Mason Daugherty
aef86c476d
chore(infra): bump langchain-tests floor to 1.1.9 ( #37610 )
...
Bumps the `langchain-tests` minimum across the monorepo from `1.0.0` to
`1.1.9` and adds a partner-level `Makefile` so partner lockfiles can be
regenerated in one command, matching the existing convention under
`libs/`.
2026-05-21 13:36:22 -05:00
Mason Daugherty
abd9d4ce31
ci(infra): harden Dependabot version-bound preservation ( #37510 )
...
Dependabot has been stripping upper/lower bounds from internal
`langchain-*` deps in partner `pyproject.toml` files (e.g. #37288
reduced `langchain-core>=1.3.2,<2.0.0` to bare `langchain-core`). Locks
down the config so bumps preserve existing specifiers, and restores the
bounds it already mangled across the monorepo.
## Changes
- Add `versioning-strategy: increase` to every `uv` ecosystem block in
`.github/dependabot.yml` so future bumps move the lower bound in place
instead of rewriting the constraint.
- Ignore workspace-internal packages (`langchain-core`, `langchain`,
`langchain-classic`, `langchain-text-splitters`, `langchain-tests`,
`langchain-model-profiles`) on every `uv` block — these are editable
installs from local paths and their published constraints are
hand-curated for release, not Dependabot's to bump.
- Restore stripped bounds across all `libs/` packages — runtime
`dependencies` and every dep group (`test`, `dev`, `test_integration`,
`typing`, `lint`) — to `>=1.4.0,<2.0.0` for `langchain-core` and
`>=1.0.0,<2.0.0` for the other internal packages.
2026-05-18 17:24:19 -05:00
dependabot[bot]
9278dae4be
chore: bump langchain-core from 1.3.2 to 1.3.3 in /libs/partners/exa ( #37280 )
...
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps [langchain-core](https://github.com/langchain-ai/langchain ) from
1.3.2 to 1.3.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langchain/releases ">langchain-core's
releases</a>.</em></p>
<blockquote>
<h2>langchain-core==1.3.3</h2>
<p>Changes since langchain-core==1.3.2</p>
<p>release(core): 1.3.3 (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37198 ">#37198</a>)
fix(core): set deprecation <code>since</code> to 1.3.3 to match release
(<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37200 ">#37200</a>)
fix(core, langchain): harden <code>load()</code> against untrusted
manifests (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37197 ">#37197</a>)
chore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37109 ">#37109</a>)
chore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in
/libs/core (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37129 ">#37129</a>)
fix(core): preserve structured <code>inputs</code> on tool runs in
tracers (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37108 ">#37108</a>)
release(perplexity): 1.2.0 (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37091 ">#37091</a>)
chore(docs): update x handle references (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37081 ">#37081</a>)
fix(core): make <code>removal</code> optional in
<code>warn_deprecated</code> (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37056 ">#37056</a>)
fix(core): validate batch_size in _batch and _abatch to prevent infinite
loop (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/36663 ">#36663</a>)
chore(core): mark stream_v2/astream_v2 as beta (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/36992 ">#36992</a>)</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5039dfec1fhttps://redirect.github.com/langchain-ai/langchain/issues/37198 ">#37198</a>)</li>
<li><a
href="55a7707837https://redirect.github.com/langchain-ai/langchain/issues/37200 ">#37200</a>)</li>
<li><a
href="c979c6187bhttps://redirect.github.com/langchain-ai/langchain/issues/37197 ">#37197</a>)</li>
<li><a
href="d7031101dahttps://redirect.github.com/langchain-ai/langchain/issues/37190 ">#37190</a>)</li>
<li><a
href="4d50a2a68bhttps://redirect.github.com/langchain-ai/langchain/issues/37194 ">#37194</a>)</li>
<li><a
href="9bd730e199https://redirect.github.com/langchain-ai/langchain/issues/37193 ">#37193</a>)</li>
<li><a
href="f475f4191fhttps://redirect.github.com/langchain-ai/langchain/issues/37191 ">#37191</a>)</li>
<li><a
href="7dbff48affhttps://redirect.github.com/langchain-ai/langchain/issues/37188 ">#37188</a>)</li>
<li><a
href="913816c440https://redirect.github.com/langchain-ai/langchain/issues/37189 ">#37189</a>)</li>
<li><a
href="4498d3dc84https://github.com/langchain-ai/langchain/compare/langchain-core==1.3.2...langchain-core==1.3.3 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-09 12:21:25 -04:00
open-swe[bot]
ba897ffa7e
chore(docs): update x handle references ( #37081 )
...
## Description
Updates package metadata and README badges so LangChain social links
point to the new `@langchain_oss` X handle. This was completed with
AI-agent assistance.
## Test Plan
- [ ] Validate README badges and package metadata links point to
`https://x.com/langchain_oss `
_Opened collaboratively by Mason Daugherty and open-swe._
---------
Co-authored-by: open-swe[bot] <open-swe@users.noreply.github.com >
Co-authored-by: Mason Daugherty <61371264+mdrxy@users.noreply.github.com >
2026-04-29 13:56:09 -04:00
Mason Daugherty
56d6e89be0
hotfix: bump min core versions ( #36996 )
2026-04-24 15:23:28 -04:00
Nick Hollon
ffaac42bf9
ci(infra): add pytest-xdist to partner test groups ( #36988 )
2026-04-24 13:23:03 +00:00
Mason Daugherty
7e81d09f2a
chore(deps): bump pytest to 9.0.3 ( #36801 )
...
CVE-2025-71176 (medium severity)
All are dev-only (test dependency group) — no impact on published
packages.
### Why syrupy was also bumped
syrupy 4.x (`<5.0.0`) constrains pytest to `<9.0.0`, blocking the CVE
fix. Widening to `<6.0.0` allows syrupy 5.x which supports pytest 9.x.
2026-04-15 21:46:40 -06:00
Mason Daugherty
555bdfbade
chore: add comment explaining pygments>=2.20.0 ( #36570 )
2026-04-06 15:07:07 -04:00
John Kennedy
0f4f3f74c8
chore: pygments>=2.20.0 across all packages (CVE-2026-4539) ( #36385 )
...
## Summary
Bumps `pygments` to `>=2.20.0` across all 21 affected packages to
address [CVE-2026-4539](https://github.com/advisories/GHSA-XXXX ) — ReDoS
via inefficient GUID regex in Pygments.
- **Severity:** Low
- **Fixed in:** 2.20.0 (was 2.19.2)
- **Change:** Added `pygments>=2.20.0` to `constraint-dependencies` in
`[tool.uv]` for each package, then ran `uv lock --upgrade-package
pygments` to regenerate lock files.
Closes Dependabot alerts #3435–#3455.
## Release Note
Patch deps
### Test Plan
- [x] CI Green 🙏
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-03-30 23:26:59 -04:00
ccurme
4c62fa5323
release(exa): 1.1.0 ( #36278 )
2026-03-26 12:58:04 -04:00
Mason Daugherty
1778b082ec
chore(partners): bump langchain-core min to 1.2.21 ( #36183 )
...
Bump the minimum `langchain-core` dependency to `>=1.2.21` across all 14
partner packages in the monorepo. Aligns partner lower bounds with the
latest core release so consumers pick up recent fixes (notably the
`ModelProfile` schema drift fix from core 1.2.21).
2026-03-23 19:39:35 -04:00
Mason Daugherty
5c018f5cd1
chore: enrich pyproject.toml files ( #34980 )
2026-02-02 13:07:05 -05:00
Mason Daugherty
3d687ea8fb
chore: update twitter URLs ( #34736 )
2026-01-13 01:54:11 -05:00
Mason Daugherty
18c25e9f10
chore: ban relative imports on all packages ( #34691 )
2026-01-09 17:02:24 -05:00
Mason Daugherty
64e6798a39
chore: update pyproject.toml url entries ( #33587 )
2025-10-17 17:16:55 -04:00
Mason Daugherty
c194ee2046
release(exa): 1.0.0 ( #33570 )
2025-10-17 11:17:43 -04:00
ccurme
3152d25811
fix: support python 3.14 in various projects ( #33575 )
...
Co-authored-by: cbornet <cbornet@hotmail.com >
Co-authored-by: Mason Daugherty <mason@langchain.dev >
2025-10-17 11:06:23 -04:00
Mason Daugherty
31eeb50ce0
chore: drop UP045 ( #33362 )
...
Python 3.9 EOL
2025-10-08 21:17:53 -04:00
Mason Daugherty
cda336295f
chore: enrich pyproject.toml files with links to new references, others ( #33343 )
2025-10-07 16:17:14 -04:00
Mason Daugherty
8bcdfbb24e
chore: clean up pyproject.toml files, use core a7 ( #33334 )
2025-10-07 10:49:04 -04:00
Mason Daugherty
90e4d944ac
chore(infra): pdm -> hatchling ( #33289 )
2025-10-05 23:52:52 -04:00
Mason Daugherty
21ba7adbab
release(exa): 1.0.0a1 ( #33229 )
2025-10-02 19:03:45 -04:00
Mason Daugherty
986302322f
docs: more standardization ( #33124 )
2025-09-25 20:46:20 -04:00
Christophe Bornet
eaf8dce7c2
chore: bump ruff version to 0.13 ( #33043 )
...
Co-authored-by: Mason Daugherty <mason@langchain.dev >
2025-09-25 12:27:39 -04:00
Mason Daugherty
b92b394804
style: repo linting pass ( #33089 )
...
enable docstring-code-format
2025-09-24 15:25:55 -04:00
Mason Daugherty
781db9d892
chore: update pyproject.toml files, remove codespell ( #33028 )
...
- Removes Codespell from deps, docs, and `Makefile`s
- Python version requirements in all `pyproject.toml` files now use the
`~=` (compatible release) specifier
- All dependency groups and main dependencies now use explicit lower and
upper bounds, reducing potential for breaking changes
2025-09-20 22:09:33 -04:00
Mason Daugherty
5795ec3c4d
release(exa): 0.3.1 ( #32902 )
2025-09-11 15:53:13 -04:00
Mason Daugherty
7a158c7f1c
revert: "chore: remove ruff target-version" ( #32895 )
...
Reverts langchain-ai/langchain#32880
Not needed at the moment, will do when finishing v1
2025-09-10 20:56:48 -04:00
Christophe Bornet
b274416441
chore: remove ruff target-version ( #32880 )
...
This is not needed anymore since `requires-python` was added when moving
to `uv`.
2025-09-10 11:12:30 -04:00
Mason Daugherty
3d08b6bd11
chore: adress pytest-asyncio deprecation warnings + other nits ( #32696 )
...
amongst some linting imcompatible rules
2025-08-26 15:51:38 -04:00
niceg
0d6f915442
fix: LLM mimicking Unicode responses due to forced Unicode conversion of non-ASCII characters. ( #32222 )
...
fix: Fix LLM mimicking Unicode responses due to forced Unicode
conversion of non-ASCII characters.
- **Description:** This PR fixes an issue where the LLM would mimic
Unicode responses due to forced Unicode conversion of non-ASCII
characters in tool calls. The fix involves disabling the `ensure_ascii`
flag in `json.dumps()` when converting tool calls to OpenAI format.
- **Issue:** Fixes ↓↓↓
input:
```json
{'role': 'assistant', 'tool_calls': [{'type': 'function', 'id': 'call_nv9trcehdpihr21zj9po19vq', 'function': {'name': 'create_customer', 'arguments': '{"customer_name": "你好啊集团"}'}}]}
```
output:
```json
{'role': 'assistant', 'tool_calls': [{'type': 'function', 'id': 'call_nv9trcehdpihr21zj9po19vq', 'function': {'name': 'create_customer', 'arguments': '{"customer_name": "\\u4f60\\u597d\\u554a\\u96c6\\u56e2"}'}}]}
```
then:
llm will mimic outputting unicode. Unicode's vast number of symbols can
lengthen LLM responses, leading to slower performance.
<img width="686" height="277" alt="image"
src="https://github.com/user-attachments/assets/28f3b007-3964-4455-bee2-68f86ac1906d "
/>
---------
Co-authored-by: Mason Daugherty <github@mdrxy.com >
Co-authored-by: Mason Daugherty <mason@langchain.dev >
2025-07-24 17:01:31 -04:00
Mason Daugherty
4d9eefecab
fix: bump lockfiles ( #31923 )
...
* bump lockfiles after upgrading ruff
* resolve resulting linting fixes
2025-07-08 13:27:55 -04:00
Mason Daugherty
71b361936d
ruff: restore stacklevels, disable autofixing ( #31919 )
2025-07-08 12:55:47 -04:00
Mason Daugherty
63e3f2dea6
exa[patch]: ruff fixes and rules ( #31902 )
...
* bump ruff deps
* add more thorough ruff rules
* fix said rules
2025-07-08 02:02:42 +00:00
Mason Daugherty
e7eac27241
ruff: more rules across the board & fixes ( #31898 )
...
* standardizes ruff dep version across all `pyproject.toml` files
* cli: ruff rules and corrections
* langchain: rules and corrections
2025-07-07 17:48:01 -04:00
Mason Daugherty
6572399174
langchain-exa: add ruff bandit rules ( #31793 )
...
Add ruff bandit rules
2025-06-30 13:58:38 -04:00
Ishan Goswami
f16456139b
exa docs and python package update ( #31307 )
...
Added support for new Exa API features. Updated Exa docs and python
package (langchain-exa).
Description
Added support for new Exa API features in the langchain-exa package:
- Added max_characters option for text content
- Added support for summary and custom summary prompts
- Added livecrawl option with "always", "fallback", "never" settings
- Added "auto" option for search type
- Updated documentation and tests
Dependencies
- No new dependencies required. Using existing features from exa-py.
twitter: @theishangoswami
---------
Co-authored-by: Chester Curme <chester.curme@gmail.com >
2025-05-21 21:33:30 -04:00
Sydney Runkle
7e926520d5
packaging: remove Python upper bound for langchain and co libs ( #31025 )
...
Follow up to https://github.com/langchain-ai/langsmith-sdk/pull/1696 ,
I've bumped the `langsmith` version where applicable in `uv.lock`.
Type checking problems here because deps have been updated in
`pyproject.toml` and `uv lock` hasn't been run - we should enforce that
in the future - goes with the other dependabot todos :).
2025-04-28 14:44:28 -04:00
Sydney Runkle
8c6734325b
partners[lint]: run pyupgrade to get code in line with 3.9 standards ( #30781 )
...
Using `pyupgrade` to get all `partners` code up to 3.9 standards
(mostly, fixing old `typing` imports).
2025-04-11 07:18:44 -04:00
Erick Friis
1a225fad03
multiple: fix uv path deps ( #29790 )
...
file:// format wasn't working with updates - it doesn't install as an
editable dep
move to tool.uv.sources with path= instead
2025-02-13 21:32:34 +00:00
ccurme
d172984c91
infra: migrate to uv ( #29566 )
2025-02-06 13:36:26 -05:00
Bagatur
ee63d21915
many: use core 0.3.15 ( #27834 )
2024-11-01 20:35:55 +00:00
Erick Friis
92ae61bcc8
multiple: rely on asyncio_mode auto in tests ( #27200 )
2024-10-15 16:26:38 +00:00
Bagatur
6abb23ca97
exa[minor]: Release 0.2.0 ( #26476 )
2024-09-13 23:04:10 +00:00
Erick Friis
c2a3021bb0
multiple: pydantic 2 compatibility, v0.3 ( #26443 )
...
Signed-off-by: ChengZi <chen.zhang@zilliz.com >
Co-authored-by: Eugene Yurtsev <eyurtsev@gmail.com >
Co-authored-by: Bagatur <22008038+baskaryan@users.noreply.github.com >
Co-authored-by: Dan O'Donovan <dan.odonovan@gmail.com >
Co-authored-by: Tom Daniel Grande <tomdgrande@gmail.com >
Co-authored-by: Grande <Tom.Daniel.Grande@statsbygg.no >
Co-authored-by: Bagatur <baskaryan@gmail.com >
Co-authored-by: ccurme <chester.curme@gmail.com >
Co-authored-by: Harrison Chase <hw.chase.17@gmail.com >
Co-authored-by: Tomaz Bratanic <bratanic.tomaz@gmail.com >
Co-authored-by: ZhangShenao <15201440436@163.com >
Co-authored-by: Friso H. Kingma <fhkingma@gmail.com >
Co-authored-by: ChengZi <chen.zhang@zilliz.com >
Co-authored-by: Nuno Campos <nuno@langchain.dev >
Co-authored-by: Morgante Pell <morgantep@google.com >
2024-09-13 14:38:45 -07:00
Erick Friis
3dce2e1d35
all: add release notes to pypi ( #24519 )
2024-07-22 13:59:13 -07:00
Bagatur
a0c2281540
infra: update mypy 1.10, ruff 0.5 ( #23721 )
...
```python
"""python scripts/update_mypy_ruff.py"""
import glob
import tomllib
from pathlib import Path
import toml
import subprocess
import re
ROOT_DIR = Path(__file__).parents[1]
def main():
for path in glob.glob(str(ROOT_DIR / "libs/**/pyproject.toml"), recursive=True):
print(path)
with open(path, "rb") as f:
pyproject = tomllib.load(f)
try:
pyproject["tool"]["poetry"]["group"]["typing"]["dependencies"]["mypy"] = (
"^1.10"
)
pyproject["tool"]["poetry"]["group"]["lint"]["dependencies"]["ruff"] = (
"^0.5"
)
except KeyError:
continue
with open(path, "w") as f:
toml.dump(pyproject, f)
cwd = "/".join(path.split("/")[:-1])
completed = subprocess.run(
"poetry lock --no-update; poetry install --with typing; poetry run mypy . --no-color",
cwd=cwd,
shell=True,
capture_output=True,
text=True,
)
logs = completed.stdout.split("\n")
to_ignore = {}
for l in logs:
if re.match("^(.*)\:(\d+)\: error:.*\[(.*)\]", l):
path, line_no, error_type = re.match(
"^(.*)\:(\d+)\: error:.*\[(.*)\]", l
).groups()
if (path, line_no) in to_ignore:
to_ignore[(path, line_no)].append(error_type)
else:
to_ignore[(path, line_no)] = [error_type]
print(len(to_ignore))
for (error_path, line_no), error_types in to_ignore.items():
all_errors = ", ".join(error_types)
full_path = f"{cwd}/{error_path}"
try:
with open(full_path, "r") as f:
file_lines = f.readlines()
except FileNotFoundError:
continue
file_lines[int(line_no) - 1] = (
file_lines[int(line_no) - 1][:-1] + f" # type: ignore[{all_errors}]\n"
)
with open(full_path, "w") as f:
f.write("".join(file_lines))
subprocess.run(
"poetry run ruff format .; poetry run ruff --select I --fix .",
cwd=cwd,
shell=True,
capture_output=True,
text=True,
)
if __name__ == "__main__":
main()
```
2024-07-03 10:33:27 -07:00
Erick Friis
aca98fd150
multiple: releases with relaxed core dep ( #21724 )
2024-05-15 19:29:35 +00:00
Erick Friis
c77d2f2b06
multiple: core 0.2 nonbreaking dep, check_diff community->langchain dep ( #21646 )
...
0.2 is not a breaking release for core (but it is for langchain and
community)
To keep the core+langchain+community packages in sync at 0.2, we will
relax deps throughout the ecosystem to tolerate `langchain-core` 0.2
2024-05-13 19:50:36 -07:00
Erick Friis
c8d96f30bd
exa[patch]: fix lint ( #17610 )
2024-02-15 20:45:16 -08:00
