Nick Hollon
df3e18d64b
release(core): 1.4.0a2 ( #37134 )
2026-05-01 14:56:41 +00:00
Nick Hollon
5e03e06cd8
refactor(core): unwind _AsyncEventsResult hybrid for astream_events ( #37133 )
2026-05-01 10:45:47 -04:00
Nick Hollon
2e5c2db531
release(core): 1.4.0a1 ( #37132 )
2026-05-01 09:33:14 -04:00
Nick Hollon
a070923681
Merge remote-tracking branch 'origin/master' into v1.4
2026-05-01 09:22:01 -04:00
Nick Hollon
a0c7f3bd6b
feat(core): stream_events(version='v3') protocol ( #37111 )
2026-05-01 09:20:28 -04:00
Mason Daugherty
a1f336fdc7
fix(core): preserve structured inputs on tool runs in tracers ( #37108 )
...
Tool runs in `_TracerCore._create_tool_run` were discarding the
structured `inputs` dict that `BaseTool.run` passes to `on_tool_start`,
replacing it with `{"input": str(filtered_tool_input)}`. Consequently,
every multi-arg tool (e.g. ones in `deepagents` like `execute`,
`edit_file`, `write_file`, `grep`, ...) appeared in LangSmith with a
stringified, escaped dump of its arguments — multi-line bash commands
rendered with `\n` and were effectively unreadable. Chain runs already
preserved dicts via `_get_chain_inputs`; tool runs are now symmetric.
## Changes
- Preserve `inputs` when it is already a `dict` in the `original` /
`original+chat` branch of `_TracerCore._create_tool_run`, falling back
to `{"input": input_str}` only when no structured payload was provided
- Add regression tests in the sync and async base-tracer suites that
pass a structured `inputs` to `on_tool_start` and assert the dict
survives onto the resulting `Run`
## Breaking change
Custom `BaseTracer` subclasses that parsed `Run.inputs["input"]` as a
stringified dict for tool runs will need to read the structured fields
directly. The shape now matches what `on_tool_start(inputs=...)` has
always received — introduced alongside `_schema_format` in the
`astream_events` work — and what `streaming_events` consumers already
see.
2026-04-30 14:56:14 -04:00
Mason Daugherty
38553c3f2d
release(perplexity): 1.2.0 ( #37091 )
2026-04-29 17:54:27 -04:00
open-swe[bot]
ba897ffa7e
chore(docs): update x handle references ( #37081 )
...
## Description
Updates package metadata and README badges so LangChain social links
point to the new `@langchain_oss` X handle. This was completed with
AI-agent assistance.
## Test Plan
- [ ] Validate README badges and package metadata links point to
`https://x.com/langchain_oss `
_Opened collaboratively by Mason Daugherty and open-swe._
---------
Co-authored-by: open-swe[bot] <open-swe@users.noreply.github.com >
Co-authored-by: Mason Daugherty <61371264+mdrxy@users.noreply.github.com >
2026-04-29 13:56:09 -04:00
Mason Daugherty
37be34be82
fix(core): make removal optional in warn_deprecated ( #37056 )
...
Drop the `NotImplementedError` branch in `warn_deprecated` so callers
can pass `pending=False` without specifying a `removal` version. The
previous behavior contradicted the docstring (which claimed an empty
default would auto-compute a removal version) — no such computation
existed; the function just raised a placeholder "Need to determine which
default deprecation schedule to use" error.
2026-04-28 11:05:31 -04:00
Sharvil Saxena
78546e9242
fix(core): validate batch_size in _batch and _abatch to prevent infinite loop ( #36663 )
2026-04-26 15:13:20 -04:00
Nick Hollon
c4498ccaf9
chore(core): mark stream_v2/astream_v2 as beta ( #36992 )
2026-04-24 13:27:38 -04:00
Nick Hollon
fa0f0d8efa
release(core): 1.3.2 ( #36990 )
2026-04-24 11:46:25 -04:00
Nick Hollon
9ce72eba9f
feat(core): add content-block-centric streaming (v2) ( #36834 )
2026-04-24 11:36:17 -04:00
ccurme
3f382a9e20
release(core): 1.3.1 ( #36972 )
2026-04-23 14:50:43 -04:00
Hunter Lovell
9a671d7919
feat(core): allow _format_output to pass through list of ToolOutputMixin instances ( #36963 )
2026-04-23 13:49:46 -04:00
dependabot[bot]
1442b41042
chore: bump nbconvert from 7.17.0 to 7.17.1 in /libs/core ( #36923 )
...
Bumps [nbconvert](https://github.com/jupyter/nbconvert ) from 7.17.0 to
7.17.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/jupyter/nbconvert/releases ">nbconvert's
releases</a>.</em></p>
<blockquote>
<h2>v7.17.1</h2>
<h2>7.17.1</h2>
<p>This is a security release, fixing two CVEs:</p>
<ul>
<li><a
href="https://github.com/jupyter/nbconvert/security/advisories/GHSA-4c99-qj7h-p3vg ">CVE-2026-39377</a></li>
<li><a
href="https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9 ">CVE-2026-39378</a></li>
</ul>
<p>(full advisories will be published seven days after release, on
2026-04-14).</p>
<p>(<a
href="https://github.com/jupyter/nbconvert/compare/v7.17.0...b3b6ec01f872e9af8fd1769eb9cf1889c720ecf3 ">Full
Changelog</a>)</p>
<h3>Enhancements made</h3>
<ul>
<li>Allow configureable WebPDF JavaScript processing timeout <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2250 ">#2250</a>
(<a href="https://github.com/timkpaine "><code>@timkpaine</code></a>, <a
href="https://github.com/Carreau "><code>@Carreau</code></a>)</li>
</ul>
<h3>Bugs fixed</h3>
<ul>
<li>Fix <code>PermissionError</code> when checking template paths on
shared filesystems <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2252 ">#2252</a>
(<a href="https://github.com/ctcjab "><code>@ctcjab</code></a>, <a
href="https://github.com/krassowski "><code>@krassowski</code></a>)</li>
<li>Tweak webpdf template logic to fix duplicate extension problem <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2249 ">#2249</a>
(<a href="https://github.com/timkpaine "><code>@timkpaine</code></a>, <a
href="https://github.com/Carreau "><code>@Carreau</code></a>)</li>
</ul>
<h3>Maintenance and upkeep improvements</h3>
<ul>
<li>specify python version for pre <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2276 ">#2276</a>
(<a href="https://github.com/minrk "><code>@minrk</code></a>, <a
href="https://github.com/krassowski "><code>@krassowski</code></a>)</li>
</ul>
<h3>Contributors to this release</h3>
<p>The following people contributed discussions, new ideas, code and
documentation contributions, and review.
See <a
href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports ">our
definition of contributors</a>.</p>
<p>(<a
href="https://github.com/jupyter/nbconvert/graphs/contributors?from=2026-01-29&to=2026-04-08&type=c ">GitHub
contributors page for this release</a>)</p>
<p><a href="https://github.com/akhmerov "><code>@akhmerov</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aakhmerov+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/bollwyvl "><code>@bollwyvl</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/Carreau "><code>@Carreau</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/ctcjab "><code>@ctcjab</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Actcjab+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a
href="https://github.com/davidbrochart "><code>@davidbrochart</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Adavidbrochart+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/Ken-B "><code>@Ken-B</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AKen-B+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/krassowski "><code>@krassowski</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/mgeier "><code>@mgeier</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgeier+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/minrk "><code>@minrk</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/mpacer "><code>@mpacer</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ampacer+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/MSeal "><code>@MSeal</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a
href="https://github.com/SylvainCorlay "><code>@SylvainCorlay</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ASylvainCorlay+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/takluyver "><code>@takluyver</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Atakluyver+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/timkpaine "><code>@timkpaine</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Atimkpaine+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/jupyter/nbconvert/blob/main/CHANGELOG.md ">nbconvert's
changelog</a>.</em></p>
<blockquote>
<h2>7.17.1</h2>
<p>This is a security release, fixing two CVEs:</p>
<ul>
<li><a
href="https://github.com/jupyter/nbconvert/security/advisories/GHSA-4c99-qj7h-p3vg ">CVE-2026-39377</a></li>
<li><a
href="https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9 ">CVE-2026-39378</a></li>
</ul>
<p>(full advisories will be published seven days after release, on
2026-04-14).</p>
<p>(<a
href="https://github.com/jupyter/nbconvert/compare/v7.17.0...b3b6ec01f872e9af8fd1769eb9cf1889c720ecf3 ">Full
Changelog</a>)</p>
<h3>Enhancements made</h3>
<ul>
<li>Allow configureable WebPDF JavaScript processing timeout <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2250 ">#2250</a>
(<a href="https://github.com/timkpaine "><code>@timkpaine</code></a>, <a
href="https://github.com/Carreau "><code>@Carreau</code></a>)</li>
</ul>
<h3>Bugs fixed</h3>
<ul>
<li>Fix <code>PermissionError</code> when checking template paths on
shared filesystems <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2252 ">#2252</a>
(<a href="https://github.com/ctcjab "><code>@ctcjab</code></a>, <a
href="https://github.com/krassowski "><code>@krassowski</code></a>)</li>
<li>Tweak webpdf template logic to fix duplicate extension problem <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2249 ">#2249</a>
(<a href="https://github.com/timkpaine "><code>@timkpaine</code></a>, <a
href="https://github.com/Carreau "><code>@Carreau</code></a>)</li>
</ul>
<h3>Maintenance and upkeep improvements</h3>
<ul>
<li>specify python version for pre <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2276 ">#2276</a>
(<a href="https://github.com/minrk "><code>@minrk</code></a>, <a
href="https://github.com/krassowski "><code>@krassowski</code></a>)</li>
</ul>
<h3>Contributors to this release</h3>
<p>The following people contributed discussions, new ideas, code and
documentation contributions, and review.
See <a
href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports ">our
definition of contributors</a>.</p>
<p>(<a
href="https://github.com/jupyter/nbconvert/graphs/contributors?from=2026-01-29&to=2026-04-08&type=c ">GitHub
contributors page for this release</a>)</p>
<p><a href="https://github.com/akhmerov "><code>@akhmerov</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aakhmerov+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/bollwyvl "><code>@bollwyvl</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/Carreau "><code>@Carreau</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/ctcjab "><code>@ctcjab</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Actcjab+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a
href="https://github.com/davidbrochart "><code>@davidbrochart</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Adavidbrochart+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/Ken-B "><code>@Ken-B</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AKen-B+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/krassowski "><code>@krassowski</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/mgeier "><code>@mgeier</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgeier+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/minrk "><code>@minrk</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/mpacer "><code>@mpacer</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ampacer+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/MSeal "><code>@MSeal</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a
href="https://github.com/SylvainCorlay "><code>@SylvainCorlay</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ASylvainCorlay+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/takluyver "><code>@takluyver</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Atakluyver+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)
| <a href="https://github.com/timkpaine "><code>@timkpaine</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Atimkpaine+updated%3A2026-01-29..2026-04-08&type=Issues ">activity</a>)</p>
<!-- raw HTML omitted -->
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="78ed30837a "><code>78ed308</code></a>
Publish 7.17.1</li>
<li><a
href="f090a64606 "><code>f090a64</code></a>
ruff format</li>
<li><a
href="b3b6ec01f8 "><code>b3b6ec0</code></a>
chore: update pre-commit hooks (<a
href="https://redirect.github.com/jupyter/nbconvert/issues/2277 ">#2277</a>)</li>
<li><a
href="be4841f7da "><code>be4841f</code></a>
ignore silly security lint in tests</li>
<li><a
href="26d57b2958 "><code>26d57b2</code></a>
fix type annotation on Lexer</li>
<li><a
href="0e6b8ccabf "><code>0e6b8cc</code></a>
Merge commit from fork</li>
<li><a
href="ba5e5cdd73 "><code>ba5e5cd</code></a>
Merge commit from fork</li>
<li><a
href="1db0c88d86 "><code>1db0c88</code></a>
Specify python version for pre (<a
href="https://redirect.github.com/jupyter/nbconvert/issues/2276 ">#2276</a>)</li>
<li><a
href="7473fc3037 "><code>7473fc3</code></a>
chore: update pre-commit hooks (<a
href="https://redirect.github.com/jupyter/nbconvert/issues/2242 ">#2242</a>)</li>
<li><a
href="4322f7f290 "><code>4322f7f</code></a>
Bump the actions group across 1 directory with 2 updates (<a
href="https://redirect.github.com/jupyter/nbconvert/issues/2273 ">#2273</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/jupyter/nbconvert/compare/v7.17.0...v7.17.1 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-21 15:11:27 -04:00
Jacob Lee
40026a7282
feat(core): Update inheritance behavior for tracer metadata for special keys ( #36900 )
...
JS equivalent: https://github.com/langchain-ai/langchainjs/pull/10733
2026-04-20 14:58:01 -07:00
dependabot[bot]
9bd63b4ac8
chore: bump langsmith from 0.7.13 to 0.7.31 in /libs/core ( #36813 )
...
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk ) from
0.7.13 to 0.7.31.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases ">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.7.31</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(deps-dev): bump langchain-core from 1.2.23 to 1.2.28 in
/python by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2692 ">langchain-ai/langsmith-sdk#2692</a></li>
<li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.82.0 to
0.84.0 in /js by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2684 ">langchain-ai/langsmith-sdk#2684</a></li>
<li>chore(deps): bump cryptography from 46.0.6 to 46.0.7 in /python by
<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2693 ">langchain-ai/langsmith-sdk#2693</a></li>
<li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.84.0 to
0.85.0 in /js by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2700 ">langchain-ai/langsmith-sdk#2700</a></li>
<li>feat(py): Tag OpenAI Agent Python SDK runs with ls_agent_type by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2699 ">langchain-ai/langsmith-sdk#2699</a></li>
<li>feat(js): Adds ls_agent_type metadata to AI SDK runs by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2701 ">langchain-ai/langsmith-sdk#2701</a></li>
<li>chore(deps-dev): bump types-tqdm from 4.67.3.20260303 to
4.67.3.20260408 in /python by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2710 ">langchain-ai/langsmith-sdk#2710</a></li>
<li>chore(deps): bump pnpm/action-setup from 5 to 6 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2705 ">langchain-ai/langsmith-sdk#2705</a></li>
<li>chore(deps): bump the py-minor-and-patch group across 1 directory
with 10 updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2711 ">langchain-ai/langsmith-sdk#2711</a></li>
<li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.85.0 to
0.86.0 in /js by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2702 ">langchain-ai/langsmith-sdk#2702</a></li>
<li>chore(deps): bump actions/github-script from 8 to 9 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2706 ">langchain-ai/langsmith-sdk#2706</a></li>
<li>chore(deps-dev): bump the js-minor-and-patch group across 1
directory with 7 updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2712 ">langchain-ai/langsmith-sdk#2712</a></li>
<li>chore(deps-dev): bump types-psutil from 7.2.2.20260130 to
7.2.2.20260408 in /python by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2709 ">langchain-ai/langsmith-sdk#2709</a></li>
<li>chore(deps-dev): bump rich from 14.3.3 to 15.0.0 in /python by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2708 ">langchain-ai/langsmith-sdk#2708</a></li>
<li>feat: Filter kwargs from new token events by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2714 ">langchain-ai/langsmith-sdk#2714</a></li>
<li>release(py): 0.7.31 by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2716 ">langchain-ai/langsmith-sdk#2716</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31 ">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31 </a></p>
<h2>v0.7.30</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(python): add service feature to sandbox by <a
href="https://github.com/DanielKneipp "><code>@DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2665 ">langchain-ai/langsmith-sdk#2665</a></li>
<li>fix(js): Fix prototype pollution bug in anonymizers by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2690 ">langchain-ai/langsmith-sdk#2690</a></li>
<li>release(js): 0.5.18 by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2691 ">langchain-ai/langsmith-sdk#2691</a></li>
<li>chore(js/sandbox): suppress warning log by <a
href="https://github.com/hntrl "><code>@hntrl</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2694 ">langchain-ai/langsmith-sdk#2694</a></li>
<li>feat(js): Add metadata to Claude Agent SDK JS tracing by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2695 ">langchain-ai/langsmith-sdk#2695</a></li>
<li>fix(py): Fix run tree memory leak by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2696 ">langchain-ai/langsmith-sdk#2696</a></li>
<li>release(py): 0.7.30 by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2698 ">langchain-ai/langsmith-sdk#2698</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30 ">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30 </a></p>
<h2>v0.7.29</h2>
<h2>What's Changed</h2>
<ul>
<li>release(js): 0.5.17 by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2681 ">langchain-ai/langsmith-sdk#2681</a></li>
<li>feat(py): Fix race condition around Claude Agent SDK instrumentation
by <a href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2685 ">langchain-ai/langsmith-sdk#2685</a></li>
<li>release(py): 0.7.29 by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2686 ">langchain-ai/langsmith-sdk#2686</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29 ">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29 </a></p>
<h2>v0.7.28</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(py): Support subagent tracing in Claude Agents SDK, fix usage
and duplicate messages by <a
href="https://github.com/jacoblee93 "><code>@jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2670 ">langchain-ai/langsmith-sdk#2670</a></li>
<li>chore(deps-dev): bump the py-minor-and-patch group across 1
directory with 11 updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2677 ">langchain-ai/langsmith-sdk#2677</a></li>
<li>chore(deps-dev): bump the js-minor-and-patch group across 1
directory with 8 updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2667 ">langchain-ai/langsmith-sdk#2667</a></li>
<li>chore(deps): bump pnpm/action-setup from 4 to 5 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2658 ">langchain-ai/langsmith-sdk#2658</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c434999d05 "><code>c434999</code></a>
release(py): 0.7.31 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2716 ">#2716</a>)</li>
<li><a
href="47d7c4a783 "><code>47d7c4a</code></a>
feat: Filter kwargs from new token events (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2714 ">#2714</a>)</li>
<li><a
href="3c57445b54 "><code>3c57445</code></a>
chore(deps-dev): bump rich from 14.3.3 to 15.0.0 in /python (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2708 ">#2708</a>)</li>
<li><a
href="2be6cd01a2 "><code>2be6cd0</code></a>
chore(deps-dev): bump types-psutil from 7.2.2.20260130 to 7.2.2.20260408
in /...</li>
<li><a
href="b8b6ca32d4 "><code>b8b6ca3</code></a>
chore(deps-dev): bump the js-minor-and-patch group across 1 directory
with 7 ...</li>
<li><a
href="9897cb33da "><code>9897cb3</code></a>
chore(deps): bump actions/github-script from 8 to 9 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2706 ">#2706</a>)</li>
<li><a
href="572c018428 "><code>572c018</code></a>
chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.85.0 to
0.86.0 in /js (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2702 ">#2702</a>)</li>
<li><a
href="57447524c8 "><code>5744752</code></a>
chore(deps): bump the py-minor-and-patch group across 1 directory with
10 upd...</li>
<li><a
href="960cae7f49 "><code>960cae7</code></a>
chore(deps): bump pnpm/action-setup from 5 to 6 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2705 ">#2705</a>)</li>
<li><a
href="9370e7670a "><code>9370e76</code></a>
chore(deps-dev): bump types-tqdm from 4.67.3.20260303 to 4.67.3.20260408
in /...</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.13...v0.7.31 ">compare
view</a></li>
</ul>
</details>
<br />
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-17 12:53:51 -06:00
Eugene Yurtsev
c87cd04927
release(core): release 1.3.0 ( #36851 )
...
xRelease 1.3.0
2026-04-17 14:42:01 +00:00
Eugene Yurtsev
af0e174ef7
release(core): 1.3.0a3 ( #36829 )
...
release 1.3.0a3
2026-04-16 15:37:28 -04:00
Eugene Yurtsev
b00646d882
chore(core): keep checkpoint_ns behavior in streaming metadata for backwards compat ( #36828 )
...
minor buglet
2026-04-16 15:17:20 -04:00
Jacob Lee
c04e05feb1
feat(core): Add chat model and LLM invocation params to traceable metadata ( #36771 )
...
Equivalent to: https://github.com/langchain-ai/langchainjs/pull/10711/
---------
Co-authored-by: Eugene Yurtsev <eyurtsev@gmail.com >
2026-04-16 18:30:54 +00:00
ccurme
338aa8131a
fix(core): restore cloud metadata IPs and link-local range in SSRF policy ( #36816 )
2026-04-16 09:15:42 -04:00
Mason Daugherty
7e81d09f2a
chore(deps): bump pytest to 9.0.3 ( #36801 )
...
CVE-2025-71176 (medium severity)
All are dev-only (test dependency group) — no impact on published
packages.
### Why syrupy was also bumped
syrupy 4.x (`<5.0.0`) constrains pytest to `<9.0.0`, blocking the CVE
fix. Widening to `<6.0.0` allows syrupy 5.x which supports pytest 9.x.
2026-04-15 21:46:40 -06:00
ccurme
7d601dc2c6
chore(core): harden private SSRF utilities ( #36768 )
2026-04-15 16:13:20 -04:00
William FH
885f2c2c2d
fix(openai): handle content blocks without type key in responses api conversion ( #36725 )
2026-04-14 15:13:40 -04:00
dependabot[bot]
87ca15da86
chore: bump pytest from 9.0.2 to 9.0.3 in /libs/core ( #36719 )
...
Bumps [pytest](https://github.com/pytest-dev/pytest ) from 9.0.2 to
9.0.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pytest-dev/pytest/releases ">pytest's
releases</a>.</em></p>
<blockquote>
<h2>9.0.3</h2>
<h1>pytest 9.0.3 (2026-04-07)</h1>
<h2>Bug fixes</h2>
<ul>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/12444 ">#12444</a>:
Fixed <code>pytest.approx</code> which now correctly takes into account
<code>~collections.abc.Mapping</code> keys order to compare them.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13634 ">#13634</a>:
Blocking a <code>conftest.py</code> file using the <code>-p no:</code>
option is now explicitly disallowed.</p>
<p>Previously this resulted in an internal assertion failure during
plugin loading.</p>
<p>Pytest now raises a clear <code>UsageError</code> explaining that
conftest files are not plugins and cannot be disabled via
<code>-p</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13734 ">#13734</a>:
Fixed crash when a test raises an exceptiongroup with
<code>__tracebackhide__ = True</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14195 ">#14195</a>:
Fixed an issue where non-string messages passed to <!-- raw HTML omitted
-->unittest.TestCase.subTest()<!-- raw HTML omitted --> were not
printed.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14343 ">#14343</a>:
Fixed use of insecure temporary directory (CVE-2025-71176).</p>
</li>
</ul>
<h2>Improved documentation</h2>
<ul>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13388 ">#13388</a>:
Clarified documentation for <code>-p</code> vs
<code>PYTEST_PLUGINS</code> plugin loading and fixed an incorrect
<code>-p</code> example.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13731 ">#13731</a>:
Clarified that capture fixtures (e.g. <code>capsys</code> and
<code>capfd</code>) take precedence over the <code>-s</code> /
<code>--capture=no</code> command-line options in <code>Accessing
captured output from a test function
<accessing-captured-output></code>.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14088 ">#14088</a>:
Clarified that the default <code>pytest_collection</code> hook sets
<code>session.items</code> before it calls
<code>pytest_collection_finish</code>, not after.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14255 ">#14255</a>:
TOML integer log levels must be quoted: Updating reference
documentation.</li>
</ul>
<h2>Contributor-facing changes</h2>
<ul>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/12689 ">#12689</a>:
The test reports are now published to Codecov from GitHub Actions.
The test statistics is visible <a
href="https://app.codecov.io/gh/pytest-dev/pytest/tests ">on the web
interface</a>.</p>
<p>-- by <code>aleguy02</code></p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a7d58d7a21 "><code>a7d58d7</code></a>
Prepare release version 9.0.3</li>
<li><a
href="089d98199c "><code>089d981</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14366 ">#14366</a>
from bluetech/revert-14193-backport</li>
<li><a
href="8127eaf4ab "><code>8127eaf</code></a>
Revert "Fix: assertrepr_compare respects dict insertion order (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14050 ">#14050</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14193 ">#14193</a>)"</li>
<li><a
href="99a7e6029e "><code>99a7e60</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14363 ">#14363</a>
from pytest-dev/patchback/backports/9.0.x/95d8423bd...</li>
<li><a
href="ddee02a578 "><code>ddee02a</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14343 ">#14343</a>
from bluetech/cve-2025-71176-simple</li>
<li><a
href="74eac6916f "><code>74eac69</code></a>
doc: Update training info (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14298 ">#14298</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14301 ">#14301</a>)</li>
<li><a
href="f92dee777c "><code>f92dee7</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14267 ">#14267</a>
from pytest-dev/patchback/backports/9.0.x/d6fa26c62...</li>
<li><a
href="7ee58acc87 "><code>7ee58ac</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/12378 ">#12378</a>
from Pierre-Sassoulas/fix-implicit-str-concat-and-d...</li>
<li><a
href="37da870d37 "><code>37da870</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14259 ">#14259</a>
from mitre88/patch-4 (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14268 ">#14268</a>)</li>
<li><a
href="c34bfa3b7a "><code>c34bfa3</code></a>
Add explanation for string context diffs (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14257 ">#14257</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14266 ">#14266</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3 ">compare
view</a></li>
</ul>
</details>
<br />
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-14 17:33:13 +00:00
Eugene Yurtsev
8182d6302d
release(core): 1.3.0.a2 ( #36698 )
...
release 1.3.0a2
2026-04-13 10:13:48 -04:00
Jacob Lee
a6eb829701
fix(core): Use reference counting for storing inherited run trees to support garbage collection ( #36660 )
...
When a langsmith `@traceable` function invokes a LangChain Runnable or
LangGraph subgraph, the callback manager's `_configure` function injects
the `@traceable` RunTree into the `LangChainTracer`'s `run_map` so that
child runs can resolve their parent for trace nesting. However, since
the RunTree was created outside the tracer's callback lifecycle,
`_end_trace` never removes it. The entry persists in `run_map`
indefinitely, retaining the full RunTree and its entire child tree.
In applications with nested subgraph invocations (e.g. an outer
investigation graph delegating to skill agent subgraphs, each compiled
as their own `StateGraph`), this causes RunTree objects to accumulate
linearly with every call.
**Fix:** Track which `run_map` entries were injected externally via a
shared `_external_run_ids` refcount dict on `_TracerCore`. When
`_start_trace` adds a child under an external parent, it increments the
count. When `_end_trace` finishes a child, it decrements — and evicts
the external parent from `run_map` once the last child completes.
The refcount (rather than a simple set) is necessary because a single
external parent may have multiple sibling children in the callback chain
(e.g. a `prompt | llm` `RunnableSequence`). Only truly external runs are
tracked — the `_configure` guard `if run_id_str not in handler.run_map`
prevents tracer-managed runs from being misclassified.
2026-04-13 09:50:37 -04:00
Mason Daugherty
cfb16f634f
docs(core): nit ( #36685 )
2026-04-12 12:56:02 -05:00
Eugene Yurtsev
9ee4617fba
release(core): 1.3.0a1 ( #36656 )
...
1.3.0a1 release
2026-04-10 11:58:34 -04:00
Eugene Yurtsev
af4d711a2f
chore(core): reduce streaming metadata / perf ( #36588 )
...
- looking into reducing streaming metadata / perfm
---------
Co-authored-by: William Fu-Hinthorn <13333726+hinthornw@users.noreply.github.com >
2026-04-10 10:47:54 -04:00
Eugene Yurtsev
dd7c3eb3a4
release(core): release 1.2.28 ( #36614 )
...
release 1.27.8
2026-04-08 14:15:50 -04:00
Eugene Yurtsev
af2ed47c6f
fix(core): add more sanitization to templates ( #36612 )
...
add more sanitization to templates
2026-04-08 14:10:10 -04:00
ccurme
6486404116
release(core): 1.2.27 ( #36586 )
2026-04-07 10:52:46 -04:00
ccurme
7629c74726
fix(core): handle symlinks in deprecated prompt save path ( #36585 )
...
Resolve symlinks before validating file extensions in the deprecated
`save()` method on prompt classes.
Credit to Jeff Ponte (@JDP-Security) for reporting the symlink
resolution issue.
2026-04-07 10:45:42 -04:00
Mason Daugherty
555bdfbade
chore: add comment explaining pygments>=2.20.0 ( #36570 )
2026-04-06 15:07:07 -04:00
Mason Daugherty
0a1d290ac2
release(core): 1.2.26 ( #36511 )
2026-04-03 19:27:36 -04:00
Michael Chin
ebecdddb1b
fix(core): add init validator and serialization mappings for Bedrock models ( #34510 )
...
Adds serialization mappings for `ChatBedrockConverse` and `BedrockLLM`
to unblock standard tests on `langchain-core>=1.2.5` (context:
[langchain-aws#821](https://github.com/langchain-ai/langchain-aws/pull/821 )).
Also introduces a class-specific validator system in
`langchain_core.load` that blocks deserialization of AWS Bedrock models
when `endpoint_url` or `base_url` parameters are present, preventing
SSRF attacks via crafted serialized payloads.
Closes #34645
## Changes
- Add `ChatBedrockConverse` and `BedrockLLM` entries to
`SERIALIZABLE_MAPPING` in `mapping.py`, mapping legacy paths to their
`langchain_aws` import locations
- Add `validators.py` with `_bedrock_validator` — rejects
deserialization kwargs containing `endpoint_url` or `base_url` for all
Bedrock-related classes (`ChatBedrock`, `BedrockChat`,
`ChatBedrockConverse`, `ChatAnthropicBedrock`, `BedrockLLM`, `Bedrock`)
- `CLASS_INIT_VALIDATORS` registry covers both serialized (legacy) keys
and resolved import paths from `ALL_SERIALIZABLE_MAPPINGS`, preventing
bypass via direct-path payloads
- Move kwargs extraction and all validator checks
(`CLASS_INIT_VALIDATORS` + `init_validator`) in `Reviver.__call__` to
run **before** `importlib.import_module()` — fail fast on security
violations before executing third-party code
- Class-specific validators are independent of `init_validator` and
cannot be disabled by passing `init_validator=None`
## Testing
- `test_validator_registry_keys_in_serializable_mapping` — structural
invariant test ensuring every `CLASS_INIT_VALIDATORS` key exists in
`ALL_SERIALIZABLE_MAPPINGS`
- 10 end-to-end `load()` tests covering all Bedrock class paths (legacy
aliases, resolved import paths, `ChatAnthropicBedrock`,
`init_validator=None` bypass attempt)
- Unit tests for `_bedrock_validator` covering `endpoint_url`,
`base_url`, both params, and safe kwargs
---------
Co-authored-by: Mason Daugherty <mason@langchain.dev >
Co-authored-by: Mason Daugherty <github@mdrxy.com >
2026-04-03 19:22:39 -04:00
Mason Daugherty
e94cd41fee
feat(core): add ChatBaseten to serializable mapping ( #36510 )
...
Register `ChatBaseten` from `langchain_baseten` in the core
serialization mapping so it can round-trip through `loads`/`dumps`.
Without this entry, serialized `ChatBaseten` objects fail to
deserialize.
2026-04-03 18:46:58 -04:00
Mason Daugherty
aec6d42d10
chore(core): drop gpt-3.5-turbo from docstrings ( #36497 )
2026-04-03 10:53:33 -04:00
Ujjwal Reddy K S
d1529dd0bc
fix(core): correct parameter names in filter_messages docstring example ( #36462 )
2026-04-03 09:10:17 -04:00
ccurme
e89afedfec
release(core): 1.2.25 ( #36473 )
2026-04-02 18:36:14 -04:00
ccurme
0b5f2c08ee
fix(core): harden check for txt files in deprecated prompt loading functions ( #36471 )
2026-04-02 16:42:48 -04:00
jasiecky
c9f51aef85
fix(core): fixed typos in the documentation ( #36459 )
...
Fixes #36458
Fixed typos in the documentation in the core module.
2026-04-02 11:32:12 -04:00
ccurme
b3dff4a04c
release(core): 1.2.24 ( #36434 )
2026-04-01 15:57:16 -04:00
ccurme
bdfd4462ac
feat(core): impute placeholder filenames for OpenAI file inputs ( #36433 )
2026-04-01 14:41:53 -04:00
John Kennedy
0f4f3f74c8
chore: pygments>=2.20.0 across all packages (CVE-2026-4539) ( #36385 )
...
## Summary
Bumps `pygments` to `>=2.20.0` across all 21 affected packages to
address [CVE-2026-4539](https://github.com/advisories/GHSA-XXXX ) — ReDoS
via inefficient GUID regex in Pygments.
- **Severity:** Low
- **Fixed in:** 2.20.0 (was 2.19.2)
- **Change:** Added `pygments>=2.20.0` to `constraint-dependencies` in
`[tool.uv]` for each package, then ran `uv lock --upgrade-package
pygments` to regenerate lock files.
Closes Dependabot alerts #3435–#3455.
## Release Note
Patch deps
### Test Plan
- [x] CI Green 🙏
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-03-30 23:26:59 -04:00
Weiguang Li
e6c1b29e80
fix(core): add "computer" to _WellKnownOpenAITools ( #36261 )
2026-03-29 08:54:42 -04:00
ccurme
d48364130d
release(core): 1.2.23 ( #36323 )
2026-03-27 19:25:21 -04:00