mirror of
https://github.com/hwchase17/langchain.git
synced 2026-07-11 09:26:29 +00:00
27160cd1fe8ab2efef448a423b4fa543d9cf1ca1
783 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
|
701cc0e6bb |
test(deps): Include Python 3.14 in integration test matrix (#34993)
Relates to #34441 Adds Python 3.14 to integration test matrix, hoping to contribute to the official support of Python 3.14 --------- Co-authored-by: Mason Daugherty <github@mdrxy.com> |
||
|
|
3246caf831 |
ci(infra): add org guards to workflows and remove dead v0.3 docs workflow (#38665)
Adds `github.repository_owner == 'langchain-ai'` guards to 14 GitHub
Actions workflows that were missing them. Without these guards,
write-capable automation (issue/PR labeling, closing, commenting, PR
reopening, release publishing) and CI jobs fire on forks — causing
unwanted mutations, wasted runner minutes, and failed GitHub App token
generation on repos that don't have the required secrets.
Also removes `v03_api_doc_build.yml`, which pushed built docs to
`langchain-ai/langchain-api-docs-html` via `TOKEN_GITHUB_API_DOCS_HTML`
— a secret that isn't set on this repo. The workflow was dead code with
no consumers.
---
## What changed
**Write-capable workflows now guarded** (8 files):
- `auto-label-by-package` — was adding/removing issue labels on forks
- `close_unchecked_issues` — was closing issues and posting comments on
forks via GitHub App token
- `tag-external-issues` — both `tag-external` and `backfill` jobs were
generating App tokens and labeling issues on forks
- `reopen_on_assignment` — was reopening PRs and re-running workflows on
forks
- `require_issue_link` — was closing PRs, creating labels, posting
comments, and canceling workflow runs on forks
- `remove_waiting_on_author` — was removing labels on fork issues/PRs
- `pr_labeler` — was generating App tokens and adding/removing PR labels
on forks
- `pr_labeler_backfill` — same, on manual trigger from a fork
**Read-only CI workflows now guarded** (5 files):
- `check_diffs` — `build` and `check-release-options` jobs (downstream
jobs inherit the skip)
- `codspeed` — `build` job
- `check_agents_sync`, `check_versions`, `check_release_deps`
**Release workflow guarded** (1 file):
- `_release` — `build` job (all downstream jobs chain via `needs`, so
they inherit the skip). Previously relied only on `environment: Release`
approval and a `github.ref` check.
**Removed**:
- `v03_api_doc_build.yml` — dead workflow depending on unset
`TOKEN_GITHUB_API_DOCS_HTML` secret
## What was already guarded
`block_fork_main_prs`, `bump_uv_pin`, `check_extras_sync`,
`integration_tests`, `pr_lint_trailer`, `refresh_model_profiles` already
had the guard. `pr_lint` (read-only, `pull-requests: read`) and the
`_*.yml` reusable workflows (only run when called by a guarded parent)
were intentionally left unguarded.
## Release note
- GitHub Actions workflows now skip execution on forks via
`repository_owner == 'langchain-ai'` guards, preventing unwanted
issue/PR automation and CI runs outside the canonical repo.
- Removed the dead `v03_api_doc_build` workflow that depended on an
unset secret.
---
🤖 Generated with AI-agent involvement.
|
||
|
|
4d4dab80bb |
feat(model-profiles): wrap multi-provider build_summary output in <details> toggles (#38664)
`build_summary` in `langchain_model_profiles._summary` now wraps each
provider section in a `<details>` toggle when more than one provider has
changes, making multi-provider refresh PR summaries skimmable.
Single-provider summaries are unchanged.
---
When the `refresh_model_profiles` workflow refreshes data for multiple
partner integrations at once, the resulting PR summary can be long and
hard to skim — every provider's added/removed/changed rows are rendered
flat, one after another. This wraps each provider section in a
`<details>`/`<summary>` toggle when more than one provider has changes,
so reviewers can expand only the providers they care about.
Single-provider summaries stay flat since there's nothing to collapse.
The per-provider `### {provider}` heading is stripped inside toggles so
the `<summary>` tag is the sole label — no duplicated provider name.
Also includes two smaller changes that were staged alongside:
- The `refresh_model_profiles` and `_refresh_model_profiles` workflow
PR-body templates now link to the workflow file instead of bare-text
referencing it.
- `AGENTS.md` and `CLAUDE.md` document the LangSmith integration test
tracing setup: the env vars CI sets, the pytest plugin that bridges
`LANGSMITH_TAGS`/`LANGSMITH_METADATA` into `tracing_context`, and the
unit-test isolation approach.
---------
Signed-off-by: Mason Daugherty <github@mdrxy.com>
Co-authored-by: open-swe[bot] <215916821+open-swe[bot]@users.noreply.github.com>
|
||
|
|
524c791e91 |
chore(deps): bump uv to 0.11.26 (#38588)
Bumps the uv pin in `.github/actions/uv_setup/action.yml` from `0.11.17` to [`0.11.26`](https://github.com/astral-sh/uv/releases/tag/0.11.26). Opened automatically by `bump_uv_pin.yml`. Mirror availability on `releases.astral.sh` was verified before this PR was created, so CI should not race the fallback. Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> |
||
|
|
fa021df592 |
chore: bump actions/checkout from 6.0.2 to 7.0.0 in the major group across 1 directory (#38585)
Bumps the major group with 1 update in the / directory: [actions/checkout](https://github.com/actions/checkout). Updates `actions/checkout` from 6.0.2 to 7.0.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v7.0.0</h2> <h2>What's Changed</h2> <ul> <li>block checking out fork pr for pull_request_target and workflow_run by <a href="https://github.com/aiqiaoy"><code>@aiqiaoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2454">actions/checkout#2454</a></li> <li>Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/checkout/pull/2458">actions/checkout#2458</a></li> <li>Bump flatted from 3.3.1 to 3.4.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/checkout/pull/2460">actions/checkout#2460</a></li> <li>Bump js-yaml from 4.1.0 to 4.2.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/checkout/pull/2461">actions/checkout#2461</a></li> <li>Bump <code>@actions/core</code> and <code>@actions/tool-cache</code> and Remove uuid by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/checkout/pull/2459">actions/checkout#2459</a></li> <li>upgrade module to esm and update dependencies by <a href="https://github.com/aiqiaoy"><code>@aiqiaoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2463">actions/checkout#2463</a></li> <li>Bump the minor-npm-dependencies group across 1 directory with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/checkout/pull/2462">actions/checkout#2462</a></li> <li>getting ready for checkout v7 release by <a href="https://github.com/aiqiaoy"><code>@aiqiaoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2464">actions/checkout#2464</a></li> <li>update error wording by <a href="https://github.com/aiqiaoy"><code>@aiqiaoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2467">actions/checkout#2467</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/aiqiaoy"><code>@aiqiaoy</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2454">actions/checkout#2454</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v6.0.3...v7.0.0">https://github.com/actions/checkout/compare/v6.0.3...v7.0.0</a></p> <h2>v6.0.3</h2> <h2>What's Changed</h2> <ul> <li>Update changelog by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2357">actions/checkout#2357</a></li> <li>fix: expand merge commit SHA regex and add SHA-256 test cases by <a href="https://github.com/yaananth"><code>@yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li> <li>Fix checkout init for SHA-256 repositories by <a href="https://github.com/yaananth"><code>@yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2439">actions/checkout#2439</a></li> <li>Update changelog for v6.0.3 by <a href="https://github.com/yaananth"><code>@yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2446">actions/checkout#2446</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/yaananth"><code>@yaananth</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v6...v6.0.3">https://github.com/actions/checkout/compare/v6...v6.0.3</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v7.0.0</h2> <ul> <li>Block checking out fork PR for pull_request_target and workflow_run by <a href="https://github.com/aiqiaoy"><code>@aiqiaoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2454">actions/checkout#2454</a></li> <li>Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/checkout/pull/2458">actions/checkout#2458</a></li> <li>Bump flatted from 3.3.1 to 3.4.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/checkout/pull/2460">actions/checkout#2460</a></li> <li>Bump js-yaml from 4.1.0 to 4.2.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/checkout/pull/2461">actions/checkout#2461</a></li> <li>Bump <code>@actions/core</code> and <code>@actions/tool-cache</code> and Remove uuid by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/checkout/pull/2459">actions/checkout#2459</a></li> <li>upgrade module to esm and update dependencies by <a href="https://github.com/aiqiaoy"><code>@aiqiaoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2463">actions/checkout#2463</a></li> <li>Bump the minor-npm-dependencies group across 1 directory with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/checkout/pull/2462">actions/checkout#2462</a></li> </ul> <h2>v6.0.3</h2> <ul> <li>Fix checkout init for SHA-256 repositories by <a href="https://github.com/yaananth"><code>@yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2439">actions/checkout#2439</a></li> <li>fix: expand merge commit SHA regex and add SHA-256 test cases by <a href="https://github.com/yaananth"><code>@yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li> </ul> <h2>v6.0.2</h2> <ul> <li>Fix tag handling: preserve annotations and explicit fetch-tags by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2356">actions/checkout#2356</a></li> </ul> <h2>v6.0.1</h2> <ul> <li>Add worktree support for persist-credentials includeIf by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout#2327</a></li> </ul> <h2>v6.0.0</h2> <ul> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> </ul> <h2>v5.0.1</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <h2>v5.0.0</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> </ul> <h2>v4.3.1</h2> <ul> <li>Port v6 cleanup to v4 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li> </ul> <h2>v4.3.0</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
de40ced8e5 |
chore: bump mikefarah/yq from 8f3291d3165497b360b8ffee3c887624bb6fa1cf to e2f1d5ccf73239195bf92280cd47596751492449 (#38586)
Bumps [mikefarah/yq](https://github.com/mikefarah/yq) from 8f3291d3165497b360b8ffee3c887624bb6fa1cf to e2f1d5ccf73239195bf92280cd47596751492449. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/mikefarah/yq/blob/master/release_notes.txt">mikefarah/yq's changelog</a>.</em></p> <blockquote> <p>4.53.3:</p> <ul> <li>Add <code>--ini-preserve-quotes</code> flag for INI round-trip quote preservation (<a href="https://redirect.github.com/mikefarah/yq/issues/2728">#2728</a>) Thanks <a href="https://github.com/toller892"><code>@toller892</code></a>!</li> <li>Fix: reset INI decoder state on init (<a href="https://redirect.github.com/mikefarah/yq/issues/2719">#2719</a>) Thanks <a href="https://github.com/xieby1"><code>@xieby1</code></a>!</li> <li>Fix: decode properties array bracket paths (<a href="https://redirect.github.com/mikefarah/yq/issues/2693">#2693</a>) Thanks <a href="https://github.com/cyphercodes"><code>@cyphercodes</code></a>!</li> <li>Fix: preserve floats with trailing zero when encoding YAML to JSON (<a href="https://redirect.github.com/mikefarah/yq/issues/2701">#2701</a>) Thanks <a href="https://github.com/ChrisJr404"><code>@ChrisJr404</code></a>!</li> <li>Fix: JSON to TOML root scope and null handling (<a href="https://redirect.github.com/mikefarah/yq/issues/2689">#2689</a>) Thanks <a href="https://github.com/LovesAsuna"><code>@LovesAsuna</code></a>!</li> <li>Fix: reset TOML decoder finished flag on Init for multi-doc evaluation (<a href="https://redirect.github.com/mikefarah/yq/issues/2704">#2704</a>) Thanks <a href="https://github.com/terminalchai"><code>@terminalchai</code></a>!</li> <li>Fix: reset TOML decoder between files when evaluating all at once (<a href="https://redirect.github.com/mikefarah/yq/issues/2685">#2685</a>) Thanks <a href="https://github.com/terminalchai"><code>@terminalchai</code></a>!</li> <li>Fix: preserve TOML inline table array scope (<a href="https://redirect.github.com/mikefarah/yq/issues/2694">#2694</a>) Thanks <a href="https://github.com/cyphercodes"><code>@cyphercodes</code></a>!</li> <li>Fix: preserve empty TOML arrays in tables (<a href="https://redirect.github.com/mikefarah/yq/issues/2686">#2686</a>) Thanks <a href="https://github.com/cyphercodes"><code>@cyphercodes</code></a>!</li> <li>Fix: TOML encoder uses inline tables for YAML FlowStyle mappings (<a href="https://redirect.github.com/mikefarah/yq/issues/2687">#2687</a>)</li> <li>Fix nested inline YAML merge explode (<a href="https://redirect.github.com/mikefarah/yq/issues/2699">#2699</a>) Thanks <a href="https://github.com/cyphercodes"><code>@cyphercodes</code></a>!</li> <li>Fix repeatString overflow test on 32-bit platforms (<a href="https://redirect.github.com/mikefarah/yq/issues/2680">#2680</a>) Thanks <a href="https://github.com/jandubois"><code>@jandubois</code></a>!</li> <li>Bumped dependencies</li> </ul> <p>4.53.2:</p> <ul> <li>Fixing release process</li> </ul> <p>4.53.1:</p> <ul> <li>Releases and tags now signed and immutable!</li> <li>Add system(command; args) operator (disabled by default) (<a href="https://redirect.github.com/mikefarah/yq/issues/2640">#2640</a>)</li> <li>TOML encoder: prefer readable table sections over inline tables (<a href="https://redirect.github.com/mikefarah/yq/issues/2649">#2649</a>)</li> <li>Fix TOML encoder to quote keys containing special characters (<a href="https://redirect.github.com/mikefarah/yq/issues/2648">#2648</a>)</li> <li>Add string slicing support (<a href="https://redirect.github.com/mikefarah/yq/issues/2639">#2639</a>)</li> <li>Fix findInArray misuse on MappingNodes in equality and contains (<a href="https://redirect.github.com/mikefarah/yq/issues/2645">#2645</a>) Thanks <a href="https://github.com/jandubois"><code>@jandubois</code></a>!</li> <li>Fix panic on negative slice indices that underflow after adjustment (<a href="https://redirect.github.com/mikefarah/yq/issues/2646">#2646</a>) Thanks <a href="https://github.com/jandubois"><code>@jandubois</code></a>!</li> <li>Fix stack overflow from circular alias in traverse (<a href="https://redirect.github.com/mikefarah/yq/issues/2647">#2647</a>) Thanks <a href="https://github.com/jandubois"><code>@jandubois</code></a>!</li> <li>Fix panic and OOM in repeatString for large repeat counts (<a href="https://redirect.github.com/mikefarah/yq/issues/2644">#2644</a>) Thanks <a href="https://github.com/jandubois"><code>@jandubois</code></a>!</li> <li>Bumped dependencies</li> </ul> <p>4.52.5:</p> <ul> <li>Fix: reset TOML decoder state between files (<a href="https://redirect.github.com/mikefarah/yq/issues/2634">#2634</a>) thanks <a href="https://github.com/terminalchai"><code>@terminalchai</code></a></li> <li>Fix: preserve original filename when using --front-matter (<a href="https://redirect.github.com/mikefarah/yq/issues/2613">#2613</a>) thanks <a href="https://github.com/cobyfrombrooklyn-bot"><code>@cobyfrombrooklyn-bot</code></a></li> <li>Fix typo in filename (<a href="https://redirect.github.com/mikefarah/yq/issues/2611">#2611</a>) thanks <a href="https://github.com/alexandear"><code>@alexandear</code></a></li> <li>Bumped dependencies</li> </ul> <p>4.52.4:</p> <ul> <li>Dropping windows/arm - no longer supported in cross-compile</li> </ul> <p>4.52.3:</p> <ul> <li>Fixing comments in TOML arrays (<a href="https://redirect.github.com/mikefarah/yq/issues/2592">#2592</a>)</li> <li>Bumped dependencies</li> </ul> <p>4.52.2:</p> <ul> <li>Fixed bad instructions file breaking go-install (<a href="https://redirect.github.com/mikefarah/yq/issues/2587">#2587</a>) Thanks <a href="https://github.com/theyoprst"><code>@theyoprst</code></a></li> <li>Fixed TOML table scope after comments (<a href="https://redirect.github.com/mikefarah/yq/issues/2588">#2588</a>) Thanks <a href="https://github.com/tomers"><code>@tomers</code></a></li> <li>Multiply uses a readonly context (<a href="https://redirect.github.com/mikefarah/yq/issues/2558">#2558</a>)</li> <li>Fixed merge globbing wildcards in keys (<a href="https://redirect.github.com/mikefarah/yq/issues/2564">#2564</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
96bbb34fb7 |
chore: bump the minor-and-patch group with 2 updates (#38584)
Bumps the minor-and-patch group with 2 updates: [actions/setup-python](https://github.com/actions/setup-python) and [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials). Updates `actions/setup-python` from 6.2.0 to 6.3.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-python/releases">actions/setup-python's releases</a>.</em></p> <blockquote> <h2>v6.3.0</h2> <h2>What's Changed</h2> <h3>Enhancement</h3> <ul> <li>Add RHEL support and include Linux distro in cache keys by <a href="https://github.com/priyagupta108"><code>@priyagupta108</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1323">actions/setup-python#1323</a></li> <li>Fix pip cache error handling on Windows by <a href="https://github.com/priyagupta108"><code>@priyagupta108</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1040">actions/setup-python#1040</a></li> </ul> <h3>Dependency update</h3> <ul> <li>Upgrade minimatch from 3.1.2 to 3.1.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1281">actions/setup-python#1281</a></li> <li>Upgrade actions dependencies by <a href="https://github.com/gowridurgad"><code>@gowridurgad</code></a> with <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1303">actions/setup-python#1303</a></li> <li>Upgrade <code>@actions/cache</code> to 5.1.0, log cache write denied by <a href="https://github.com/jasongin"><code>@jasongin</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1324">actions/setup-python#1324</a></li> <li>Upgrade dependency versions and test workflow configuration by <a href="https://github.com/HarithaVattikuti"><code>@HarithaVattikuti</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1322">actions/setup-python#1322</a></li> </ul> <h3>Documentation</h3> <ul> <li>Update advanced-usage.md by <a href="https://github.com/Dunky-Z"><code>@Dunky-Z</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/811">actions/setup-python#811</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/gowridurgad"><code>@gowridurgad</code></a> with <a href="https://github.com/Copilot"><code>@Copilot</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-python/pull/1303">actions/setup-python#1303</a></li> <li><a href="https://github.com/jasongin"><code>@jasongin</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-python/pull/1324">actions/setup-python#1324</a></li> <li><a href="https://github.com/Dunky-Z"><code>@Dunky-Z</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-python/pull/811">actions/setup-python#811</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-python/compare/v6...v6.3.0">https://github.com/actions/setup-python/compare/v6...v6.3.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
fa34b22343 |
docs(docs): add release note guidance to PR docs (#38574)
Adds release note expectations to the contribution guidance so behavior-changing PRs have a clear place for user-visible release notes. The agent-facing repository instructions now match the PR template guidance. |
||
|
|
f7e87f7ab8 |
feat(model-profiles): plain-English summary for profile refresh PRs (#38218)
Automated model-profile refresh PRs (e.g. #38210) ship a static template body, so a reviewer has to open *Files changed* and read large blocks of generated data to learn what actually moved. Because the underlying profile data is fully structured, we can describe the changes deterministically — no LLM, no hallucination risk. This adds a `langchain-profiles summarize` subcommand that compares the working-tree `_profiles.py` files against a git ref and renders a skimmable Markdown summary: models added (with a short capability descriptor), models removed, and per-field capability changes (context/output tokens, modalities, tool calling, reasoning, etc.), grouped by provider and capped so huge refreshes stay readable. Profiles are read with `ast.literal_eval` rather than imported, so the generated data file is never executed. Example output for a refresh that adds a model and bumps an output limit: ``` ## Summary of changes **1 added · 0 removed · 1 changed** across 1 provider(s). ### openai **➕ 1 added** - `gpt-6-preview` — 1,000,000 ctx, 128,000 out, text+image+audio in, reasoning, tools **✏️ 1 changed** - `gpt-3.5-turbo`: max output tokens 4,096 → 16,384 ``` Made by [Open SWE](https://openswe.vercel.app/agents/9bcbf182-effc-ba9b-0df3-afac620ad152) --------- Co-authored-by: open-swe[bot] <open-swe@users.noreply.github.com> |
||
|
|
05b5af17dc | chore(infra): update workflow key name (#38367) | ||
|
|
51578289bb |
chore(infra): allow skipping prior partner release checks (#38117)
Adds a manual release workflow input, `skip-prior-published-package-checks`, for core releases. The workflow dispatch dropdown supports: - `none` - `anthropic` - `openai` - `all` When a partner is selected, that matrix entry records an explicit skipped step and does not run the prior-published package test. The default remains `none`, so existing release behavior is unchanged unless the release operator opts into a skip. AI-agent assistance was used to prepare this workflow update. |
||
|
|
222dc846e0 |
ci(infra): clarify early PR auto-close guidance (#38090)
External contributors now get clearer guidance when the issue-link check closes a PR before maintainer assignment. The auto-close copy distinguishes the intended flow from the recovery path for PRs that were opened early. |
||
|
|
76c32db9b3 | chore(infra): remove noisy annotation (#38063) | ||
|
|
f5ef8cb8d2 |
ci(infra): make release checks handle coordinated package bumps (#38062)
Release validation now covers more of the compatibility surface before packages ship. The release dependency check also handles coordinated monorepo version bumps explicitly, so release PRs can verify published-package installability without failing on sibling package versions that will be published by the same PR. ## Changes - Run partner package unit tests, not just integration tests, when validating previously published partner packages against the newly built `langchain-core` wheel. - Treat dependencies satisfied by package versions introduced in the same release PR as expected unpublished siblings, stripping only those pins before resolving runtime dependencies against PyPI. - Compare changed manifests against the PR base to detect same-PR package version bumps using static `[project]` metadata and canonicalized package names. - Preserve resolver-affecting `[tool.uv]` settings such as `prerelease`, `constraint-dependencies`, and `override-dependencies` in the filtered manifest while still dropping workspace sources. - Add a maintainer bypass label, `release-deps: acknowledged`, for reviewed coordinated releases that intentionally fall outside the detected same-PR bump path. - Surface captured resolver output and distinguish likely transient PyPI/index failures from unsatisfiable dependency pins. |
||
|
|
948f6cc58c |
feat(core,partners): add package version tracking to tracing metadata (#35295)
Following on the heels of #35293 TODO: - Packages outside of this repo (e.g. LiteLLM, Nvidia, Google, AWS) --- ## Summary Surface partner package versions in `metadata.versions` on LangSmith traces. Mirrors the JS SDK's `_addVersion()` pattern ([langchainjs#10106](https://github.com/langchain-ai/langchainjs/pull/10106)). Each model constructor records its package version via `_add_version()` on `BaseLanguageModel`. The version dict accumulates through the class hierarchy — `langchain-core` is added in `BaseLanguageModel.model_post_init`, `langchain-openai` in `BaseChatOpenAI._set_openai_chat_version`, and each leaf partner in its uniquely-named `model_validator`. Traces end up with: ```json { "metadata": { "versions": { "langchain-core": "1.4.5", "langchain-openai": "1.3.0", "langchain-xai": "1.2.2" } } } ``` ### Changes - `BaseLanguageModel._add_version(pkg, version)` — appends to `self.metadata["versions"]`; accepts any `Mapping` type; emits a warning if a non-mapping value is found and replaced - `BaseLanguageModel.model_post_init` — adds `langchain-core` version; calls `super()` for MRO safety - `_merge_metadata_dicts` — one-level-deep (non-recursive) merge for nested dict metadata keys - `CallbackManager.add_metadata` — uses `_merge_metadata_dicts` instead of flat `dict.update()` so nested metadata dicts (like `versions`) coexist rather than clobber - `merge_configs` — uses `_merge_metadata_dicts` for config merging **Partners:** - Each now calls `self._add_version("langchain-<pkg>", __version__)` ### Design decisions - **Constructor-based, not `_get_ls_params`-based** — versions flow through `self.metadata` (local metadata on traces), not through `LangSmithParams`. This matches JS and makes child-class version inheritance automatic (no merge/clobber issues). - **`versions` is local (non-inheritable) metadata** — `self.metadata` is passed to `CallbackManager.configure` as `local_metadata` (`add_metadata(..., inherit=False)`), so `versions` is attached **once per chat-model run** and is **not** propagated to child runs or duplicated onto every streaming chunk. This is intentionally the opposite of the inheritable-per-chunk metadata that #36588 was reducing for performance — `versions` does not regress that path. - **`add_metadata` deep-merge is a correctness fix, not just for versions** — previously `add_metadata`/`merge_configs` did a flat top-level `dict.update`/spread, so any nested metadata dict baked into a config (e.g. via `.with_config({"metadata": {...}})`) would be wholly replaced when a caller also passed `metadata`. `_merge_metadata_dicts` merges one level deep so user-provided `config.metadata.versions` and model-set `versions` coexist instead of clobbering. The merge runs once per `configure` (not per chunk), so it is off the streaming hot path. - **One level deep only** — `_merge_metadata_dicts` is deliberately *not* a recursive deep merge; values nested more than one level are last-writer-wins. This covers the `versions` case without the ambiguity/cost of arbitrary-depth merging. - **Warn on non-dict `metadata["versions"]`** — if a user sets `metadata={"versions": "some-string"}`, `_add_version` emits a warning and replaces the value with the version dict rather than silently discarding user data or crashing. This is a soft breaking change for anyone who previously stored non-dict values at this key. ### Follow-ups (tracked separately, out of scope here) - JS `mergeConfigs` still flat-spreads nested metadata, so `metadata.versions` can still clobber on the JS side until an equivalent deep-merge lands. --- Made by [Open SWE](https://openswe.vercel.app) --------- Co-authored-by: open-swe[bot] <open-swe@users.noreply.github.com> |
||
|
|
ffaeba8664 |
ci(infra): validate release versions before publishing (#38055)
Release jobs can now be given an expected package version and will stop early if that value does not match the package metadata. The workflow also checks PyPI for an existing normalized release so duplicate version attempts fail before build and publish steps continue. |
||
|
|
5b029268f7 |
ci(infra): check release dependency pins against PyPI (#38048)
Release PRs now get an earlier dependency-resolution check before merge, catching unpublished intra-monorepo pins before they can produce broken wheel metadata. The minimum-version helper also fails with a clear error when no published PyPI version satisfies a declared constraint, instead of emitting an invalid `pkg==None` requirement. |
||
|
|
bee470cc29 |
ci(infra): attach release artifacts from package dist directory (#38010)
The release workflow's `mark-release` job downloads built wheels to `<package>/dist/` but told `ncipollo/release-action` to glob `dist/*`. Because JS actions don't honor `defaults.run.working-directory`, that pattern resolved against the repo root, matched nothing, and logged `Artifact pattern :dist/* did not match any files`. The warning is non-fatal, so tags and releases were still created — just with no assets attached. Verified across published releases (`langchain-groq`, `langchain-core`, `langchain-openai`, `langchain-anthropic`): every one has an empty asset list. |
||
|
|
b9fb3da891 |
ci(model-profiles): skip profile refresh workflow on forks (#38008)
Closes #37997 Forked repositories with Actions enabled currently run the scheduled model profile refresh without access to the GitHub App secrets used to open the automated PR. Guarding the job to the `langchain-ai` owner prevents noisy daily failures on forks while preserving the scheduled refresh for the main repository. ## Changes - Added a repository-owner guard to the `refresh-profiles` job so `refresh_model_profiles` only runs under `langchain-ai`. - Kept the existing reusable workflow invocation and bot secret wiring unchanged for the canonical repository. |
||
|
|
6fde3f06a3 |
docs(infra): clarify PR description expectations (#38007)
PR authors get clearer guidance for writing descriptions that reviewers can understand quickly. The template and contributor guidance now ask for a short explanation of who benefits, what problem they had, and how the change solves it instead of a generic summary. |
||
|
|
fac194b34f |
ci(infra): restore release validation coverage (#37992)
Release validation now covers the release paths that were intended but not actually exercised. Manual core and `langchain_v1` releases use short dropdown inputs, so the dependent-package test gate needs to match those values in addition to full `libs/...` paths. |
||
|
|
1d09011b1d |
ci(infra): gate PyPI publish on prior-partner tests (#37923)
The `🚀 Publish to PyPI` job no longer starts until `🔄 Test prior partners against new core` finishes. Previously that dependency was commented out, so a core release could publish to PyPI in parallel with—or before—the integration tests that install the new unreleased core against already-published partner packages, defeating their purpose as a pre-publish gate. ## Changes - Add `test-prior-published-packages-against-new-core` to the `publish` job's `needs`, so publishing blocks on those partner integration tests completing. - The existing `if: ${{ !cancelled() && !failure() }}` guard is unchanged: publish proceeds only if the gate **succeeded or was skipped**, and fails closed if the partner tests fail. For non-core releases the partner-test job short-circuits with `exit 0`, so this adds no friction outside `libs/core` releases. |
||
|
|
be2e8f70bc |
ci(infra): add exclude input to skip libs in scheduled integration tests (#37902)
|
||
|
|
44545a0ffc |
chore: bump aws-actions/configure-aws-credentials from 6.1.1 to 6.2.0 in the minor-and-patch group (#37846)
Bumps the minor-and-patch group with 1 update: [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials). Updates `aws-actions/configure-aws-credentials` from 6.1.1 to 6.2.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/aws-actions/configure-aws-credentials/releases">aws-actions/configure-aws-credentials's releases</a>.</em></p> <blockquote> <h2>v6.2.0</h2> <h2><a href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.1.3...v6.2.0">6.2.0</a> (2026-06-01)</h2> <h3>Features</h3> <ul> <li>add additional session tags by default (<a href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1775">#1775</a>) (<a href=" |
||
|
|
22ebaf95f9 |
chore(deps): bump uv to 0.11.17 (#37824)
Bumps the uv pin in `.github/actions/uv_setup/action.yml` from `0.11.15` to [`0.11.17`](https://github.com/astral-sh/uv/releases/tag/0.11.17). Opened automatically by `bump_uv_pin.yml`. Mirror availability on `releases.astral.sh` was verified before this PR was created, so CI should not race the fallback. Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> |
||
|
|
b26b0ff23b |
ci: remove unnecessary permission and improve logging in waiting-on-author workflow (#37717)
Tightens the `remove_waiting_on_author` workflow by dropping an unneeded permission and improving debuggability when the target label is missing. |
||
|
|
dc215f8af2 |
ci(infra): auto-remove waiting-on-author label on author reply (#37716)
Ports langchain-ai/deepagents#3626. Adds a workflow that clears the `waiting-on-author` label from an issue or PR as soon as the original author posts a follow-up comment, closing the manual loop where maintainers had to remember to strip the label after a reply landed. |
||
|
|
d9b8dd5183 |
fix(langchain): land final answer in last AIMessage for TodoListMiddleware (#37643)
|
||
|
|
33875fde2a |
ci(infra): serialize integration test shards across runs (#37648)
Add job-level `concurrency` to the scheduled integration tests so per-package shards from overlapping workflow dispatches don't hit the same live API credentials at once — e.g. a manually triggered `anthropic` run colliding with the daily `all libs` run. |
||
|
|
bdd7f71a1b |
ci(infra): trace scheduled integration tests (#37615)
Wire LangSmith tracing into the scheduled integration test workflow so partner test runs emit traces to a shared project with GitHub Actions metadata attached. Makes failures traceable back to the originating workflow run, sha, and matrix shard without hunting through CI logs. ## Usage - Filter the `oss-python-integration-tests` project by the `github-actions` tag to see only CI runs; add a `sha-<sha>` or `working_directory=<partner>` filter to narrow to a specific commit or partner shard. - From a failing trace, open the `github_run_url` metadata field to jump directly to the originating workflow run; `github_run_attempt` disambiguates reruns. - Tags are flat strings (good for facets); structured fields like `python_version` and `working_directory` live in metadata for richer querying. |
||
|
|
11cdce91dc |
ci(infra): add middleware evals workflow for workflow_dispatch discovery (#37644)
Fast-track companion to #37643. GitHub's `workflow_dispatch` event is only discoverable when the workflow file exists on the default branch — even though the workflow code that runs comes from the `ref` passed to the dispatch. This PR lands the `Middleware Evals` workflow file on master so that #37643 (which adds `libs/langchain_v1/tests/evals/`) can be dispatched against the feature branch via: ```bash gh workflow run middleware_evals.yml \ --ref nh/todo-middleware-loop-contract \ --field models='claude-sonnet-4-6,...' ``` without first merging the full eval framework. ## Caveats - The workflow's pytest invocation depends on `libs/langchain_v1/tests/evals/` and the partner SDK list, neither of which exists on master yet. Dispatching with `--ref master` before #37643 lands will fail at pytest collection. That's the intended behavior — the workflow's purpose is to dispatch against branches that ship the eval suite. - Once #37643 merges to master, this workflow file already matches what #37643 adds. The merge will be a no-op for `middleware_evals.yml` itself. |
||
|
|
74cecb4774 |
ci(infra): expand integration tests dispatch dropdown to external partners (#37614)
Adds `aws`, `google-genai`, and `google-vertexai` to the manual-run
`working-directory` dropdown on the `⏰ Integration Tests` workflow.
These partners live in external repos (`langchain-ai/langchain-google`,
`langchain-ai/langchain-aws`) and were previously only reachable via the
free-form `working-directory-override` input despite the job already
checking them out into `libs/partners/`.
|
||
|
|
d72a837814 |
chore(deps): bump uv to 0.11.15 (#37518)
Bumps the uv pin in `.github/actions/uv_setup/action.yml` from `0.5.25` to [`0.11.15`](https://github.com/astral-sh/uv/releases/tag/0.11.15). Opened automatically by `bump_uv_pin.yml`. Mirror availability on `releases.astral.sh` was verified before this PR was created, so CI should not race the fallback. --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Mason Daugherty <github@mdrxy.com> |
||
|
|
4b5379dfb9 |
chore: bump mikefarah/yq from cb9793555487aafb501e1a9d85c28b812aeadfab to 8f3291d3165497b360b8ffee3c887624bb6fa1cf (#37513)
Bumps [mikefarah/yq](https://github.com/mikefarah/yq) from cb9793555487aafb501e1a9d85c28b812aeadfab to 8f3291d3165497b360b8ffee3c887624bb6fa1cf. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/mikefarah/yq/blob/master/release_notes.txt">mikefarah/yq's changelog</a>.</em></p> <blockquote> <p>4.53.2:</p> <ul> <li>Fixing release process</li> </ul> <p>4.53.1:</p> <ul> <li>Releases and tags now signed and immutable!</li> <li>Add system(command; args) operator (disabled by default) (<a href="https://redirect.github.com/mikefarah/yq/issues/2640">#2640</a>)</li> <li>TOML encoder: prefer readable table sections over inline tables (<a href="https://redirect.github.com/mikefarah/yq/issues/2649">#2649</a>)</li> <li>Fix TOML encoder to quote keys containing special characters (<a href="https://redirect.github.com/mikefarah/yq/issues/2648">#2648</a>)</li> <li>Add string slicing support (<a href="https://redirect.github.com/mikefarah/yq/issues/2639">#2639</a>)</li> <li>Fix findInArray misuse on MappingNodes in equality and contains (<a href="https://redirect.github.com/mikefarah/yq/issues/2645">#2645</a>) Thanks <a href="https://github.com/jandubois"><code>@jandubois</code></a>!</li> <li>Fix panic on negative slice indices that underflow after adjustment (<a href="https://redirect.github.com/mikefarah/yq/issues/2646">#2646</a>) Thanks <a href="https://github.com/jandubois"><code>@jandubois</code></a>!</li> <li>Fix stack overflow from circular alias in traverse (<a href="https://redirect.github.com/mikefarah/yq/issues/2647">#2647</a>) Thanks <a href="https://github.com/jandubois"><code>@jandubois</code></a>!</li> <li>Fix panic and OOM in repeatString for large repeat counts (<a href="https://redirect.github.com/mikefarah/yq/issues/2644">#2644</a>) Thanks <a href="https://github.com/jandubois"><code>@jandubois</code></a>!</li> <li>Bumped dependencies</li> </ul> <p>4.52.5:</p> <ul> <li>Fix: reset TOML decoder state between files (<a href="https://redirect.github.com/mikefarah/yq/issues/2634">#2634</a>) thanks <a href="https://github.com/terminalchai"><code>@terminalchai</code></a></li> <li>Fix: preserve original filename when using --front-matter (<a href="https://redirect.github.com/mikefarah/yq/issues/2613">#2613</a>) thanks <a href="https://github.com/cobyfrombrooklyn-bot"><code>@cobyfrombrooklyn-bot</code></a></li> <li>Fix typo in filename (<a href="https://redirect.github.com/mikefarah/yq/issues/2611">#2611</a>) thanks <a href="https://github.com/alexandear"><code>@alexandear</code></a></li> <li>Bumped dependencies</li> </ul> <p>4.52.4:</p> <ul> <li>Dropping windows/arm - no longer supported in cross-compile</li> </ul> <p>4.52.3:</p> <ul> <li>Fixing comments in TOML arrays (<a href="https://redirect.github.com/mikefarah/yq/issues/2592">#2592</a>)</li> <li>Bumped dependencies</li> </ul> <p>4.52.2:</p> <ul> <li>Fixed bad instructions file breaking go-install (<a href="https://redirect.github.com/mikefarah/yq/issues/2587">#2587</a>) Thanks <a href="https://github.com/theyoprst"><code>@theyoprst</code></a></li> <li>Fixed TOML table scope after comments (<a href="https://redirect.github.com/mikefarah/yq/issues/2588">#2588</a>) Thanks <a href="https://github.com/tomers"><code>@tomers</code></a></li> <li>Multiply uses a readonly context (<a href="https://redirect.github.com/mikefarah/yq/issues/2558">#2558</a>)</li> <li>Fixed merge globbing wildcards in keys (<a href="https://redirect.github.com/mikefarah/yq/issues/2564">#2564</a>)</li> <li>Fixing TOML subarray parsing issue (<a href="https://redirect.github.com/mikefarah/yq/issues/2581">#2581</a>)</li> </ul> <p>4.52.1:</p> <ul> <li> <p>TOML encoder support - you can now roundtrip! <a href="https://redirect.github.com/mikefarah/yq/issues/1364">#1364</a></p> </li> <li> <p>Parent now supports negative indices, and added a 'root' command for referencing the top level document</p> </li> <li> <p>Fixed scalar encoding for HCL</p> </li> <li> <p>Add --yaml-compact-seq-indent / -c flag for compact sequence indentation (<a href="https://redirect.github.com/mikefarah/yq/issues/2583">#2583</a>) Thanks <a href="https://github.com/jfenal"><code>@jfenal</code></a></p> </li> <li> <p>Add symlink check to file rename util (<a href="https://redirect.github.com/mikefarah/yq/issues/2576">#2576</a>) Thanks <a href="https://github.com/Elias-elastisys"><code>@Elias-elastisys</code></a></p> </li> <li> <p>Powershell fixed default command used for __completeNoDesc alias (<a href="https://redirect.github.com/mikefarah/yq/issues/2568">#2568</a>) Thanks <a href="https://github.com/teejaded"><code>@teejaded</code></a></p> </li> <li> <p>Unwrap scalars in shell output mode. (<a href="https://redirect.github.com/mikefarah/yq/issues/2548">#2548</a>) Thanks <a href="https://github.com/flintwinters"><code>@flintwinters</code></a></p> </li> <li> <p>Added K8S KYAML output format support (<a href="https://redirect.github.com/mikefarah/yq/issues/2560">#2560</a>) Thanks <a href="https://github.com/robbat2"><code>@robbat2</code></a></p> </li> <li> <p>Bumped dependencies</p> </li> <li> <p>Special shout out to <a href="https://github.com/ccoVeille"><code>@ccoVeille</code></a> for reviewing my PRs!</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
20afcbb2d5 |
chore: bump the minor-and-patch group with 2 updates (#37512)
Bumps the minor-and-patch group with 2 updates: [actions/create-github-app-token](https://github.com/actions/create-github-app-token) and [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials). Updates `actions/create-github-app-token` from 3.1.1 to 3.2.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/create-github-app-token/releases">actions/create-github-app-token's releases</a>.</em></p> <blockquote> <h2>v3.2.0</h2> <h2><a href="https://github.com/actions/create-github-app-token/compare/v3.1.1...v3.2.0">3.2.0</a> (2026-05-12)</h2> <h3>Features</h3> <ul> <li>add support for enterprise-level GitHub Apps (<a href="https://redirect.github.com/actions/create-github-app-token/issues/263">#263</a>) (<a href=" |
||
|
|
abd9d4ce31 |
ci(infra): harden Dependabot version-bound preservation (#37510)
Dependabot has been stripping upper/lower bounds from internal `langchain-*` deps in partner `pyproject.toml` files (e.g. #37288 reduced `langchain-core>=1.3.2,<2.0.0` to bare `langchain-core`). Locks down the config so bumps preserve existing specifiers, and restores the bounds it already mangled across the monorepo. ## Changes - Add `versioning-strategy: increase` to every `uv` ecosystem block in `.github/dependabot.yml` so future bumps move the lower bound in place instead of rewriting the constraint. - Ignore workspace-internal packages (`langchain-core`, `langchain`, `langchain-classic`, `langchain-text-splitters`, `langchain-tests`, `langchain-model-profiles`) on every `uv` block — these are editable installs from local paths and their published constraints are hand-curated for release, not Dependabot's to bump. - Restore stripped bounds across all `libs/` packages — runtime `dependencies` and every dep group (`test`, `dev`, `test_integration`, `typing`, `lint`) — to `>=1.4.0,<2.0.0` for `langchain-core` and `>=1.0.0,<2.0.0` for the other internal packages. |
||
|
|
2458a7912e |
ci(infra): port four CI governance workflows (#37511)
Four GitHub Actions workflows ported from the Deep Agents monorepo to enforce repository hygiene rules that were not previously applied here. ## Changes - **Fork-main PR guard**: closes PRs from forks whose head is `main` or `master`, with a sticky comment explaining how to reopen from a feature branch. Prevents the "Update branch" → admin-override path that lets a `Merge branch 'master' into master` commit land on the default branch and bypass squash-only policy. Maintainers can override with a `bypass-fork-main-check` label. - **Monthly uv pin bump**: opens a PR on the first of each month to advance `UV_VERSION` in the composite setup action. Probes `releases.astral.sh` across four architectures before committing so CI doesn't race a lagging mirror on fresh-release days — the gap Dependabot's `github-actions` ecosystem can't cover because it tracks `uses:` SHA pins, not the inline `UV_VERSION` value. - **Extras-sync validation**: a Python script (`check_extras_sync.py`) and companion workflow that detect version-constraint drift between `[project.dependencies]` and `[project.optional-dependencies]` across every `libs/**/pyproject.toml`. Runs on PRs touching any `pyproject.toml` and on pushes to `master`; is a no-op on packages that declare no extras. - **Banned-trailer pre-merge lint**: rejects PR descriptions containing a `Co-authored-by: ... <noreply@anthropic.com>` trailer before the PR reaches merge, where the org ruleset would reject the squash-push anyway. Posts a sticky comment with remediation steps; updates it to a "resolved" state when the trailer is removed, rather than deleting (which requires elevated token scope on fork PRs). |
||
|
|
73d4fd98c2 | chore: update auto comment msg (#37485) | ||
|
|
c4c91d9cd3 |
ci: parse changed files as JSON (#37372)
Avoid interpolating changed file names directly into shell scripts when building CI matrices. |
||
|
|
d0d78f1aeb |
ci: disable uv cache in publish pipeline (#37364)
Disable `uv` dependency caching throughout the release workflow so build, validation, PyPI publish, and GitHub release jobs do not restore shared cache state. Release jobs already pass the built distributions through explicit artifacts; keeping dependency caches out of this path avoids cache-poisoning risk and makes the existing pre-release validation comment match the actual workflow behavior. |
||
|
|
4d50a2a68b |
ci(infra): run pre-release checks before TestPyPI publish (#37194)
Reorder the release pipeline so `pre-release-checks` runs before `test-pypi-publish`. The original ordering existed because `pre-release-checks` used to `pip install` from TestPyPI; that dependency was removed in #28492 (Dec 2024), which switched checks to install from the locally-built `dist/*.whl`. Since then, the TestPyPI upload was running ahead of checks for no functional reason — and a failed checks job left a TestPyPI version burned, with `skip-existing: true` papering over the resulting collision on re-runs. |
||
|
|
91842db32b |
ci(infra): extend allow-prereleases gating to remaining wheel-install steps (#37142)
|
||
|
|
37c8a5059f |
ci(infra): opt-in allow-prereleases flag for wheel-install steps (#37141)
## Summary The release pipeline's two \`uv pip install dist/*.whl\` calls fail when the released package depends on a langgraph alpha that itself has transitive prerelease deps. uv's default \`if-necessary-or-explicit\` mode allows prereleases for first-party explicit markers (the wheel's own deps) but rejects transitive ones, so the install fails on the wheel — even when the wheel itself names an explicit prerelease for the immediate dependency. Add a workflow input \`allow-prereleases\` (default \`false\`, on both \`workflow_call\` and \`workflow_dispatch\` triggers). When true, both install steps pass \`--prerelease=allow\`. When false (the default), behavior is unchanged. The existing \`check_prerelease_dependencies.py\` step still gates stable releases against accidentally-pinned prerelease deps. |
||
|
|
f2d0878d23 |
chore: bump actions/github-script from 8.0.0 to 9.0.0 (#37121)
Bumps [actions/github-script](https://github.com/actions/github-script) from 8.0.0 to 9.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/github-script/releases">actions/github-script's releases</a>.</em></p> <blockquote> <h2>v9.0.0</h2> <p><strong>New features:</strong></p> <ul> <li><strong><code>getOctokit</code> factory function</strong> — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See <a href="https://github.com/actions/github-script#creating-additional-clients-with-getoctokit">Creating additional clients with <code>getOctokit</code></a> for details and examples.</li> <li><strong>Orchestration ID in user-agent</strong> — The <code>ACTIONS_ORCHESTRATION_ID</code> environment variable is automatically appended to the user-agent string for request tracing.</li> </ul> <p><strong>Breaking changes:</strong></p> <ul> <li><strong><code>require('@actions/github')</code> no longer works in scripts.</strong> The upgrade to <code>@actions/github</code> v9 (ESM-only) means <code>require('@actions/github')</code> will fail at runtime. If you previously used patterns like <code>const { getOctokit } = require('@actions/github')</code> to create secondary clients, use the new injected <code>getOctokit</code> function instead — it's available directly in the script context with no imports needed.</li> <li><code>getOctokit</code> is now an injected function parameter. Scripts that declare <code>const getOctokit = ...</code> or <code>let getOctokit = ...</code> will get a <code>SyntaxError</code> because JavaScript does not allow <code>const</code>/<code>let</code> redeclaration of function parameters. Use the injected <code>getOctokit</code> directly, or use <code>var getOctokit = ...</code> if you need to redeclare it.</li> <li>If your script accesses other <code>@actions/github</code> internals beyond the standard <code>github</code>/<code>octokit</code> client, you may need to update those references for v9 compatibility.</li> </ul> <h2>What's Changed</h2> <ul> <li>Add ACTIONS_ORCHESTRATION_ID to user-agent string by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/695">actions/github-script#695</a></li> <li>ci: use deployment: false for integration test environments by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/712">actions/github-script#712</a></li> <li>feat!: add getOctokit to script context, upgrade <code>@actions/github</code> v9, <code>@octokit/core</code> v7, and related packages by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/700">actions/github-script#700</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Copilot"><code>@Copilot</code></a> made their first contribution in <a href="https://redirect.github.com/actions/github-script/pull/695">actions/github-script#695</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/github-script/compare/v8.0.0...v9.0.0">https://github.com/actions/github-script/compare/v8.0.0...v9.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
5c27249e27 |
chore: bump the minor-and-patch group with 5 updates (#37119)
Bumps the minor-and-patch group with 5 updates: | Package | From | To | | --- | --- | --- | | [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `3.0.0` | `3.1.1` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `8.1.0` | `8.1.1` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` | | [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `1.13.0` | `1.14.0` | | [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `6.0.0` | `6.1.0` | Updates `actions/create-github-app-token` from 3.0.0 to 3.1.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/create-github-app-token/releases">actions/create-github-app-token's releases</a>.</em></p> <blockquote> <h2>v3.1.1</h2> <h2><a href="https://github.com/actions/create-github-app-token/compare/v3.1.0...v3.1.1">3.1.1</a> (2026-04-11)</h2> <h3>Bug Fixes</h3> <ul> <li>improve error message when app identifier is empty (<a href="https://redirect.github.com/actions/create-github-app-token/issues/362">#362</a>) (<a href=" |
||
|
|
2f79e0e3ca |
chore: bump mikefarah/yq from 17f66dc6c6a177fafd8b71a6abea6d6340aa1e16 to cb9793555487aafb501e1a9d85c28b812aeadfab (#37120)
Bumps [mikefarah/yq](https://github.com/mikefarah/yq) from 17f66dc6c6a177fafd8b71a6abea6d6340aa1e16 to cb9793555487aafb501e1a9d85c28b812aeadfab. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/mikefarah/yq/blob/master/release_notes.txt">mikefarah/yq's changelog</a>.</em></p> <blockquote> <p>4.53.2:</p> <ul> <li>Fixing release process</li> </ul> <p>4.53.1:</p> <ul> <li>Releases and tags now signed and immutable!</li> <li>Add system(command; args) operator (disabled by default) (<a href="https://redirect.github.com/mikefarah/yq/issues/2640">#2640</a>)</li> <li>TOML encoder: prefer readable table sections over inline tables (<a href="https://redirect.github.com/mikefarah/yq/issues/2649">#2649</a>)</li> <li>Fix TOML encoder to quote keys containing special characters (<a href="https://redirect.github.com/mikefarah/yq/issues/2648">#2648</a>)</li> <li>Add string slicing support (<a href="https://redirect.github.com/mikefarah/yq/issues/2639">#2639</a>)</li> <li>Fix findInArray misuse on MappingNodes in equality and contains (<a href="https://redirect.github.com/mikefarah/yq/issues/2645">#2645</a>) Thanks <a href="https://github.com/jandubois"><code>@jandubois</code></a>!</li> <li>Fix panic on negative slice indices that underflow after adjustment (<a href="https://redirect.github.com/mikefarah/yq/issues/2646">#2646</a>) Thanks <a href="https://github.com/jandubois"><code>@jandubois</code></a>!</li> <li>Fix stack overflow from circular alias in traverse (<a href="https://redirect.github.com/mikefarah/yq/issues/2647">#2647</a>) Thanks <a href="https://github.com/jandubois"><code>@jandubois</code></a>!</li> <li>Fix panic and OOM in repeatString for large repeat counts (<a href="https://redirect.github.com/mikefarah/yq/issues/2644">#2644</a>) Thanks <a href="https://github.com/jandubois"><code>@jandubois</code></a>!</li> <li>Bumped dependencies</li> </ul> <p>4.52.5:</p> <ul> <li>Fix: reset TOML decoder state between files (<a href="https://redirect.github.com/mikefarah/yq/issues/2634">#2634</a>) thanks <a href="https://github.com/terminalchai"><code>@terminalchai</code></a></li> <li>Fix: preserve original filename when using --front-matter (<a href="https://redirect.github.com/mikefarah/yq/issues/2613">#2613</a>) thanks <a href="https://github.com/cobyfrombrooklyn-bot"><code>@cobyfrombrooklyn-bot</code></a></li> <li>Fix typo in filename (<a href="https://redirect.github.com/mikefarah/yq/issues/2611">#2611</a>) thanks <a href="https://github.com/alexandear"><code>@alexandear</code></a></li> <li>Bumped dependencies</li> </ul> <p>4.52.4:</p> <ul> <li>Dropping windows/arm - no longer supported in cross-compile</li> </ul> <p>4.52.3:</p> <ul> <li>Fixing comments in TOML arrays (<a href="https://redirect.github.com/mikefarah/yq/issues/2592">#2592</a>)</li> <li>Bumped dependencies</li> </ul> <p>4.52.2:</p> <ul> <li>Fixed bad instructions file breaking go-install (<a href="https://redirect.github.com/mikefarah/yq/issues/2587">#2587</a>) Thanks <a href="https://github.com/theyoprst"><code>@theyoprst</code></a></li> <li>Fixed TOML table scope after comments (<a href="https://redirect.github.com/mikefarah/yq/issues/2588">#2588</a>) Thanks <a href="https://github.com/tomers"><code>@tomers</code></a></li> <li>Multiply uses a readonly context (<a href="https://redirect.github.com/mikefarah/yq/issues/2558">#2558</a>)</li> <li>Fixed merge globbing wildcards in keys (<a href="https://redirect.github.com/mikefarah/yq/issues/2564">#2564</a>)</li> <li>Fixing TOML subarray parsing issue (<a href="https://redirect.github.com/mikefarah/yq/issues/2581">#2581</a>)</li> </ul> <p>4.52.1:</p> <ul> <li> <p>TOML encoder support - you can now roundtrip! <a href="https://redirect.github.com/mikefarah/yq/issues/1364">#1364</a></p> </li> <li> <p>Parent now supports negative indices, and added a 'root' command for referencing the top level document</p> </li> <li> <p>Fixed scalar encoding for HCL</p> </li> <li> <p>Add --yaml-compact-seq-indent / -c flag for compact sequence indentation (<a href="https://redirect.github.com/mikefarah/yq/issues/2583">#2583</a>) Thanks <a href="https://github.com/jfenal"><code>@jfenal</code></a></p> </li> <li> <p>Add symlink check to file rename util (<a href="https://redirect.github.com/mikefarah/yq/issues/2576">#2576</a>) Thanks <a href="https://github.com/Elias-elastisys"><code>@Elias-elastisys</code></a></p> </li> <li> <p>Powershell fixed default command used for __completeNoDesc alias (<a href="https://redirect.github.com/mikefarah/yq/issues/2568">#2568</a>) Thanks <a href="https://github.com/teejaded"><code>@teejaded</code></a></p> </li> <li> <p>Unwrap scalars in shell output mode. (<a href="https://redirect.github.com/mikefarah/yq/issues/2548">#2548</a>) Thanks <a href="https://github.com/flintwinters"><code>@flintwinters</code></a></p> </li> <li> <p>Added K8S KYAML output format support (<a href="https://redirect.github.com/mikefarah/yq/issues/2560">#2560</a>) Thanks <a href="https://github.com/robbat2"><code>@robbat2</code></a></p> </li> <li> <p>Bumped dependencies</p> </li> <li> <p>Special shout out to <a href="https://github.com/ccoVeille"><code>@ccoVeille</code></a> for reviewing my PRs!</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
87ba30f097 |
ci(infra): label release jobs, resolve package name in run title (#36998)
Polish the manual release workflow (`_release.yml`) so the Actions UI is readable at a glance — job display names, a run title that reflects the actual published package, and a broader partner matrix for the core-compat sanity check. ## Changes - Add `name:` labels to each job (`📦 Build distribution`, `📝 Generate release notes`, `🧪 Publish to TestPyPI`, `✅ Pre-release checks`, `🔄 Test prior partners against new core`, `🚀 Publish to PyPI`, `🏷️ Tag GitHub release`). Job IDs are unchanged, so all `needs:` references still resolve. - Rewrite `run-name` to resolve the dropdown value to the actual PyPI package name — e.g. `core` → `langchain-core`, `openai` → `langchain-openai`, with explicit remaps for the three that don't follow `langchain-{name}` (`langchain` → `langchain-classic`, `langchain_v1` → `langchain`, `standard-tests` → `langchain-tests`). `workflow_call` callers passing full `libs/...` paths and manual overrides are returned verbatim. - Simplify `test-dependents` label to `🐍 Test dependent: ${{ matrix.package.path }} (Python ${{ matrix.python-version }})`. |
||
|
|
889a45b664 |
ci(infra): overlay local langchain-* installs for external partners (#36989)
we want to be able to test against the branch we run against when we are testing external partner packages (aws, google) so overally the changes on top of the external partners when we install the dependencies Co-authored-by: Mason Daugherty <mason@langchain.dev> |
||
|
|
2d3b49162c |
ci(infra): shorten working-directory dropdown labels (#36974)
Clean up the `workflow_dispatch` dropdowns for the release and scheduled integration-test workflows. Showing short package names (`openai`, `langchain_v1`, ...) instead of `libs/partners/openai` makes the UI in the Actions tab easier to scan; the prefix now lives in the resolver rather than every dropdown entry. |
||
|
|
acc54987fa | chore: update PR template (#36918) |