this is what
makes `create_agent` pick the factory up. Multiple `PIIMiddleware`
instances each register one transformer; ordering is preserved within
the `before_builtins` lane.
## Compatibility
Bumps `langgraph` to `>=1.2.1` for the `before_builtins` opt-in on
`StreamTransformer`.
2026-05-22 17:27:02 -04:00
Mason Daugherty
ebc1880444
release(standard-tests): 1.1.9 ( #37609 )
2026-05-21 13:22:16 -05:00
dependabot[bot]
32556a0611
chore: bump idna from 3.11 to 3.15 in /libs/langchain_v1 ( #37534 )
...
Bumps [idna](https://github.com/kjd/idna ) from 3.11 to 3.15.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/kjd/idna/blob/master/HISTORY.md ">idna's
changelog</a>.</em></p>
<blockquote>
<h2>3.15 (2026-05-12)</h2>
<ul>
<li>Enforce DNS-length cap on individual labels early in
<code>check_label</code>,
short-circuiting contextual-rule processing for oversized input
while staying compatible with UTS 46 usage.</li>
<li>Tidy core helpers: hoist bidi category sets to module-level
frozensets (avoiding per-codepoint list construction), simplify
length checks, and reuse the shared <code>_unicode_dots_re</code> from
<code>idna.core</code> in the codec module.</li>
<li>Use <code>raise ... from err</code> for proper exception chaining
and
switch internal string formatting to f-strings.</li>
<li>Allow <code>flit_core</code> 4.x in the build backend.</li>
<li>Expand the ruff lint set (flake8-bugbear, flake8-simplify,
pyupgrade, perflint) and apply the surfaced fixes; pin lint CI
to Python 3.14.</li>
<li>Add Dependabot configuration for GitHub Actions.</li>
<li>Convert README and HISTORY from reStructuredText to Markdown.</li>
<li>Reference CVE-2026-45409 for the 3.14 advisory in place of the
initial GHSA identifier.</li>
</ul>
<p>Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for
contributions to this release.</p>
<h2>3.14 (2026-05-10)</h2>
<ul>
<li>Removed opportunity to process long inputs into quadratic
time by rejecting oversize inputs up-front. Closes a bypass
of the CVE-2024-3651 mitigation. [CVE-2026-45409]</li>
</ul>
<p>Thanks to Stan Ulbrych for reporting the issue.</p>
<h2>3.13 (2026-04-22)</h2>
<ul>
<li>Correct classification error for codepoint U+A7F1</li>
</ul>
<h2>3.12 (2026-04-21)</h2>
<ul>
<li>Update to Unicode 17.0.0.</li>
<li>Issue a deprecation warning for the transitional argument.</li>
<li>Added lazy-loading to provide some performance improvements.</li>
<li>Removed vestiges of code related to Python 2 support, including
segmentation of data structures specific to Jython.</li>
</ul>
<p>Thanks to Rodrigo Nogueira for contributions to this release.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="af30a092e130314d462805d4b219aahttps://redirect.github.com/kjd/idna/issues/237 ">#237</a> from
kjd/convert-docs-to-markdown</li>
<li><a
href="2987fdba1959fa8002d5https://redirect.github.com/kjd/idna/issues/236 ">#236</a> from
kjd/dependabot/github_actions/actions-f3e34333ea</li>
<li><a
href="def69834cebbd8004a79https://redirect.github.com/kjd/idna/issues/234 ">#234</a> from
StanFromIreland/patch-1</li>
<li><a
href="edd07c05025557db030cf11746cf49https://redirect.github.com/kjd/idna/issues/235 ">#235</a> from
StanFromIreland/patch-2</li>
<li>Additional commits viewable in <a
href="https://github.com/kjd/idna/compare/v3.11...v3.15 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-19 14:34:25 -05:00
Mason Daugherty
c7daed8c0f
hotfix: bump lockfiles ( #37508 )
2026-05-18 16:18:26 -05:00
dependabot[bot]
f61841bd0c
chore: bump langsmith from 0.7.31 to 0.8.0 in /libs/langchain_v1 ( #37391 )
...
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk ) from
0.7.31 to 0.8.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases ">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.8.0</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(js,py): JS 0.6.0, Py 0.8.0 by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2831 ">langchain-ai/langsmith-sdk#2831</a></li>
<li>release(js): 0.6.0 by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2832 ">langchain-ai/langsmith-sdk#2832</a></li>
<li>release(py): 0.8.0 by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2833 ">langchain-ai/langsmith-sdk#2833</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.38...v0.8.0 ">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.38...v0.8.0 </a></p>
<h2>v0.7.38</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(js): add tracing of opencode by <a
href="https://github.com/dqbd "><code>@dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2776 ">langchain-ai/langsmith-sdk#2776</a></li>
<li>chore(js): Remove types/uuid by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2814 ">langchain-ai/langsmith-sdk#2814</a></li>
<li>docs(sandbox): document default idle TTL of 10 minutes by <a
href="https://github.com/DanielKneipp "><code>@DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2788 ">langchain-ai/langsmith-sdk#2788</a></li>
<li>ci(py): Bump pytest timeout to 2m by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2815 ">langchain-ai/langsmith-sdk#2815</a></li>
<li>chore(deps-dev): bump the js-minor-and-patch group across 1
directory with 4 updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2803 ">langchain-ai/langsmith-sdk#2803</a></li>
<li>chore(deps): update sphinx-autobuild requirement from >=2024 to
>=2024.10.3 in /python by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2809 ">langchain-ai/langsmith-sdk#2809</a></li>
<li>chore(deps): update myst-nb requirement from >=1.1.1 to
>=1.4.0 in /python by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2810 ">langchain-ai/langsmith-sdk#2810</a></li>
<li>chore(deps-dev): bump types-pyyaml from 6.0.12.20250915 to
6.0.12.20260408 in /python by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2812 ">langchain-ai/langsmith-sdk#2812</a></li>
<li>chore(deps-dev): bump <code>@langchain/openai</code> from 0.5.18 to
0.6.17 in /js by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2806 ">langchain-ai/langsmith-sdk#2806</a></li>
<li>chore(deps): bump the py-minor-and-patch group across 1 directory
with 18 updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2808 ">langchain-ai/langsmith-sdk#2808</a></li>
<li>feat(py): Adds strands OTEL exporter by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2817 ">langchain-ai/langsmith-sdk#2817</a></li>
<li>chore(js): Switch to oxfmt and oxlint by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2819 ">langchain-ai/langsmith-sdk#2819</a></li>
<li>fix(py): fix RunTree ValidationError when inputs or outputs is a
Pydantic BaseModel by <a
href="https://github.com/QuentinBrosse "><code>@QuentinBrosse</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2820 ">langchain-ai/langsmith-sdk#2820</a></li>
<li>chore: add apac support by <a
href="https://github.com/joaquin-borggio-lc "><code>@joaquin-borggio-lc</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2821 ">langchain-ai/langsmith-sdk#2821</a></li>
<li>fix(js): Pull Claude Agent SDK subagent runs from transcript, add
tool span for subagents, merge message blocks by id by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2816 ">langchain-ai/langsmith-sdk#2816</a></li>
<li>release(js): 0.5.26 by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2824 ">langchain-ai/langsmith-sdk#2824</a></li>
<li>release(py): 0.7.38 by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2825 ">langchain-ai/langsmith-sdk#2825</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.37...v0.7.38 ">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.37...v0.7.38 </a></p>
<h2>v0.7.37</h2>
<h2>What's Changed</h2>
<ul>
<li>perf(js): Offload serialize to worker thread at flush time by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2781 ">langchain-ai/langsmith-sdk#2781</a></li>
<li>release(js): 0.5.24 by <a
href="https://github.com/emil-lc "><code>@emil-lc</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2790 ">langchain-ai/langsmith-sdk#2790</a></li>
<li>chore(js): Fix perf test flagging by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2792 ">langchain-ai/langsmith-sdk#2792</a></li>
<li>feat(js,python): Adds hub model config and provider to schemas by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2793 ">langchain-ai/langsmith-sdk#2793</a></li>
<li>fix(js): minor test improvements by <a
href="https://github.com/christian-bromann "><code>@christian-bromann</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2429 ">langchain-ai/langsmith-sdk#2429</a></li>
<li>fix(js): Include auth headers on info requests by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2800 ">langchain-ai/langsmith-sdk#2800</a></li>
<li>release(js): 0.5.25 by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2801 ">langchain-ai/langsmith-sdk#2801</a></li>
<li>fix(python): flush both tracing_queue and compressed_traces in
flush() by <a
href="https://github.com/angus-langchain "><code>@angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2796 ">langchain-ai/langsmith-sdk#2796</a></li>
<li>chore(deps): bump postcss from 8.5.8 to 8.5.10 in
/js/internal/environment_tests/test-exports-vite in the npm_and_yarn
group across 1 directory by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2791 ">langchain-ai/langsmith-sdk#2791</a></li>
<li>chore(deps-dev): bump google-adk from 1.10.0 to 1.28.1 in /python by
<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2794 ">langchain-ai/langsmith-sdk#2794</a></li>
<li>fix(python): flush pending traces during Client.cleanup() by <a
href="https://github.com/angus-langchain "><code>@angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2799 ">langchain-ai/langsmith-sdk#2799</a></li>
<li>fix(py): Fix concurrency for multiple Claude Agent SDK sessions by
<a href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in
<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2795 ">langchain-ai/langsmith-sdk#2795</a></li>
<li>release(py): 0.7.37 by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2802 ">langchain-ai/langsmith-sdk#2802</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.36...v0.7.37 ">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.36...v0.7.37 </a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cf01c873d5https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2833 ">#2833</a>)</li>
<li><a
href="fd049c8464https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2832 ">#2832</a>)</li>
<li><a
href="092a8866c4https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2831 ">#2831</a>)</li>
<li><a
href="ff180c0423https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2825 ">#2825</a>)</li>
<li><a
href="d9de3ca801https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2824 ">#2824</a>)</li>
<li><a
href="1428394831838e957d80https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2821 ">#2821</a>)</li>
<li><a
href="003f22a7688f5ef27c2dhttps://redirect.github.com/langchain-ai/langsmith-sdk/issues/2819 ">#2819</a>)</li>
<li><a
href="9873633c9fhttps://redirect.github.com/langchain-ai/langsmith-sdk/issues/2817 ">#2817</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.31...v0.8.0 ">compare
view</a></li>
</ul>
</details>
<br />
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-15 17:22:51 -07:00
ccurme
b6b769baf6
release(langchain): 1.3.1 ( #37454 )
2026-05-15 14:12:59 -04:00
ccurme
21d77d6698
release(langchain): 1.3.0 ( #37361 )
2026-05-12 10:28:19 -04:00
Nick Hollon
da380bccf8
chore(infra): merge v1.4 into master ( #37350 )
2026-05-11 11:39:25 -07:00
dependabot[bot]
6e49b519ea
chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/langchain_v1 ( #37328 )
...
Bumps [urllib3](https://github.com/urllib3/urllib3 ) from 2.6.3 to 2.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/releases ">urllib3's
releases</a>.</em></p>
<blockquote>
<h2>2.7.0</h2>
<h2>🚀 urllib3 is fundraising for HTTP/2 support</h2>
<p><a
href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support ">urllib3
is raising ~$40,000 USD</a> to release HTTP/2 support and ensure
long-term sustainable maintenance of the project after a sharp decline
in financial support. If your company or organization uses Python and
would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and
thousands of other projects <a
href="https://opencollective.com/urllib3 ">please consider contributing
financially</a> to ensure HTTP/2 support is developed sustainably and
maintained for the long-haul.</p>
<p>Thank you for your support.</p>
<h2>Security</h2>
<p>Addressed high-severity security issues. Impact was limited to
specific use cases detailed in the accompanying advisories; overall user
exposure was estimated to be marginal.</p>
<ul>
<li>
<p>Decompression-bomb safeguards of the streaming API were bypassed:</p>
<ol>
<li>When <code>HTTPResponse.drain_conn()</code> was called after the
response had been read and decompressed partially. (Reported by <a
href="https://github.com/Cycloctane "><code>@Cycloctane</code></a>)</li>
<li>During the second <code>HTTPResponse.read(amt=N)</code> or
<code>HTTPResponse.stream(amt=N)</code> call when the response was
decompressed using the official <a
href="https://pypi.org/project/brotli/ ">Brotli</a> library. (Reported by
<a
href="https://github.com/kimkou2024 "><code>@kimkou2024</code></a>)</li>
</ol>
<p>See GHSA-mf9v-mfxr-j63j for details.</p>
</li>
<li>
<p>HTTP pools created using
<code>ProxyManager.connection_from_url</code> did not strip sensitive
headers specified in <code>Retry.remove_headers_on_redirect</code> when
redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by <a
href="https://github.com/christos-spearbit "><code>@christos-spearbit</code></a>)</p>
</li>
</ul>
<h2>Deprecations and Removals</h2>
<ul>
<li>Used <code>FutureWarning</code> instead of
<code>DeprecationWarning</code> for better visibility of existing
deprecation notices. Rescheduled the removal of deprecated features to
version 3.0. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3763 ">urllib3/urllib3#3763</a>)</li>
<li>Removed support for end-of-life Python 3.9. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3720 ">urllib3/urllib3#3720</a>)</li>
<li>Removed support for end-of-life PyPy3.10. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4979 ">urllib3/urllib3#4979</a>)</li>
<li>Bumped the minimum supported pyOpenSSL version to 19.0.0. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3777 ">urllib3/urllib3#3777</a>)</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>Fixed a bug where <code>HTTPResponse.read(amt=None)</code> was
ignoring decompressed data buffered from previous partial reads. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3636 ">urllib3/urllib3#3636</a>)</li>
<li>Fixed a bug where <code>HTTPResponse.read()</code> could cache only
part of the response after a partial read when
<code>cache_content=True</code>. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4967 ">urllib3/urllib3#4967</a>)</li>
<li>Fixed <code>HTTPResponse.stream()</code> and
<code>HTTPResponse.read_chunked()</code> to handle <code>amt=0</code>.
(<a
href="https://redirect.github.com/urllib3/urllib3/issues/3793 ">urllib3/urllib3#3793</a>)</li>
<li>Updated <code>_TYPE_BODY</code> type alias to include missing
<code>Iterable[str]</code>, matching the documented and runtime behavior
of chunked request bodies. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3798 ">urllib3/urllib3#3798</a>)</li>
<li>Fixed <code>LocationParseError</code> when paths resembling
schemeless URIs were passed to
<code>HTTPConnectionPool.urlopen()</code>. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3352 ">urllib3/urllib3#3352</a>)</li>
<li>Fixed <code>BaseHTTPResponse.readinto()</code> type annotation to
accept <code>memoryview</code> in addition to <code>bytearray</code>,
matching the <code>io.RawIOBase.readinto</code> contract and enabling
use with <code>io.BufferedReader</code> without type errors. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3764 ">urllib3/urllib3#3764</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst ">urllib3's
changelog</a>.</em></p>
<blockquote>
<h1>2.7.0 (2026-05-07)</h1>
<h2>Security</h2>
<p>Addressed high-severity security issues.
Impact was limited to specific use cases detailed in the accompanying
advisories; overall user exposure was estimated to be marginal.</p>
<ul>
<li>
<p>Decompression-bomb safeguards of the streaming API were bypassed:</p>
<ol>
<li>When <code>HTTPResponse.drain_conn()</code> was called after the
response had been
read and decompressed partially.</li>
<li>During the second <code>HTTPResponse.read(amt=N)</code> or
<code>HTTPResponse.stream(amt=N)</code> call when the response was
decompressed
using the official <code>Brotli
<https://pypi.org/project/brotli/> ;</code>__ library.</li>
</ol>
<p>See <code>GHSA-mf9v-mfxr-j63j
<https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j> ;</code>__
for details.</p>
</li>
<li>
<p>HTTP pools created using
<code>ProxyManager.connection_from_url</code> did not strip
sensitive headers specified in
<code>Retry.remove_headers_on_redirect</code> when
redirecting to a different host.
(<code>GHSA-qccp-gfcp-xxvc
<https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc> ;</code>__)</p>
</li>
</ul>
<h2>Deprecations and Removals</h2>
<ul>
<li>Used <code>FutureWarning</code> instead of
<code>DeprecationWarning</code> for better
visibility of existing deprecation notices. Rescheduled the removal of
deprecated features to version 3.0.
(<code>[#3763 ](https://github.com/urllib3/urllib3/issues/3763 )
<https://github.com/urllib3/urllib3/issues/3763> ;</code>__)</li>
<li>Removed support for end-of-life Python 3.9.
(<code>[#3720 ](https://github.com/urllib3/urllib3/issues/3720 )
<https://github.com/urllib3/urllib3/issues/3720> ;</code>__)</li>
<li>Removed support for end-of-life PyPy3.10.
(<code>[#4979 ](https://github.com/urllib3/urllib3/issues/4979 )
<https://github.com/urllib3/urllib3/issues/4979> ;</code>__)</li>
<li>Bumped the minimum supported pyOpenSSL version to 19.0.0.
(<code>[#3777 ](https://github.com/urllib3/urllib3/issues/3777 )
<https://github.com/urllib3/urllib3/issues/3777> ;</code>__)</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>Fixed a bug where <code>HTTPResponse.read(amt=None)</code> was
ignoring decompressed
data buffered from previous partial reads.
(<code>[#3636 ](https://github.com/urllib3/urllib3/issues/3636 )
<https://github.com/urllib3/urllib3/issues/3636> ;</code>__)</li>
<li>Fixed a bug where <code>HTTPResponse.read()</code> could cache only
part of the
response after a partial read when <code>cache_content=True</code>.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9a950b92d95ec0de499b2bdcc44d1ef45b0df09dhttps://redirect.github.com/urllib3/urllib3/issues/4970 ">#4970</a>)</li>
<li><a
href="577193ca02https://redirect.github.com/urllib3/urllib3/issues/4984 ">#4984</a>)</li>
<li><a
href="e90af45bb0https://redirect.github.com/urllib3/urllib3/issues/4974 ">#4974</a>)</li>
<li><a
href="67ed74fdaehttps://redirect.github.com/urllib3/urllib3/issues/4972 ">#4972</a>)</li>
<li><a
href="3abd481097https://redirect.github.com/urllib3/urllib3/issues/4978 ">#4978</a>)</li>
<li><a
href="2b8725dfcahttps://redirect.github.com/urllib3/urllib3/issues/4979 ">#4979</a>)</li>
<li><a
href="2944b2a0a6https://redirect.github.com/urllib3/urllib3/issues/4973 ">#4973</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-11 11:18:16 -07:00
ccurme
4c593b35fb
release(langchain): 1.2.18 ( #37250 )
2026-05-08 09:57:27 -04:00
Eugene Yurtsev
cccefce0b1
chore(langchain-classic): deprecate hub, limit loads/dumps ( #37234 )
...
deprecate hub classic and hub runnable. This code path isn't expected to
be active for most users (it's dependent on having a very old version of
the langsmith sdk). harden usage of loads/dumps.
2026-05-07 10:37:33 -04:00
Mason Daugherty
255f227541
chore(langchain,langchain-classic): uncomment optional deps ( #37163 )
...
Re-enable the `[community]`, `[azure-ai]`, and `[cohere]` extras on
`langchain-classic`, and the `[cohere]` extra on `langchain` (v1). These
had been commented out as a temporary workaround during the `langchain`
-> `langchain-classic` rename so the renamed package could ship before
downstream partners were re-released against it. Now that
`langchain-community` 0.4.1, `langchain-cohere` 0.5.1, and
`langchain-azure-ai` 1.2.3 are published with the correct dependency
targets, the extras can be restored.
2026-05-03 11:19:55 -04:00
Mason Daugherty
cc5a5371a9
release(fireworks): 1.2.1 ( #37113 )
2026-04-30 17:49:16 -04:00
Sydney Runkle
90b0047270
release(langchain): 1.2.16 ( #37085 )
2026-04-29 17:00:34 -04:00
Mason Daugherty
dfb8a6184c
release(anthropic): 1.4.2 ( #37061 )
2026-04-28 16:47:29 -04:00
Sydney Runkle
3b945d02d9
perf(langchain): stop inlining agent state into tool-dispatch Sends ( #36960 )
...
## Summary
Stop inlining the full agent state into every tool-dispatch `Send` in
`create_agent`. Dispatch with the bare list form `Send("tools",
[tool_call])` and let `ToolNode` hydrate `ToolRuntime.state` from graph
channels at tool-execution time.
**Depends on**
[langchain-ai/langgraph#7594 ](https://github.com/langchain-ai/langgraph/pull/7594 )
which teaches `ToolNode` to read channel state via `CONFIG_KEY_READ`
when given a bare tool-call list. `uv.lock` pins that branch for CI
while the langgraph PR is in flight — this pin will be reverted to a
published `langgraph` version before merge.
## What was happening
Before this change, every pending tool call produced a `Send` whose
payload was:
```python
ToolCallWithContext(
__type="tool_call_with_context",
tool_call=tool_call,
state=state, # ← the FULL agent state dict, including messages list
)
```
For any agent that runs many turns, `state["messages"]` grows linearly
with the conversation. Every super-step that dispatches tools serializes
that whole list into every `Send`, and those Sends live forever in the
checkpointer's `__pregel_tasks` writes. The result is **O(N²)
`__pregel_tasks` storage** across a run.
## What changed
- `libs/langchain_v1/langchain/agents/factory.py`:
- `_make_model_to_tools_edge` now returns `Send("tools", [tool_call])` —
no inlined state.
- Drops the `ToolCallWithContext` import.
- `libs/langchain_v1/pyproject.toml` + `libs/langchain_v1/uv.lock`:
- Temporary `[tool.uv.sources]` pin on `langgraph`,
`langgraph-prebuilt`, `langgraph-checkpoint` to the companion PR branch
so CI exercises both changes end-to-end. Revert after langgraph release.
## Why it's safe
- Same snapshot semantics as before. `Send` is emitted at the end of the
model super-step and consumed at the start of the tools super-step;
channels by that point reflect every write from the model super-step
(including the new AIMessage). Parallel tool tasks all see the same
values since sibling writes don't land until end-of-super-step.
- Legacy `ToolCallWithContext` input path is preserved in `ToolNode` —
no-op for any external caller still constructing it by hand.
## Test plan
- [x] `tests/unit_tests/agents/` — **738 passed, 2 skipped, 1 xfailed**
- [x] `ruff check .` / `ruff format .` — clean
- [x] `mypy langchain/agents/factory.py` — clean
- [x] Before/after benchmark (below)
## Benchmark
Script runs `create_agent` with a mock `GenericFakeChatModel` and two
tools (`write_file`, `edit_file`). Each of the N turns dispatches 2 tool
calls. After the run, the `InMemorySaver` is inspected for bytes stored
under `__pregel_tasks` — the channel that carries the tool-dispatch
`Send` payloads.
| N | TASKS before | TASKS after | ratio |
|---:|---:|---:|---:|
| 5 | 87.6 KB | **4.7 KB** | **18.6× smaller** |
| 10 | 335 KB | **9.4 KB** | **35.7× smaller** |
| 25 | 2.05 MB | **23.7 KB** | **86.5× smaller** |
| 50 | 8.14 MB | **47.6 KB** | **171× smaller** |
| 100 | 32.5 MB | **95.3 KB** | **341× smaller** |
| 200 | 130 MB | **192 KB** | **677× smaller** |
| 500 | 815 MB | **482 KB** | **1,691× smaller** |
**Growth shape:**
- **Before:** per-Send bytes scale with current `messages` length (full
state is inlined), so total TASKS across N turns = Σ(2 × k) for k=1..N ≈
O(N²).
- **After:** per-Send bytes are constant — just the `tool_call` dict.
Total TASKS is O(#dispatches), completely independent of conversation
length. In this bench with ~2 dispatches/turn: **940–964 bytes per turn
across N=5..500, essentially flat.**
An agent that makes 100 tool calls in a single turn pays the same TASKS
cost as one that makes 100 across 50 turns — which is the semantically
correct behavior.
Note: the `messages` channel is unchanged by this PR — it's still the
dominant storage term (growing O(N²) via `add_messages`). TASKS was a
second, compounding cost sitting on top of it; at N=100 it added 40% on
top of `messages`, at N=500 it added 67%. After the fix, TASKS is a
rounding error regardless of N.
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-04-27 13:32:28 -04:00
Mason Daugherty
a70e7ab80e
release(openai): 1.2.1 ( #36995 )
2026-04-24 15:04:36 -04:00
Nick Hollon
9ce72eba9f
feat(core): add content-block-centric streaming (v2) ( #36834 )
2026-04-24 11:36:17 -04:00
Mason Daugherty
7b09eb7bda
fix(fireworks): honor max_retries ( #36973 )
...
`ChatFireworks.max_retries` silently did nothing. The old code assigned
the value to a `ChatCompletionV2` sub-object rather than the base
client, and the pinned Fireworks SDK (0.13.0–0.19.20) never honors its
own `_max_retries` attribute on the base client either. Since the
Stainless-generated 1.x SDK that does implement retries is still
pre-release (1.0.1a63 at time of writing), retry responsibility is
ported to the LangChain side until the pin can be bumped.
2026-04-23 16:40:54 -04:00
Mason Daugherty
bb77a4229f
release(openai): 1.2.0 ( #36961 )
2026-04-22 20:34:21 -04:00
Jacob Lee
ee95ad6907
feat(langchain): ls_agent_type tag on create_agent calls ( #36774 )
2026-04-17 15:39:22 -07:00
Eugene Yurtsev
c87cd04927
release(core): release 1.3.0 ( #36851 )
...
xRelease 1.3.0
2026-04-17 14:42:01 +00:00
dependabot[bot]
937b3eb382
chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/langchain_v1 ( #36800 )
...
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk ) from
0.6.3 to 0.7.31.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases ">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.7.31</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(deps-dev): bump langchain-core from 1.2.23 to 1.2.28 in
/python by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2692 ">langchain-ai/langsmith-sdk#2692</a></li>
<li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.82.0 to
0.84.0 in /js by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2684 ">langchain-ai/langsmith-sdk#2684</a></li>
<li>chore(deps): bump cryptography from 46.0.6 to 46.0.7 in /python by
<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2693 ">langchain-ai/langsmith-sdk#2693</a></li>
<li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.84.0 to
0.85.0 in /js by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2700 ">langchain-ai/langsmith-sdk#2700</a></li>
<li>feat(py): Tag OpenAI Agent Python SDK runs with ls_agent_type by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2699 ">langchain-ai/langsmith-sdk#2699</a></li>
<li>feat(js): Adds ls_agent_type metadata to AI SDK runs by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2701 ">langchain-ai/langsmith-sdk#2701</a></li>
<li>chore(deps-dev): bump types-tqdm from 4.67.3.20260303 to
4.67.3.20260408 in /python by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2710 ">langchain-ai/langsmith-sdk#2710</a></li>
<li>chore(deps): bump pnpm/action-setup from 5 to 6 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2705 ">langchain-ai/langsmith-sdk#2705</a></li>
<li>chore(deps): bump the py-minor-and-patch group across 1 directory
with 10 updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2711 ">langchain-ai/langsmith-sdk#2711</a></li>
<li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.85.0 to
0.86.0 in /js by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2702 ">langchain-ai/langsmith-sdk#2702</a></li>
<li>chore(deps): bump actions/github-script from 8 to 9 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2706 ">langchain-ai/langsmith-sdk#2706</a></li>
<li>chore(deps-dev): bump the js-minor-and-patch group across 1
directory with 7 updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2712 ">langchain-ai/langsmith-sdk#2712</a></li>
<li>chore(deps-dev): bump types-psutil from 7.2.2.20260130 to
7.2.2.20260408 in /python by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2709 ">langchain-ai/langsmith-sdk#2709</a></li>
<li>chore(deps-dev): bump rich from 14.3.3 to 15.0.0 in /python by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2708 ">langchain-ai/langsmith-sdk#2708</a></li>
<li>feat: Filter kwargs from new token events by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2714 ">langchain-ai/langsmith-sdk#2714</a></li>
<li>release(py): 0.7.31 by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2716 ">langchain-ai/langsmith-sdk#2716</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31 ">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31 </a></p>
<h2>v0.7.30</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(python): add service feature to sandbox by <a
href="https://github.com/DanielKneipp "><code>@DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2665 ">langchain-ai/langsmith-sdk#2665</a></li>
<li>fix(js): Fix prototype pollution bug in anonymizers by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2690 ">langchain-ai/langsmith-sdk#2690</a></li>
<li>release(js): 0.5.18 by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2691 ">langchain-ai/langsmith-sdk#2691</a></li>
<li>chore(js/sandbox): suppress warning log by <a
href="https://github.com/hntrl "><code>@hntrl</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2694 ">langchain-ai/langsmith-sdk#2694</a></li>
<li>feat(js): Add metadata to Claude Agent SDK JS tracing by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2695 ">langchain-ai/langsmith-sdk#2695</a></li>
<li>fix(py): Fix run tree memory leak by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2696 ">langchain-ai/langsmith-sdk#2696</a></li>
<li>release(py): 0.7.30 by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2698 ">langchain-ai/langsmith-sdk#2698</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30 ">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30 </a></p>
<h2>v0.7.29</h2>
<h2>What's Changed</h2>
<ul>
<li>release(js): 0.5.17 by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2681 ">langchain-ai/langsmith-sdk#2681</a></li>
<li>feat(py): Fix race condition around Claude Agent SDK instrumentation
by <a href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2685 ">langchain-ai/langsmith-sdk#2685</a></li>
<li>release(py): 0.7.29 by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2686 ">langchain-ai/langsmith-sdk#2686</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29 ">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29 </a></p>
<h2>v0.7.28</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(py): Support subagent tracing in Claude Agents SDK, fix usage
and duplicate messages by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2670 ">langchain-ai/langsmith-sdk#2670</a></li>
<li>chore(deps-dev): bump the py-minor-and-patch group across 1
directory with 11 updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2677 ">langchain-ai/langsmith-sdk#2677</a></li>
<li>chore(deps-dev): bump the js-minor-and-patch group across 1
directory with 8 updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2667 ">langchain-ai/langsmith-sdk#2667</a></li>
<li>chore(deps): bump pnpm/action-setup from 4 to 5 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2658 ">langchain-ai/langsmith-sdk#2658</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/langchain-ai/langsmith-sdk/commits/v0.7.31 ">compare
view</a></li>
</ul>
</details>
<br />
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-15 23:09:48 -06:00
Mason Daugherty
7e81d09f2a
chore(deps): bump pytest to 9.0.3 ( #36801 )
...
CVE-2025-71176 (medium severity)
All are dev-only (test dependency group) — no impact on published
packages.
### Why syrupy was also bumped
syrupy 4.x (`<5.0.0`) constrains pytest to `<9.0.0`, blocking the CVE
fix. Widening to `<6.0.0` allows syrupy 5.x which supports pytest 9.x.
2026-04-15 21:46:40 -06:00
dependabot[bot]
af681ae90f
chore: bump pytest from 9.0.2 to 9.0.3 in /libs/langchain_v1 ( #36717 )
...
Bumps [pytest](https://github.com/pytest-dev/pytest ) from 9.0.2 to
9.0.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pytest-dev/pytest/releases ">pytest's
releases</a>.</em></p>
<blockquote>
<h2>9.0.3</h2>
<h1>pytest 9.0.3 (2026-04-07)</h1>
<h2>Bug fixes</h2>
<ul>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/12444 ">#12444</a>:
Fixed <code>pytest.approx</code> which now correctly takes into account
<code>~collections.abc.Mapping</code> keys order to compare them.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13634 ">#13634</a>:
Blocking a <code>conftest.py</code> file using the <code>-p no:</code>
option is now explicitly disallowed.</p>
<p>Previously this resulted in an internal assertion failure during
plugin loading.</p>
<p>Pytest now raises a clear <code>UsageError</code> explaining that
conftest files are not plugins and cannot be disabled via
<code>-p</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13734 ">#13734</a>:
Fixed crash when a test raises an exceptiongroup with
<code>__tracebackhide__ = True</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14195 ">#14195</a>:
Fixed an issue where non-string messages passed to <!-- raw HTML omitted
-->unittest.TestCase.subTest()<!-- raw HTML omitted --> were not
printed.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14343 ">#14343</a>:
Fixed use of insecure temporary directory (CVE-2025-71176).</p>
</li>
</ul>
<h2>Improved documentation</h2>
<ul>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13388 ">#13388</a>:
Clarified documentation for <code>-p</code> vs
<code>PYTEST_PLUGINS</code> plugin loading and fixed an incorrect
<code>-p</code> example.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13731 ">#13731</a>:
Clarified that capture fixtures (e.g. <code>capsys</code> and
<code>capfd</code>) take precedence over the <code>-s</code> /
<code>--capture=no</code> command-line options in <code>Accessing
captured output from a test function
<accessing-captured-output></code>.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14088 ">#14088</a>:
Clarified that the default <code>pytest_collection</code> hook sets
<code>session.items</code> before it calls
<code>pytest_collection_finish</code>, not after.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14255 ">#14255</a>:
TOML integer log levels must be quoted: Updating reference
documentation.</li>
</ul>
<h2>Contributor-facing changes</h2>
<ul>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/12689 ">#12689</a>:
The test reports are now published to Codecov from GitHub Actions.
The test statistics is visible <a
href="https://app.codecov.io/gh/pytest-dev/pytest/tests ">on the web
interface</a>.</p>
<p>-- by <code>aleguy02</code></p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a7d58d7a21089d98199chttps://redirect.github.com/pytest-dev/pytest/issues/14366 ">#14366</a>
from bluetech/revert-14193-backport</li>
<li><a
href="8127eaf4abhttps://redirect.github.com/pytest-dev/pytest/issues/14050 ">#14050</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14193 ">#14193</a>)"</li>
<li><a
href="99a7e6029ehttps://redirect.github.com/pytest-dev/pytest/issues/14363 ">#14363</a>
from pytest-dev/patchback/backports/9.0.x/95d8423bd...</li>
<li><a
href="ddee02a578https://redirect.github.com/pytest-dev/pytest/issues/14343 ">#14343</a>
from bluetech/cve-2025-71176-simple</li>
<li><a
href="74eac6916fhttps://redirect.github.com/pytest-dev/pytest/issues/14298 ">#14298</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14301 ">#14301</a>)</li>
<li><a
href="f92dee777chttps://redirect.github.com/pytest-dev/pytest/issues/14267 ">#14267</a>
from pytest-dev/patchback/backports/9.0.x/d6fa26c62...</li>
<li><a
href="7ee58acc87https://redirect.github.com/pytest-dev/pytest/issues/12378 ">#12378</a>
from Pierre-Sassoulas/fix-implicit-str-concat-and-d...</li>
<li><a
href="37da870d37https://redirect.github.com/pytest-dev/pytest/issues/14259 ">#14259</a>
from mitre88/patch-4 (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14268 ">#14268</a>)</li>
<li><a
href="c34bfa3b7ahttps://redirect.github.com/pytest-dev/pytest/issues/14257 ">#14257</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14266 ">#14266</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-14 10:20:16 -07:00
dependabot[bot]
a5173bfbec
chore: bump pillow from 12.1.1 to 12.2.0 in /libs/langchain_v1 ( #36710 )
...
Bumps [pillow](https://github.com/python-pillow/Pillow ) from 12.1.1 to
12.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/python-pillow/Pillow/releases ">pillow's
releases</a>.</em></p>
<blockquote>
<h2>12.2.0</h2>
<p><a
href="https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html ">https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html </a></p>
<h2>Documentation</h2>
<ul>
<li>Update 12.2.0 release notes <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9522 ">#9522</a>
[<a href="https://github.com/hugovk "><code>@hugovk</code></a>]</li>
<li>Add loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats
via Netpbm <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9482 ">#9482</a>
[<a href="https://github.com/bitplane "><code>@bitplane</code></a>]</li>
<li>Update Python versions <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9515 ">#9515</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Jeffrey A. Clark -> Jeffrey 'Alex' Clark <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9513 ">#9513</a>
[<a
href="https://github.com/aclark4life "><code>@aclark4life</code></a>]</li>
<li>Add release notes for <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9394 ">#9394</a>,
<a
href="https://redirect.github.com/python-pillow/Pillow/issues/9419 ">#9419</a>
and <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9456 ">#9456</a>
<a
href="https://redirect.github.com/python-pillow/Pillow/issues/9467 ">#9467</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Add Amiga Workbench .info loader to 3rd party plugins list <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9459 ">#9459</a>
[<a href="https://github.com/bitplane "><code>@bitplane</code></a>]</li>
<li>Merge PFM documentation into PPM <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9434 ">#9434</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Update macOS tested Pillow versions <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9431 ">#9431</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Fix CVE number <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9430 ">#9430</a>
[<a href="https://github.com/hugovk "><code>@hugovk</code></a>]</li>
</ul>
<h2>Dependencies</h2>
<ul>
<li>Update xz to 5.8.3 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9523 ">#9523</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Update libjpeg-turbo to 3.1.4.1 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9507 ">#9507</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Update libpng to 1.6.56 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9499 ">#9499</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Update freetype to 2.14.3 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9485 ">#9485</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Updated libavif to 1.4.1 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9479 ">#9479</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Updated harfbuzz to 13.2.1 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9461 ">#9461</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Update Ghostscript to 10.7.0 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9469 ">#9469</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Update harfbuzz to 13.0.1 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9453 ">#9453</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Update libavif to 1.4.0 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9460 ">#9460</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Update freetype to 2.14.2 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9449 ">#9449</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Update actions/download-artifact action to v8 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9451 ">#9451</a>
[@<a href="https://github.com/apps/renovate ">renovate[bot]</a>]</li>
<li>Updated libpng to 1.6.55 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9425 ">#9425</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
</ul>
<h2>Testing</h2>
<ul>
<li>Cleanup .spider extension in the same test where it is added <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9517 ">#9517</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Run tests in parallel via tox for 3.5x speedup <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9516 ">#9516</a>
[<a href="https://github.com/hugovk "><code>@hugovk</code></a>]</li>
<li>Enable colour in CI logs <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9486 ">#9486</a>
[<a href="https://github.com/hugovk "><code>@hugovk</code></a>]</li>
<li>Update Ghostscript to 10.7.0 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9469 ">#9469</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Simplify TGA test code <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9477 ">#9477</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Update tests to check for ValueError when encoding an empty image <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9464 ">#9464</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Upgrade CI from <code>macos-15-intel</code> to
<code>macos-26-intel</code> <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9454 ">#9454</a>
[<a href="https://github.com/hugovk "><code>@hugovk</code></a>]</li>
<li>Add check-case-conflict hook <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9446 ">#9446</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Specify platform when pulling docker image <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9440 ">#9440</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>GHA: Cache libavif and webp builds for Ubuntu <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9437 ">#9437</a>
[<a href="https://github.com/hugovk "><code>@hugovk</code></a>]</li>
<li>Update macOS tested Pillow versions <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9431 ">#9431</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
</ul>
<h2>Other changes</h2>
<ul>
<li>Check calloc return value <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9527 ">#9527</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Check all allocs in the Arrow tree <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9488 ">#9488</a>
[<a
href="https://github.com/wiredfool "><code>@wiredfool</code></a>]</li>
<li>Reject non-numeric elements inside list coords <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9526 ">#9526</a>
[<a href="https://github.com/hugovk "><code>@hugovk</code></a>]</li>
<li>Move variable declaration inside define <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9525 ">#9525</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3c41c09506cdaa29eb52https://redirect.github.com/python-pillow/Pillow/issues/9527 ">#9527</a>)</li>
<li><a
href="585b2f5a78ecf011ea15https://redirect.github.com/python-pillow/Pillow/issues/9488 ">#9488</a>)</li>
<li><a
href="cf6de8ca9bhttps://redirect.github.com/python-pillow/Pillow/issues/9526 ">#9526</a>)</li>
<li><a
href="ffdcede651https://redirect.github.com/python-pillow/Pillow/issues/9522 ">#9522</a>)</li>
<li><a
href="7929d7760fhttps://redirect.github.com/python-pillow/Pillow/issues/149 ">#149</a>)</li>
<li><a
href="c4f7aa5dfb22cdb5f2e4https://redirect.github.com/python-pillow/Pillow/issues/9525 ">#9525</a>)</li>
<li><a
href="fc15b3b018https://redirect.github.com/python-pillow/Pillow/issues/9524 ">#9524</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/python-pillow/Pillow/compare/12.1.1...12.2.0 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-14 10:19:32 -07:00
Eugene Yurtsev
f0c5a28fa0
perf(langchain): add benchmark command ( #36641 )
...
add benchmark in Makefile
2026-04-09 16:05:17 -04:00
dependabot[bot]
690c6ca2ce
chore: bump cryptography from 46.0.6 to 46.0.7 in /libs/langchain_v1 ( #36619 )
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 46.0.6
to 46.0.7.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst ">cryptography's
changelog</a>.</em></p>
<blockquote>
<p>46.0.7 - 2026-04-07</p>
<pre><code>
* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could
be
passed to APIs that accept Python buffers, which could lead to buffer
overflow. **CVE-2026-39892**
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL
3.5.6.
<p>.. _v46-0-6:<br />
</code></pre></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="622d672e42https://redirect.github.com/pyca/cryptography/issues/14602 ">#14602</a>)</li>
<li>See full diff in <a
href="https://github.com/pyca/cryptography/compare/46.0.6...46.0.7 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-09 00:47:49 -04:00
Mason Daugherty
0a1d290ac2
release(core): 1.2.26 ( #36511 )
2026-04-03 19:27:36 -04:00
Sydney Runkle
dd637313c9
release: langchain v1.2.15 ( #36496 )
2026-04-03 10:22:54 -04:00
dependabot[bot]
23cdbb026f
chore: bump aiohttp from 3.13.3 to 3.13.4 in /libs/langchain_v1 ( #36438 )
...
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-02 10:23:05 -04:00
Eugene Yurtsev
90087ce6bf
release(langchain): 1.2.14 ( #36396 )
...
Release 1.2.14
2026-03-31 09:47:35 -04:00
John Kennedy
0f4f3f74c8
chore: pygments>=2.20.0 across all packages (CVE-2026-4539) ( #36385 )
...
## Summary
Bumps `pygments` to `>=2.20.0` across all 21 affected packages to
address [CVE-2026-4539](https://github.com/advisories/GHSA-XXXX ) — ReDoS
via inefficient GUID regex in Pygments.
- **Severity:** Low
- **Fixed in:** 2.20.0 (was 2.19.2)
- **Change:** Added `pygments>=2.20.0` to `constraint-dependencies` in
`[tool.uv]` for each package, then ran `uv lock --upgrade-package
pygments` to regenerate lock files.
Closes Dependabot alerts #3435–#3455.
## Release Note
Patch deps
### Test Plan
- [x] CI Green 🙏
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-03-30 23:26:59 -04:00
dependabot[bot]
c0557cb8ad
chore: bump cryptography from 46.0.5 to 46.0.6 in /libs/langchain_v1 ( #36324 )
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 46.0.5
to 46.0.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst ">cryptography's
changelog</a>.</em></p>
<blockquote>
<p>46.0.6 - 2026-03-25</p>
<pre><code>
* **SECURITY ISSUE**: Fixed a bug where name constraints were not
applied
to peer names during verification when the leaf certificate contains a
wildcard DNS SAN. Ordinary X.509 topologies are not affected by this
bug,
including those used by the Web PKI. Credit to **Oleh Konko (1seal)**
for
reporting the issue. **CVE-2026-34073**
<p>.. _v46-0-5:<br />
</code></pre></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="91d728897bhttps://redirect.github.com/pyca/cryptography/issues/14542 ">#14542</a>
(<a
href="https://redirect.github.com/pyca/cryptography/issues/14543 ">#14543</a>)</li>
<li>See full diff in <a
href="https://github.com/pyca/cryptography/compare/46.0.5...46.0.6 ">compare
view</a></li>
</ul>
</details>
<br />
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-28 04:43:39 +00:00
dependabot[bot]
e4b541a3b0
chore: bump requests from 2.32.5 to 2.33.0 in /libs/langchain_v1 ( #36241 )
...
Bumps [requests](https://github.com/psf/requests ) from 2.32.5 to 2.33.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/releases ">requests's
releases</a>.</em></p>
<blockquote>
<h2>v2.33.0</h2>
<h2>2.33.0 (2026-03-25)</h2>
<p><strong>Announcements</strong></p>
<ul>
<li>📣 Requests is adding inline types. If you have a typed code base
that uses Requests, please take a look at <a
href="https://redirect.github.com/psf/requests/issues/7271 ">#7271</a>.
Give it a try, and report any gaps or feedback you may have in the
issue. 📣 </li>
</ul>
<p><strong>Security</strong></p>
<ul>
<li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now
extracts contents to a non-deterministic location to prevent malicious
file replacement. This does not affect default usage of Requests, only
applications calling the utility function directly.</li>
</ul>
<p><strong>Improvements</strong></p>
<ul>
<li>Migrated to a PEP 517 build system using setuptools. (<a
href="https://redirect.github.com/psf/requests/issues/7012 ">#7012</a>)</li>
</ul>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Fixed an issue where an empty netrc entry could cause malformed
authentication to be applied to Requests on Python 3.11+. (<a
href="https://redirect.github.com/psf/requests/issues/7205 ">#7205</a>)</li>
</ul>
<p><strong>Deprecations</strong></p>
<ul>
<li>Dropped support for Python 3.9 following its end of support. (<a
href="https://redirect.github.com/psf/requests/issues/7196 ">#7196</a>)</li>
</ul>
<p><strong>Documentation</strong></p>
<ul>
<li>Various typo fixes and doc improvements.</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/M0d3v1 "><code>@M0d3v1</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/6865 ">psf/requests#6865</a></li>
<li><a href="https://github.com/aminvakil "><code>@aminvakil</code></a>
made their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/7220 ">psf/requests#7220</a></li>
<li><a href="https://github.com/E8Price "><code>@E8Price</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/6960 ">psf/requests#6960</a></li>
<li><a href="https://github.com/mitre88 "><code>@mitre88</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/7244 ">psf/requests#7244</a></li>
<li><a href="https://github.com/magsen "><code>@magsen</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/6553 ">psf/requests#6553</a></li>
<li><a
href="https://github.com/Rohan5commit "><code>@Rohan5commit</code></a>
made their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/7227 ">psf/requests#7227</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25 ">https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25 </a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/blob/main/HISTORY.md ">requests's
changelog</a>.</em></p>
<blockquote>
<h2>2.33.0 (2026-03-25)</h2>
<p><strong>Announcements</strong></p>
<ul>
<li>📣 Requests is adding inline types. If you have a typed code base
that
uses Requests, please take a look at <a
href="https://redirect.github.com/psf/requests/issues/7271 ">#7271</a>.
Give it a try, and report
any gaps or feedback you may have in the issue. 📣 </li>
</ul>
<p><strong>Security</strong></p>
<ul>
<li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now
extracts
contents to a non-deterministic location to prevent malicious file
replacement. This does not affect default usage of Requests, only
applications calling the utility function directly.</li>
</ul>
<p><strong>Improvements</strong></p>
<ul>
<li>Migrated to a PEP 517 build system using setuptools. (<a
href="https://redirect.github.com/psf/requests/issues/7012 ">#7012</a>)</li>
</ul>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Fixed an issue where an empty netrc entry could cause
malformed authentication to be applied to Requests on
Python 3.11+. (<a
href="https://redirect.github.com/psf/requests/issues/7205 ">#7205</a>)</li>
</ul>
<p><strong>Deprecations</strong></p>
<ul>
<li>Dropped support for Python 3.9 following its end of support. (<a
href="https://redirect.github.com/psf/requests/issues/7196 ">#7196</a>)</li>
</ul>
<p><strong>Documentation</strong></p>
<ul>
<li>Various typo fixes and doc improvements.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="bc04dfd6da66d21cb07b8b9bc8fc0fhttps://redirect.github.com/psf/requests/issues/7293 ">#7293</a>)</li>
<li><a
href="e331a288f3https://redirect.github.com/psf/requests/issues/7292 ">#7292</a>)</li>
<li><a
href="753fd08c5e774a0b837a9c72a41becebf71906790e4ae38f0chttps://redirect.github.com/psf/requests/issues/7244 ">#7244</a>)</li>
<li><a
href="d568f47278https://redirect.github.com/psf/requests/issues/6960 ">#6960</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/psf/requests/compare/v2.32.5...v2.33.0 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-26 22:32:58 -07:00
Mason Daugherty
1778b082ec
chore(partners): bump langchain-core min to 1.2.21 ( #36183 )
...
Bump the minimum `langchain-core` dependency to `>=1.2.21` across all 14
partner packages in the monorepo. Aligns partner lower bounds with the
latest core release so consumers pick up recent fixes (notably the
`ModelProfile` schema drift fix from core 1.2.21).
2026-03-23 19:39:35 -04:00
Mason Daugherty
d1e5bd6274
release(langchain): 1.2.13 ( #36111 )
2026-03-19 13:12:37 -04:00
dependabot[bot]
81c679e378
chore: bump pyasn1 from 0.6.2 to 0.6.3 in /libs/langchain_v1 ( #36029 )
...
Bumps [pyasn1](https://github.com/pyasn1/pyasn1 ) from 0.6.2 to 0.6.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pyasn1/pyasn1/releases ">pyasn1's
releases</a>.</em></p>
<blockquote>
<h2>Release 0.6.3</h2>
<p>It's a minor release.</p>
<ul>
<li>Added nesting depth limit to ASN.1 decoder to prevent stack overflow
from deeply nested structures (CVE-2026-30922).</li>
<li>Fixed OverflowError from oversized BER length field.</li>
<li>Fixed DeprecationWarning stacklevel for deprecated attributes.</li>
<li>Fixed asDateTime incorrect fractional seconds parsing.</li>
</ul>
<p>All changes are noted in the <a
href="https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst ">CHANGELOG</a>.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst ">pyasn1's
changelog</a>.</em></p>
<blockquote>
<h2>Revision 0.6.3, released 16-03-2026</h2>
<ul>
<li>CVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth
limit to ASN.1 decoder to prevent stack overflow from deeply
nested structures (thanks for reporting, romanticpragmatism)</li>
<li>Fixed OverflowError from oversized BER length field
[issue <a
href="https://redirect.github.com/pyasn1/pyasn1/issues/54 ">#54</a>](<a
href="https://redirect.github.com/pyasn1/pyasn1/issues/54 ">pyasn1/pyasn1#54</a>)
[pr <a
href="https://redirect.github.com/pyasn1/pyasn1/issues/100 ">#100</a>](<a
href="https://redirect.github.com/pyasn1/pyasn1/pull/100 ">pyasn1/pyasn1#100</a>)</li>
<li>Fixed DeprecationWarning stacklevel for deprecated attributes
[issue <a
href="https://redirect.github.com/pyasn1/pyasn1/issues/86 ">#86</a>](<a
href="https://redirect.github.com/pyasn1/pyasn1/issues/86 ">pyasn1/pyasn1#86</a>)
[pr <a
href="https://redirect.github.com/pyasn1/pyasn1/issues/101 ">#101</a>](<a
href="https://redirect.github.com/pyasn1/pyasn1/pull/101 ">pyasn1/pyasn1#101</a>)</li>
<li>Fixed asDateTime incorrect fractional seconds parsing
[issue <a
href="https://redirect.github.com/pyasn1/pyasn1/issues/81 ">#81</a>](<a
href="https://redirect.github.com/pyasn1/pyasn1/issues/81 ">pyasn1/pyasn1#81</a>)
[pr <a
href="https://redirect.github.com/pyasn1/pyasn1/issues/102 ">#102</a>](<a
href="https://redirect.github.com/pyasn1/pyasn1/pull/102 ">pyasn1/pyasn1#102</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="af65c3b92e5a49bd1fe95494ba43f7https://redirect.github.com/pyasn1/pyasn1/issues/102 ">#102</a>)</li>
<li><a
href="71f486e6c3https://redirect.github.com/pyasn1/pyasn1/issues/101 ">#101</a>)</li>
<li><a
href="d7cb42dcaahttps://redirect.github.com/pyasn1/pyasn1/issues/100 ">#100</a>)</li>
<li>See full diff in <a
href="https://github.com/pyasn1/pyasn1/compare/v0.6.2...v0.6.3 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-17 14:37:44 -04:00
dependabot[bot]
ceca192515
chore: bump pyjwt from 2.10.1 to 2.12.0 in /libs/langchain_v1 ( #36024 )
...
Bumps [pyjwt](https://github.com/jpadilla/pyjwt ) from 2.10.1 to 2.12.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/jpadilla/pyjwt/releases ">pyjwt's
releases</a>.</em></p>
<blockquote>
<h2>2.12.0</h2>
<h2>Security</h2>
<ul>
<li>Validate the crit (Critical) Header Parameter defined in RFC 7515
§4.1.11. by <a
href="https://github.com/dmbs335 "><code>@dmbs335</code></a> in <a
href="https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f ">GHSA-752w-5fwx-jx9f</a></li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>[pre-commit.ci] pre-commit autoupdate by <a
href="https://github.com/pre-commit-ci "><code>@pre-commit-ci</code></a>[bot]
in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1132 ">jpadilla/pyjwt#1132</a></li>
<li>chore(docs): fix docs build by <a
href="https://github.com/tamird "><code>@tamird</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1137 ">jpadilla/pyjwt#1137</a></li>
<li>Annotate PyJWKSet.keys for pyright by <a
href="https://github.com/tamird "><code>@tamird</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1134 ">jpadilla/pyjwt#1134</a></li>
<li>fix: close HTTPError to prevent ResourceWarning on Python 3.14 by <a
href="https://github.com/veeceey "><code>@veeceey</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1133 ">jpadilla/pyjwt#1133</a></li>
<li>chore: remove superfluous constants by <a
href="https://github.com/tamird "><code>@tamird</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1136 ">jpadilla/pyjwt#1136</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a
href="https://github.com/pre-commit-ci "><code>@pre-commit-ci</code></a>[bot]
in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1135 ">jpadilla/pyjwt#1135</a></li>
<li>chore(tests): enable mypy by <a
href="https://github.com/tamird "><code>@tamird</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1138 ">jpadilla/pyjwt#1138</a></li>
<li>Bump actions/download-artifact from 7 to 8 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1142 ">jpadilla/pyjwt#1142</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a
href="https://github.com/pre-commit-ci "><code>@pre-commit-ci</code></a>[bot]
in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1141 ">jpadilla/pyjwt#1141</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a
href="https://github.com/pre-commit-ci "><code>@pre-commit-ci</code></a>[bot]
in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1145 ">jpadilla/pyjwt#1145</a></li>
<li>fix: do not store reference to algorithms dict on PyJWK by <a
href="https://github.com/akx "><code>@akx</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1143 ">jpadilla/pyjwt#1143</a></li>
<li>Use PyJWK algorithm when encoding without explicit algorithm by <a
href="https://github.com/jpadilla "><code>@jpadilla</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1148 ">jpadilla/pyjwt#1148</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/tamird "><code>@tamird</code></a> made
their first contribution in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1137 ">jpadilla/pyjwt#1137</a></li>
<li><a href="https://github.com/veeceey "><code>@veeceey</code></a> made
their first contribution in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1133 ">jpadilla/pyjwt#1133</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0 ">https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0 </a></p>
<h2>2.11.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Fixed type error in comment by <a
href="https://github.com/shuhaib-aot "><code>@shuhaib-aot</code></a> in
<a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1026 ">jpadilla/pyjwt#1026</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a
href="https://github.com/pre-commit-ci "><code>@pre-commit-ci</code></a>[bot]
in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1018 ">jpadilla/pyjwt#1018</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a
href="https://github.com/pre-commit-ci "><code>@pre-commit-ci</code></a>[bot]
in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1033 ">jpadilla/pyjwt#1033</a></li>
<li>Make note of use of leeway with nbf by <a
href="https://github.com/djw8605 "><code>@djw8605</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1034 ">jpadilla/pyjwt#1034</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a
href="https://github.com/pre-commit-ci "><code>@pre-commit-ci</code></a>[bot]
in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1035 ">jpadilla/pyjwt#1035</a></li>
<li>Fixes <a
href="https://redirect.github.com/jpadilla/pyjwt/issues/964 ">#964</a>:
Validate key against allowed types for Algorithm family by <a
href="https://github.com/pachewise "><code>@pachewise</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/985 ">jpadilla/pyjwt#985</a></li>
<li>Feat <a
href="https://redirect.github.com/jpadilla/pyjwt/issues/1024 ">#1024</a>:
Add iterator for PyJWKSet by <a
href="https://github.com/pachewise "><code>@pachewise</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1041 ">jpadilla/pyjwt#1041</a></li>
<li>Fixes <a
href="https://redirect.github.com/jpadilla/pyjwt/issues/1039 ">#1039</a>:
Add iss, issuer type checks by <a
href="https://github.com/pachewise "><code>@pachewise</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1040 ">jpadilla/pyjwt#1040</a></li>
<li>Fixes <a
href="https://redirect.github.com/jpadilla/pyjwt/issues/660 ">#660</a>:
Improve typing/logic for <code>options</code> in decode,
decode_complete; Improve docs by <a
href="https://github.com/pachewise "><code>@pachewise</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1045 ">jpadilla/pyjwt#1045</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a
href="https://github.com/pre-commit-ci "><code>@pre-commit-ci</code></a>[bot]
in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1042 ">jpadilla/pyjwt#1042</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a
href="https://github.com/pre-commit-ci "><code>@pre-commit-ci</code></a>[bot]
in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1052 ">jpadilla/pyjwt#1052</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a
href="https://github.com/pre-commit-ci "><code>@pre-commit-ci</code></a>[bot]
in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1053 ">jpadilla/pyjwt#1053</a></li>
<li>Fix <a
href="https://redirect.github.com/jpadilla/pyjwt/issues/1022 ">#1022</a>:
Map <code>algorithm=None</code> to "none" by <a
href="https://github.com/qqii "><code>@qqii</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1056 ">jpadilla/pyjwt#1056</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a
href="https://github.com/pre-commit-ci "><code>@pre-commit-ci</code></a>[bot]
in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1055 ">jpadilla/pyjwt#1055</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a
href="https://github.com/pre-commit-ci "><code>@pre-commit-ci</code></a>[bot]
in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1058 ">jpadilla/pyjwt#1058</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a
href="https://github.com/pre-commit-ci "><code>@pre-commit-ci</code></a>[bot]
in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1060 ">jpadilla/pyjwt#1060</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a
href="https://github.com/pre-commit-ci "><code>@pre-commit-ci</code></a>[bot]
in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1061 ">jpadilla/pyjwt#1061</a></li>
<li>Fixes <a
href="https://redirect.github.com/jpadilla/pyjwt/issues/1047 ">#1047</a>:
Correct <code>PyJWKClient.get_signing_key_from_jwt</code> annotation by
<a href="https://github.com/khvn26 "><code>@khvn26</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1048 ">jpadilla/pyjwt#1048</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a
href="https://github.com/pre-commit-ci "><code>@pre-commit-ci</code></a>[bot]
in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1062 ">jpadilla/pyjwt#1062</a></li>
<li>Fixed doc string typo in _validate_jti() function <a
href="https://redirect.github.com/jpadilla/pyjwt/issues/1063 ">#1063</a>
by <a
href="https://github.com/kuldeepkhatke "><code>@kuldeepkhatke</code></a>
in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1064 ">jpadilla/pyjwt#1064</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a
href="https://github.com/pre-commit-ci "><code>@pre-commit-ci</code></a>[bot]
in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1065 ">jpadilla/pyjwt#1065</a></li>
<li>Update SECURITY.md by <a
href="https://github.com/auvipy "><code>@auvipy</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1057 ">jpadilla/pyjwt#1057</a></li>
<li>Typing fix: use <code>float</code> instead of <code>int</code> for
<code>lifespan</code> and <code>timeout</code> by <a
href="https://github.com/nikitagashkov "><code>@nikitagashkov</code></a>
in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1068 ">jpadilla/pyjwt#1068</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a
href="https://github.com/pre-commit-ci "><code>@pre-commit-ci</code></a>[bot]
in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1067 ">jpadilla/pyjwt#1067</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst ">pyjwt's
changelog</a>.</em></p>
<blockquote>
<h2><code>v2.12.0
<https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0> ;</code>__</h2>
<p>Fixed</p>
<pre><code>
- Annotate PyJWKSet.keys for pyright by @tamird in
`[#1134 ](https://github.com/jpadilla/pyjwt/issues/1134 )
<https://github.com/jpadilla/pyjwt/pull/1134> ;`__
- Close ``HTTPError`` response to prevent ``ResourceWarning`` on Python
3.14 by @veeceey in
`[#1133 ](https://github.com/jpadilla/pyjwt/issues/1133 )
<https://github.com/jpadilla/pyjwt/pull/1133> ;`__
- Do not keep ``algorithms`` dict in PyJWK instances by @akx in
`[#1143 ](https://github.com/jpadilla/pyjwt/issues/1143 )
<https://github.com/jpadilla/pyjwt/pull/1143> ;`__
- Validate the crit (Critical) Header Parameter defined in RFC 7515
§4.1.11. by @dmbs335 in `GHSA-752w-5fwx-jx9f
<https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f> ;`__
- Use PyJWK algorithm when encoding without explicit algorithm in
`[#1148 ](https://github.com/jpadilla/pyjwt/issues/1148 )
<https://github.com/jpadilla/pyjwt/pull/1148> ;`__
<p>Added
</code></pre></p>
<ul>
<li>Docs: Add <code>PyJWKClient</code> API reference and document the
two-tier caching system (JWK Set cache and signing key LRU cache).</li>
</ul>
<h2><code>v2.11.0
<https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0> ;</code>__</h2>
<p>Fixed</p>
<pre><code>
- Enforce ECDSA curve validation per RFC 7518 Section 3.4.
- Fix build system warnings by @kurtmckee in
`[#1105 ](https://github.com/jpadilla/pyjwt/issues/1105 )
<https://github.com/jpadilla/pyjwt/pull/1105> ;`__
- Validate key against allowed types for Algorithm family in
`[#964 ](https://github.com/jpadilla/pyjwt/issues/964 )
<https://github.com/jpadilla/pyjwt/pull/964> ;`__
- Add iterator for JWKSet in
`[#1041 ](https://github.com/jpadilla/pyjwt/issues/1041 )
<https://github.com/jpadilla/pyjwt/pull/1041> ;`__
- Validate `iss` claim is a string during encoding and decoding by
@pachewise in `[#1040 ](https://github.com/jpadilla/pyjwt/issues/1040 )
<https://github.com/jpadilla/pyjwt/pull/1040> ;`__
- Improve typing/logic for `options` in decode, decode_complete by
@pachewise in `[#1045 ](https://github.com/jpadilla/pyjwt/issues/1045 )
<https://github.com/jpadilla/pyjwt/pull/1045> ;`__
- Declare float supported type for lifespan and timeout by
@nikitagashkov in
`[#1068 ](https://github.com/jpadilla/pyjwt/issues/1068 )
<https://github.com/jpadilla/pyjwt/pull/1068> ;`__
- Fix ``SyntaxWarning``\s/``DeprecationWarning``\s caused by invalid
escape sequences by @kurtmckee in
`[#1103 ](https://github.com/jpadilla/pyjwt/issues/1103 )
<https://github.com/jpadilla/pyjwt/pull/1103> ;`__
- Development: Build a shared wheel once to speed up test suite setup
times by @kurtmckee in
`[#1114 ](https://github.com/jpadilla/pyjwt/issues/1114 )
<https://github.com/jpadilla/pyjwt/pull/1114> ;`__
- Development: Test type annotations across all supported Python
versions,
increase the strictness of the type checking, and remove the mypy
pre-commit hook
by @kurtmckee in `[#1112 ](https://github.com/jpadilla/pyjwt/issues/1112 )
<https://github.com/jpadilla/pyjwt/pull/1112> ;`__
<p>Added
</code></pre></p>
<ul>
<li>Support Python 3.14, and test against PyPy 3.10 and 3.11 by <a
href="https://github.com/kurtmckee "><code>@kurtmckee</code></a> in
<code>[#1104 ](https://github.com/jpadilla/pyjwt/issues/1104 )
<https://github.com/jpadilla/pyjwt/pull/1104> ;</code>__</li>
<li>Development: Migrate to <code>build</code> to test package building
in CI by <a
href="https://github.com/kurtmckee "><code>@kurtmckee</code></a> in
<code>[#1108 ](https://github.com/jpadilla/pyjwt/issues/1108 )
<https://github.com/jpadilla/pyjwt/pull/1108> ;</code>__</li>
<li>Development: Improve coverage config and eliminate unused test suite
code by <a
href="https://github.com/kurtmckee "><code>@kurtmckee</code></a> in
<code>[#1115 ](https://github.com/jpadilla/pyjwt/issues/1115 )
<https://github.com/jpadilla/pyjwt/pull/1115> ;</code>__</li>
<li>Docs: Standardize CHANGELOG links to PRs by <a
href="https://github.com/kurtmckee "><code>@kurtmckee</code></a> in
<code>[#1110 ](https://github.com/jpadilla/pyjwt/issues/1110 )
<https://github.com/jpadilla/pyjwt/pull/1110> ;</code>__</li>
<li>Docs: Fix Read the Docs builds by <a
href="https://github.com/kurtmckee "><code>@kurtmckee</code></a> in
<code>[#1111 ](https://github.com/jpadilla/pyjwt/issues/1111 )
<https://github.com/jpadilla/pyjwt/pull/1111> ;</code>__</li>
<li>Docs: Add example of using leeway with nbf by <a
href="https://github.com/djw8605 "><code>@djw8605</code></a> in
<code>[#1034 ](https://github.com/jpadilla/pyjwt/issues/1034 )
<https://github.com/jpadilla/pyjwt/pull/1034> ;</code>__</li>
<li>Docs: Refactored docs with <code>autodoc</code>; added
<code>PyJWS</code> and <code>jwt.algorithms</code> docs by <a
href="https://github.com/pachewise "><code>@pachewise</code></a> in
<code>[#1045 ](https://github.com/jpadilla/pyjwt/issues/1045 )
<https://github.com/jpadilla/pyjwt/pull/1045> ;</code>__</li>
<li>Docs: Documentation improvements for "sub" and
"jti" claims by <a
href="https://github.com/cleder "><code>@cleder</code></a> in
<code>[#1088 ](https://github.com/jpadilla/pyjwt/issues/1088 )
<https://github.com/jpadilla/pyjwt/pull/1088> ;</code>__</li>
<li>Development: Add pyupgrade as a pre-commit hook by <a
href="https://github.com/kurtmckee "><code>@kurtmckee</code></a> in
<code>[#1109 ](https://github.com/jpadilla/pyjwt/issues/1109 )
<https://github.com/jpadilla/pyjwt/pull/1109> ;</code>__</li>
<li>Add minimum key length validation for HMAC and RSA keys (CWE-326).
Warns by default via <code>InsecureKeyLengthWarning</code> when keys are
below</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="bd9700cca7https://redirect.github.com/jpadilla/pyjwt/issues/1148 ">#1148</a>)</li>
<li><a
href="051ea341b51451d70ecahttps://redirect.github.com/jpadilla/pyjwt/issues/1143 ">#1143</a>)</li>
<li><a
href="f3ba74c106https://redirect.github.com/jpadilla/pyjwt/issues/1145 ">#1145</a>)</li>
<li><a
href="0318ffa7b1https://redirect.github.com/jpadilla/pyjwt/issues/1141 ">#1141</a>)</li>
<li><a
href="a52753db3chttps://redirect.github.com/jpadilla/pyjwt/issues/1142 ">#1142</a>)</li>
<li><a
href="b85050f1d4https://redirect.github.com/jpadilla/pyjwt/issues/1138 ">#1138</a>)</li>
<li><a
href="1272b26477https://redirect.github.com/jpadilla/pyjwt/issues/1135 ">#1135</a>)</li>
<li><a
href="99a87287c2https://redirect.github.com/jpadilla/pyjwt/issues/1136 ">#1136</a>)</li>
<li><a
href="412cb67a93https://redirect.github.com/jpadilla/pyjwt/issues/1133 ">#1133</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/jpadilla/pyjwt/compare/2.10.1...2.12.0 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-17 11:16:43 -07:00
Mason Daugherty
2bad58a809
chore: bump locks, lint ( #35985 )
2026-03-16 23:59:08 -04:00
dependabot[bot]
721b7e1cbd
chore: bump black from 25.11.0 to 26.3.1 in /libs/langchain_v1 ( #35802 )
2026-03-13 21:39:16 -04:00
dependabot[bot]
44e8e83872
chore: bump orjson from 3.11.5 to 3.11.6 in /libs/langchain_v1 ( #35807 )
2026-03-13 21:37:25 -04:00
Sydney Runkle
2a137bf491
release(langchain_v1): 1.2.12 ( #35770 )
2026-03-11 22:18:08 +00:00
Sydney Runkle
057c484ba2
release(langchain_v1): 1.2.11 ( #35723 )
2026-03-10 19:38:33 +00:00
dependabot[bot]
752cf2611f
chore: bump the minor-and-patch group across 3 directories with 7 updates ( #35605 )
...
Bumps the minor-and-patch group with 2 updates in the /libs/core
directory: [langsmith](https://github.com/langchain-ai/langsmith-sdk )
and [ruff](https://github.com/astral-sh/ruff ).
Bumps the minor-and-patch group with 5 updates in the /libs/langchain
directory:
| Package | From | To |
| --- | --- | --- |
| [langsmith](https://github.com/langchain-ai/langsmith-sdk ) | `0.7.9` |
`0.7.13` |
| [ruff](https://github.com/astral-sh/ruff ) | `0.15.4` | `0.15.5` |
| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy ) | `2.0.47` |
`2.0.48` |
| [langchain-huggingface](https://github.com/langchain-ai/langchain ) |
`1.2.0` | `1.2.1` |
| [wrapt](https://github.com/GrahamDumpleton/wrapt ) | `2.1.1` | `2.1.2`
|
Bumps the minor-and-patch group with 4 updates in the /libs/langchain_v1
directory: [ruff](https://github.com/astral-sh/ruff ),
[langchain-huggingface](https://github.com/langchain-ai/langchain ),
[wrapt](https://github.com/GrahamDumpleton/wrapt ) and
[langchain-azure-ai](https://github.com/langchain-ai/langchain-azure ).
Updates `langsmith` from 0.7.9 to 0.7.13
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases ">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.7.13</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: initialize otel exporter before background thread by <a
href="https://github.com/ericdong-langchain "><code>@ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2526 ">langchain-ai/langsmith-sdk#2526</a></li>
<li>fix: convert non primitive types to JSON strings by <a
href="https://github.com/ericdong-langchain "><code>@ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2527 ">langchain-ai/langsmith-sdk#2527</a></li>
<li>fix: missing await by <a
href="https://github.com/ericdong-langchain "><code>@ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2528 ">langchain-ai/langsmith-sdk#2528</a></li>
<li>fix: bump minimatch to resolve CVE-2026-27903 by <a
href="https://github.com/jkennedyvz "><code>@jkennedyvz</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2502 ">langchain-ai/langsmith-sdk#2502</a></li>
<li>feat(py): add experiment-level metadata to pytest integration by <a
href="https://github.com/baskaryan "><code>@baskaryan</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2524 ">langchain-ai/langsmith-sdk#2524</a></li>
<li>Bump version: 0.7.12 → 0.7.13 by <a
href="https://github.com/baskaryan "><code>@baskaryan</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2531 ">langchain-ai/langsmith-sdk#2531</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.12...v0.7.13 ">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.12...v0.7.13 </a></p>
<h2>v0.7.12</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: sample before transform in ingest by <a
href="https://github.com/ericdong-langchain "><code>@ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2488 ">langchain-ai/langsmith-sdk#2488</a></li>
<li>chore: bump version by <a
href="https://github.com/ericdong-langchain "><code>@ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2521 ">langchain-ai/langsmith-sdk#2521</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.11...v0.7.12 ">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.11...v0.7.12 </a></p>
<h2>v0.7.11</h2>
<h2>What's Changed</h2>
<ul>
<li>add get insights reports with runs by <a
href="https://github.com/Palashio "><code>@Palashio</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2517 ">langchain-ai/langsmith-sdk#2517</a></li>
<li>bump version for insights sdk changes by <a
href="https://github.com/Palashio "><code>@Palashio</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2520 ">langchain-ai/langsmith-sdk#2520</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Palashio "><code>@Palashio</code></a>
made their first contribution in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2517 ">langchain-ai/langsmith-sdk#2517</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.10...v0.7.11 ">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.10...v0.7.11 </a></p>
<h2>v0.7.10</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(deps-dev): bump the js-minor-and-patch group across 1
directory with 9 updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2490 ">langchain-ai/langsmith-sdk#2490</a></li>
<li>fix: update deprecated model and re-record VCR cassettes by <a
href="https://github.com/jkennedyvz "><code>@jkennedyvz</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2503 ">langchain-ai/langsmith-sdk#2503</a></li>
<li>chore(deps): bump minimatch from 3.1.2 to 3.1.5 in
/js/internal/environment_tests/test-exports-metro in the npm_and_yarn
group across 1 directory by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2489 ">langchain-ai/langsmith-sdk#2489</a></li>
<li>fix: memory leak in _cached_attachment_args when tracing closures by
<a
href="https://github.com/angus-langchain "><code>@angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2515 ">langchain-ai/langsmith-sdk#2515</a></li>
<li>Bump version: 0.7.9 → 0.7.10 by <a
href="https://github.com/angus-langchain "><code>@angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2516 ">langchain-ai/langsmith-sdk#2516</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.9...v0.7.10 ">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.9...v0.7.10 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="22c21bff7dhttps://redirect.github.com/langchain-ai/langsmith-sdk/issues/2531 ">#2531</a>)</li>
<li><a
href="5d17205b85https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2524 ">#2524</a>)</li>
<li><a
href="1412ad4bfehttps://redirect.github.com/langchain-ai/langsmith-sdk/issues/2502 ">#2502</a>)</li>
<li><a
href="da0d6e3f13https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2528 ">#2528</a>)</li>
<li><a
href="9f587d5f45https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2527 ">#2527</a>)</li>
<li><a
href="0efa7fb188https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2526 ">#2526</a>)</li>
<li><a
href="51d4e0b867https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2521 ">#2521</a>)</li>
<li><a
href="f8db5d1542https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2488 ">#2488</a>)</li>
<li><a
href="4ffc9417ebhttps://redirect.github.com/langchain-ai/langsmith-sdk/issues/2520 ">#2520</a>)</li>
<li><a
href="502cbb6c52https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2517 ">#2517</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.9...v0.7.13 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `ruff` from 0.15.4 to 0.15.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/releases ">ruff's
releases</a>.</em></p>
<blockquote>
<h2>0.15.5</h2>
<h2>Release Notes</h2>
<p>Released on 2026-03-05.</p>
<h3>Preview features</h3>
<ul>
<li>Discover Markdown files by default in preview mode (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23434 ">#23434</a>)</li>
<li>[<code>perflint</code>] Extend <code>PERF102</code> to
comprehensions and generators (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23473 ">#23473</a>)</li>
<li>[<code>refurb</code>] Fix <code>FURB101</code> and
<code>FURB103</code> false positives when I/O variable is used later (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23542 ">#23542</a>)</li>
<li>[<code>ruff</code>] Add fix for
<code>none-not-at-end-of-union</code> (<code>RUF036</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/22829 ">#22829</a>)</li>
<li>[<code>ruff</code>] Fix false positive for <code>re.split</code>
with empty string pattern (<code>RUF055</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23634 ">#23634</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>[<code>fastapi</code>] Handle callable class dependencies with
<code>__call__</code> method (<code>FAST003</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23553 ">#23553</a>)</li>
<li>[<code>pydocstyle</code>] Fix numpy section ordering
(<code>D420</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23685 ">#23685</a>)</li>
<li>[<code>pyflakes</code>] Fix false positive for names shadowing
re-exports (<code>F811</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23356 ">#23356</a>)</li>
<li>[<code>pyupgrade</code>] Avoid inserting redundant <code>None</code>
elements in <code>UP045</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23459 ">#23459</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Document extension mapping for Markdown code formatting (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23574 ">#23574</a>)</li>
<li>Update default Python version examples (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23605 ">#23605</a>)</li>
</ul>
<h3>Other changes</h3>
<ul>
<li>Publish releases to Astral mirror (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23616 ">#23616</a>)</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a
href="https://github.com/amyreese "><code>@amyreese</code></a></li>
<li><a
href="https://github.com/stakeswky "><code>@stakeswky</code></a></li>
<li><a
href="https://github.com/chirizxc "><code>@chirizxc</code></a></li>
<li><a
href="https://github.com/anishgirianish "><code>@anishgirianish</code></a></li>
<li><a href="https://github.com/bxff "><code>@bxff</code></a></li>
<li><a href="https://github.com/zsol "><code>@zsol</code></a></li>
<li><a
href="https://github.com/charliermarsh "><code>@charliermarsh</code></a></li>
<li><a href="https://github.com/ntBre "><code>@ntBre</code></a></li>
<li><a
href="https://github.com/kar-ganap "><code>@kar-ganap</code></a></li>
</ul>
<h2>Install ruff 0.15.5</h2>
<h3>Install prebuilt binaries via shell script</h3>
<pre lang="sh"><code>curl --proto '=https' --tlsv1.2 -LsSf
https://github.com/astral-sh/ruff/releases/download/0.15.5/ruff-installer.sh
| sh
</code></pre>
<h3>Install prebuilt binaries via powershell script</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md ">ruff's
changelog</a>.</em></p>
<blockquote>
<h2>0.15.5</h2>
<p>Released on 2026-03-05.</p>
<h3>Preview features</h3>
<ul>
<li>Discover Markdown files by default in preview mode (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23434 ">#23434</a>)</li>
<li>[<code>perflint</code>] Extend <code>PERF102</code> to
comprehensions and generators (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23473 ">#23473</a>)</li>
<li>[<code>refurb</code>] Fix <code>FURB101</code> and
<code>FURB103</code> false positives when I/O variable is used later (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23542 ">#23542</a>)</li>
<li>[<code>ruff</code>] Add fix for
<code>none-not-at-end-of-union</code> (<code>RUF036</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/22829 ">#22829</a>)</li>
<li>[<code>ruff</code>] Fix false positive for <code>re.split</code>
with empty string pattern (<code>RUF055</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23634 ">#23634</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>[<code>fastapi</code>] Handle callable class dependencies with
<code>__call__</code> method (<code>FAST003</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23553 ">#23553</a>)</li>
<li>[<code>pydocstyle</code>] Fix numpy section ordering
(<code>D420</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23685 ">#23685</a>)</li>
<li>[<code>pyflakes</code>] Fix false positive for names shadowing
re-exports (<code>F811</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23356 ">#23356</a>)</li>
<li>[<code>pyupgrade</code>] Avoid inserting redundant <code>None</code>
elements in <code>UP045</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23459 ">#23459</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Document extension mapping for Markdown code formatting (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23574 ">#23574</a>)</li>
<li>Update default Python version examples (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23605 ">#23605</a>)</li>
</ul>
<h3>Other changes</h3>
<ul>
<li>Publish releases to Astral mirror (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23616 ">#23616</a>)</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a
href="https://github.com/amyreese "><code>@amyreese</code></a></li>
<li><a
href="https://github.com/stakeswky "><code>@stakeswky</code></a></li>
<li><a
href="https://github.com/chirizxc "><code>@chirizxc</code></a></li>
<li><a
href="https://github.com/anishgirianish "><code>@anishgirianish</code></a></li>
<li><a href="https://github.com/bxff "><code>@bxff</code></a></li>
<li><a href="https://github.com/zsol "><code>@zsol</code></a></li>
<li><a
href="https://github.com/charliermarsh "><code>@charliermarsh</code></a></li>
<li><a href="https://github.com/ntBre "><code>@ntBre</code></a></li>
<li><a
href="https://github.com/kar-ganap "><code>@kar-ganap</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5e4a3d9c3bhttps://redirect.github.com/astral-sh/ruff/issues/23743 ">#23743</a>)</li>
<li><a
href="69c23cc5a3https://redirect.github.com/astral-sh/ruff/issues/23613 ">#23613</a>)</li>
<li><a
href="4926bd5820https://redirect.github.com/astral-sh/ruff/issues/23740 ">#23740</a>)</li>
<li><a
href="9a70f5eb2fhttps://redirect.github.com/astral-sh/ruff/issues/23434 ">#23434</a>)</li>
<li><a
href="3dc78b0a84https://redirect.github.com/astral-sh/ruff/issues/23739 ">#23739</a>)</li>
<li><a
href="a6a5e8d10bhttps://redirect.github.com/astral-sh/ruff/issues/23723 ">#23723</a>)</li>
<li><a
href="2a5384b0b6https://redirect.github.com/astral-sh/ruff/issues/23713 ">#23713</a>)</li>
<li><a
href="db77d7b2aedb2849068fhttps://redirect.github.com/astral-sh/ruff/issues/23724 ">#23724</a>)</li>
<li><a
href="5f0fd91a23https://redirect.github.com/astral-sh/ruff/issues/23639 ">#23639</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/astral-sh/ruff/compare/0.15.4...0.15.5 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `langsmith` from 0.7.9 to 0.7.13
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases ">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.7.13</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: initialize otel exporter before background thread by <a
href="https://github.com/ericdong-langchain "><code>@ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2526 ">langchain-ai/langsmith-sdk#2526</a></li>
<li>fix: convert non primitive types to JSON strings by <a
href="https://github.com/ericdong-langchain "><code>@ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2527 ">langchain-ai/langsmith-sdk#2527</a></li>
<li>fix: missing await by <a
href="https://github.com/ericdong-langchain "><code>@ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2528 ">langchain-ai/langsmith-sdk#2528</a></li>
<li>fix: bump minimatch to resolve CVE-2026-27903 by <a
href="https://github.com/jkennedyvz "><code>@jkennedyvz</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2502 ">langchain-ai/langsmith-sdk#2502</a></li>
<li>feat(py): add experiment-level metadata to pytest integration by <a
href="https://github.com/baskaryan "><code>@baskaryan</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2524 ">langchain-ai/langsmith-sdk#2524</a></li>
<li>Bump version: 0.7.12 → 0.7.13 by <a
href="https://github.com/baskaryan "><code>@baskaryan</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2531 ">langchain-ai/langsmith-sdk#2531</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.12...v0.7.13 ">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.12...v0.7.13 </a></p>
<h2>v0.7.12</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: sample before transform in ingest by <a
href="https://github.com/ericdong-langchain "><code>@ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2488 ">langchain-ai/langsmith-sdk#2488</a></li>
<li>chore: bump version by <a
href="https://github.com/ericdong-langchain "><code>@ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2521 ">langchain-ai/langsmith-sdk#2521</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.11...v0.7.12 ">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.11...v0.7.12 </a></p>
<h2>v0.7.11</h2>
<h2>What's Changed</h2>
<ul>
<li>add get insights reports with runs by <a
href="https://github.com/Palashio "><code>@Palashio</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2517 ">langchain-ai/langsmith-sdk#2517</a></li>
<li>bump version for insights sdk changes by <a
href="https://github.com/Palashio "><code>@Palashio</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2520 ">langchain-ai/langsmith-sdk#2520</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Palashio "><code>@Palashio</code></a>
made their first contribution in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2517 ">langchain-ai/langsmith-sdk#2517</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.10...v0.7.11 ">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.10...v0.7.11 </a></p>
<h2>v0.7.10</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(deps-dev): bump the js-minor-and-patch group across 1
directory with 9 updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2490 ">langchain-ai/langsmith-sdk#2490</a></li>
<li>fix: update deprecated model and re-record VCR cassettes by <a
href="https://github.com/jkennedyvz "><code>@jkennedyvz</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2503 ">langchain-ai/langsmith-sdk#2503</a></li>
<li>chore(deps): bump minimatch from 3.1.2 to 3.1.5 in
/js/internal/environment_tests/test-exports-metro in the npm_and_yarn
group across 1 directory by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2489 ">langchain-ai/langsmith-sdk#2489</a></li>
<li>fix: memory leak in _cached_attachment_args when tracing closures by
<a
href="https://github.com/angus-langchain "><code>@angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2515 ">langchain-ai/langsmith-sdk#2515</a></li>
<li>Bump version: 0.7.9 → 0.7.10 by <a
href="https://github.com/angus-langchain "><code>@angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2516 ">langchain-ai/langsmith-sdk#2516</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.9...v0.7.10 ">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.9...v0.7.10 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="22c21bff7dhttps://redirect.github.com/langchain-ai/langsmith-sdk/issues/2531 ">#2531</a>)</li>
<li><a
href="5d17205b85https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2524 ">#2524</a>)</li>
<li><a
href="1412ad4bfehttps://redirect.github.com/langchain-ai/langsmith-sdk/issues/2502 ">#2502</a>)</li>
<li><a
href="da0d6e3f13https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2528 ">#2528</a>)</li>
<li><a
href="9f587d5f45https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2527 ">#2527</a>)</li>
<li><a
href="0efa7fb188https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2526 ">#2526</a>)</li>
<li><a
href="51d4e0b867https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2521 ">#2521</a>)</li>
<li><a
href="f8db5d1542https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2488 ">#2488</a>)</li>
<li><a
href="4ffc9417ebhttps://redirect.github.com/langchain-ai/langsmith-sdk/issues/2520 ">#2520</a>)</li>
<li><a
href="502cbb6c52https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2517 ">#2517</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.9...v0.7.13 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `ruff` from 0.15.4 to 0.15.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/releases ">ruff's
releases</a>.</em></p>
<blockquote>
<h2>0.15.5</h2>
<h2>Release Notes</h2>
<p>Released on 2026-03-05.</p>
<h3>Preview features</h3>
<ul>
<li>Discover Markdown files by default in preview mode (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23434 ">#23434</a>)</li>
<li>[<code>perflint</code>] Extend <code>PERF102</code> to
comprehensions and generators (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23473 ">#23473</a>)</li>
<li>[<code>refurb</code>] Fix <code>FURB101</code> and
<code>FURB103</code> false positives when I/O variable is used later (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23542 ">#23542</a>)</li>
<li>[<code>ruff</code>] Add fix for
<code>none-not-at-end-of-union</code> (<code>RUF036</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/22829 ">#22829</a>)</li>
<li>[<code>ruff</code>] Fix false positive for <code>re.split</code>
with empty string pattern (<code>RUF055</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23634 ">#23634</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>[<code>fastapi</code>] Handle callable class dependencies with
<code>__call__</code> method (<code>FAST003</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23553 ">#23553</a>)</li>
<li>[<code>pydocstyle</code>] Fix numpy section ordering
(<code>D420</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23685 ">#23685</a>)</li>
<li>[<code>pyflakes</code>] Fix false positive for names shadowing
re-exports (<code>F811</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23356 ">#23356</a>)</li>
<li>[<code>pyupgrade</code>] Avoid inserting redundant <code>None</code>
elements in <code>UP045</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23459 ">#23459</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Document extension mapping for Markdown code formatting (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23574 ">#23574</a>)</li>
<li>Update default Python version examples (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23605 ">#23605</a>)</li>
</ul>
<h3>Other changes</h3>
<ul>
<li>Publish releases to Astral mirror (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23616 ">#23616</a>)</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a
href="https://github.com/amyreese "><code>@amyreese</code></a></li>
<li><a
href="https://github.com/stakeswky "><code>@stakeswky</code></a></li>
<li><a
href="https://github.com/chirizxc "><code>@chirizxc</code></a></li>
<li><a
href="https://github.com/anishgirianish "><code>@anishgirianish</code></a></li>
<li><a href="https://github.com/bxff "><code>@bxff</code></a></li>
<li><a href="https://github.com/zsol "><code>@zsol</code></a></li>
<li><a
href="https://github.com/charliermarsh "><code>@charliermarsh</code></a></li>
<li><a href="https://github.com/ntBre "><code>@ntBre</code></a></li>
<li><a
href="https://github.com/kar-ganap "><code>@kar-ganap</code></a></li>
</ul>
<h2>Install ruff 0.15.5</h2>
<h3>Install prebuilt binaries via shell script</h3>
<pre lang="sh"><code>curl --proto '=https' --tlsv1.2 -LsSf
https://github.com/astral-sh/ruff/releases/download/0.15.5/ruff-installer.sh
| sh
</code></pre>
<h3>Install prebuilt binaries via powershell script</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md ">ruff's
changelog</a>.</em></p>
<blockquote>
<h2>0.15.5</h2>
<p>Released on 2026-03-05.</p>
<h3>Preview features</h3>
<ul>
<li>Discover Markdown files by default in preview mode (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23434 ">#23434</a>)</li>
<li>[<code>perflint</code>] Extend <code>PERF102</code> to
comprehensions and generators (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23473 ">#23473</a>)</li>
<li>[<code>refurb</code>] Fix <code>FURB101</code> and
<code>FURB103</code> false positives when I/O variable is used later (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23542 ">#23542</a>)</li>
<li>[<code>ruff</code>] Add fix for
<code>none-not-at-end-of-union</code> (<code>RUF036</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/22829 ">#22829</a>)</li>
<li>[<code>ruff</code>] Fix false positive for <code>re.split</code>
with empty string pattern (<code>RUF055</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23634 ">#23634</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>[<code>fastapi</code>] Handle callable class dependencies with
<code>__call__</code> method (<code>FAST003</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23553 ">#23553</a>)</li>
<li>[<code>pydocstyle</code>] Fix numpy section ordering
(<code>D420</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23685 ">#23685</a>)</li>
<li>[<code>pyflakes</code>] Fix false positive for names shadowing
re-exports (<code>F811</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23356 ">#23356</a>)</li>
<li>[<code>pyupgrade</code>] Avoid inserting redundant <code>None</code>
elements in <code>UP045</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23459 ">#23459</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Document extension mapping for Markdown code formatting (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23574 ">#23574</a>)</li>
<li>Update default Python version examples (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23605 ">#23605</a>)</li>
</ul>
<h3>Other changes</h3>
<ul>
<li>Publish releases to Astral mirror (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23616 ">#23616</a>)</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a
href="https://github.com/amyreese "><code>@amyreese</code></a></li>
<li><a
href="https://github.com/stakeswky "><code>@stakeswky</code></a></li>
<li><a
href="https://github.com/chirizxc "><code>@chirizxc</code></a></li>
<li><a
href="https://github.com/anishgirianish "><code>@anishgirianish</code></a></li>
<li><a href="https://github.com/bxff "><code>@bxff</code></a></li>
<li><a href="https://github.com/zsol "><code>@zsol</code></a></li>
<li><a
href="https://github.com/charliermarsh "><code>@charliermarsh</code></a></li>
<li><a href="https://github.com/ntBre "><code>@ntBre</code></a></li>
<li><a
href="https://github.com/kar-ganap "><code>@kar-ganap</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5e4a3d9c3bhttps://redirect.github.com/astral-sh/ruff/issues/23743 ">#23743</a>)</li>
<li><a
href="69c23cc5a3https://redirect.github.com/astral-sh/ruff/issues/23613 ">#23613</a>)</li>
<li><a
href="4926bd5820https://redirect.github.com/astral-sh/ruff/issues/23740 ">#23740</a>)</li>
<li><a
href="9a70f5eb2fhttps://redirect.github.com/astral-sh/ruff/issues/23434 ">#23434</a>)</li>
<li><a
href="3dc78b0a84https://redirect.github.com/astral-sh/ruff/issues/23739 ">#23739</a>)</li>
<li><a
href="a6a5e8d10bhttps://redirect.github.com/astral-sh/ruff/issues/23723 ">#23723</a>)</li>
<li><a
href="2a5384b0b6https://redirect.github.com/astral-sh/ruff/issues/23713 ">#23713</a>)</li>
<li><a
href="db77d7b2aedb2849068fhttps://redirect.github.com/astral-sh/ruff/issues/23724 ">#23724</a>)</li>
<li><a
href="5f0fd91a23https://redirect.github.com/astral-sh/ruff/issues/23639 ">#23639</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/astral-sh/ruff/compare/0.15.4...0.15.5 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `ruff` from 0.15.4 to 0.15.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/releases ">ruff's
releases</a>.</em></p>
<blockquote>
<h2>0.15.5</h2>
<h2>Release Notes</h2>
<p>Released on 2026-03-05.</p>
<h3>Preview features</h3>
<ul>
<li>Discover Markdown files by default in preview mode (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23434 ">#23434</a>)</li>
<li>[<code>perflint</code>] Extend <code>PERF102</code> to
comprehensions and generators (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23473 ">#23473</a>)</li>
<li>[<code>refurb</code>] Fix <code>FURB101</code> and
<code>FURB103</code> false positives when I/O variable is used later (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23542 ">#23542</a>)</li>
<li>[<code>ruff</code>] Add fix for
<code>none-not-at-end-of-union</code> (<code>RUF036</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/22829 ">#22829</a>)</li>
<li>[<code>ruff</code>] Fix false positive for <code>re.split</code>
with empty string pattern (<code>RUF055</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23634 ">#23634</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>[<code>fastapi</code>] Handle callable class dependencies with
<code>__call__</code> method (<code>FAST003</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23553 ">#23553</a>)</li>
<li>[<code>pydocstyle</code>] Fix numpy section ordering
(<code>D420</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23685 ">#23685</a>)</li>
<li>[<code>pyflakes</code>] Fix false positive for names shadowing
re-exports (<code>F811</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23356 ">#23356</a>)</li>
<li>[<code>pyupgrade</code>] Avoid inserting redundant <code>None</code>
elements in <code>UP045</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23459 ">#23459</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Document extension mapping for Markdown code formatting (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23574 ">#23574</a>)</li>
<li>Update default Python version examples (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23605 ">#23605</a>)</li>
</ul>
<h3>Other changes</h3>
<ul>
<li>Publish releases to Astral mirror (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23616 ">#23616</a>)</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a
href="https://github.com/amyreese "><code>@amyreese</code></a></li>
<li><a
href="https://github.com/stakeswky "><code>@stakeswky</code></a></li>
<li><a
href="https://github.com/chirizxc "><code>@chirizxc</code></a></li>
<li><a
href="https://github.com/anishgirianish "><code>@anishgirianish</code></a></li>
<li><a href="https://github.com/bxff "><code>@bxff</code></a></li>
<li><a href="https://github.com/zsol "><code>@zsol</code></a></li>
<li><a
href="https://github.com/charliermarsh "><code>@charliermarsh</code></a></li>
<li><a href="https://github.com/ntBre "><code>@ntBre</code></a></li>
<li><a
href="https://github.com/kar-ganap "><code>@kar-ganap</code></a></li>
</ul>
<h2>Install ruff 0.15.5</h2>
<h3>Install prebuilt binaries via shell script</h3>
<pre lang="sh"><code>curl --proto '=https' --tlsv1.2 -LsSf
https://github.com/astral-sh/ruff/releases/download/0.15.5/ruff-installer.sh
| sh
</code></pre>
<h3>Install prebuilt binaries via powershell script</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md ">ruff's
changelog</a>.</em></p>
<blockquote>
<h2>0.15.5</h2>
<p>Released on 2026-03-05.</p>
<h3>Preview features</h3>
<ul>
<li>Discover Markdown files by default in preview mode (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23434 ">#23434</a>)</li>
<li>[<code>perflint</code>] Extend <code>PERF102</code> to
comprehensions and generators (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23473 ">#23473</a>)</li>
<li>[<code>refurb</code>] Fix <code>FURB101</code> and
<code>FURB103</code> false positives when I/O variable is used later (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23542 ">#23542</a>)</li>
<li>[<code>ruff</code>] Add fix for
<code>none-not-at-end-of-union</code> (<code>RUF036</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/22829 ">#22829</a>)</li>
<li>[<code>ruff</code>] Fix false positive for <code>re.split</code>
with empty string pattern (<code>RUF055</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23634 ">#23634</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>[<code>fastapi</code>] Handle callable class dependencies with
<code>__call__</code> method (<code>FAST003</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23553 ">#23553</a>)</li>
<li>[<code>pydocstyle</code>] Fix numpy section ordering
(<code>D420</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23685 ">#23685</a>)</li>
<li>[<code>pyflakes</code>] Fix false positive for names shadowing
re-exports (<code>F811</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23356 ">#23356</a>)</li>
<li>[<code>pyupgrade</code>] Avoid inserting redundant <code>None</code>
elements in <code>UP045</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23459 ">#23459</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Document extension mapping for Markdown code formatting (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23574 ">#23574</a>)</li>
<li>Update default Python version examples (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23605 ">#23605</a>)</li>
</ul>
<h3>Other changes</h3>
<ul>
<li>Publish releases to Astral mirror (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23616 ">#23616</a>)</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a
href="https://github.com/amyreese "><code>@amyreese</code></a></li>
<li><a
href="https://github.com/stakeswky "><code>@stakeswky</code></a></li>
<li><a
href="https://github.com/chirizxc "><code>@chirizxc</code></a></li>
<li><a
href="https://github.com/anishgirianish "><code>@anishgirianish</code></a></li>
<li><a href="https://github.com/bxff "><code>@bxff</code></a></li>
<li><a href="https://github.com/zsol "><code>@zsol</code></a></li>
<li><a
href="https://github.com/charliermarsh "><code>@charliermarsh</code></a></li>
<li><a href="https://github.com/ntBre "><code>@ntBre</code></a></li>
<li><a
href="https://github.com/kar-ganap "><code>@kar-ganap</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5e4a3d9c3bhttps://redirect.github.com/astral-sh/ruff/issues/23743 ">#23743</a>)</li>
<li><a
href="69c23cc5a3https://redirect.github.com/astral-sh/ruff/issues/23613 ">#23613</a>)</li>
<li><a
href="4926bd5820https://redirect.github.com/astral-sh/ruff/issues/23740 ">#23740</a>)</li>
<li><a
href="9a70f5eb2fhttps://redirect.github.com/astral-sh/ruff/issues/23434 ">#23434</a>)</li>
<li><a
href="3dc78b0a84https://redirect.github.com/astral-sh/ruff/issues/23739 ">#23739</a>)</li>
<li><a
href="a6a5e8d10bhttps://redirect.github.com/astral-sh/ruff/issues/23723 ">#23723</a>)</li>
<li><a
href="2a5384b0b6https://redirect.github.com/astral-sh/ruff/issues/23713 ">#23713</a>)</li>
<li><a
href="db77d7b2aedb2849068fhttps://redirect.github.com/astral-sh/ruff/issues/23724 ">#23724</a>)</li>
<li><a
href="5f0fd91a23https://redirect.github.com/astral-sh/ruff/issues/23639 ">#23639</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/astral-sh/ruff/compare/0.15.4...0.15.5 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `langsmith` from 0.7.9 to 0.7.13
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases ">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.7.13</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: initialize otel exporter before background thread by <a
href="https://github.com/ericdong-langchain "><code>@ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2526 ">langchain-ai/langsmith-sdk#2526</a></li>
<li>fix: convert non primitive types to JSON strings by <a
href="https://github.com/ericdong-langchain "><code>@ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2527 ">langchain-ai/langsmith-sdk#2527</a></li>
<li>fix: missing await by <a
href="https://github.com/ericdong-langchain "><code>@ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2528 ">langchain-ai/langsmith-sdk#2528</a></li>
<li>fix: bump minimatch to resolve CVE-2026-27903 by <a
href="https://github.com/jkennedyvz "><code>@jkennedyvz</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2502 ">langchain-ai/langsmith-sdk#2502</a></li>
<li>feat(py): add experiment-level metadata to pytest integration by <a
href="https://github.com/baskaryan "><code>@baskaryan</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2524 ">langchain-ai/langsmith-sdk#2524</a></li>
<li>Bump version: 0.7.12 → 0.7.13 by <a
href="https://github.com/baskaryan "><code>@baskaryan</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2531 ">langchain-ai/langsmith-sdk#2531</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.12...v0.7.13 ">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.12...v0.7.13 </a></p>
<h2>v0.7.12</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: sample before transform in ingest by <a
href="https://github.com/ericdong-langchain "><code>@ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2488 ">langchain-ai/langsmith-sdk#2488</a></li>
<li>chore: bump version by <a
href="https://github.com/ericdong-langchain "><code>@ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2521 ">langchain-ai/langsmith-sdk#2521</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.11...v0.7.12 ">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.11...v0.7.12 </a></p>
<h2>v0.7.11</h2>
<h2>What's Changed</h2>
<ul>
<li>add get insights reports with runs by <a
href="https://github.com/Palashio "><code>@Palashio</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2517 ">langchain-ai/langsmith-sdk#2517</a></li>
<li>bump version for insights sdk changes by <a
href="https://github.com/Palashio "><code>@Palashio</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2520 ">langchain-ai/langsmith-sdk#2520</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Palashio "><code>@Palashio</code></a>
made their first contribution in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2517 ">langchain-ai/langsmith-sdk#2517</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.10...v0.7.11 ">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.10...v0.7.11 </a></p>
<h2>v0.7.10</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(deps-dev): bump the js-minor-and-patch group across 1
directory with 9 updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2490 ">langchain-ai/langsmith-sdk#2490</a></li>
<li>fix: update deprecated model and re-record VCR cassettes by <a
href="https://github.com/jkennedyvz "><code>@jkennedyvz</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2503 ">langchain-ai/langsmith-sdk#2503</a></li>
<li>chore(deps): bump minimatch from 3.1.2 to 3.1.5 in
/js/internal/environment_tests/test-exports-metro in the npm_and_yarn
group across 1 directory by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2489 ">langchain-ai/langsmith-sdk#2489</a></li>
<li>fix: memory leak in _cached_attachment_args when tracing closures by
<a
href="https://github.com/angus-langchain "><code>@angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2515 ">langchain-ai/langsmith-sdk#2515</a></li>
<li>Bump version: 0.7.9 → 0.7.10 by <a
href="https://github.com/angus-langchain "><code>@angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2516 ">langchain-ai/langsmith-sdk#2516</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.9...v0.7.10 ">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.9...v0.7.10 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="22c21bff7dhttps://redirect.github.com/langchain-ai/langsmith-sdk/issues/2531 ">#2531</a>)</li>
<li><a
href="5d17205b85https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2524 ">#2524</a>)</li>
<li><a
href="1412ad4bfehttps://redirect.github.com/langchain-ai/langsmith-sdk/issues/2502 ">#2502</a>)</li>
<li><a
href="da0d6e3f13https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2528 ">#2528</a>)</li>
<li><a
href="9f587d5f45https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2527 ">#2527</a>)</li>
<li><a
href="0efa7fb188https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2526 ">#2526</a>)</li>
<li><a
href="51d4e0b867https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2521 ">#2521</a>)</li>
<li><a
href="f8db5d1542https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2488 ">#2488</a>)</li>
<li><a
href="4ffc9417ebhttps://redirect.github.com/langchain-ai/langsmith-sdk/issues/2520 ">#2520</a>)</li>
<li><a
href="502cbb6c52https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2517 ">#2517</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.9...v0.7.13 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `ruff` from 0.15.4 to 0.15.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/releases ">ruff's
releases</a>.</em></p>
<blockquote>
<h2>0.15.5</h2>
<h2>Release Notes</h2>
<p>Released on 2026-03-05.</p>
<h3>Preview features</h3>
<ul>
<li>Discover Markdown files by default in preview mode (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23434 ">#23434</a>)</li>
<li>[<code>perflint</code>] Extend <code>PERF102</code> to
comprehensions and generators (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23473 ">#23473</a>)</li>
<li>[<code>refurb</code>] Fix <code>FURB101</code> and
<code>FURB103</code> false positives when I/O variable is used later (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23542 ">#23542</a>)</li>
<li>[<code>ruff</code>] Add fix for
<code>none-not-at-end-of-union</code> (<code>RUF036</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/22829 ">#22829</a>)</li>
<li>[<code>ruff</code>] Fix false positive for <code>re.split</code>
with empty string pattern (<code>RUF055</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23634 ">#23634</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>[<code>fastapi</code>] Handle callable class dependencies with
<code>__call__</code> method (<code>FAST003</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23553 ">#23553</a>)</li>
<li>[<code>pydocstyle</code>] Fix numpy section ordering
(<code>D420</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23685 ">#23685</a>)</li>
<li>[<code>pyflakes</code>] Fix false positive for names shadowing
re-exports (<code>F811</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23356 ">#23356</a>)</li>
<li>[<code>pyupgrade</code>] Avoid inserting redundant <code>None</code>
elements in <code>UP045</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23459 ">#23459</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Document extension mapping for Markdown code formatting (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23574 ">#23574</a>)</li>
<li>Update default Python version examples (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23605 ">#23605</a>)</li>
</ul>
<h3>Other changes</h3>
<ul>
<li>Publish releases to Astral mirror (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23616 ">#23616</a>)</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a
href="https://github.com/amyreese "><code>@amyreese</code></a></li>
<li><a
href="https://github.com/stakeswky "><code>@stakeswky</code></a></li>
<li><a
href="https://github.com/chirizxc "><code>@chirizxc</code></a></li>
<li><a
href="https://github.com/anishgirianish "><code>@anishgirianish</code></a></li>
<li><a href="https://github.com/bxff "><code>@bxff</code></a></li>
<li><a href="https://github.com/zsol "><code>@zsol</code></a></li>
<li><a
href="https://github.com/charliermarsh "><code>@charliermarsh</code></a></li>
<li><a href="https://github.com/ntBre "><code>@ntBre</code></a></li>
<li><a
href="https://github.com/kar-ganap "><code>@kar-ganap</code></a></li>
</ul>
<h2>Install ruff 0.15.5</h2>
<h3>Install prebuilt binaries via shell script</h3>
<pre lang="sh"><code>curl --proto '=https' --tlsv1.2 -LsSf
https://github.com/astral-sh/ruff/releases/download/0.15.5/ruff-installer.sh
| sh
</code></pre>
<h3>Install prebuilt binaries via powershell script</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md ">ruff's
changelog</a>.</em></p>
<blockquote>
<h2>0.15.5</h2>
<p>Released on 2026-03-05.</p>
<h3>Preview features</h3>
<ul>
<li>Discover Markdown files by default in preview mode (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23434 ">#23434</a>)</li>
<li>[<code>perflint</code>] Extend <code>PERF102</code> to
comprehensions and generators (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23473 ">#23473</a>)</li>
<li>[<code>refurb</code>] Fix <code>FURB101</code> and
<code>FURB103</code> false positives when I/O variable is used later (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23542 ">#23542</a>)</li>
<li>[<code>ruff</code>] Add fix for
<code>none-not-at-end-of-union</code> (<code>RUF036</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/22829 ">#22829</a>)</li>
<li>[<code>ruff</code>] Fix false positive for <code>re.split</code>
with empty string pattern (<code>RUF055</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23634 ">#23634</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>[<code>fastapi</code>] Handle callable class dependencies with
<code>__call__</code> method (<code>FAST003</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23553 ">#23553</a>)</li>
<li>[<code>pydocstyle</code>] Fix numpy section ordering
(<code>D420</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23685 ">#23685</a>)</li>
<li>[<code>pyflakes</code>] Fix false positive for names shadowing
re-exports (<code>F811</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23356 ">#23356</a>)</li>
<li>[<code>pyupgrade</code>] Avoid inserting redundant <code>None</code>
elements in <code>UP045</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23459 ">#23459</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Document extension mapping for Markdown code formatting (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23574 ">#23574</a>)</li>
<li>Update default Python version examples (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23605 ">#23605</a>)</li>
</ul>
<h3>Other changes</h3>
<ul>
<li>Publish releases to Astral mirror (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23616 ">#23616</a>)</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a
href="https://github.com/amyreese "><code>@amyreese</code></a></li>
<li><a
href="https://github.com/stakeswky "><code>@stakeswky</code></a></li>
<li><a
href="https://github.com/chirizxc "><code>@chirizxc</code></a></li>
<li><a
href="https://github.com/anishgirianish "><code>@anishgirianish</code></a></li>
<li><a href="https://github.com/bxff "><code>@bxff</code></a></li>
<li><a href="https://github.com/zsol "><code>@zsol</code></a></li>
<li><a
href="https://github.com/charliermarsh "><code>@charliermarsh</code></a></li>
<li><a href="https://github.com/ntBre "><code>@ntBre</code></a></li>
<li><a
href="https://github.com/kar-ganap "><code>@kar-ganap</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5e4a3d9c3bhttps://redirect.github.com/astral-sh/ruff/issues/23743 ">#23743</a>)</li>
<li><a
href="69c23cc5a3https://redirect.github.com/astral-sh/ruff/issues/23613 ">#23613</a>)</li>
<li><a
href="4926bd5820https://redirect.github.com/astral-sh/ruff/issues/23740 ">#23740</a>)</li>
<li><a
href="9a70f5eb2fhttps://redirect.github.com/astral-sh/ruff/issues/23434 ">#23434</a>)</li>
<li><a
href="3dc78b0a84https://redirect.github.com/astral-sh/ruff/issues/23739 ">#23739</a>)</li>
<li><a
href="a6a5e8d10bhttps://redirect.github.com/astral-sh/ruff/issues/23723 ">#23723</a>)</li>
<li><a
href="2a5384b0b6https://redirect.github.com/astral-sh/ruff/issues/23713 ">#23713</a>)</li>
<li><a
href="db77d7b2aedb2849068fhttps://redirect.github.com/astral-sh/ruff/issues/23724 ">#23724</a>)</li>
<li><a
href="5f0fd91a23https://redirect.github.com/astral-sh/ruff/issues/23639 ">#23639</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/astral-sh/ruff/compare/0.15.4...0.15.5 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `langsmith` from 0.7.9 to 0.7.13
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases ">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.7.13</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: initialize otel exporter before background thread by <a
href="https://github.com/ericdong-langchain "><code>@ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2526 ">langchain-ai/langsmith-sdk#2526</a></li>
<li>fix: convert non primitive types to JSON strings by <a
href="https://github.com/ericdong-langchain "><code>@ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2527 ">langchain-ai/langsmith-sdk#2527</a></li>
<li>fix: missing await by <a
href="https://github.com/ericdong-langchain "><code>@ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2528 ">langchain-ai/langsmith-sdk#2528</a></li>
<li>fix: bump minimatch to resolve CVE-2026-27903 by <a
href="https://github.com/jkennedyvz "><code>@jkennedyvz</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2502 ">langchain-ai/langsmith-sdk#2502</a></li>
<li>feat(py): add experiment-level metadata to pytest integration by <a
href="https://github.com/baskaryan "><code>@baskaryan</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2524 ">langchain-ai/langsmith-sdk#2524</a></li>
<li>Bump version: 0.7.12 → 0.7.13 by <a
href="https://github.com/baskaryan "><code>@baskaryan</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2531 ">langchain-ai/langsmith-sdk#2531</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.12...v0.7.13 ">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.12...v0.7.13 </a></p>
<h2>v0.7.12</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: sample before transform in ingest by <a
href="https://github.com/ericdong-langchain "><code>@ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2488 ">langchain-ai/langsmith-sdk#2488</a></li>
<li>chore: bump version by <a
href="https://github.com/ericdong-langchain "><code>@ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2521 ">langchain-ai/langsmith-sdk#2521</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.11...v0.7.12 ">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.11...v0.7.12 </a></p>...
_Description has been truncated_
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-06 16:05:45 -08:00
dependabot[bot]
9619516991
chore: bump the langchain-deps group across 3 directories with 7 updates ( #35513 )
...
Bumps the langchain-deps group with 2 updates in the /libs/core
directory: [langsmith](https://github.com/langchain-ai/langsmith-sdk )
and [ruff](https://github.com/astral-sh/ruff ).
Bumps the langchain-deps group with 6 updates in the /libs/langchain
directory:
| Package | From | To |
| --- | --- | --- |
| [langsmith](https://github.com/langchain-ai/langsmith-sdk ) | `0.7.6` |
`0.7.9` |
| [ruff](https://github.com/astral-sh/ruff ) | `0.15.2` | `0.15.4` |
| [langchain-aws](https://github.com/langchain-ai/langchain-aws ) |
`1.3.0` | `1.3.1` |
| [python-dotenv](https://github.com/theskumar/python-dotenv ) | `1.2.1`
| `1.2.2` |
| langchainhub | `0.1.18` | `0.1.21` |
| [fastapi](https://github.com/fastapi/fastapi ) | `0.133.0` | `0.135.1`
|
Bumps the langchain-deps group with 4 updates in the /libs/langchain_v1
directory: [ruff](https://github.com/astral-sh/ruff ),
[langchain-aws](https://github.com/langchain-ai/langchain-aws ),
[python-dotenv](https://github.com/theskumar/python-dotenv ) and
[langgraph](https://github.com/langchain-ai/langgraph ).
Updates `langsmith` from 0.7.6 to 0.7.9
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases ">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.7.9</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: catch blocksize typeError by <a
href="https://github.com/ericdong-langchain "><code>@ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2499 ">langchain-ai/langsmith-sdk#2499</a></li>
<li>chore: bump py ver by <a
href="https://github.com/ericdong-langchain "><code>@ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2501 ">langchain-ai/langsmith-sdk#2501</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.8...v0.7.9 ">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.8...v0.7.9 </a></p>
<h2>v0.7.8</h2>
<h2>What's Changed</h2>
<ul>
<li>fix(ci): replace mistakenly pinned Node 22.4.1 with 22.x by <a
href="https://github.com/jkennedyvz "><code>@jkennedyvz</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2477 ">langchain-ai/langsmith-sdk#2477</a></li>
<li>chore: bump GitHub workflow Node.js versions to 24.x by <a
href="https://github.com/jkennedyvz "><code>@jkennedyvz</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2485 ">langchain-ai/langsmith-sdk#2485</a></li>
<li>chore(deps): bump the py-minor-and-patch group across 1 directory
with 15 updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2475 ">langchain-ai/langsmith-sdk#2475</a></li>
<li>chore(deps): bump rollup from 4.57.1 to 4.59.0 in
/js/internal/environment_tests/test-exports-vite in the npm_and_yarn
group across 1 directory by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2483 ">langchain-ai/langsmith-sdk#2483</a></li>
<li>feat(sandbox): add retry mechanism for python client by <a
href="https://github.com/DanielKneipp "><code>@DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2486 ">langchain-ai/langsmith-sdk#2486</a></li>
<li>chore(deps): bump rollup from 4.40.2 to 4.59.0 in /js by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2484 ">langchain-ai/langsmith-sdk#2484</a></li>
<li>Description change for read_dataset_version by <a
href="https://github.com/catherine-langchain "><code>@catherine-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2487 ">langchain-ai/langsmith-sdk#2487</a></li>
<li>feat(sandbox): async sandbox creation by <a
href="https://github.com/DanielKneipp "><code>@DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2493 ">langchain-ai/langsmith-sdk#2493</a></li>
<li>docs: rm pytest beta docstring by <a
href="https://github.com/baskaryan "><code>@baskaryan</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2496 ">langchain-ai/langsmith-sdk#2496</a></li>
<li>fix(anthropic): Add usage_metadata to metadata by <a
href="https://github.com/angus-langchain "><code>@angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2497 ">langchain-ai/langsmith-sdk#2497</a></li>
<li>Bump version: 0.7.7 → 0.7.8 by <a
href="https://github.com/angus-langchain "><code>@angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2498 ">langchain-ai/langsmith-sdk#2498</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/catherine-langchain "><code>@catherine-langchain</code></a>
made their first contribution in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2487 ">langchain-ai/langsmith-sdk#2487</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.7...v0.7.8 ">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.7...v0.7.8 </a></p>
<h2>v0.7.7</h2>
<h2>What's Changed</h2>
<ul>
<li>fix(js): subagent tool calls tracking for latest claude agent sdk by
<a href="https://github.com/dqbd "><code>@dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2463 ">langchain-ai/langsmith-sdk#2463</a></li>
<li>release(js): 0.5.5 by <a
href="https://github.com/dqbd "><code>@dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2464 ">langchain-ai/langsmith-sdk#2464</a></li>
<li>fix(js): Respect traceRawHttp for tracing streaming AI SDK calls by
<a href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in
<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2466 ">langchain-ai/langsmith-sdk#2466</a></li>
<li>release(js): 0.5.6 by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2467 ">langchain-ai/langsmith-sdk#2467</a></li>
<li>feat(python): add WebSocket transport for sandbox commands by <a
href="https://github.com/DanielKneipp "><code>@DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2443 ">langchain-ai/langsmith-sdk#2443</a></li>
<li>test(python): add tests for WebSocket transport layer by <a
href="https://github.com/DanielKneipp "><code>@DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2445 ">langchain-ai/langsmith-sdk#2445</a></li>
<li>feat(python): use WebSocket transport by default with HTTP fallback
by <a
href="https://github.com/DanielKneipp "><code>@DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2446 ">langchain-ai/langsmith-sdk#2446</a></li>
<li>feat(python): add CommandHandle for streaming, kill, stdin, and
reconnect by <a
href="https://github.com/DanielKneipp "><code>@DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2450 ">langchain-ai/langsmith-sdk#2450</a></li>
<li>test(python): add tests for CommandHandle and sandbox streaming
integration by <a
href="https://github.com/DanielKneipp "><code>@DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2448 ">langchain-ai/langsmith-sdk#2448</a></li>
<li>docs(python): document sandbox streaming, kill, stdin, and reconnect
by <a
href="https://github.com/DanielKneipp "><code>@DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2449 ">langchain-ai/langsmith-sdk#2449</a></li>
<li>chore(deps): bump google-cloud-aiplatform from 1.126.1 to 1.133.0 in
/python by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2465 ">langchain-ai/langsmith-sdk#2465</a></li>
<li>fix(js): Fix list commits endpoint for private prompts by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2479 ">langchain-ai/langsmith-sdk#2479</a></li>
<li>feat: persist failed trace payloads to disk for later replay by <a
href="https://github.com/angus-langchain "><code>@angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2476 ">langchain-ai/langsmith-sdk#2476</a></li>
<li>feat: add native thread querying support by <a
href="https://github.com/ericdong-langchain "><code>@ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2455 ">langchain-ai/langsmith-sdk#2455</a></li>
<li>feat: add raw response parsing for responses api to openai wrapper
by <a href="https://github.com/victorm-lc "><code>@victorm-lc</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2480 ">langchain-ai/langsmith-sdk#2480</a></li>
<li>fix: add integration and version num by <a
href="https://github.com/samecrowder "><code>@samecrowder</code></a> in
<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2481 ">langchain-ai/langsmith-sdk#2481</a></li>
<li>release(py): 0.5.7 by <a
href="https://github.com/samecrowder "><code>@samecrowder</code></a> in
<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2482 ">langchain-ai/langsmith-sdk#2482</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/samecrowder "><code>@samecrowder</code></a>
made their first contribution in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2481 ">langchain-ai/langsmith-sdk#2481</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="52339a4d73https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2501 ">#2501</a>)</li>
<li><a
href="8d464b565fhttps://redirect.github.com/langchain-ai/langsmith-sdk/issues/2499 ">#2499</a>)</li>
<li><a
href="d442f952cahttps://redirect.github.com/langchain-ai/langsmith-sdk/issues/2498 ">#2498</a>)</li>
<li><a
href="498536f09dhttps://redirect.github.com/langchain-ai/langsmith-sdk/issues/2497 ">#2497</a>)</li>
<li><a
href="96a6801ac3https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2496 ">#2496</a>)</li>
<li><a
href="b3141e3e4bhttps://redirect.github.com/langchain-ai/langsmith-sdk/issues/2493 ">#2493</a>)</li>
<li><a
href="430999bedbhttps://redirect.github.com/langchain-ai/langsmith-sdk/issues/2487 ">#2487</a>)</li>
<li><a
href="b20cf2a7bdhttps://redirect.github.com/langchain-ai/langsmith-sdk/issues/2484 ">#2484</a>)</li>
<li><a
href="3c15041afahttps://redirect.github.com/langchain-ai/langsmith-sdk/issues/2486 ">#2486</a>)</li>
<li><a
href="1d29f1ce9bhttps://github.com/langchain-ai/langsmith-sdk/compare/v0.7.6...v0.7.9 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `ruff` from 0.15.2 to 0.15.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/releases ">ruff's
releases</a>.</em></p>
<blockquote>
<h2>0.15.4</h2>
<h2>Release Notes</h2>
<p>Released on 2026-02-26.</p>
<p>This is a follow-up release to 0.15.3 that resolves a panic when the
new rule <code>PLR1712</code> was enabled with any rule that analyzes
definitions, such as many of the <code>ANN</code> or <code>D</code>
rules.</p>
<h3>Bug fixes</h3>
<ul>
<li>Fix panic on access to definitions after analyzing definitions (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23588 ">#23588</a>)</li>
<li>[<code>pyflakes</code>] Suppress false positive in <code>F821</code>
for names used before <code>del</code> in stub files (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23550 ">#23550</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Clarify first-party import detection in Ruff (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23591 ">#23591</a>)</li>
<li>Fix incorrect <code>import-heading</code> example (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23568 ">#23568</a>)</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a
href="https://github.com/stakeswky "><code>@stakeswky</code></a></li>
<li><a href="https://github.com/ntBre "><code>@ntBre</code></a></li>
<li><a
href="https://github.com/thejcannon "><code>@thejcannon</code></a></li>
<li><a href="https://github.com/GeObts "><code>@GeObts</code></a></li>
</ul>
<h2>Install ruff 0.15.4</h2>
<h3>Install prebuilt binaries via shell script</h3>
<pre lang="sh"><code>curl --proto '=https' --tlsv1.2 -LsSf
https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-installer.sh
| sh
</code></pre>
<h3>Install prebuilt binaries via powershell script</h3>
<pre lang="sh"><code>powershell -ExecutionPolicy Bypass -c "irm
https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-installer.ps1
| iex"
</code></pre>
<h2>Download ruff 0.15.4</h2>
<table>
<thead>
<tr>
<th>File</th>
<th>Platform</th>
<th>Checksum</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-aarch64-apple-darwin.tar.gz ">ruff-aarch64-apple-darwin.tar.gz</a></td>
<td>Apple Silicon macOS</td>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-aarch64-apple-darwin.tar.gz.sha256 ">checksum</a></td>
</tr>
<tr>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-x86_64-apple-darwin.tar.gz ">ruff-x86_64-apple-darwin.tar.gz</a></td>
<td>Intel macOS</td>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-x86_64-apple-darwin.tar.gz.sha256 ">checksum</a></td>
</tr>
<tr>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-aarch64-pc-windows-msvc.zip ">ruff-aarch64-pc-windows-msvc.zip</a></td>
<td>ARM64 Windows</td>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-aarch64-pc-windows-msvc.zip.sha256 ">checksum</a></td>
</tr>
<tr>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-i686-pc-windows-msvc.zip ">ruff-i686-pc-windows-msvc.zip</a></td>
<td>x86 Windows</td>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-i686-pc-windows-msvc.zip.sha256 ">checksum</a></td>
</tr>
<tr>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-x86_64-pc-windows-msvc.zip ">ruff-x86_64-pc-windows-msvc.zip</a></td>
<td>x64 Windows</td>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-x86_64-pc-windows-msvc.zip.sha256 ">checksum</a></td>
</tr>
<tr>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-aarch64-unknown-linux-gnu.tar.gz ">ruff-aarch64-unknown-linux-gnu.tar.gz</a></td>
<td>ARM64 Linux</td>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-aarch64-unknown-linux-gnu.tar.gz.sha256 ">checksum</a></td>
</tr>
<tr>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-i686-unknown-linux-gnu.tar.gz ">ruff-i686-unknown-linux-gnu.tar.gz</a></td>
<td>x86 Linux</td>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-i686-unknown-linux-gnu.tar.gz.sha256 ">checksum</a></td>
</tr>
<tr>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-powerpc64-unknown-linux-gnu.tar.gz ">ruff-powerpc64-unknown-linux-gnu.tar.gz</a></td>
<td>PPC64 Linux</td>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-powerpc64-unknown-linux-gnu.tar.gz.sha256 ">checksum</a></td>
</tr>
</tbody>
</table>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md ">ruff's
changelog</a>.</em></p>
<blockquote>
<h2>0.15.4</h2>
<p>Released on 2026-02-26.</p>
<p>This is a follow-up release to 0.15.3 that resolves a panic when the
new rule <code>PLR1712</code> was enabled with any rule that analyzes
definitions, such as many of the <code>ANN</code> or <code>D</code>
rules.</p>
<h3>Bug fixes</h3>
<ul>
<li>Fix panic on access to definitions after analyzing definitions (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23588 ">#23588</a>)</li>
<li>[<code>pyflakes</code>] Suppress false positive in <code>F821</code>
for names used before <code>del</code> in stub files (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23550 ">#23550</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Clarify first-party import detection in Ruff (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23591 ">#23591</a>)</li>
<li>Fix incorrect <code>import-heading</code> example (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23568 ">#23568</a>)</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a
href="https://github.com/stakeswky "><code>@stakeswky</code></a></li>
<li><a href="https://github.com/ntBre "><code>@ntBre</code></a></li>
<li><a
href="https://github.com/thejcannon "><code>@thejcannon</code></a></li>
<li><a href="https://github.com/GeObts "><code>@GeObts</code></a></li>
</ul>
<h2>0.15.3</h2>
<p>Released on 2026-02-26.</p>
<h3>Preview features</h3>
<ul>
<li>
<p>Drop explicit support for <code>.qmd</code> file extension (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23572 ">#23572</a>)</p>
<p>This can now be enabled instead by setting the <a
href="https://docs.astral.sh/ruff/settings/#extension "><code>extension</code></a>
option:</p>
<pre lang="toml"><code># ruff.toml
extension = { qmd = "markdown" }
<h1>pyproject.toml</h1>
<p>[tool.ruff]
extension = { qmd = "markdown" }
</code></pre></p>
</li>
<li>
<p>Include configured extensions in file discovery (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23400 ">#23400</a>)</p>
</li>
<li>
<p>[<code>flake8-bandit</code>] Allow suspicious imports in
<code>TYPE_CHECKING</code> blocks (<code>S401</code>-<code>S415</code>)
(<a
href="https://redirect.github.com/astral-sh/ruff/pull/23441 ">#23441</a>)</p>
</li>
<li>
<p>[<code>flake8-bugbear</code>] Allow <code>B901</code> in pytest hook
wrappers (<a
href="https://redirect.github.com/astral-sh/ruff/pull/21931 ">#21931</a>)</p>
</li>
<li>
<p>[<code>flake8-import-conventions</code>] Add missing conventions from
upstream (<code>ICN001</code>, <code>ICN002</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/21373 ">#21373</a>)</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f14edd8661https://redirect.github.com/astral-sh/ruff/issues/23595 ">#23595</a>)</li>
<li><a
href="fd09d37007https://redirect.github.com/astral-sh/ruff/issues/23588 ">#23588</a>)</li>
<li><a
href="81d655fadc625b4f5a67https://redirect.github.com/astral-sh/ruff/issues/23591 ">#23591</a>)</li>
<li><a
href="60facfa0bchttps://redirect.github.com/astral-sh/ruff/issues/23589 ">#23589</a>)</li>
<li><a
href="fbb9fa75cchttps://redirect.github.com/astral-sh/ruff/issues/23568 ">#23568</a>)</li>
<li><a
href="5bc49a9412https://redirect.github.com/astral-sh/ruff/issues/23586 ">#23586</a>)</li>
<li><a
href="a62ba8c6e2https://redirect.github.com/astral-sh/ruff/issues/23277 ">#23277</a>)</li>
<li><a
href="e5f2f36a3fhttps://redirect.github.com/astral-sh/ruff/issues/23585 ">#23585</a>)</li>
<li><a
href="0e19fc9a61https://redirect.github.com/astral-sh/ruff/issues/23552 ">#23552</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/astral-sh/ruff/compare/0.15.2...0.15.4 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `langsmith` from 0.7.6 to 0.7.9
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases ">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.7.9</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: catch blocksize typeError by <a
href="https://github.com/ericdong-langchain "><code>@ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2499 ">langchain-ai/langsmith-sdk#2499</a></li>
<li>chore: bump py ver by <a
href="https://github.com/ericdong-langchain "><code>@ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2501 ">langchain-ai/langsmith-sdk#2501</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.8...v0.7.9 ">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.8...v0.7.9 </a></p>
<h2>v0.7.8</h2>
<h2>What's Changed</h2>
<ul>
<li>fix(ci): replace mistakenly pinned Node 22.4.1 with 22.x by <a
href="https://github.com/jkennedyvz "><code>@jkennedyvz</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2477 ">langchain-ai/langsmith-sdk#2477</a></li>
<li>chore: bump GitHub workflow Node.js versions to 24.x by <a
href="https://github.com/jkennedyvz "><code>@jkennedyvz</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2485 ">langchain-ai/langsmith-sdk#2485</a></li>
<li>chore(deps): bump the py-minor-and-patch group across 1 directory
with 15 updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2475 ">langchain-ai/langsmith-sdk#2475</a></li>
<li>chore(deps): bump rollup from 4.57.1 to 4.59.0 in
/js/internal/environment_tests/test-exports-vite in the npm_and_yarn
group across 1 directory by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2483 ">langchain-ai/langsmith-sdk#2483</a></li>
<li>feat(sandbox): add retry mechanism for python client by <a
href="https://github.com/DanielKneipp "><code>@DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2486 ">langchain-ai/langsmith-sdk#2486</a></li>
<li>chore(deps): bump rollup from 4.40.2 to 4.59.0 in /js by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2484 ">langchain-ai/langsmith-sdk#2484</a></li>
<li>Description change for read_dataset_version by <a
href="https://github.com/catherine-langchain "><code>@catherine-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2487 ">langchain-ai/langsmith-sdk#2487</a></li>
<li>feat(sandbox): async sandbox creation by <a
href="https://github.com/DanielKneipp "><code>@DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2493 ">langchain-ai/langsmith-sdk#2493</a></li>
<li>docs: rm pytest beta docstring by <a
href="https://github.com/baskaryan "><code>@baskaryan</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2496 ">langchain-ai/langsmith-sdk#2496</a></li>
<li>fix(anthropic): Add usage_metadata to metadata by <a
href="https://github.com/angus-langchain "><code>@angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2497 ">langchain-ai/langsmith-sdk#2497</a></li>
<li>Bump version: 0.7.7 → 0.7.8 by <a
href="https://github.com/angus-langchain "><code>@angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2498 ">langchain-ai/langsmith-sdk#2498</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/catherine-langchain "><code>@catherine-langchain</code></a>
made their first contribution in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2487 ">langchain-ai/langsmith-sdk#2487</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.7...v0.7.8 ">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.7...v0.7.8 </a></p>
<h2>v0.7.7</h2>
<h2>What's Changed</h2>
<ul>
<li>fix(js): subagent tool calls tracking for latest claude agent sdk by
<a href="https://github.com/dqbd "><code>@dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2463 ">langchain-ai/langsmith-sdk#2463</a></li>
<li>release(js): 0.5.5 by <a
href="https://github.com/dqbd "><code>@dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2464 ">langchain-ai/langsmith-sdk#2464</a></li>
<li>fix(js): Respect traceRawHttp for tracing streaming AI SDK calls by
<a href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in
<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2466 ">langchain-ai/langsmith-sdk#2466</a></li>
<li>release(js): 0.5.6 by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2467 ">langchain-ai/langsmith-sdk#2467</a></li>
<li>feat(python): add WebSocket transport for sandbox commands by <a
href="https://github.com/DanielKneipp "><code>@DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2443 ">langchain-ai/langsmith-sdk#2443</a></li>
<li>test(python): add tests for WebSocket transport layer by <a
href="https://github.com/DanielKneipp "><code>@DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2445 ">langchain-ai/langsmith-sdk#2445</a></li>
<li>feat(python): use WebSocket transport by default with HTTP fallback
by <a
href="https://github.com/DanielKneipp "><code>@DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2446 ">langchain-ai/langsmith-sdk#2446</a></li>
<li>feat(python): add CommandHandle for streaming, kill, stdin, and
reconnect by <a
href="https://github.com/DanielKneipp "><code>@DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2450 ">langchain-ai/langsmith-sdk#2450</a></li>
<li>test(python): add tests for CommandHandle and sandbox streaming
integration by <a
href="https://github.com/DanielKneipp "><code>@DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2448 ">langchain-ai/langsmith-sdk#2448</a></li>
<li>docs(python): document sandbox streaming, kill, stdin, and reconnect
by <a
href="https://github.com/DanielKneipp "><code>@DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2449 ">langchain-ai/langsmith-sdk#2449</a></li>
<li>chore(deps): bump google-cloud-aiplatform from 1.126.1 to 1.133.0 in
/python by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2465 ">langchain-ai/langsmith-sdk#2465</a></li>
<li>fix(js): Fix list commits endpoint for private prompts by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2479 ">langchain-ai/langsmith-sdk#2479</a></li>
<li>feat: persist failed trace payloads to disk for later replay by <a
href="https://github.com/angus-langchain "><code>@angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2476 ">langchain-ai/langsmith-sdk#2476</a></li>
<li>feat: add native thread querying support by <a
href="https://github.com/ericdong-langchain "><code>@ericdong-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2455 ">langchain-ai/langsmith-sdk#2455</a></li>
<li>feat: add raw response parsing for responses api to openai wrapper
by <a href="https://github.com/victorm-lc "><code>@victorm-lc</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2480 ">langchain-ai/langsmith-sdk#2480</a></li>
<li>fix: add integration and version num by <a
href="https://github.com/samecrowder "><code>@samecrowder</code></a> in
<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2481 ">langchain-ai/langsmith-sdk#2481</a></li>
<li>release(py): 0.5.7 by <a
href="https://github.com/samecrowder "><code>@samecrowder</code></a> in
<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2482 ">langchain-ai/langsmith-sdk#2482</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/samecrowder "><code>@samecrowder</code></a>
made their first contribution in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2481 ">langchain-ai/langsmith-sdk#2481</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="52339a4d73https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2501 ">#2501</a>)</li>
<li><a
href="8d464b565fhttps://redirect.github.com/langchain-ai/langsmith-sdk/issues/2499 ">#2499</a>)</li>
<li><a
href="d442f952cahttps://redirect.github.com/langchain-ai/langsmith-sdk/issues/2498 ">#2498</a>)</li>
<li><a
href="498536f09dhttps://redirect.github.com/langchain-ai/langsmith-sdk/issues/2497 ">#2497</a>)</li>
<li><a
href="96a6801ac3https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2496 ">#2496</a>)</li>
<li><a
href="b3141e3e4bhttps://redirect.github.com/langchain-ai/langsmith-sdk/issues/2493 ">#2493</a>)</li>
<li><a
href="430999bedbhttps://redirect.github.com/langchain-ai/langsmith-sdk/issues/2487 ">#2487</a>)</li>
<li><a
href="b20cf2a7bdhttps://redirect.github.com/langchain-ai/langsmith-sdk/issues/2484 ">#2484</a>)</li>
<li><a
href="3c15041afahttps://redirect.github.com/langchain-ai/langsmith-sdk/issues/2486 ">#2486</a>)</li>
<li><a
href="1d29f1ce9bhttps://github.com/langchain-ai/langsmith-sdk/compare/v0.7.6...v0.7.9 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `ruff` from 0.15.2 to 0.15.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/releases ">ruff's
releases</a>.</em></p>
<blockquote>
<h2>0.15.4</h2>
<h2>Release Notes</h2>
<p>Released on 2026-02-26.</p>
<p>This is a follow-up release to 0.15.3 that resolves a panic when the
new rule <code>PLR1712</code> was enabled with any rule that analyzes
definitions, such as many of the <code>ANN</code> or <code>D</code>
rules.</p>
<h3>Bug fixes</h3>
<ul>
<li>Fix panic on access to definitions after analyzing definitions (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23588 ">#23588</a>)</li>
<li>[<code>pyflakes</code>] Suppress false positive in <code>F821</code>
for names used before <code>del</code> in stub files (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23550 ">#23550</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Clarify first-party import detection in Ruff (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23591 ">#23591</a>)</li>
<li>Fix incorrect <code>import-heading</code> example (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23568 ">#23568</a>)</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a
href="https://github.com/stakeswky "><code>@stakeswky</code></a></li>
<li><a href="https://github.com/ntBre "><code>@ntBre</code></a></li>
<li><a
href="https://github.com/thejcannon "><code>@thejcannon</code></a></li>
<li><a href="https://github.com/GeObts "><code>@GeObts</code></a></li>
</ul>
<h2>Install ruff 0.15.4</h2>
<h3>Install prebuilt binaries via shell script</h3>
<pre lang="sh"><code>curl --proto '=https' --tlsv1.2 -LsSf
https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-installer.sh
| sh
</code></pre>
<h3>Install prebuilt binaries via powershell script</h3>
<pre lang="sh"><code>powershell -ExecutionPolicy Bypass -c "irm
https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-installer.ps1
| iex"
</code></pre>
<h2>Download ruff 0.15.4</h2>
<table>
<thead>
<tr>
<th>File</th>
<th>Platform</th>
<th>Checksum</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-aarch64-apple-darwin.tar.gz ">ruff-aarch64-apple-darwin.tar.gz</a></td>
<td>Apple Silicon macOS</td>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-aarch64-apple-darwin.tar.gz.sha256 ">checksum</a></td>
</tr>
<tr>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-x86_64-apple-darwin.tar.gz ">ruff-x86_64-apple-darwin.tar.gz</a></td>
<td>Intel macOS</td>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-x86_64-apple-darwin.tar.gz.sha256 ">checksum</a></td>
</tr>
<tr>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-aarch64-pc-windows-msvc.zip ">ruff-aarch64-pc-windows-msvc.zip</a></td>
<td>ARM64 Windows</td>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-aarch64-pc-windows-msvc.zip.sha256 ">checksum</a></td>
</tr>
<tr>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-i686-pc-windows-msvc.zip ">ruff-i686-pc-windows-msvc.zip</a></td>
<td>x86 Windows</td>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-i686-pc-windows-msvc.zip.sha256 ">checksum</a></td>
</tr>
<tr>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-x86_64-pc-windows-msvc.zip ">ruff-x86_64-pc-windows-msvc.zip</a></td>
<td>x64 Windows</td>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-x86_64-pc-windows-msvc.zip.sha256 ">checksum</a></td>
</tr>
<tr>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-aarch64-unknown-linux-gnu.tar.gz ">ruff-aarch64-unknown-linux-gnu.tar.gz</a></td>
<td>ARM64 Linux</td>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-aarch64-unknown-linux-gnu.tar.gz.sha256 ">checksum</a></td>
</tr>
<tr>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-i686-unknown-linux-gnu.tar.gz ">ruff-i686-unknown-linux-gnu.tar.gz</a></td>
<td>x86 Linux</td>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-i686-unknown-linux-gnu.tar.gz.sha256 ">checksum</a></td>
</tr>
<tr>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-powerpc64-unknown-linux-gnu.tar.gz ">ruff-powerpc64-unknown-linux-gnu.tar.gz</a></td>
<td>PPC64 Linux</td>
<td><a
href="https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-powerpc64-unknown-linux-gnu.tar.gz.sha256 ">checksum</a></td>
</tr>
</tbody>
</table>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md ">ruff's
changelog</a>.</em></p>
<blockquote>
<h2>0.15.4</h2>
<p>Released on 2026-02-26.</p>
<p>This is a follow-up release to 0.15.3 that resolves a panic when the
new rule <code>PLR1712</code> was enabled with any rule that analyzes
definitions, such as many of the <code>ANN</code> or <code>D</code>
rules.</p>
<h3>Bug fixes</h3>
<ul>
<li>Fix panic on access to definitions after analyzing definitions (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23588 ">#23588</a>)</li>
<li>[<code>pyflakes</code>] Suppress false positive in <code>F821</code>
for names used before <code>del</code> in stub files (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23550 ">#23550</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Clarify first-party import detection in Ruff (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23591 ">#23591</a>)</li>
<li>Fix incorrect <code>import-heading</code> example (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23568 ">#23568</a>)</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a
href="https://github.com/stakeswky "><code>@stakeswky</code></a></li>
<li><a href="https://github.com/ntBre "><code>@ntBre</code></a></li>
<li><a
href="https://github.com/thejcannon "><code>@thejcannon</code></a></li>
<li><a href="https://github.com/GeObts "><code>@GeObts</code></a></li>
</ul>
<h2>0.15.3</h2>
<p>Released on 2026-02-26.</p>
<h3>Preview features</h3>
<ul>
<li>
<p>Drop explicit support for <code>.qmd</code> file extension (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23572 ">#23572</a>)</p>
<p>This can now be enabled instead by setting the <a
href="https://docs.astral.sh/ruff/settings/#extension "><code>extension</code></a>
option:</p>
<pre lang="toml"><code># ruff.toml
extension = { qmd = "markdown" }
<h1>pyproject.toml</h1>
<p>[tool.ruff]
extension = { qmd = "markdown" }
</code></pre></p>
</li>
<li>
<p>Include configured extensions in file discovery (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23400 ">#23400</a>)</p>
</li>
<li>
<p>[<code>flake8-bandit</code>] Allow suspicious imports in
<code>TYPE_CHECKING</code> blocks (<code>S401</code>-<code>S415</code>)
(<a
href="https://redirect.github.com/astral-sh/ruff/pull/23441 ">#23441</a>)</p>
</li>
<li>
<p>[<code>flake8-bugbear</code>] Allow <code>B901</code> in pytest hook
wrappers (<a
href="https://redirect.github.com/astral-sh/ruff/pull/21931 ">#21931</a>)</p>
</li>
<li>
<p>[<code>flake8-import-conventions</code>] Add missing conventions from
upstream (<code>ICN001</code>, <code>ICN002</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/21373 ">#21373</a>)</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f14edd8661https://redirect.github.com/astral-sh/ruff/issues/23595 ">#23595</a>)</li>
<li><a
href="fd09d37007https://redirect.github.com/astral-sh/ruff/issues/23588 ">#23588</a>)</li>
<li><a
href="81d655fadc625b4f5a67https://redirect.github.com/astral-sh/ruff/issues/23591 ">#23591</a>)</li>
<li><a
href="60facfa0bchttps://redirect.github.com/astral-sh/ruff/issues/23589 ">#23589</a>)</li>
<li><a
href="fbb9fa75cchttps://redirect.github.com/astral-sh/ruff/issues/23568 ">#23568</a>)</li>
<li><a
href="5bc49a9412https://redirect.github.com/astral-sh/ruff/issues/23586 ">#23586</a>)</li>
<li><a
href="a62ba8c6e2https://redirect.github.com/astral-sh/ruff/issues/23277 ">#23277</a>)</li>
<li><a
href="e5f2f36a3fhttps://redirect.github.com/astral-sh/ruff/issues/23585 ">#23585</a>)</li>
<li><a
href="0e19fc9a61https://redirect.github.com/astral-sh/ruff/issues/23552 ">#23552</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/astral-sh/ruff/compare/0.15.2...0.15.4 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `langchain-aws` from 1.3.0 to 1.3.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langchain-aws/releases ">langchain-aws's
releases</a>.</em></p>
<blockquote>
<h2>langchain-aws==1.3.1</h2>
<h2>What's Changed</h2>
<ul>
<li>fix(aws): handle video blocks in _format_data_content_block by <a
href="https://github.com/sharyar "><code>@sharyar</code></a> in <a
href="https://redirect.github.com/langchain-ai/langchain-aws/pull/898 ">langchain-ai/langchain-aws#898</a></li>
<li>feat(aws): Support strict parameter in ChatBedrockConverse
bind_tools by <a
href="https://github.com/michaelnchin "><code>@michaelnchin</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langchain-aws/pull/882 ">langchain-ai/langchain-aws#882</a></li>
<li>fix(aws): Preserve input format of ChatBedrockConverse
additional_model_request_fields keys by <a
href="https://github.com/michaelnchin "><code>@michaelnchin</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langchain-aws/pull/886 ">langchain-ai/langchain-aws#886</a></li>
<li>release(aws): 1.3.1 by <a
href="https://github.com/michaelnchin "><code>@michaelnchin</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langchain-aws/pull/902 ">langchain-ai/langchain-aws#902</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/sharyar "><code>@sharyar</code></a> made
their first contribution in <a
href="https://redirect.github.com/langchain-ai/langchain-aws/pull/898 ">langchain-ai/langchain-aws#898</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langchain-aws/compare/langchain-aws==1.3.0...langchain-aws==1.3.1 ">https://github.com/langchain-ai/langchain-aws/compare/langchain-aws==1.3.0...langchain-aws==1.3.1 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2bec09d097https://redirect.github.com/langchain-ai/langchain-aws/issues/902 ">#902</a>)</li>
<li><a
href="7166abca9f81fdf34237https://redirect.github.com/langchain-ai/langchain-aws/issues/882 ">#882</a>)</li>
<li><a
href="b0cab4705chttps://redirect.github.com/langchain-ai/langchain-aws/issues/898 ">#898</a>)</li>
<li><a
href="42edadb0e8558aeeaceahttps://github.com/langchain-ai/langchain-aws/compare/langchain-aws==1.3.0...langchain-aws==1.3.1 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `python-dotenv` from 1.2.1 to 1.2.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/theskumar/python-dotenv/releases ">python-dotenv's
releases</a>.</em></p>
<blockquote>
<h2>v1.2.2</h2>
<h3>Added</h3>
<ul>
<li>Support for Python 3.14, including the free-threaded (3.14t) build.
(#)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>The <code>dotenv run</code> command now forwards flags directly to
the specified command by <a
href="https://github.com/bbc2 "><code>@bbc2</code></a> in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/607 ">theskumar/python-dotenv#607</a></li>
<li>Improved documentation clarity regarding override behavior and the
reference page.</li>
<li>Updated PyPy support to version 3.11.</li>
<li>Documentation for FIFO file support.</li>
<li>Support for Python 3.9.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Improved <code>set_key</code> and <code>unset_key</code> behavior
when interacting with symlinks by <a
href="https://github.com/bbc2 "><code>@bbc2</code></a> in <a
href="790c5c0299https://github.com/JYOuyang "><code>@JYOuyang</code></a> in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/590 ">theskumar/python-dotenv#590</a></li>
</ul>
<h3>Breaking Changes</h3>
<ul>
<li>
<p><code>dotenv.set_key</code> and <code>dotenv.unset_key</code> used to
follow symlinks in some
situations. This is no longer the case. For that behavior to be restored
in
all cases, <code>follow_symlinks=True</code> should be used.</p>
</li>
<li>
<p>In the CLI, <code>set</code> and <code>unset</code> used to follow
symlinks in some situations. This
is no longer the case.</p>
</li>
<li>
<p><code>dotenv.set_key</code>, <code>dotenv.unset_key</code> and the
CLI commands <code>set</code> and <code>unset</code>
used to reset the file mode of the modified .env file to
<code>0o600</code> in some
situations. This is no longer the case: The original mode of the file is
now
preserved. Is the file needed to be created or wasn't a regular file,
mode
<code>0o600</code> is used.</p>
</li>
</ul>
<h3>Misc</h3>
<ul>
<li>skip 000 permission tests for root user by <a
href="https://github.com/burnout-projects "><code>@burnout-projects</code></a>
in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/561 ">theskumar/python-dotenv#561</a></li>
<li>Bump actions/checkout from 5 to 6 in the github-actions group by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/593 ">theskumar/python-dotenv#593</a></li>
<li>Add Windows testing to CI by <a
href="https://github.com/bbc2 "><code>@bbc2</code></a> in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/604 ">theskumar/python-dotenv#604</a></li>
<li>Improve workflow efficiency with best practices by <a
href="https://github.com/theskumar "><code>@theskumar</code></a> in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/609 ">theskumar/python-dotenv#609</a></li>
<li>Remove the use of <code>sh</code> in tests by <a
href="https://github.com/bbc2 "><code>@bbc2</code></a> in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/612 ">theskumar/python-dotenv#612</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/JYOuyang "><code>@JYOuyang</code></a>
made their first contribution in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/590 ">theskumar/python-dotenv#590</a></li>
<li><a
href="https://github.com/burnout-projects "><code>@burnout-projects</code></a>
made their first contribution in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/561 ">theskumar/python-dotenv#561</a></li>
<li><a
href="https://github.com/cpackham-atlnz "><code>@cpackham-atlnz</code></a>
made their first contribution in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/597 ">theskumar/python-dotenv#597</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2 ">https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2 </a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md ">python-dotenv's
changelog</a>.</em></p>
<blockquote>
<h2>[1.2.2] - 2026-03-01</h2>
<h3>Added</h3>
<ul>
<li>Support for Python 3.14, including the free-threaded (3.14t) build.
(<a
href="https://redirect.github.com/theskumar/python-dotenv/issues/588 ">#588</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>The <code>dotenv run</code> command now forwards flags directly to
the specified command by [<a
href="https://github.com/bbc2 "><code>@bbc2</code></a>] in <a
href="https://redirect.github.com/theskumar/python-dotenv/issues/607 ">#607</a></li>
<li>Improved documentation clarity regarding override behavior and the
reference page.</li>
<li>Updated PyPy support to version 3.11.</li>
<li>Documentation for FIFO file support.</li>
<li>Dropped Support for Python 3.9.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Improved <code>set_key</code> and <code>unset_key</code> behavior
when interacting with symlinks by [<a
href="https://github.com/bbc2 "><code>@bbc2</code></a>] in
[790c5c0]</li>
<li>Corrected the license specifier and added missing Python 3.14
classifiers in package metadata by [<a
href="https://github.com/JYOuyang "><code>@JYOuyang</code></a>] in <a
href="https://redirect.github.com/theskumar/python-dotenv/issues/590 ">#590</a></li>
</ul>
<h3>Breaking Changes</h3>
<ul>
<li>
<p><code>dotenv.set_key</code> and <code>dotenv.unset_key</code> used to
follow symlinks in some
situations. This is no longer the case. For that behavior to be restored
in
all cases, <code>follow_symlinks=True</code> should be used.</p>
</li>
<li>
<p>In the CLI, <code>set</code> and <code>unset</code> used to follow
symlinks in some situations. This
is no longer the case.</p>
</li>
<li>
<p><code>dotenv.set_key</code>, <code>dotenv.unset_key</code> and the
CLI commands <code>set</code> and <code>unset</code>
used to reset the file mode of the modified .env file to
<code>0o600</code> in some
situations. This is no longer the case: The original mode of the file is
now
preserved. Is the file needed to be created or wasn't a regular file,
mode
<code>0o600</code> is used.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="36004e0e34eb202520e5790c5c029943340da220https://redirect.github.com/theskumar/python-dotenv/issues/612 ">#612</a>)</li>
<li><a
href="09d7cee324https://redirect.github.com/theskumar/python-dotenv/issues/610 ">#610</a>)</li>
<li><a
href="c8de2887c0https://redirect.github.com/theskumar/python-dotenv/issues/609 ">#609</a>)</li>
<li><a
href="7bd9e3dbfehttps://redirect.github.com/theskumar/python-dotenv/issues/604 ">#604</a>)</li>
<li><a
href="1baaf04f33https://redirect.github.com/theskumar/python-dotenv/issues/608 ">#608</a>)</li>
<li><a
href="4a22cf8993https://redirect.github.com/theskumar/python-dotenv/issues/588 ">#588</a>)</li>
<li><a
href="e2e8e776b4https://redirect.github.com/theskumar/python-dotenv/issues/597 ">#597</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `langchainhub` from 0.1.18 to 0.1.21
Updates `fastapi` from 0.133.0 to 0.135.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/fastapi/fastapi/releases ">fastapi's
releases</a>.</em></p>
<blockquote>
<h2>0.135.1</h2>
<h3>Fixes</h3>
<ul>
<li>🐛 Fix, avoid yield from a TaskGroup, only as an async context
manager, closed in the request async exit stack. PR <a
href="https://redirect.github.com/fastapi/fastapi/pull/15038 ">#15038</a>
by <a
href="https://github.com/tiangolo "><code>@tiangolo</code></a>.</li>
</ul>
<h3>Docs</h3>
<ul>
<li>✏️ Fix typo in <code>docs/en/docs/_llm-test.md</code>. PR <a
href="https://redirect.github.com/fastapi/fastapi/pull/15007 ">#15007</a>
by <a
href="https://github.com/adityagiri3600 "><code>@adityagiri3600</code></a>.</li>
<li>📝 Update Skill, optimize context, trim and refactor into references.
PR <a
href="https://redirect.github.com/fastapi/fastapi/pull/15031 ">#15031</a>
by <a
href="https://github.com/tiangolo "><code>@tiangolo</code></a>.</li>
</ul>
<h3>Internal</h3>
<ul>
<li>👥 Update FastAPI People - Experts. PR <a
href="https://redirect.github.com/fastapi/fastapi/pull/15037 ">#15037</a>
by <a
href="https://github.com/tiangolo "><code>@tiangolo</code></a>.</li>
<li>👥 Update FastAPI People - Contributors and Translators. PR <a
href="https://redirect.github.com/fastapi/fastapi/pull/15029 ">#15029</a>
by <a
href="https://github.com/tiangolo "><code>@tiangolo</code></a>.</li>
<li>👥 Update FastAPI GitHub topic repositories. PR <a
href="https://redirect.github.com/fastapi/fastapi/pull/15036 ">#15036</a>
by <a
href="https://github.com/tiangolo "><code>@tiangolo</code></a>.</li>
</ul>
<h2>0.135.0</h2>
<h3>Features</h3>
<ul>
<li>✨ Add support for Server Sent Events. PR <a
href="https://redirect.github.com/fastapi/fastapi/pull/15030 ">#15030</a>
by <a href="https://github.com/tiangolo "><code>@tiangolo</code></a>.
<ul>
<li>New docs: <a
href="https://fastapi.tiangolo.com/tutorial/server-sent-events/ ">Server-Sent
Events (SSE)</a>.</li>
</ul>
</li>
</ul>
<h2>0.134.0</h2>
<h3>Features</h3>
<ul>
<li>✨ Add support for streaming JSON Lines and binary data with
<code>yield</code>. PR <a
href="https://redirect.github.com/fastapi/fastapi/pull/15022 ">#15022</a>
by <a href="https://github.com/tiangolo "><code>@tiangolo</code></a>.
<ul>
<li>This also upgrades Starlette from <code>>=0.40.0</code> to
<code>>=0.46.0</code>, as it's needed to properly unrwap and re-raise
exceptions from exception groups.</li>
<li>New docs: <a
href="https://fastapi.tiangolo.com/tutorial/stream-json-lines/ ">Stream
JSON Lines</a>.</li>
<li>And new docs: <a
href="https://fastapi.tiangolo.com/advanced/stream-data/ ">Stream
Data</a>.</li>
</ul>
</li>
</ul>
<h3>Docs</h3>
<ul>
<li>📝 Update Library Agent Skill with streaming responses. PR <a
href="https://redirect.github.com/fastapi/fastapi/pull/15024 ">#15024</a>
by <a
href="https://github.com/tiangolo "><code>@tiangolo</code></a>.</li>
<li>📝 Update docs for responses and new stream with <code>yield</code>.
PR <a
href="https://redirect.github.com/fastapi/fastapi/pull/15023 ">#15023</a>
by <a
href="https://github.com/tiangolo "><code>@tiangolo</code></a>.</li>
<li>📝 Add <code>await</code> in <code>StreamingResponse</code> code
example to allow cancellation. PR <a
href="https://redirect.github.com/fastapi/fastapi/pull/14681 ">#14681</a>
by <a
href="https://github.com/casperdcl "><code>@casperdcl</code></a>.</li>
<li>📝 Rename <code>docs_src/websockets</code> to
<code>docs_src/websockets_</code> to avoid import errors. PR <a
href="https://redirect.github.com/fastapi/fastapi/pull/14979 ">#14979</a>
by <a
href="https://github.com/YuriiMotov "><code>@YuriiMotov</code></a>.</li>
</ul>
<h3>Internal</h3>
<ul>
<li>🔨 Run tests with <code>pytest-xdist</code> and
<code>pytest-cov</code>. PR <a
href="https://redirect.github.com/fastapi/fastapi/pull/14992 ">#14992</a>
by <a
href="https://github.com/YuriiMotov "><code>@YuriiMotov</code></a>.</li>
</ul>
<h2>0.133.1</h2>
<h3>Features</h3>
<ul>
<li>🔧 Add FastAPI Agent Skill. PR <a
href="https://redirect.github.com/fastapi/fastapi/pull/14982 ">#14982</a>
by <a href="https://github.com/tiangolo "><code>@tiangolo</code></a>.
<ul>
<li>Read more about it in <a
href="https://tiangolo.com/ideas/library-agent-skills/ ">Library Agent
Skills</a>.</li>
</ul>
</li>
</ul>
<h3>Internal</h3>
<ul>
<li>✅ Fix all tests are skipped on Windows. PR <a
href="https://redirect.github.com/fastapi/fastapi/pull/14994 ">#14994</a>
by <a
href="https://github.com/YuriiMotov "><code>@YuriiMotov</code></a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ca5f60ee72🔖 Release version 0.135.1</li>
<li><a
href="87f75aa62c📝 Update release notes</li>
<li><a
href="8a9258b169🐛 Fix, avoid yield from a TaskGroup, only as an async context manager,
closed...</li>
<li><a
href="6038507823📝 Update release notes</li>
<li><a
href="c796ba4f46👥 Update FastAPI People - Experts (<a
href="https://redirect.github.com/fastapi/fastapi/issues/15037 ">#15037</a>)</li>
<li><a
href="b24aa03b88📝 Update release notes</li>
<li><a
href="2c6104752a✏️ Fix typo in <code>docs/en/docs/_llm-test.md</code> (<a
href="https://redirect.github.com/fastapi/fastapi/issues/15007 ">#15007</a>)</li>
<li><a
href="e3bbeef8a2📝 Update release notes</li>
<li><a
href="d726c8cb2b📝 Update release notes</li>
<li><a
href="cf514e6d38👥 Update FastAPI People - Contributors and Translators (<a
href="https://redirect.github.com/fastapi/fastapi/issues/15029 ">#15029</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/fastapi/fastapi/compare/0.133.0...0.135.1 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `ruff` from 0.15.2 to 0.15.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/releases ">ruff's
releases</a>.</em></p>
<blockquote>
<h2>0.15.4</h2>
<h2>Release Notes</h2>
<p>Released on 2026-02-26.</p>
<p>This is a follow-up release to 0.15.3 that resolves a panic when the
new rule <code>PLR1712</code> was enabled with any rule that analyzes
definitions, such as many of the <code>ANN</code> or <code>D</code>
rules.</p>
<h3>Bug fixes</h3>
<ul>
<li>Fix panic on access to definitions after analyzing definitions (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23588 ">#23588</a>)</li>
<li>[<code>pyflakes</code>] Suppress false positive in <code>F821</code>
for names used before <code>del</code> in stub files (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23550 ">#23550</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Clarify first-party import detection in Ruff (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23591 ">#23591</a>)</li>
<li>Fix...
_Description has been truncated_
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-02 09:19:26 -05:00
Nick Hollon
Sydney Runkle
Mason Daugherty
dependabot[bot]
ccurme
Eugene Yurtsev
Jacob Lee
John Kennedy