mirror of
https://github.com/hwchase17/langchain.git
synced 2026-07-01 22:59:06 +00:00
2e9665ec66d683ba86633038e62a04565db207b4
239 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
|
3a2faa2855 |
chore: bump pytest from 9.1.0 to 9.1.1 in /libs/text-splitters (#38299)
Bumps [pytest](https://github.com/pytest-dev/pytest) from 9.1.0 to 9.1.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pytest-dev/pytest/releases">pytest's releases</a>.</em></p> <blockquote> <h2>9.1.1</h2> <h1>pytest 9.1.1 (2026-06-19)</h1> <h2>Bug fixes</h2> <ul> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/14220">#14220</a>: Fixed a logic bug in <code>pytest.RaisesGroup</code> which would might cause it to display incorrect "It matches <!-- raw HTML omitted -->FooError()<!-- raw HTML omitted --> which was paired with <!-- raw HTML omitted -->BarError<!-- raw HTML omitted -->" messages.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/14591">#14591</a>: Fixed a regression in pytest 9.1.0 which caused overriding a parametrized fixture with an indirect <!-- raw HTML omitted --><a href="https://github.com/pytest"><code>@pytest</code></a>.mark.parametrize<!-- raw HTML omitted --> to fail with "duplicate parametrization of '<fixture name>'".</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/14606">#14606</a>: Fixed <code>list-item</code> typing errors from mypy in <code>@pytest.mark.parametrize <pytest.mark.parametrize ref></code> <code>argvalues</code> parameter.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/14608">#14608</a>: Fixed a regression in pytest 9.1.0 where <code>conftest.py</code> files located in <code><invocation dir>/test*</code> were no longer loaded as initial conftests when invoked without arguments. This could cause certain hooks (like <code>pytest_addoption</code>) in these files to not fire.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
a4e5bd680a |
chore: bump jupyterlab from 4.5.7 to 4.5.9 in /libs/text-splitters (#38296)
Bumps [jupyterlab](https://github.com/jupyterlab/jupyterlab) from 4.5.7 to 4.5.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jupyterlab/jupyterlab/releases">jupyterlab's releases</a>.</em></p> <blockquote> <h2>v4.5.9</h2> <h2>4.5.9</h2> <p>(<a href="https://github.com/jupyterlab/jupyterlab/compare/v4.5.8...26936727d7f197bab4f314ca50690cd162d50312">Full Changelog</a>)</p> <h3>Bugs fixed</h3> <ul> <li>Fix <code>jupyter labextension build</code> crash on <code>webpack ≥ 5.107</code> <a href="https://redirect.github.com/jupyterlab/jupyterlab/pull/19021">#19021</a> (<a href="https://github.com/Darshan808"><code>@Darshan808</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Backport PR <a href="https://redirect.github.com/jupyterlab/jupyterlab/issues/18992">#18992</a>: Fix hidden cells after moving collapsed headings <a href="https://redirect.github.com/jupyterlab/jupyterlab/pull/19016">#19016</a> (<a href="https://github.com/MUFFANUJ"><code>@MUFFANUJ</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Forbid relative URLs in extensionmanager <a href="https://redirect.github.com/jupyterlab/jupyterlab/pull/19013">#19013</a> (<a href="https://github.com/Yann-P"><code>@Yann-P</code></a>)</li> <li>Fix XSS in extension manager's <code>homepage_url</code> <a href="https://redirect.github.com/jupyterlab/jupyterlab/pull/19003">#19003</a> (<a href="https://github.com/Yann-P"><code>@Yann-P</code></a>)</li> <li>Fix toolbar popup row clipping in Safari <a href="https://redirect.github.com/jupyterlab/jupyterlab/pull/18998">#18998</a> (<a href="https://github.com/arun-357"><code>@arun-357</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyterlab/jupyterlab/graphs/contributors?from=2026-06-04&to=2026-06-17&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/arun-357"><code>@arun-357</code></a> (<a href="https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3Aarun-357+updated%3A2026-06-04..2026-06-17&type=Issues">activity</a>) | <a href="https://github.com/Darshan808"><code>@Darshan808</code></a> (<a href="https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3ADarshan808+updated%3A2026-06-04..2026-06-17&type=Issues">activity</a>) | <a href="https://github.com/krassowski"><code>@krassowski</code></a> (<a href="https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3Akrassowski+updated%3A2026-06-04..2026-06-17&type=Issues">activity</a>) | <a href="https://github.com/MUFFANUJ"><code>@MUFFANUJ</code></a> (<a href="https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3AMUFFANUJ+updated%3A2026-06-04..2026-06-17&type=Issues">activity</a>) | <a href="https://github.com/Yann-P"><code>@Yann-P</code></a> (<a href="https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3AYann-P+updated%3A2026-06-04..2026-06-17&type=Issues">activity</a>)</p> <h2>v4.5.8</h2> <h2>4.5.8</h2> <p>(<a href="https://github.com/jupyterlab/jupyterlab/compare/v4.5.7...8d30d481fbab784096e04d85dfa3b0c36e77be2c">Full Changelog</a>)</p> <h3>Bugs fixed</h3> <ul> <li>Prevent dialog from hanging when <code>getValue()</code> throws <a href="https://redirect.github.com/jupyterlab/jupyterlab/pull/18938">#18938</a> (<a href="https://github.com/AliMahmoudDev"><code>@AliMahmoudDev</code></a>)</li> <li>Add <code>packaging</code> min version pin <a href="https://redirect.github.com/jupyterlab/jupyterlab/pull/18910">#18910</a> (<a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Use CSS <code>anchor</code> for prompt overlay <a href="https://redirect.github.com/jupyterlab/jupyterlab/pull/18840">#18840</a> (<a href="https://github.com/CrafterKolyan"><code>@CrafterKolyan</code></a>)</li> </ul> <h3>Maintenance and upkeep improvements</h3> <ul> <li>Fix completer test failures on CI <a href="https://redirect.github.com/jupyterlab/jupyterlab/pull/18946">#18946</a> (<a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Bump license webpack plugin <a href="https://redirect.github.com/jupyterlab/jupyterlab/pull/18929">#18929</a> (<a href="https://github.com/Darshan808"><code>@Darshan808</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyterlab/jupyterlab/graphs/contributors?from=2026-04-29&to=2026-06-04&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/AliMahmoudDev"><code>@AliMahmoudDev</code></a> (<a href="https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3AAliMahmoudDev+updated%3A2026-04-29..2026-06-04&type=Issues">activity</a>) | <a href="https://github.com/CrafterKolyan"><code>@CrafterKolyan</code></a> (<a href="https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3ACrafterKolyan+updated%3A2026-04-29..2026-06-04&type=Issues">activity</a>) | <a href="https://github.com/Darshan808"><code>@Darshan808</code></a> (<a href="https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3ADarshan808+updated%3A2026-04-29..2026-06-04&type=Issues">activity</a>) | <a href="https://github.com/krassowski"><code>@krassowski</code></a> (<a href="https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3Akrassowski+updated%3A2026-04-29..2026-06-04&type=Issues">activity</a>)</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
36b6c57bd6 |
chore: bump langsmith from 0.8.5 to 0.8.18 in /libs/text-splitters (#38301)
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from 0.8.5 to 0.8.18. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's releases</a>.</em></p> <blockquote> <h2>v0.8.18</h2> <h2>What's Changed</h2> <ul> <li>chore(deps-dev): bump vitest from 3.2.4 to 3.2.6 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3002">langchain-ai/langsmith-sdk#3002</a></li> <li>chore(deps): bump pyjwt from 2.12.1 to 2.13.0 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3030">langchain-ai/langsmith-sdk#3030</a></li> <li>chore(deps): bump python-multipart from 0.0.27 to 0.0.31 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3036">langchain-ai/langsmith-sdk#3036</a></li> <li>chore(deps): bump aiohttp from 3.14.0 to 3.14.1 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3037">langchain-ai/langsmith-sdk#3037</a></li> <li>chore(deps): bump cryptography from 46.0.7 to 48.0.1 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3038">langchain-ai/langsmith-sdk#3038</a></li> <li>chore(deps): bump starlette from 1.0.1 to 1.3.1 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3039">langchain-ai/langsmith-sdk#3039</a></li> <li>chore(deps-dev): bump langchain-anthropic from 1.4.4 to 1.4.6 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3044">langchain-ai/langsmith-sdk#3044</a></li> <li>chore(deps): bump the npm_and_yarn group across 4 directories with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3046">langchain-ai/langsmith-sdk#3046</a></li> <li>chore(deps): bump the npm_and_yarn group across 2 directories with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3060">langchain-ai/langsmith-sdk#3060</a></li> <li>test(python): fix integration assertions for updated attachment error message by <a href="https://github.com/QuentinBrosse"><code>@QuentinBrosse</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3061">langchain-ai/langsmith-sdk#3061</a></li> <li>chore: reconcile bumpversion config and mandate release process for agents by <a href="https://github.com/QuentinBrosse"><code>@QuentinBrosse</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3062">langchain-ai/langsmith-sdk#3062</a></li> <li>release(py): 0.8.18 by <a href="https://github.com/QuentinBrosse"><code>@QuentinBrosse</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3063">langchain-ai/langsmith-sdk#3063</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.17...v0.8.18">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.17...v0.8.18</a></p> <h2>v0.8.17</h2> <h2>What's Changed</h2> <ul> <li>feat: expose the resources from the generated openapi client in the langsmith client by <a href="https://github.com/sineha-mani"><code>@sineha-mani</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3018">langchain-ai/langsmith-sdk#3018</a></li> <li>feat(js): port <code>isTracingEnabled</code> utility from Python by <a href="https://github.com/dqbd"><code>@dqbd</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3032">langchain-ai/langsmith-sdk#3032</a></li> <li>Add sandbox mount support to JS SDK by <a href="https://github.com/DanielKneipp"><code>@DanielKneipp</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3010">langchain-ai/langsmith-sdk#3010</a></li> <li>release(js): bump to 0.7.9 by <a href="https://github.com/dqbd"><code>@dqbd</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3035">langchain-ai/langsmith-sdk#3035</a></li> <li>Add sandbox mount support to Python SDK by <a href="https://github.com/DanielKneipp"><code>@DanielKneipp</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3009">langchain-ai/langsmith-sdk#3009</a></li> <li>docs: note that _openapi_client directories are auto-generated by <a href="https://github.com/KiewanVillatel"><code>@KiewanVillatel</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3034">langchain-ai/langsmith-sdk#3034</a></li> <li>fix: update JS SDK type declarations with skipLibCheck disabled by <a href="https://github.com/sineha-mani"><code>@sineha-mani</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3043">langchain-ai/langsmith-sdk#3043</a></li> <li>release(js): 0.7.10 by <a href="https://github.com/dqbd"><code>@dqbd</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3045">langchain-ai/langsmith-sdk#3045</a></li> <li>feat: adding python async for online evals by <a href="https://github.com/sineha-mani"><code>@sineha-mani</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3048">langchain-ai/langsmith-sdk#3048</a></li> <li>Add sandbox Git mount SDK helpers by <a href="https://github.com/DanielKneipp"><code>@DanielKneipp</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3040">langchain-ai/langsmith-sdk#3040</a></li> <li>fix: use insights tab in sdk report links [closes LSO-2936] by <a href="https://github.com/eric-langchain"><code>@eric-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3050">langchain-ai/langsmith-sdk#3050</a></li> <li>feat(client): warn when backend version is below minimum required by <a href="https://github.com/KiewanVillatel"><code>@KiewanVillatel</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3041">langchain-ai/langsmith-sdk#3041</a></li> <li>chore: bump _MIN_BACKEND_VERSION to 0.16.5rc1 by <a href="https://github.com/langtions-bot"><code>@langtions-bot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3053">langchain-ai/langsmith-sdk#3053</a></li> <li>fix(sandbox): use built-in gcp auth host matching by <a href="https://github.com/DanielKneipp"><code>@DanielKneipp</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3055">langchain-ai/langsmith-sdk#3055</a></li> <li>chore(python): py to 0.8.17 by <a href="https://github.com/sineha-mani"><code>@sineha-mani</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3056">langchain-ai/langsmith-sdk#3056</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/sineha-mani"><code>@sineha-mani</code></a> made their first contribution in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3018">langchain-ai/langsmith-sdk#3018</a></li> <li><a href="https://github.com/eric-langchain"><code>@eric-langchain</code></a> made their first contribution in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3050">langchain-ai/langsmith-sdk#3050</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.16...v0.8.17">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.16...v0.8.17</a></p> <h2>v0.8.16</h2> <h2>What's Changed</h2> <ul> <li>feat(py): add sync/async conversion for Sandbox and SandboxClient [INF-0000] by <a href="https://github.com/ramon-langchain"><code>@ramon-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3019">langchain-ai/langsmith-sdk#3019</a></li> <li>fix(experiments): extract keys from wrapped evaluator function by <a href="https://github.com/shamikkarkhanis"><code>@shamikkarkhanis</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3014">langchain-ai/langsmith-sdk#3014</a></li> <li>chore: repoint <a href="mailto:support@langchain.dev">support@langchain.dev</a> mentions to the Support Portal by <a href="https://github.com/lutan-langchain"><code>@lutan-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3024">langchain-ai/langsmith-sdk#3024</a></li> <li>fix(python): derive create_child run id from start_time [LSDK-220] by <a href="https://github.com/harisaiharish"><code>@harisaiharish</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3027">langchain-ai/langsmith-sdk#3027</a></li> <li>chore: sync langsmith_api by <a href="https://github.com/langtions-bot"><code>@langtions-bot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3020">langchain-ai/langsmith-sdk#3020</a></li> <li>chore: js to 0.7.8 and py to 0.8.16 by <a href="https://github.com/shamikkarkhanis"><code>@shamikkarkhanis</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3029">langchain-ai/langsmith-sdk#3029</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
612139f3af |
chore: bump tornado from 6.5.6 to 6.5.7 in /libs/text-splitters (#38175)
Bumps [tornado](https://github.com/tornadoweb/tornado) from 6.5.6 to 6.5.7. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst">tornado's changelog</a>.</em></p> <blockquote> <h1>Release notes</h1> <p>.. toctree:: :maxdepth: 2</p> <p>releases/v6.5.7 releases/v6.5.6 releases/v6.5.5 releases/v6.5.4 releases/v6.5.3 releases/v6.5.2 releases/v6.5.1 releases/v6.5.0 releases/v6.4.2 releases/v6.4.1 releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
f368854ec3 |
chore: bump bleach from 6.2.0 to 6.4.0 in /libs/text-splitters (#38195)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [bleach](https://github.com/mozilla/bleach) from 6.2.0 to 6.4.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/mozilla/bleach/blob/main/CHANGES">bleach's changelog</a>.</em></p> <blockquote> <h2>Version 6.4.0 (June 5th, 2026)</h2> <p><strong>NOTE: 2026-06-05: Bleach is no longer maintained. There will be no future releases including for security issues.</strong> See issue: <code><https://github.com/mozilla/bleach/issues/698></code>__</p> <p><strong>Backwards incompatible changes</strong></p> <ul> <li>Dropped support for pypy 3.10. (<a href="https://redirect.github.com/mozilla/bleach/issues/764">#764</a>)</li> </ul> <p><strong>Security fixes</strong></p> <ul> <li> <p>Fix bug 2023812 / GHSA-8rfp-98v4-mmr6.</p> <p>Fix XSS issue with sanitize_uri_value where disallowed schemes with Unicode invisible characters wouldn't be rejected.</p> <p>For example::</p> <p>import bleach payload1 = '<!-- raw HTML omitted -->Click<!-- raw HTML omitted -->' result1 = bleach.clean(payload1) print(repr(result1))</p> <p>outputs::</p> <p>'<!-- raw HTML omitted -->Click<!-- raw HTML omitted -->'</p> <p>See the advisory for details.</p> </li> <li> <p>Fix GHSA-gj48-438w-jh9v.</p> <p>Fix issue where URI sanitization wasn't happening in formaction attributes.</p> <p>See the advisory for details.</p> </li> </ul> <p><strong>Bug fixes</strong></p> <ul> <li> <p>Add support for pypy 3.11. (<a href="https://redirect.github.com/mozilla/bleach/issues/764">#764</a>)</p> </li> <li> <p>Drop version max in tinycss2 pin. (<a href="https://redirect.github.com/mozilla/bleach/issues/772">#772</a>)</p> <p>This removes one of the things we had to keep checking and updating. Users now own the responsibility for correctness with the version of tinycss2 they're using.</p> </li> </ul> <h2>Version 6.3.0 (October 27th, 2025)</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
b856e33eb6 |
chore: bump torch from 2.9.1 to 2.12.1 in /libs/text-splitters (#38231)
Bumps [torch](https://github.com/pytorch/pytorch) from 2.9.1 to 2.12.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pytorch/pytorch/releases">torch's releases</a>.</em></p> <blockquote> <h2>PyTorch 2.12.1 Release, bug fix release</h2> <p>This release is meant to fix the following regressions and silent correctness issues:</p> <h2>Regression fixes</h2> <ul> <li>Fix nondeterministic outputs in test_batch_invariance with FLASH_ATTN on NVIDIA B200 GPUs (<a href="https://redirect.github.com/pytorch/pytorch/issues/181248">#181248</a>), fixed by updating Triton to 3.7.1 (<a href="https://redirect.github.com/pytorch/pytorch/pull/186814">#186814</a>)</li> <li>Fix illegal memory access in the Triton convolution2d_bwd_weight kernel on B100/B200 (sm100) GPUs (<a href="https://redirect.github.com/pytorch/pytorch/issues/187081">#187081</a>), fixed by updating Triton to 3.7.1 (<a href="https://redirect.github.com/pytorch/pytorch/pull/186814">#186814</a>)</li> <li>Fix fill_ on byte-dtype views with misaligned storage offset (<a href="https://redirect.github.com/pytorch/pytorch/pull/186821">#186821</a>)</li> </ul> <h2>Releng / Build</h2> <ul> <li>Drop CPython 3.13t from the binary build matrix (<a href="https://redirect.github.com/pytorch/pytorch/pull/182951">#182951</a>)</li> </ul> <h1>PyTorch 2.12.0 Release Notes</h1> <ul> <li><a href="https://github.com/pytorch/pytorch/blob/HEAD/#highlights">Highlights</a></li> <li><a href="https://github.com/pytorch/pytorch/blob/HEAD/#backwards-incompatible-changes">Backwards Incompatible Changes</a></li> <li><a href="https://github.com/pytorch/pytorch/blob/HEAD/#deprecations">Deprecations</a></li> <li><a href="https://github.com/pytorch/pytorch/blob/HEAD/#new-features">New Features</a></li> <li><a href="https://github.com/pytorch/pytorch/blob/HEAD/#improvements">Improvements</a></li> <li><a href="https://github.com/pytorch/pytorch/blob/HEAD/#bug-fixes">Bug fixes</a></li> <li><a href="https://github.com/pytorch/pytorch/blob/HEAD/#performance">Performance</a></li> <li><a href="https://github.com/pytorch/pytorch/blob/HEAD/#documentation">Documentation</a></li> <li><a href="https://github.com/pytorch/pytorch/blob/HEAD/#developers">Developers</a></li> <li><a href="https://github.com/pytorch/pytorch/blob/HEAD/#security">Security</a></li> </ul> <h1>Highlights</h1> <!-- raw HTML omitted --> <p>For more details about these highlighted features, you can look at the release blogpost. Below are the full release notes for this release.</p> <h1>Backwards Incompatible Changes</h1> <h2>Build Frontend</h2> <ul> <li> <p>Strengthened SVE compile checks in <code>FindARM.cmake</code>, which may reject previously accepted but incorrect SVE configurations (<a href="https://redirect.github.com/pytorch/pytorch/pull/176646">#176646</a>)</p> <p>Source builds that enable SVE now validate the compiler configuration more strictly. If a build previously passed with an incomplete or mismatched SVE setup, it may now fail during CMake configuration instead of later in compilation. Update the compiler/toolchain flags so they accurately describe the target SVE support, or disable SVE for that build.</p> </li> <li> <p>Updated the minimum CUDA version required to build PyTorch from source to CUDA 12.6 (<a href="https://redirect.github.com/pytorch/pytorch/pull/178925">#178925</a>)</p> <p>Building PyTorch from source with CUDA versions older than 12.6 is no longer supported. Users building custom binaries should install CUDA 12.6 or newer and make sure <code>CUDA_HOME</code> points to that installation.</p> <p>Version 2.11:</p> <pre lang="bash"><code>CUDA_HOME=/usr/local/cuda-12.4 python setup.py develop </code></pre> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
ff4a32fb01 |
chore: bump pytest from 9.0.3 to 9.1.0 in /libs/text-splitters (#38232)
Bumps [pytest](https://github.com/pytest-dev/pytest) from 9.0.3 to 9.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pytest-dev/pytest/releases">pytest's releases</a>.</em></p> <blockquote> <h2>9.1.0</h2> <h1>pytest 9.1.0 (2026-06-13)</h1> <h2>Removals and backward incompatible breaking changes</h2> <ul> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/14533">#14533</a>: When using <code>--doctest-modules</code>, autouse fixtures with <code>module</code>, <code>package</code> or <code>session</code> scope that are defined inline in Python test modules (not plugins or conftests) will now possibly execute twice.</p> <p>If this is undesirable, move the fixture definition to a <code>conftest.py</code> file if possible.</p> <p>Technical explanation for those interested: When using <!-- raw HTML omitted -->--doctest-modules<!-- raw HTML omitted -->, pytest possibly collects Python modules twice, once as <code>pytest.Module</code> and once as a <code>DoctestModule</code> (depending on the configuration). Due to improvements in pytest's fixture implementation, if e.g. the <code>DoctestModule</code> collects a fixture, it is now visible to it only, and not to the <code>Module</code>. This means that both need to register the fixtures independently.</p> </li> </ul> <h2>Deprecations (removal in next major release)</h2> <ul> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/10819">#10819</a>: Added a deprecation warning for class-scoped fixtures defined as instance methods (without <code>@classmethod</code>). Such fixtures set attributes on a different instance than the test methods use, leading to unexpected behavior. Use <code>@classmethod</code> decorator instead -- by <code>yastcher</code>.</p> <p>See <code>10819</code> and <code>14011</code>.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/12882">#12882</a>: Calling <code>request.getfixturevalue() <pytest.FixtureRequest.getfixturevalue></code> during teardown to request a fixture that was not already requested is now deprecated and will become an error in pytest 10.</p> <p>See <code>dynamic-fixture-request-during-teardown</code> for details.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13409">#13409</a>: Using non-<code>~collections.abc.Collection</code> iterables (such as generators, iterators, or custom iterable objects) for the <code>argvalues</code> parameter in <code>@pytest.mark.parametrize <pytest.mark.parametrize ref></code> and <code>metafunc.parametrize <pytest.Metafunc.parametrize></code> is now deprecated.</p> <p>These iterables get exhausted after the first iteration, leading to tests getting unexpectedly skipped in cases such as running <code>pytest.main()</code> multiple times, using class-level parametrize decorators, or collecting tests multiple times.</p> <p>See <code>parametrize-iterators</code> for details and suggestions.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13946">#13946</a>: The private <code>config.inicfg</code> attribute is now deprecated. Use <code>config.getini() <pytest.Config.getini></code> to access configuration values instead.</p> <p>See <code>config-inicfg</code> for more details.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/14004">#14004</a>: Passing <code>baseid</code> to <code>~pytest.FixtureDef</code> or <code>nodeid</code> strings to fixture registration APIs is now deprecated. These are internal pytest APIs that are used by some plugins.</p> <p>Use the <code>node</code> parameter instead for fixture scoping. This enables more robust node-based matching instead of string prefix matching. If you've used <code>nodeid=None</code>, pass <code>node=session</code> instead.</p> <p>This will be removed in pytest 10.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/14335">#14335</a>: The method of configuring hooks using markers, deprecated since pytest 7.2, is now scheduled to be removed in pytest 10. See <code>hook-markers</code> for more details.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/14434">#14434</a>: The <code>--pastebin</code> option is now deprecated.</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
1137d2dc09 |
chore: bump jupyter-server from 2.18.0 to 2.20.0 in /libs/text-splitters (#38250)
Bumps [jupyter-server](https://github.com/jupyter-server/jupyter_server) from 2.18.0 to 2.20.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jupyter-server/jupyter_server/releases">jupyter-server's releases</a>.</em></p> <blockquote> <h2>v2.20.0</h2> <h2>2.20.0</h2> <p>(<a href="https://github.com/jupyter-server/jupyter_server/compare/v2.19.0...333e700119ee0bcc0b5fcd4c158213d7c275c778">Full Changelog</a>)</p> <h3>Security fixes</h3> <ul> <li>CVE-2026-44727 <a href="https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-fcw5-x6j4-ccmp">GHSA-fcw5-x6j4-ccmp</a></li> </ul> <h3>Enhancements made</h3> <ul> <li>Fix confusing terminal output when using ServerApp.ip=0.0.0.0 <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1643">#1643</a> (<a href="https://github.com/Yann-P"><code>@Yann-P</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>Add a toggle to enable curve encryption for all kernels that support it <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1638">#1638</a> (<a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/ianthomas23"><code>@ianthomas23</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> </ul> <h3>Bugs fixed</h3> <ul> <li>Grab the port from <code>bind_sockets</code> in case its different <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1651">#1651</a> (<a href="https://github.com/choldgraf"><code>@choldgraf</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> </ul> <h3>Maintenance and upkeep improvements</h3> <ul> <li>Fix <code>test_authorizer</code> having a spurious comma in params <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1664">#1664</a> (<a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Add a reminder to merge GHSA before release <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1659">#1659</a> (<a href="https://github.com/Yann-P"><code>@Yann-P</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Exclude problematic <code>pywinpty</code> 3.0.4 version <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1658">#1658</a> (<a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>ci: explicitly pass base-setup inputs to fix strict validation failures <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1626">#1626</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/Copilot"><code>@Copilot</code></a>)</li> </ul> <h3>Documentation improvements</h3> <ul> <li>Align docs for curve encryption with latest JEP version <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1660">#1660</a> (<a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Remove PGP key from docs <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1653">#1653</a> (<a href="https://github.com/Yann-P"><code>@Yann-P</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter-server/jupyter_server/graphs/contributors?from=2026-05-29&to=2026-06-17&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/Carreau"><code>@Carreau</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3ACarreau+updated%3A2026-05-29..2026-06-17&type=Issues">activity</a>) | <a href="https://github.com/choldgraf"><code>@choldgraf</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3Acholdgraf+updated%3A2026-05-29..2026-06-17&type=Issues">activity</a>) | <a href="https://github.com/Copilot"><code>@Copilot</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3ACopilot+updated%3A2026-05-29..2026-06-17&type=Issues">activity</a>) | <a href="https://github.com/ianthomas23"><code>@ianthomas23</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3Aianthomas23+updated%3A2026-05-29..2026-06-17&type=Issues">activity</a>) | <a href="https://github.com/krassowski"><code>@krassowski</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3Akrassowski+updated%3A2026-05-29..2026-06-17&type=Issues">activity</a>) | <a href="https://github.com/minrk"><code>@minrk</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3Aminrk+updated%3A2026-05-29..2026-06-17&type=Issues">activity</a>) | <a href="https://github.com/Yann-P"><code>@Yann-P</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3AYann-P+updated%3A2026-05-29..2026-06-17&type=Issues">activity</a>)</p> <h2>v2.19.0</h2> <h2>2.19.0</h2> <p>(<a href="https://github.com/jupyter-server/jupyter_server/compare/v2.18.2...664e2255c71efe963f397b9f803dbcf503b5a920">Full Changelog</a>)</p> <h3>Enhancements made</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jupyter-server/jupyter_server/blob/main/CHANGELOG.md">jupyter-server's changelog</a>.</em></p> <blockquote> <h2>2.20.0</h2> <p>(<a href="https://github.com/jupyter-server/jupyter_server/compare/v2.19.0...333e700119ee0bcc0b5fcd4c158213d7c275c778">Full Changelog</a>)</p> <h3>Enhancements made</h3> <ul> <li>Fix confusing terminal output when using ServerApp.ip=0.0.0.0 <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1643">#1643</a> (<a href="https://github.com/Yann-P"><code>@Yann-P</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>Add a toggle to enable curve encryption for all kernels that support it <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1638">#1638</a> (<a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/ianthomas23"><code>@ianthomas23</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> </ul> <h3>Bugs fixed</h3> <ul> <li>Grab the port from <code>bind_sockets</code> in case its different <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1651">#1651</a> (<a href="https://github.com/choldgraf"><code>@choldgraf</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> </ul> <h3>Maintenance and upkeep improvements</h3> <ul> <li>Fix <code>test_authorizer</code> having a spurious comma in params <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1664">#1664</a> (<a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Add a reminder to merge GHSA before release <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1659">#1659</a> (<a href="https://github.com/Yann-P"><code>@Yann-P</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Exclude problematic <code>pywinpty</code> 3.0.4 version <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1658">#1658</a> (<a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>ci: explicitly pass base-setup inputs to fix strict validation failures <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1626">#1626</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/Copilot"><code>@Copilot</code></a>)</li> </ul> <h3>Documentation improvements</h3> <ul> <li>Align docs for curve encryption with latest JEP version <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1660">#1660</a> (<a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Remove PGP key from docs <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1653">#1653</a> (<a href="https://github.com/Yann-P"><code>@Yann-P</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter-server/jupyter_server/graphs/contributors?from=2026-05-29&to=2026-06-17&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/Carreau"><code>@Carreau</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3ACarreau+updated%3A2026-05-29..2026-06-17&type=Issues">activity</a>) | <a href="https://github.com/choldgraf"><code>@choldgraf</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3Acholdgraf+updated%3A2026-05-29..2026-06-17&type=Issues">activity</a>) | <a href="https://github.com/Copilot"><code>@Copilot</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3ACopilot+updated%3A2026-05-29..2026-06-17&type=Issues">activity</a>) | <a href="https://github.com/ianthomas23"><code>@ianthomas23</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3Aianthomas23+updated%3A2026-05-29..2026-06-17&type=Issues">activity</a>) | <a href="https://github.com/krassowski"><code>@krassowski</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3Akrassowski+updated%3A2026-05-29..2026-06-17&type=Issues">activity</a>) | <a href="https://github.com/minrk"><code>@minrk</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3Aminrk+updated%3A2026-05-29..2026-06-17&type=Issues">activity</a>) | <a href="https://github.com/Yann-P"><code>@Yann-P</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter-server%2Fjupyter_server+involves%3AYann-P+updated%3A2026-05-29..2026-06-17&type=Issues">activity</a>)</p> <!-- raw HTML omitted --> <h2>2.19.0</h2> <p>(<a href="https://github.com/jupyter-server/jupyter_server/compare/v2.18.2...664e2255c71efe963f397b9f803dbcf503b5a920">Full Changelog</a>)</p> <h3>Enhancements made</h3> <ul> <li>Return <code>unresolved</code> stanza when kernel scope is unavailable for <code>resolvePath</code> (instead of failing with 404) <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1641">#1641</a> (<a href="https://github.com/MUFFANUJ"><code>@MUFFANUJ</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> </ul> <h3>Bugs fixed</h3> <ul> <li>Recreate notary store on failure to prevent save deadlock and data loss <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1640">#1640</a> (<a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> </ul> <h3>Maintenance and upkeep improvements</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
63cc1f4e7d |
docs: refresh README installation and resources (#38119)
README installation examples now use `uv add` consistently, matching the repo's `uv`-based Python workflow. The top-level README also gets a cleaner quickstart and resource section with current links for docs, community, learning, and contribution guidance. ## Changes - Replaced `pip install` snippets with `uv add` across package quick install docs, including the Hugging Face extras and `sentence-transformers` upgrade examples. - Updated the top-level quickstart to show only `uv add langchain` and refreshed the example model to `openai:gpt-5.5`. - Pointed the LangGraph orchestration link at the LangGraph GitHub repository. - Consolidated top-level documentation and additional-resource links under a single `Resources` section covering docs, ecosystem overview, API reference, discussions, Academy, contributing, and the Code of Conduct. - Added LangChain Academy and Code of Conduct links to package README resource sections. |
||
|
|
f8fef83dc8 |
chore: bump tornado from 6.5.5 to 6.5.6 in /libs/text-splitters (#38112)
Bumps [tornado](https://github.com/tornadoweb/tornado) from 6.5.5 to 6.5.6. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst">tornado's changelog</a>.</em></p> <blockquote> <h1>Release notes</h1> <p>.. toctree:: :maxdepth: 2</p> <p>releases/v6.5.7 releases/v6.5.6 releases/v6.5.5 releases/v6.5.4 releases/v6.5.3 releases/v6.5.2 releases/v6.5.1 releases/v6.5.0 releases/v6.4.2 releases/v6.4.1 releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
4108c0738c |
release(core): 1.4.7 (#38111)
Bumps `langchain-core` to `1.4.7` for the next patch release and updates downstream minimum `langchain-core` requirements so package locks resolve against the new core version. This also refreshes the runnable snapshots that embed `lc_versions` metadata so the version consistency check continues to validate checked-in artifacts. Validated with `python libs/core/scripts/check_version.py`, `uv lock --check` across package lockfiles, and the core runnable tests that own the updated snapshots with local LangSmith tracing env disabled. |
||
|
|
05cc55f1bc | release(core): 1.4.6 (#38061) | ||
|
|
1de100f278 |
chore(infra): bump mypy to 2.1 and unify type-check config across the monorepo (#36470)
Originally a narrow bump of mypy to `1.20` in four packages. Expanded to get the whole monorepo onto a single, current mypy and a consistent type-check configuration, so contributors no longer hit different mypy versions and divergent behavior depending on which package they touch. ### What changed - **Unified the mypy pin to `>=2.1.0,<2.2.0`** in every mypy-using package (6 libs + 14 partners), replacing the previously scattered pins (`1.10`/`1.17`/`1.18`/`1.19`/`1.20`, with assorted upper bounds). - **Unified the `[tool.mypy]` base per tier:** - libs: `plugins = ["pydantic.mypy"]`, `strict = true`, `enable_error_code = "deprecated"`, `warn_unreachable = true` - partners: `disallow_untyped_defs = true` - Normalized style (`disallow_untyped_defs = "True"` string → bool, quote/key consistency). - **Fixed the 20 real errors** mypy 2.1 surfaces: `redundant-cast` from improved narrowing (`core`, `langchain-classic`), a `var-annotated` for `_LOGGED`, a return-type widening in `langchain-groq`'s `_convert_from_v1_to_groq` (it can legitimately return a bare `str`), and stale `type-arg`/`unused-ignore` in `langchain-model-profiles` tests. ### Deliberate non-uniformity (documented inline in the relevant `pyproject.toml`s) Going fully byte-identical would surface ~196 additional errors that are *not* real bugs, so two settings are kept package-appropriate: - **`warn_unreachable`** is enabled on every strict lib **except `core`**, where it false-flags intentional defensive code — including the SSRF / IP-policy guards in `_security/` — as unreachable. - **`pydantic.mypy` plugin** is used only on `anthropic` and `perplexity` (their code is authored against it and reports ~99/~132 errors without it). It is *not* added to the other partners, where it only flags the public alias constructor API (e.g. `ChatGroq(model=...)`) in tests rather than finding bugs. - **`ollama`** is left on its `ty` type checker; it does not use mypy. --------- Co-authored-by: Mason Daugherty <github@mdrxy.com> |
||
|
|
6b9e22dbbc |
fix(langchain): tighten structured output model fallbacks (#38042)
Provider-native structured output fallback detection now uses bounded model-name patterns instead of broad substring checks, reducing false positives for unrelated model IDs. The model examples and test fixtures across OpenAI/OpenRouter-facing code were refreshed around current OpenAI model families while preserving shipped defaults. ## Changes - Tightened `FALLBACK_MODELS_WITH_STRUCTURED_OUTPUT` from loose string fragments to regex patterns, with `_supports_provider_strategy` matching full model-name segments instead of arbitrary substrings. - Expanded structured-output fallback coverage for newer OpenAI, Anthropic, and xAI/Grok model families, including `gpt-5.x`, newer Claude 4/5-style names, and `grok-build`. - Reused `_attempt_infer_model_provider` in provider tool search routing so `_provider_from_model_name` follows the same provider inference behavior as `init_chat_model`. - Suppressed irrelevant provider-inference deprecation warnings during provider tool search registry lookup. - Refreshed OpenAI, Azure OpenAI, OpenRouter, core metadata, and example model references from older fixtures like `gpt-4`, `gpt-4o`, `o1`, and `o4-mini` to current test/profile models such as `gpt-5.5`, `gpt-5-nano`, and `gpt-4.1-mini`. - Removed outdated OpenAI test assumptions around legacy `o1` behavior and narrowed legacy structured-output checks to explicitly legacy model names. |
||
|
|
8ac91e3f5f | hotfix(core): bump lockfile(s) (#38032) | ||
|
|
a063ec26dd |
chore(core): fix some any generics (#34545)
Co-authored-by: Mason Daugherty <github@mdrxy.com> |
||
|
|
c0103c3d2c | hotfix(openai): min core dep (#37990) | ||
|
|
b2ee0a9bba |
chore: unify core versions in text-splitters. (#37523)
Signed-off-by: zhanluxianshen <yanggangtony@163.com> |
||
|
|
73526d1438 |
chore: bump idna from 3.10 to 3.15 in /libs/text-splitters (#37535)
Bumps [idna](https://github.com/kjd/idna) from 3.10 to 3.15. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/kjd/idna/blob/master/HISTORY.md">idna's changelog</a>.</em></p> <blockquote> <h2>3.15 (2026-05-12)</h2> <ul> <li>Enforce DNS-length cap on individual labels early in <code>check_label</code>, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.</li> <li>Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared <code>_unicode_dots_re</code> from <code>idna.core</code> in the codec module.</li> <li>Use <code>raise ... from err</code> for proper exception chaining and switch internal string formatting to f-strings.</li> <li>Allow <code>flit_core</code> 4.x in the build backend.</li> <li>Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.</li> <li>Add Dependabot configuration for GitHub Actions.</li> <li>Convert README and HISTORY from reStructuredText to Markdown.</li> <li>Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.</li> </ul> <p>Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.</p> <h2>3.14 (2026-05-10)</h2> <ul> <li>Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. [CVE-2026-45409]</li> </ul> <p>Thanks to Stan Ulbrych for reporting the issue.</p> <h2>3.13 (2026-04-22)</h2> <ul> <li>Correct classification error for codepoint U+A7F1</li> </ul> <h2>3.12 (2026-04-21)</h2> <ul> <li>Update to Unicode 17.0.0.</li> <li>Issue a deprecation warning for the transitional argument.</li> <li>Added lazy-loading to provide some performance improvements.</li> <li>Removed vestiges of code related to Python 2 support, including segmentation of data structures specific to Jython.</li> </ul> <p>Thanks to Rodrigo Nogueira for contributions to this release.</p> <h2>3.11 (2025-10-12)</h2> <ul> <li>Update to Unicode 16.0.0, including significant changes to UTS46 processing. As a result of Unicode ending support for it, transitional processing no longer has an effect and returns the same result.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
6120400329 |
chore: bump the minor-and-patch group across 3 directories with 15 updates (#37515)
Bumps the minor-and-patch group with 10 updates in the /libs/model-profiles directory: | Package | From | To | | --- | --- | --- | | [pytest-cov](https://github.com/pytest-dev/pytest-cov) | `7.0.0` | `7.1.0` | | [syrupy](https://github.com/syrupy-project/syrupy) | `5.1.0` | `5.2.0` | | [ruff](https://github.com/astral-sh/ruff) | `0.15.5` | `0.15.13` | | [openai](https://github.com/openai/openai-python) | `2.26.0` | `2.37.0` | | [tiktoken](https://github.com/openai/tiktoken) | `0.12.0` | `0.13.0` | | [pydantic](https://github.com/pydantic/pydantic) | `2.12.3` | `2.13.4` | | [requests](https://github.com/psf/requests) | `2.33.0` | `2.34.2` | | [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.8.0` | `0.8.5` | | [tenacity](https://github.com/jd/tenacity) | `9.1.2` | `9.1.4` | | [uuid-utils](https://github.com/aminalaee/uuid-utils) | `0.12.0` | `0.15.0` | Bumps the minor-and-patch group with 7 updates in the /libs/standard-tests directory: | Package | From | To | | --- | --- | --- | | [syrupy](https://github.com/syrupy-project/syrupy) | `5.1.0` | `5.2.0` | | [ruff](https://github.com/astral-sh/ruff) | `0.15.5` | `0.15.13` | | [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.4` | | [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.8.0` | `0.8.5` | | [tenacity](https://github.com/jd/tenacity) | `9.1.2` | `9.1.4` | | [uuid-utils](https://github.com/aminalaee/uuid-utils) | `0.12.0` | `0.15.0` | | [langchain-protocol](https://github.com/langchain-ai/agent-protocol) | `0.0.14` | `0.0.15` | Bumps the minor-and-patch group with 10 updates in the /libs/text-splitters directory: | Package | From | To | | --- | --- | --- | | [ruff](https://github.com/astral-sh/ruff) | `0.15.5` | `0.15.13` | | [tiktoken](https://github.com/openai/tiktoken) | `0.12.0` | `0.13.0` | | [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.4` | | [types-requests](https://github.com/python/typeshed) | `2.32.4.20260107` | `2.33.0.20260518` | | [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.8.0` | `0.8.5` | | [tenacity](https://github.com/jd/tenacity) | `9.1.2` | `9.1.4` | | [uuid-utils](https://github.com/aminalaee/uuid-utils) | `0.12.0` | `0.15.0` | | [spacy](https://github.com/explosion/spaCy) | `3.8.13` | `3.8.14` | | [transformers](https://github.com/huggingface/transformers) | `5.3.0` | `5.8.1` | | [sentence-transformers](https://github.com/huggingface/sentence-transformers) | `5.3.0` | `5.5.0` | Updates `pytest-cov` from 7.0.0 to 7.1.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst">pytest-cov's changelog</a>.</em></p> <blockquote> <h2>7.1.0 (2026-03-21)</h2> <ul> <li> <p>Fixed total coverage computation to always be consistent, regardless of reporting settings. Previously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on reporting options. See <code>[#641](https://github.com/pytest-dev/pytest-cov/issues/641) <https://github.com/pytest-dev/pytest-cov/issues/641></code>_.</p> </li> <li> <p>Improve handling of ResourceWarning from sqlite3.</p> <p>The plugin adds warning filter for sqlite3 <code>ResourceWarning</code> unclosed database (since 6.2.0). It checks if there is already existing plugin for this message by comparing filter regular expression. When filter is specified on command line the message is escaped and does not match an expected message. A check for an escaped regular expression is added to handle this case.</p> <p>With this fix one can suppress <code>ResourceWarning</code> from sqlite3 from command line::</p> <p>pytest -W "ignore:unclosed database in <sqlite3.Connection object at:ResourceWarning" ...</p> </li> <li> <p>Various improvements to documentation. Contributed by Art Pelling in <code>[#718](https://github.com/pytest-dev/pytest-cov/issues/718) <https://github.com/pytest-dev/pytest-cov/pull/718></code>_ and "vivodi" in <code>[#738](https://github.com/pytest-dev/pytest-cov/issues/738) <https://github.com/pytest-dev/pytest-cov/pull/738></code><em>. Also closed <code>[#736](https://github.com/pytest-dev/pytest-cov/issues/736) <https://github.com/pytest-dev/pytest-cov/issues/736></code></em>.</p> </li> <li> <p>Fixed some assertions in tests. Contributed by in Markéta Machová in <code>[#722](https://github.com/pytest-dev/pytest-cov/issues/722) <https://github.com/pytest-dev/pytest-cov/pull/722></code>_.</p> </li> <li> <p>Removed unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
abd9d4ce31 |
ci(infra): harden Dependabot version-bound preservation (#37510)
Dependabot has been stripping upper/lower bounds from internal `langchain-*` deps in partner `pyproject.toml` files (e.g. #37288 reduced `langchain-core>=1.3.2,<2.0.0` to bare `langchain-core`). Locks down the config so bumps preserve existing specifiers, and restores the bounds it already mangled across the monorepo. ## Changes - Add `versioning-strategy: increase` to every `uv` ecosystem block in `.github/dependabot.yml` so future bumps move the lower bound in place instead of rewriting the constraint. - Ignore workspace-internal packages (`langchain-core`, `langchain`, `langchain-classic`, `langchain-text-splitters`, `langchain-tests`, `langchain-model-profiles`) on every `uv` block — these are editable installs from local paths and their published constraints are hand-curated for release, not Dependabot's to bump. - Restore stripped bounds across all `libs/` packages — runtime `dependencies` and every dep group (`test`, `dev`, `test_integration`, `typing`, `lint`) — to `>=1.4.0,<2.0.0` for `langchain-core` and `>=1.0.0,<2.0.0` for the other internal packages. |
||
|
|
ade6c61de8 |
chore: bump langsmith from 0.7.31 to 0.8.0 in /libs/text-splitters (#37380)
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from 0.7.31 to 0.8.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's releases</a>.</em></p> <blockquote> <h2>v0.8.0</h2> <h2>What's Changed</h2> <ul> <li>feat(js,py): JS 0.6.0, Py 0.8.0 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2831">langchain-ai/langsmith-sdk#2831</a></li> <li>release(js): 0.6.0 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2832">langchain-ai/langsmith-sdk#2832</a></li> <li>release(py): 0.8.0 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2833">langchain-ai/langsmith-sdk#2833</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.38...v0.8.0">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.38...v0.8.0</a></p> <h2>v0.7.38</h2> <h2>What's Changed</h2> <ul> <li>feat(js): add tracing of opencode by <a href="https://github.com/dqbd"><code>@dqbd</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2776">langchain-ai/langsmith-sdk#2776</a></li> <li>chore(js): Remove types/uuid by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2814">langchain-ai/langsmith-sdk#2814</a></li> <li>docs(sandbox): document default idle TTL of 10 minutes by <a href="https://github.com/DanielKneipp"><code>@DanielKneipp</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2788">langchain-ai/langsmith-sdk#2788</a></li> <li>ci(py): Bump pytest timeout to 2m by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2815">langchain-ai/langsmith-sdk#2815</a></li> <li>chore(deps-dev): bump the js-minor-and-patch group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2803">langchain-ai/langsmith-sdk#2803</a></li> <li>chore(deps): update sphinx-autobuild requirement from >=2024 to >=2024.10.3 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2809">langchain-ai/langsmith-sdk#2809</a></li> <li>chore(deps): update myst-nb requirement from >=1.1.1 to >=1.4.0 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2810">langchain-ai/langsmith-sdk#2810</a></li> <li>chore(deps-dev): bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2812">langchain-ai/langsmith-sdk#2812</a></li> <li>chore(deps-dev): bump <code>@langchain/openai</code> from 0.5.18 to 0.6.17 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2806">langchain-ai/langsmith-sdk#2806</a></li> <li>chore(deps): bump the py-minor-and-patch group across 1 directory with 18 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2808">langchain-ai/langsmith-sdk#2808</a></li> <li>feat(py): Adds strands OTEL exporter by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2817">langchain-ai/langsmith-sdk#2817</a></li> <li>chore(js): Switch to oxfmt and oxlint by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2819">langchain-ai/langsmith-sdk#2819</a></li> <li>fix(py): fix RunTree ValidationError when inputs or outputs is a Pydantic BaseModel by <a href="https://github.com/QuentinBrosse"><code>@QuentinBrosse</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2820">langchain-ai/langsmith-sdk#2820</a></li> <li>chore: add apac support by <a href="https://github.com/joaquin-borggio-lc"><code>@joaquin-borggio-lc</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2821">langchain-ai/langsmith-sdk#2821</a></li> <li>fix(js): Pull Claude Agent SDK subagent runs from transcript, add tool span for subagents, merge message blocks by id by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2816">langchain-ai/langsmith-sdk#2816</a></li> <li>release(js): 0.5.26 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2824">langchain-ai/langsmith-sdk#2824</a></li> <li>release(py): 0.7.38 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2825">langchain-ai/langsmith-sdk#2825</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.37...v0.7.38">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.37...v0.7.38</a></p> <h2>v0.7.37</h2> <h2>What's Changed</h2> <ul> <li>perf(js): Offload serialize to worker thread at flush time by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2781">langchain-ai/langsmith-sdk#2781</a></li> <li>release(js): 0.5.24 by <a href="https://github.com/emil-lc"><code>@emil-lc</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2790">langchain-ai/langsmith-sdk#2790</a></li> <li>chore(js): Fix perf test flagging by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2792">langchain-ai/langsmith-sdk#2792</a></li> <li>feat(js,python): Adds hub model config and provider to schemas by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2793">langchain-ai/langsmith-sdk#2793</a></li> <li>fix(js): minor test improvements by <a href="https://github.com/christian-bromann"><code>@christian-bromann</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2429">langchain-ai/langsmith-sdk#2429</a></li> <li>fix(js): Include auth headers on info requests by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2800">langchain-ai/langsmith-sdk#2800</a></li> <li>release(js): 0.5.25 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2801">langchain-ai/langsmith-sdk#2801</a></li> <li>fix(python): flush both tracing_queue and compressed_traces in flush() by <a href="https://github.com/angus-langchain"><code>@angus-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2796">langchain-ai/langsmith-sdk#2796</a></li> <li>chore(deps): bump postcss from 8.5.8 to 8.5.10 in /js/internal/environment_tests/test-exports-vite in the npm_and_yarn group across 1 directory by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2791">langchain-ai/langsmith-sdk#2791</a></li> <li>chore(deps-dev): bump google-adk from 1.10.0 to 1.28.1 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2794">langchain-ai/langsmith-sdk#2794</a></li> <li>fix(python): flush pending traces during Client.cleanup() by <a href="https://github.com/angus-langchain"><code>@angus-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2799">langchain-ai/langsmith-sdk#2799</a></li> <li>fix(py): Fix concurrency for multiple Claude Agent SDK sessions by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2795">langchain-ai/langsmith-sdk#2795</a></li> <li>release(py): 0.7.37 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2802">langchain-ai/langsmith-sdk#2802</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.36...v0.7.37">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.36...v0.7.37</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
4bf3dd180a |
chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/text-splitters (#37326)
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.6.3 to 2.7.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.7.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Security</h2> <p>Addressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.</p> <ul> <li> <p>Decompression-bomb safeguards of the streaming API were bypassed:</p> <ol> <li>When <code>HTTPResponse.drain_conn()</code> was called after the response had been read and decompressed partially. (Reported by <a href="https://github.com/Cycloctane"><code>@Cycloctane</code></a>)</li> <li>During the second <code>HTTPResponse.read(amt=N)</code> or <code>HTTPResponse.stream(amt=N)</code> call when the response was decompressed using the official <a href="https://pypi.org/project/brotli/">Brotli</a> library. (Reported by <a href="https://github.com/kimkou2024"><code>@kimkou2024</code></a>)</li> </ol> <p>See GHSA-mf9v-mfxr-j63j for details.</p> </li> <li> <p>HTTP pools created using <code>ProxyManager.connection_from_url</code> did not strip sensitive headers specified in <code>Retry.remove_headers_on_redirect</code> when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by <a href="https://github.com/christos-spearbit"><code>@christos-spearbit</code></a>)</p> </li> </ul> <h2>Deprecations and Removals</h2> <ul> <li>Used <code>FutureWarning</code> instead of <code>DeprecationWarning</code> for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3763">urllib3/urllib3#3763</a>)</li> <li>Removed support for end-of-life Python 3.9. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3720">urllib3/urllib3#3720</a>)</li> <li>Removed support for end-of-life PyPy3.10. (<a href="https://redirect.github.com/urllib3/urllib3/issues/4979">urllib3/urllib3#4979</a>)</li> <li>Bumped the minimum supported pyOpenSSL version to 19.0.0. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3777">urllib3/urllib3#3777</a>)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed a bug where <code>HTTPResponse.read(amt=None)</code> was ignoring decompressed data buffered from previous partial reads. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3636">urllib3/urllib3#3636</a>)</li> <li>Fixed a bug where <code>HTTPResponse.read()</code> could cache only part of the response after a partial read when <code>cache_content=True</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/4967">urllib3/urllib3#4967</a>)</li> <li>Fixed <code>HTTPResponse.stream()</code> and <code>HTTPResponse.read_chunked()</code> to handle <code>amt=0</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3793">urllib3/urllib3#3793</a>)</li> <li>Updated <code>_TYPE_BODY</code> type alias to include missing <code>Iterable[str]</code>, matching the documented and runtime behavior of chunked request bodies. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3798">urllib3/urllib3#3798</a>)</li> <li>Fixed <code>LocationParseError</code> when paths resembling schemeless URIs were passed to <code>HTTPConnectionPool.urlopen()</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3352">urllib3/urllib3#3352</a>)</li> <li>Fixed <code>BaseHTTPResponse.readinto()</code> type annotation to accept <code>memoryview</code> in addition to <code>bytearray</code>, matching the <code>io.RawIOBase.readinto</code> contract and enabling use with <code>io.BufferedReader</code> without type errors. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3764">urllib3/urllib3#3764</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.7.0 (2026-05-07)</h1> <h2>Security</h2> <p>Addressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.</p> <ul> <li> <p>Decompression-bomb safeguards of the streaming API were bypassed:</p> <ol> <li>When <code>HTTPResponse.drain_conn()</code> was called after the response had been read and decompressed partially.</li> <li>During the second <code>HTTPResponse.read(amt=N)</code> or <code>HTTPResponse.stream(amt=N)</code> call when the response was decompressed using the official <code>Brotli <https://pypi.org/project/brotli/></code>__ library.</li> </ol> <p>See <code>GHSA-mf9v-mfxr-j63j <https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j></code>__ for details.</p> </li> <li> <p>HTTP pools created using <code>ProxyManager.connection_from_url</code> did not strip sensitive headers specified in <code>Retry.remove_headers_on_redirect</code> when redirecting to a different host. (<code>GHSA-qccp-gfcp-xxvc <https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc></code>__)</p> </li> </ul> <h2>Deprecations and Removals</h2> <ul> <li>Used <code>FutureWarning</code> instead of <code>DeprecationWarning</code> for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (<code>[#3763](https://github.com/urllib3/urllib3/issues/3763) <https://github.com/urllib3/urllib3/issues/3763></code>__)</li> <li>Removed support for end-of-life Python 3.9. (<code>[#3720](https://github.com/urllib3/urllib3/issues/3720) <https://github.com/urllib3/urllib3/issues/3720></code>__)</li> <li>Removed support for end-of-life PyPy3.10. (<code>[#4979](https://github.com/urllib3/urllib3/issues/4979) <https://github.com/urllib3/urllib3/issues/4979></code>__)</li> <li>Bumped the minimum supported pyOpenSSL version to 19.0.0. (<code>[#3777](https://github.com/urllib3/urllib3/issues/3777) <https://github.com/urllib3/urllib3/issues/3777></code>__)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed a bug where <code>HTTPResponse.read(amt=None)</code> was ignoring decompressed data buffered from previous partial reads. (<code>[#3636](https://github.com/urllib3/urllib3/issues/3636) <https://github.com/urllib3/urllib3/issues/3636></code>__)</li> <li>Fixed a bug where <code>HTTPResponse.read()</code> could cache only part of the response after a partial read when <code>cache_content=True</code>.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
85a5a04210 |
chore: bump mistune from 3.1.4 to 3.2.1 in /libs/text-splitters (#37235)
Bumps [mistune](https://github.com/lepture/mistune) from 3.1.4 to 3.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lepture/mistune/releases">mistune's releases</a>.</em></p> <blockquote> <h2>v3.2.1</h2> <h3> 🐞 Bug Fixes</h3> <ul> <li>Resolve Windows compatibility issues in file inclusion and tests - by <a href="https://github.com/Yuki9814"><code>@Yuki9814</code></a> <a href="https://github.com/lepture/mistune/commit/2547102"><!-- raw HTML omitted -->(25471)<!-- raw HTML omitted --></a></li> <li>Escape html text - by <a href="https://github.com/lepture"><code>@lepture</code></a> <a href="https://github.com/lepture/mistune/commit/a3cb6e5"><!-- raw HTML omitted -->(a3cb6)<!-- raw HTML omitted --></a></li> <li>Update link reference - by <a href="https://github.com/lepture"><code>@lepture</code></a> <a href="https://github.com/lepture/mistune/commit/85eb54f"><!-- raw HTML omitted -->(85eb5)<!-- raw HTML omitted --></a></li> <li>Handle escaped dollar signs in inline math - by <a href="https://github.com/saschabuehrle"><code>@saschabuehrle</code></a> in <a href="https://redirect.github.com/lepture/mistune/issues/370">lepture/mistune#370</a> <a href="https://github.com/lepture/mistune/commit/7bd5709"><!-- raw HTML omitted -->(7bd57)<!-- raw HTML omitted --></a></li> <li>Escape id of toc - by <a href="https://github.com/lepture"><code>@lepture</code></a> <a href="https://github.com/lepture/mistune/commit/04880a0"><!-- raw HTML omitted -->(04880)<!-- raw HTML omitted --></a></li> <li>Escape id of headings - by <a href="https://github.com/lepture"><code>@lepture</code></a> <a href="https://github.com/lepture/mistune/commit/2855622"><!-- raw HTML omitted -->(28556)<!-- raw HTML omitted --></a></li> <li>Remove double-encoding of image alt text - by <a href="https://github.com/lawrence3699"><code>@lawrence3699</code></a> <a href="https://github.com/lepture/mistune/commit/0d6f3d8"><!-- raw HTML omitted -->(0d6f3)<!-- raw HTML omitted --></a></li> <li>Escape xml for math plugin - by <a href="https://github.com/lepture"><code>@lepture</code></a> <a href="https://github.com/lepture/mistune/commit/5fa092e"><!-- raw HTML omitted -->(5fa09)<!-- raw HTML omitted --></a></li> <li>Use strict regex for image's height and width - by <a href="https://github.com/lepture"><code>@lepture</code></a> <a href="https://github.com/lepture/mistune/commit/8d0cb75"><!-- raw HTML omitted -->(8d0cb)<!-- raw HTML omitted --></a></li> </ul> <h5> <a href="https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1">View changes on GitHub</a></h5> <h2>v3.2.0</h2> <h3> 🚀 Features</h3> <ul> <li>Support footnotes that start on the next line. - by <a href="https://github.com/kylechui"><code>@kylechui</code></a> <a href="https://github.com/lepture/mistune/commit/2677e2d"><!-- raw HTML omitted -->(2677e)<!-- raw HTML omitted --></a></li> <li>Properly handle code blocks inside footnotes. - by <a href="https://github.com/kylechui"><code>@kylechui</code></a> <a href="https://github.com/lepture/mistune/commit/0516c9e"><!-- raw HTML omitted -->(0516c)<!-- raw HTML omitted --></a></li> <li>Support python 3.14 - by <a href="https://github.com/lepture"><code>@lepture</code></a> <a href="https://github.com/lepture/mistune/commit/7e0eb65"><!-- raw HTML omitted -->(7e0eb)<!-- raw HTML omitted --></a></li> </ul> <h3> 🐞 Bug Fixes</h3> <ul> <li>Render ref links and footnotes in footnotes. - by <a href="https://github.com/lepture"><code>@lepture</code></a> <a href="https://github.com/lepture/mistune/commit/bd90e44"><!-- raw HTML omitted -->(bd90e)<!-- raw HTML omitted --></a></li> <li>Render ref links in TOC. - by <a href="https://github.com/lemon24"><code>@lemon24</code></a> <a href="https://github.com/lepture/mistune/commit/a0a0148"><!-- raw HTML omitted -->(a0a01)<!-- raw HTML omitted --></a></li> <li>Update typing for mypy upgrades - by <a href="https://github.com/lepture"><code>@lepture</code></a> <a href="https://github.com/lepture/mistune/commit/8d49cba"><!-- raw HTML omitted -->(8d49c)<!-- raw HTML omitted --></a></li> <li>Render correct html for footnotes - by <a href="https://github.com/lepture"><code>@lepture</code></a> <a href="https://github.com/lepture/mistune/commit/9b62204"><!-- raw HTML omitted -->(9b622)<!-- raw HTML omitted --></a></li> </ul> <h5> <a href="https://github.com/lepture/mistune/compare/v3.1.4...v3.2.0">View changes on GitHub</a></h5> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/lepture/mistune/blob/main/docs/changes.rst">mistune's changelog</a>.</em></p> <blockquote> <h2>Version 3.2.1</h2> <p><strong>Released on May 3, 2026</strong></p> <ul> <li>Escape link in <code>render_toc_ul</code>.</li> <li>Escape text in math plugin.</li> <li>Fix regex for math plugin.</li> <li>Escape heading's ID attribute.</li> <li>Fix <code>LINK_TITLE_RE</code> to prevent DoS.</li> <li>Escape class attribute for admonition directive.</li> <li>Remove double-encoding of image alt text.</li> <li>Escape class attribute for image directive.</li> <li>Fix width/height attribute for image directive.</li> </ul> <h2>Version 3.2.0</h2> <p><strong>Released on Dec 23, 2025</strong></p> <ul> <li>Announce supports for python 3.14</li> <li>Fix footnotes plugins for code blocks, ref links, blockquote and etc.</li> <li>Fix ref links in TOC.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
16b7e43ef4 |
chore: bump jupyter-server from 2.17.0 to 2.18.0 in /libs/text-splitters (#37202)
Bumps [jupyter-server](https://github.com/jupyter-server/jupyter_server) from 2.17.0 to 2.18.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jupyter-server/jupyter_server/releases">jupyter-server's releases</a>.</em></p> <blockquote> <h2>v2.18.0</h2> <h2>2.18.0</h2> <p>(<a href="https://github.com/jupyter-server/jupyter_server/compare/v2.17.0...49b34392feaa97735b3b777e3baf8f22f2a14ed8">Full Changelog</a>)</p> <h3>Security patches</h3> <ul> <li>CVE-2026-40110 <a href="https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-24qx-w28j-9m6p">https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-24qx-w28j-9m6p</a></li> <li>CVE-2025-61669 <a href="https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6qm3-653w">https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6qm3-653w</a></li> <li>CVE-2026-40934 <a href="https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5mrq-x3x5-8v8f">https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5mrq-x3x5-8v8f</a></li> <li>CVE-2026-35397 <a href="https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3">https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3</a></li> </ul> <h3>API and Breaking Changes</h3> <ul> <li>Add query param to sanitize HTML in GET /nbconvert/html <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1618">#1618</a> (<a href="https://github.com/Yann-P"><code>@Yann-P</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> </ul> <h3>Enhancements made</h3> <ul> <li>Update handlers.py to fix ioloop blockers(sync file operations) <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1617">#1617</a> (<a href="https://github.com/zolyfarkas-fb"><code>@zolyfarkas-fb</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Add resolvePath API for resolving kernel-relative paths <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1331">#1331</a> (<a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/blink1073"><code>@blink1073</code></a>)</li> </ul> <h3>Bugs fixed</h3> <ul> <li>Move check origin into a util function and add it to websocket <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1630">#1630</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/Yann-P"><code>@Yann-P</code></a>)</li> <li>Fix flaky test_restart_kernel by unsticking nudge() after port-changing restart <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1628">#1628</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/claude"><code>@claude</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Try to fix flaky test "test_restart_kernel" <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1625">#1625</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Fix potential unraisable pytest error <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1624">#1624</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>fix: use %s placeholders in HTTPError to prevent Tornado from doubling % in gateway URLs <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1620">#1620</a> (<a href="https://github.com/terminalchai"><code>@terminalchai</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/ptch314"><code>@ptch314</code></a>)</li> <li>Fix three file descriptor leaks in kernel connection lifecycle (<a href="https://redirect.github.com/jupyter-server/jupyter_server/issues/1506">#1506</a>) <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1619">#1619</a> (<a href="https://github.com/tonyx93"><code>@tonyx93</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Use web.HTTPError for kernel restart failures <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1616">#1616</a> (<a href="https://github.com/YDawn"><code>@YDawn</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Handle EADDRINUSE and EACCES in _bind_http_server_tcp <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1613">#1613</a> (<a href="https://github.com/YDawn"><code>@YDawn</code></a>, <a href="https://github.com/Zsailer"><code>@Zsailer</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>Use st_birthtime for file created timestamp on macOS/BSD <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1594">#1594</a> (<a href="https://github.com/ktaletsk"><code>@ktaletsk</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>Fix double write when refusing hidden files in contents handler <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1585">#1585</a> (<a href="https://github.com/Krish-876"><code>@Krish-876</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>Close all sockets in _find_http_port explicitly <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1584">#1584</a> (<a href="https://github.com/MaryushSoroka"><code>@MaryushSoroka</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>Fix writing on remote file systems with attribute cache <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1574">#1574</a> (<a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/Zsailer"><code>@Zsailer</code></a>)</li> <li>Add IdentityProvider.cookie_secret_hook <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1569">#1569</a> (<a href="https://github.com/emin63"><code>@emin63</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>fix context pollution <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1561">#1561</a> (<a href="https://github.com/dualc"><code>@dualc</code></a>, <a href="https://github.com/Zsailer"><code>@Zsailer</code></a>)</li> <li>Fix gateway cookie handling <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1558">#1558</a> (<a href="https://github.com/kevin-bates"><code>@kevin-bates</code></a>, <a href="https://github.com/RRosio"><code>@RRosio</code></a>, <a href="https://github.com/lresende"><code>@lresende</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>fix connection exception cause high cpu load <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1484">#1484</a> (<a href="https://github.com/dualc"><code>@dualc</code></a>, <a href="https://github.com/lresende"><code>@lresende</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> </ul> <h3>Maintenance and upkeep improvements</h3> <ul> <li>Start to test on Python 3.13 and 3.14 <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1623">#1623</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Bump actions/create-github-app-token from 2 to 3 in the actions group across 1 directory <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1621">#1621</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Bump brace-expansion from 1.1.12 to 1.1.13 <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1615">#1615</a> (<a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>Fix package spec for jupytext <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1614">#1614</a> (<a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/Zsailer"><code>@Zsailer</code></a>)</li> <li>chore: update pre-commit hooks <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1607">#1607</a> (<a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>try to fix ci on windows <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1600">#1600</a> (<a href="https://github.com/minrk"><code>@minrk</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>run prerelease tests on 3.14 <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1599">#1599</a> (<a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>Pin sphinx to an older version (<9) to fix docs <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1597">#1597</a> (<a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jupyter-server/jupyter_server/blob/main/CHANGELOG.md">jupyter-server's changelog</a>.</em></p> <blockquote> <h2>2.18.0</h2> <p>(<a href="https://github.com/jupyter-server/jupyter_server/compare/v2.9.1...49b34392feaa97735b3b777e3baf8f22f2a14ed8">Full Changelog</a>)</p> <h3>API and Breaking Changes</h3> <ul> <li>Add query param to sanitize HTML in GET /nbconvert/html <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1618">#1618</a> (<a href="https://github.com/Yann-P"><code>@Yann-P</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> </ul> <h3>Enhancements made</h3> <ul> <li>Update handlers.py to fix ioloop blockers(sync file operations) <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1617">#1617</a> (<a href="https://github.com/zolyfarkas-fb"><code>@zolyfarkas-fb</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Avoid redundant call to <code>_get_os_path</code> in <code>_dir_model</code> <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1547">#1547</a> (<a href="https://github.com/joeyutong"><code>@joeyutong</code></a>, <a href="https://github.com/vidartf"><code>@vidartf</code></a>)</li> <li>Allow specifying extra params to scrub from logs <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1538">#1538</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>, <a href="https://github.com/Zsailer"><code>@Zsailer</code></a>, <a href="https://github.com/vidartf"><code>@vidartf</code></a>)</li> <li>Add a logger to the ExtensionPoint API <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1523">#1523</a> (<a href="https://github.com/Zsailer"><code>@Zsailer</code></a>, <a href="https://github.com/vidartf"><code>@vidartf</code></a>)</li> <li>Allow user to update identity values <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1518">#1518</a> (<a href="https://github.com/brichet"><code>@brichet</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>If ServerApp.ip is ipv6 use [::1] as local_url <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1495">#1495</a> (<a href="https://github.com/manics"><code>@manics</code></a>, <a href="https://github.com/afshin"><code>@afshin</code></a>)</li> <li>Better error message when starting kernel for session. <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1478">#1478</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/davidbrochart"><code>@davidbrochart</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>Add a traitlet to disable recording HTTP request metrics <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1472">#1472</a> (<a href="https://github.com/yuvipanda"><code>@yuvipanda</code></a>, <a href="https://github.com/Zsailer"><code>@Zsailer</code></a>)</li> <li>prometheus: Expose 3 activity metrics <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1471">#1471</a> (<a href="https://github.com/yuvipanda"><code>@yuvipanda</code></a>, <a href="https://github.com/Zsailer"><code>@Zsailer</code></a>)</li> <li>Add prometheus info metrics listing server extensions + versions <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1470">#1470</a> (<a href="https://github.com/yuvipanda"><code>@yuvipanda</code></a>, <a href="https://github.com/Zsailer"><code>@Zsailer</code></a>)</li> <li>Add prometheus metric with version information <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1467">#1467</a> (<a href="https://github.com/yuvipanda"><code>@yuvipanda</code></a>, <a href="https://github.com/Zsailer"><code>@Zsailer</code></a>)</li> <li>Don't hide .so,.dylib files by default <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1457">#1457</a> (<a href="https://github.com/nokados"><code>@nokados</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>, <a href="https://github.com/vidartf"><code>@vidartf</code></a>)</li> <li>Better hash format error message <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1442">#1442</a> (<a href="https://github.com/fcollonval"><code>@fcollonval</code></a>, <a href="https://github.com/Zsailer"><code>@Zsailer</code></a>)</li> <li>Removing excessive logging from reading local files <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1420">#1420</a> (<a href="https://github.com/lresende"><code>@lresende</code></a>, <a href="https://github.com/kevin-bates"><code>@kevin-bates</code></a>)</li> <li>Add async start hook to ExtensionApp API <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1417">#1417</a> (<a href="https://github.com/Zsailer"><code>@Zsailer</code></a>, <a href="https://github.com/Darshan808"><code>@Darshan808</code></a>, <a href="https://github.com/bollwyvl"><code>@bollwyvl</code></a>, <a href="https://github.com/fcollonval"><code>@fcollonval</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Do not include token in dashboard link, when available <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1406">#1406</a> (<a href="https://github.com/minrk"><code>@minrk</code></a>, <a href="https://github.com/blink1073"><code>@blink1073</code></a>)</li> <li>Add an option to have authentication enabled for all endpoints by default <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1392">#1392</a> (<a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/Wh1isper"><code>@Wh1isper</code></a>, <a href="https://github.com/blink1073"><code>@blink1073</code></a>, <a href="https://github.com/bollwyvl"><code>@bollwyvl</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>, <a href="https://github.com/yuvipanda"><code>@yuvipanda</code></a>)</li> <li>websockets: add configurations for ping interval and timeout <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1391">#1391</a> (<a href="https://github.com/oliver-sanders"><code>@oliver-sanders</code></a>, <a href="https://github.com/blink1073"><code>@blink1073</code></a>)</li> <li>log extension import time at debug level unless it's actually slow <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1375">#1375</a> (<a href="https://github.com/minrk"><code>@minrk</code></a>, <a href="https://github.com/Zsailer"><code>@Zsailer</code></a>, <a href="https://github.com/yuvipanda"><code>@yuvipanda</code></a>)</li> <li>Add support for async Authorizers (part 2) <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1374">#1374</a> (<a href="https://github.com/Zsailer"><code>@Zsailer</code></a>, <a href="https://github.com/blink1073"><code>@blink1073</code></a>)</li> <li>Support async Authorizers <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1373">#1373</a> (<a href="https://github.com/Zsailer"><code>@Zsailer</code></a>, <a href="https://github.com/blink1073"><code>@blink1073</code></a>)</li> <li>Support get file(notebook) md5 <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1363">#1363</a> (<a href="https://github.com/Wh1isper"><code>@Wh1isper</code></a>, <a href="https://github.com/blink1073"><code>@blink1073</code></a>, <a href="https://github.com/bollwyvl"><code>@bollwyvl</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Update kernel env to reflect changes in session <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1354">#1354</a> (<a href="https://github.com/blink1073"><code>@blink1073</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Add resolvePath API for resolving kernel-relative paths <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1331">#1331</a> (<a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/blink1073"><code>@blink1073</code></a>)</li> </ul> <h3>Bugs fixed</h3> <ul> <li>Move check origin into a util function and add it to websocket <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1630">#1630</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/Yann-P"><code>@Yann-P</code></a>)</li> <li>Fix flaky test_restart_kernel by unsticking nudge() after port-changing restart <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1628">#1628</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/claude"><code>@claude</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Try to fix flaky test "test_restart_kernel" <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1625">#1625</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Fix potential unraisable pytest error <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1624">#1624</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>fix: use %s placeholders in HTTPError to prevent Tornado from doubling % in gateway URLs <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1620">#1620</a> (<a href="https://github.com/terminalchai"><code>@terminalchai</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/ptch314"><code>@ptch314</code></a>)</li> <li>Fix three file descriptor leaks in kernel connection lifecycle (<a href="https://redirect.github.com/jupyter-server/jupyter_server/issues/1506">#1506</a>) <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1619">#1619</a> (<a href="https://github.com/tonyx93"><code>@tonyx93</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Use web.HTTPError for kernel restart failures <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1616">#1616</a> (<a href="https://github.com/YDawn"><code>@YDawn</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Handle EADDRINUSE and EACCES in _bind_http_server_tcp <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1613">#1613</a> (<a href="https://github.com/YDawn"><code>@YDawn</code></a>, <a href="https://github.com/Zsailer"><code>@Zsailer</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>Use st_birthtime for file created timestamp on macOS/BSD <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1594">#1594</a> (<a href="https://github.com/ktaletsk"><code>@ktaletsk</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>Fix double write when refusing hidden files in contents handler <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1585">#1585</a> (<a href="https://github.com/Krish-876"><code>@Krish-876</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>Close all sockets in _find_http_port explicitly <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1584">#1584</a> (<a href="https://github.com/MaryushSoroka"><code>@MaryushSoroka</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>Fix writing on remote file systems with attribute cache <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1574">#1574</a> (<a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/Zsailer"><code>@Zsailer</code></a>)</li> <li>Add IdentityProvider.cookie_secret_hook <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1569">#1569</a> (<a href="https://github.com/emin63"><code>@emin63</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
5a9b1ec2dc |
refactor(langchain-classic): retarget deprecations to create_agent, other chores (#37164)
Sweep classic deprecations so every removal lands on `2.0.0`, runtime warnings carry the auto-generated since/removal/alternative line, and replacements steer at `langchain.agents.create_agent` and `with_structured_output(...)` instead of pre-v1 LangGraph + `python.langchain.com` links. ## Changes - **Bump removal targets from `1.0` / `1.0.0` to `2.0.0`** across agents, chains, memory, retrievers, structured-output, vectorstore toolkits, and the `langchain_classic._api.module_import` shim — gives users a real runway now that v1 has shipped. - **Move bespoke `message=` strings onto `addendum=`** (or split into `alternative=` + `addendum=`). `warn_deprecated` skips the auto-generated since/removal/alternative line whenever `message=` is set, so the prior pattern silently dropped that info from the runtime `LangChainDeprecationWarning`. Matches the pattern already used in `HTMLHeaderTextSplitter.split_text_from_url`, which is updated for consistency. - **Repoint `alternative=` at v1 replacements**: chains/memory/agent toolkits → `langchain.agents.create_agent` (with checkpointer or retrieval-tool guidance in the addendum); `openai_functions` and `chains/structured_output` → `ChatModel.with_structured_output(...)`; `openapi` chains → `ChatModel.bind_tools(...)` + HTTP client. `ConversationChain` no longer points at `RunnableWithMessageHistory`. - **Refresh `AGENT_DEPRECATION_WARNING`** in `langchain_classic._api.deprecation` — drop stale LangGraph and `python.langchain.com` links in favor of `langchain.agents.create_agent` and the `docs.langchain.com/oss/python/migrate/langchain-v1` guide. Propagates to all 13 caller sites in `agents/`. - **Newly deprecate `langchain_classic.chat_models.init_chat_model` and `langchain_classic.embeddings.init_embeddings`** with the framing *"maintained in `langchain`; `langchain-classic` retains this entry point for import-compatibility only"*. The classic docstring examples and the warning admonition both point at `langchain.chat_models`. - **Improve `init_chat_model` docstrings** in both `langchain_v1` and the classic copy: clarify `provider:model` prefix vs. `model_provider=`, recommend pinned IDs over moving aliases, add the `upstage` provider row, and refresh examples to GA models (`gpt-5.5`, `claude-opus-4-7`). - **Standardize partner Anthropic deprecations**: replace `AnthropicLLM`'s `model_validator(raise_warning)` with `@deprecated(since="0.1.0", removal="2.0.0", alternative="ChatAnthropic")`, and pin the `ChatAnthropic` `output_format` runtime warning at `langchain-anthropic 2.0.0` instead of "a future version". |
||
|
|
3919f3b098 |
chore: update lxml requirement from <7.0,>=4.9.3 to >=6.1.0,<7.0 in /libs/text-splitters (#37126)
Updates the requirements on [lxml](https://github.com/lxml/lxml) to permit the latest version. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/lxml/lxml/blob/master/CHANGES.txt">lxml's changelog</a>.</em></p> <blockquote> <h1>6.1.0 (2026-04-17)</h1> <p>This release fixes a possible external entity injection (XXE) vulnerability in <code>iterparse()</code> and the <code>ETCompatXMLParser</code>.</p> <h2>Features added</h2> <ul> <li> <p>GH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes in <code>lxml.html.defs</code>. This allows <code>lxml_html_clean</code> to pass them through. Patch by oomsveta.</p> </li> <li> <p>The default chunk size for reading from file-likes in <code>iterparse()</code> is now configurable with a new <code>chunk_size</code> argument.</p> </li> </ul> <h2>Bugs fixed</h2> <ul> <li>LP#2146291: The <code>resolve_entities</code> option was still set to <code>True</code> for <code>iterparse</code> and <code>ETCompatXMLParser</code>, allowing for external entity injection (XXE) when using these parsers without setting this option explicitly. The default was now changed to <code>'internal'</code> only (as for the normal XML and HTML parsers since lxml 5.0). Issue found by Sihao Qiu as CVE-2026-41066.</li> </ul> <h1>6.0.4 (2026-04-12)</h1> <h2>Bugs fixed</h2> <ul> <li>LP#2148019: Spurious MemoryError during namespace cleanup.</li> </ul> <h1>6.0.3 (2026-04-09)</h1> <h2>Bugs fixed</h2> <ul> <li> <p>Several out of memory error cases now raise <code>MemoryError</code> that were not handled before.</p> </li> <li> <p>Slicing with large step values (outside of <code>+/- sys.maxsize</code>) could trigger undefined C behaviour.</p> </li> <li> <p>LP#2125399: Some failing tests were fixed or disabled in PyPy.</p> </li> <li> <p>LP#2138421: Memory leak in error cases when setting the <code>public_id</code> or <code>system_url</code> of a document.</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
3d9687499e |
chore: bump notebook from 7.4.7 to 7.5.6 in /libs/text-splitters (#37105)
Bumps [notebook](https://github.com/jupyter/notebook) from 7.4.7 to 7.5.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jupyter/notebook/releases">notebook's releases</a>.</em></p> <blockquote> <h2>v7.5.6</h2> <h2>7.5.6</h2> <p>(<a href="https://github.com/jupyter/notebook/compare/@jupyter-notebook/application-extension@7.5.5...2e642f0cb10be314ba5d97d709cffe41bf992d9e">Full Changelog</a>)</p> <h3>Security patches</h3> <ul> <li>CVE-2026-42557 <a href="https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-mqcg-5x36-vfcg">https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-mqcg-5x36-vfcg</a></li> <li>CVE-2026-40171 <a href="https://github.com/jupyter/notebook/security/advisories/GHSA-rch3-82jr-f9w9">https://github.com/jupyter/notebook/security/advisories/GHSA-rch3-82jr-f9w9</a></li> </ul> <h3>Maintenance and upkeep improvements</h3> <ul> <li>Update to JupyterLab v4.5.7 <a href="https://redirect.github.com/jupyter/notebook/pull/7902">#7902</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> </ul> <h3>Documentation improvements</h3> <ul> <li>docs: Fix broken links in troubleshooting and migration docs <a href="https://redirect.github.com/jupyter/notebook/pull/7824">#7824</a> (<a href="https://github.com/RamiNoodle733"><code>@RamiNoodle733</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter/notebook/graphs/contributors?from=2026-03-11&to=2026-04-30&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/jtpio"><code>@jtpio</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3Ajtpio+updated%3A2026-03-11..2026-04-30&type=Issues">activity</a>) | <a href="https://github.com/RamiNoodle733"><code>@RamiNoodle733</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3ARamiNoodle733+updated%3A2026-03-11..2026-04-30&type=Issues">activity</a>)</p> <h2>v7.5.5</h2> <h2>7.5.5</h2> <p>(<a href="https://github.com/jupyter/notebook/compare/@jupyter-notebook/application-extension@7.5.4...4f8438b0c67dc4f010bf8cd052da4f16e2ed3828">Full Changelog</a>)</p> <h3>Maintenance and upkeep improvements</h3> <ul> <li>Update to JupyterLab v4.5.6 <a href="https://redirect.github.com/jupyter/notebook/pull/7861">#7861</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> <li>[7.5.x] Drop Python 3.9 on CI <a href="https://redirect.github.com/jupyter/notebook/pull/7860">#7860</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> <li>Fix check links <a href="https://redirect.github.com/jupyter/notebook/pull/7857">#7857</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter/notebook/graphs/contributors?from=2026-02-24&to=2026-03-11&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/jtpio"><code>@jtpio</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3Ajtpio+updated%3A2026-02-24..2026-03-11&type=Issues">activity</a>)</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jupyter/notebook/blob/@jupyter-notebook/tree@7.5.6/CHANGELOG.md">notebook's changelog</a>.</em></p> <blockquote> <h2>7.5.6</h2> <p>(<a href="https://github.com/jupyter/notebook/compare/@jupyter-notebook/application-extension@7.5.5...2e642f0cb10be314ba5d97d709cffe41bf992d9e">Full Changelog</a>)</p> <h3>Maintenance and upkeep improvements</h3> <ul> <li>Update to JupyterLab v4.5.7 <a href="https://redirect.github.com/jupyter/notebook/pull/7902">#7902</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> </ul> <h3>Documentation improvements</h3> <ul> <li>docs: Fix broken links in troubleshooting and migration docs <a href="https://redirect.github.com/jupyter/notebook/pull/7824">#7824</a> (<a href="https://github.com/RamiNoodle733"><code>@RamiNoodle733</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter/notebook/graphs/contributors?from=2026-03-11&to=2026-04-30&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/jtpio"><code>@jtpio</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3Ajtpio+updated%3A2026-03-11..2026-04-30&type=Issues">activity</a>) | <a href="https://github.com/RamiNoodle733"><code>@RamiNoodle733</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3ARamiNoodle733+updated%3A2026-03-11..2026-04-30&type=Issues">activity</a>)</p> <!-- raw HTML omitted --> <h2>7.5.5</h2> <p>(<a href="https://github.com/jupyter/notebook/compare/@jupyter-notebook/application-extension@7.5.4...4f8438b0c67dc4f010bf8cd052da4f16e2ed3828">Full Changelog</a>)</p> <h3>Maintenance and upkeep improvements</h3> <ul> <li>Update to JupyterLab v4.5.6 <a href="https://redirect.github.com/jupyter/notebook/pull/7861">#7861</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> <li>[7.5.x] Drop Python 3.9 on CI <a href="https://redirect.github.com/jupyter/notebook/pull/7860">#7860</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> <li>Fix check links <a href="https://redirect.github.com/jupyter/notebook/pull/7857">#7857</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter/notebook/graphs/contributors?from=2026-02-24&to=2026-03-11&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/jtpio"><code>@jtpio</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3Ajtpio+updated%3A2026-02-24..2026-03-11&type=Issues">activity</a>)</p> <h2>7.5.4</h2> <p>(<a href="https://github.com/jupyter/notebook/compare/@jupyter-notebook/application-extension@7.5.3...e5d8418b706fcefd4208bb61c22399dd3123555b">Full Changelog</a>)</p> <h3>Maintenance and upkeep improvements</h3> <ul> <li>Update to JupyterLab v4.5.5 <a href="https://redirect.github.com/jupyter/notebook/pull/7842">#7842</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> <li>Fix PyO3 CI failure with Python 3.15 <a href="https://redirect.github.com/jupyter/notebook/pull/7836">#7836</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
ba897ffa7e |
chore(docs): update x handle references (#37081)
## Description Updates package metadata and README badges so LangChain social links point to the new `@langchain_oss` X handle. This was completed with AI-agent assistance. ## Test Plan - [ ] Validate README badges and package metadata links point to `https://x.com/langchain_oss` _Opened collaboratively by Mason Daugherty and open-swe._ --------- Co-authored-by: open-swe[bot] <open-swe@users.noreply.github.com> Co-authored-by: Mason Daugherty <61371264+mdrxy@users.noreply.github.com> |
||
|
|
cd80a805b2 |
fix(text-splitters): remove invalid and duplicate separators in Kotlin, Rust, and Haskell (#37039)
## Summary Fixes four issues in `get_separators_for_language()` in `character.py`: - **Kotlin**: removed `"\ncase "` — `case` is not a Kotlin keyword. Kotlin uses `when` expressions (already present in the list). This was copied from Java/Swift. - **Rust**: removed duplicate `"\nconst "` — appeared twice, once under function definitions and again under control flow statements. - **Haskell**: removed duplicate `"\n:: "` — appeared under function definitions and again under type declarations. - **Haskell**: removed duplicate `"\ndata "` — appeared under type declarations and again under record field declarations. All four are dead separators that never match or produce redundant splits. ## Issue Closes #37038 ## Types of changes - [x] Bug fix ## Checklist - [x] I have read the CONTRIBUTING doc - [x] Lint and unit tests pass locally with my changes |
||
|
|
3b9750f0a4 |
fix(text-splitters): remove incorrect C# and Elixir separator keywords (#37037)
## Summary Removes two incorrect separators from `get_separators_for_language()` in `RecursiveCharacterTextSplitter`: - **C#**: `"\nimplements "` is a Java keyword. C# uses `:` for interface implementation. This separator never matches valid C# source code. - **Elixir**: `"\nwhile "` does not exist in Elixir. The language uses recursion and `Enum.reduce_while/3` instead of while loops. Both are dead separators that silently degrade chunking quality by occupying positions in the separator priority list without contributing useful split points. ## Tests Added two targeted tests: - `test_csharp_separators_no_java_keywords`: verifies `"\nimplements "` is not in the C# separator list - `test_elixir_separators_no_while`: verifies `"\nwhile "` is not in the Elixir separator list Existing `test_csharp_code_splitter` continues to pass (no change to expected output since `implements` never matched valid C# code). Full suite: 129 passed, 0 failed. Fixes #37030 |
||
|
|
56d6e89be0 | hotfix: bump min core versions (#36996) | ||
|
|
a70e7ab80e | release(openai): 1.2.1 (#36995) | ||
|
|
9ce72eba9f | feat(core): add content-block-centric streaming (v2) (#36834) | ||
|
|
7b09eb7bda |
fix(fireworks): honor max_retries (#36973)
`ChatFireworks.max_retries` silently did nothing. The old code assigned the value to a `ChatCompletionV2` sub-object rather than the base client, and the pinned Fireworks SDK (0.13.0–0.19.20) never honors its own `_max_retries` attribute on the base client either. Since the Stainless-generated 1.x SDK that does implement retries is still pre-release (1.0.1a63 at time of writing), retry responsibility is ported to the LangChain side until the pin can be bumped. |
||
|
|
b302691ff9 |
chore: bump nbconvert from 7.17.0 to 7.17.1 in /libs/text-splitters (#36921)
Bumps [nbconvert](https://github.com/jupyter/nbconvert) from 7.17.0 to 7.17.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jupyter/nbconvert/releases">nbconvert's releases</a>.</em></p> <blockquote> <h2>v7.17.1</h2> <h2>7.17.1</h2> <p>This is a security release, fixing two CVEs:</p> <ul> <li><a href="https://github.com/jupyter/nbconvert/security/advisories/GHSA-4c99-qj7h-p3vg">CVE-2026-39377</a></li> <li><a href="https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9">CVE-2026-39378</a></li> </ul> <p>(full advisories will be published seven days after release, on 2026-04-14).</p> <p>(<a href="https://github.com/jupyter/nbconvert/compare/v7.17.0...b3b6ec01f872e9af8fd1769eb9cf1889c720ecf3">Full Changelog</a>)</p> <h3>Enhancements made</h3> <ul> <li>Allow configureable WebPDF JavaScript processing timeout <a href="https://redirect.github.com/jupyter/nbconvert/pull/2250">#2250</a> (<a href="https://github.com/timkpaine"><code>@timkpaine</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> </ul> <h3>Bugs fixed</h3> <ul> <li>Fix <code>PermissionError</code> when checking template paths on shared filesystems <a href="https://redirect.github.com/jupyter/nbconvert/pull/2252">#2252</a> (<a href="https://github.com/ctcjab"><code>@ctcjab</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Tweak webpdf template logic to fix duplicate extension problem <a href="https://redirect.github.com/jupyter/nbconvert/pull/2249">#2249</a> (<a href="https://github.com/timkpaine"><code>@timkpaine</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> </ul> <h3>Maintenance and upkeep improvements</h3> <ul> <li>specify python version for pre <a href="https://redirect.github.com/jupyter/nbconvert/pull/2276">#2276</a> (<a href="https://github.com/minrk"><code>@minrk</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter/nbconvert/graphs/contributors?from=2026-01-29&to=2026-04-08&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/akhmerov"><code>@akhmerov</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aakhmerov+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/bollwyvl"><code>@bollwyvl</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/Carreau"><code>@Carreau</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/ctcjab"><code>@ctcjab</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Actcjab+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/davidbrochart"><code>@davidbrochart</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Adavidbrochart+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/Ken-B"><code>@Ken-B</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AKen-B+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/krassowski"><code>@krassowski</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/mgeier"><code>@mgeier</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgeier+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/minrk"><code>@minrk</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/mpacer"><code>@mpacer</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ampacer+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/MSeal"><code>@MSeal</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/SylvainCorlay"><code>@SylvainCorlay</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ASylvainCorlay+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/takluyver"><code>@takluyver</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Atakluyver+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/timkpaine"><code>@timkpaine</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Atimkpaine+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>)</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jupyter/nbconvert/blob/main/CHANGELOG.md">nbconvert's changelog</a>.</em></p> <blockquote> <h2>7.17.1</h2> <p>This is a security release, fixing two CVEs:</p> <ul> <li><a href="https://github.com/jupyter/nbconvert/security/advisories/GHSA-4c99-qj7h-p3vg">CVE-2026-39377</a></li> <li><a href="https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9">CVE-2026-39378</a></li> </ul> <p>(full advisories will be published seven days after release, on 2026-04-14).</p> <p>(<a href="https://github.com/jupyter/nbconvert/compare/v7.17.0...b3b6ec01f872e9af8fd1769eb9cf1889c720ecf3">Full Changelog</a>)</p> <h3>Enhancements made</h3> <ul> <li>Allow configureable WebPDF JavaScript processing timeout <a href="https://redirect.github.com/jupyter/nbconvert/pull/2250">#2250</a> (<a href="https://github.com/timkpaine"><code>@timkpaine</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> </ul> <h3>Bugs fixed</h3> <ul> <li>Fix <code>PermissionError</code> when checking template paths on shared filesystems <a href="https://redirect.github.com/jupyter/nbconvert/pull/2252">#2252</a> (<a href="https://github.com/ctcjab"><code>@ctcjab</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Tweak webpdf template logic to fix duplicate extension problem <a href="https://redirect.github.com/jupyter/nbconvert/pull/2249">#2249</a> (<a href="https://github.com/timkpaine"><code>@timkpaine</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> </ul> <h3>Maintenance and upkeep improvements</h3> <ul> <li>specify python version for pre <a href="https://redirect.github.com/jupyter/nbconvert/pull/2276">#2276</a> (<a href="https://github.com/minrk"><code>@minrk</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter/nbconvert/graphs/contributors?from=2026-01-29&to=2026-04-08&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/akhmerov"><code>@akhmerov</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aakhmerov+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/bollwyvl"><code>@bollwyvl</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/Carreau"><code>@Carreau</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/ctcjab"><code>@ctcjab</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Actcjab+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/davidbrochart"><code>@davidbrochart</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Adavidbrochart+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/Ken-B"><code>@Ken-B</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AKen-B+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/krassowski"><code>@krassowski</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/mgeier"><code>@mgeier</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgeier+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/minrk"><code>@minrk</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/mpacer"><code>@mpacer</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ampacer+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/MSeal"><code>@MSeal</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/SylvainCorlay"><code>@SylvainCorlay</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ASylvainCorlay+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/takluyver"><code>@takluyver</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Atakluyver+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/timkpaine"><code>@timkpaine</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Atimkpaine+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>)</p> <!-- raw HTML omitted --> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
58c4e5bbdd | release(text-splitters): 1.1.2 (#36822) | ||
|
|
c289bf10e9 | fix(text-splitters): deprecate and use SSRF-safe transport in split_text_from_url (#36821) | ||
|
|
51e954877e |
chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (#36797)
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from 0.6.3 to 0.7.31. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's releases</a>.</em></p> <blockquote> <h2>v0.7.31</h2> <h2>What's Changed</h2> <ul> <li>chore(deps-dev): bump langchain-core from 1.2.23 to 1.2.28 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2692">langchain-ai/langsmith-sdk#2692</a></li> <li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.82.0 to 0.84.0 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2684">langchain-ai/langsmith-sdk#2684</a></li> <li>chore(deps): bump cryptography from 46.0.6 to 46.0.7 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2693">langchain-ai/langsmith-sdk#2693</a></li> <li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.84.0 to 0.85.0 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2700">langchain-ai/langsmith-sdk#2700</a></li> <li>feat(py): Tag OpenAI Agent Python SDK runs with ls_agent_type by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2699">langchain-ai/langsmith-sdk#2699</a></li> <li>feat(js): Adds ls_agent_type metadata to AI SDK runs by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2701">langchain-ai/langsmith-sdk#2701</a></li> <li>chore(deps-dev): bump types-tqdm from 4.67.3.20260303 to 4.67.3.20260408 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2710">langchain-ai/langsmith-sdk#2710</a></li> <li>chore(deps): bump pnpm/action-setup from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2705">langchain-ai/langsmith-sdk#2705</a></li> <li>chore(deps): bump the py-minor-and-patch group across 1 directory with 10 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2711">langchain-ai/langsmith-sdk#2711</a></li> <li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.85.0 to 0.86.0 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2702">langchain-ai/langsmith-sdk#2702</a></li> <li>chore(deps): bump actions/github-script from 8 to 9 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2706">langchain-ai/langsmith-sdk#2706</a></li> <li>chore(deps-dev): bump the js-minor-and-patch group across 1 directory with 7 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2712">langchain-ai/langsmith-sdk#2712</a></li> <li>chore(deps-dev): bump types-psutil from 7.2.2.20260130 to 7.2.2.20260408 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2709">langchain-ai/langsmith-sdk#2709</a></li> <li>chore(deps-dev): bump rich from 14.3.3 to 15.0.0 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2708">langchain-ai/langsmith-sdk#2708</a></li> <li>feat: Filter kwargs from new token events by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2714">langchain-ai/langsmith-sdk#2714</a></li> <li>release(py): 0.7.31 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2716">langchain-ai/langsmith-sdk#2716</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31</a></p> <h2>v0.7.30</h2> <h2>What's Changed</h2> <ul> <li>feat(python): add service feature to sandbox by <a href="https://github.com/DanielKneipp"><code>@DanielKneipp</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2665">langchain-ai/langsmith-sdk#2665</a></li> <li>fix(js): Fix prototype pollution bug in anonymizers by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2690">langchain-ai/langsmith-sdk#2690</a></li> <li>release(js): 0.5.18 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2691">langchain-ai/langsmith-sdk#2691</a></li> <li>chore(js/sandbox): suppress warning log by <a href="https://github.com/hntrl"><code>@hntrl</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2694">langchain-ai/langsmith-sdk#2694</a></li> <li>feat(js): Add metadata to Claude Agent SDK JS tracing by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2695">langchain-ai/langsmith-sdk#2695</a></li> <li>fix(py): Fix run tree memory leak by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2696">langchain-ai/langsmith-sdk#2696</a></li> <li>release(py): 0.7.30 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2698">langchain-ai/langsmith-sdk#2698</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30</a></p> <h2>v0.7.29</h2> <h2>What's Changed</h2> <ul> <li>release(js): 0.5.17 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2681">langchain-ai/langsmith-sdk#2681</a></li> <li>feat(py): Fix race condition around Claude Agent SDK instrumentation by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2685">langchain-ai/langsmith-sdk#2685</a></li> <li>release(py): 0.7.29 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2686">langchain-ai/langsmith-sdk#2686</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29</a></p> <h2>v0.7.28</h2> <h2>What's Changed</h2> <ul> <li>feat(py): Support subagent tracing in Claude Agents SDK, fix usage and duplicate messages by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2670">langchain-ai/langsmith-sdk#2670</a></li> <li>chore(deps-dev): bump the py-minor-and-patch group across 1 directory with 11 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2677">langchain-ai/langsmith-sdk#2677</a></li> <li>chore(deps-dev): bump the js-minor-and-patch group across 1 directory with 8 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2667">langchain-ai/langsmith-sdk#2667</a></li> <li>chore(deps): bump pnpm/action-setup from 4 to 5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2658">langchain-ai/langsmith-sdk#2658</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/langchain-ai/langsmith-sdk/commits/v0.7.31">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
7e81d09f2a |
chore(deps): bump pytest to 9.0.3 (#36801)
CVE-2025-71176 (medium severity) All are dev-only (test dependency group) — no impact on published packages. ### Why syrupy was also bumped syrupy 4.x (`<5.0.0`) constrains pytest to `<9.0.0`, blocking the CVE fix. Widening to `<6.0.0` allows syrupy 5.x which supports pytest 9.x. |
||
|
|
2d90e4275f |
chore: bump pytest from 9.0.2 to 9.0.3 in /libs/text-splitters (#36714)
Bumps [pytest](https://github.com/pytest-dev/pytest) from 9.0.2 to 9.0.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pytest-dev/pytest/releases">pytest's releases</a>.</em></p> <blockquote> <h2>9.0.3</h2> <h1>pytest 9.0.3 (2026-04-07)</h1> <h2>Bug fixes</h2> <ul> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/12444">#12444</a>: Fixed <code>pytest.approx</code> which now correctly takes into account <code>~collections.abc.Mapping</code> keys order to compare them.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13634">#13634</a>: Blocking a <code>conftest.py</code> file using the <code>-p no:</code> option is now explicitly disallowed.</p> <p>Previously this resulted in an internal assertion failure during plugin loading.</p> <p>Pytest now raises a clear <code>UsageError</code> explaining that conftest files are not plugins and cannot be disabled via <code>-p</code>.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13734">#13734</a>: Fixed crash when a test raises an exceptiongroup with <code>__tracebackhide__ = True</code>.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/14195">#14195</a>: Fixed an issue where non-string messages passed to <!-- raw HTML omitted -->unittest.TestCase.subTest()<!-- raw HTML omitted --> were not printed.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/14343">#14343</a>: Fixed use of insecure temporary directory (CVE-2025-71176).</p> </li> </ul> <h2>Improved documentation</h2> <ul> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/13388">#13388</a>: Clarified documentation for <code>-p</code> vs <code>PYTEST_PLUGINS</code> plugin loading and fixed an incorrect <code>-p</code> example.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/13731">#13731</a>: Clarified that capture fixtures (e.g. <code>capsys</code> and <code>capfd</code>) take precedence over the <code>-s</code> / <code>--capture=no</code> command-line options in <code>Accessing captured output from a test function <accessing-captured-output></code>.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/14088">#14088</a>: Clarified that the default <code>pytest_collection</code> hook sets <code>session.items</code> before it calls <code>pytest_collection_finish</code>, not after.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/14255">#14255</a>: TOML integer log levels must be quoted: Updating reference documentation.</li> </ul> <h2>Contributor-facing changes</h2> <ul> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/12689">#12689</a>: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible <a href="https://app.codecov.io/gh/pytest-dev/pytest/tests">on the web interface</a>.</p> <p>-- by <code>aleguy02</code></p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
555bdfbade |
chore: add comment explaining pygments>=2.20.0 (#36570)
|
||
|
|
0a1d290ac2 | release(core): 1.2.26 (#36511) | ||
|
|
0f4f3f74c8 |
chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385)
## Summary Bumps `pygments` to `>=2.20.0` across all 21 affected packages to address [CVE-2026-4539](https://github.com/advisories/GHSA-XXXX) — ReDoS via inefficient GUID regex in Pygments. - **Severity:** Low - **Fixed in:** 2.20.0 (was 2.19.2) - **Change:** Added `pygments>=2.20.0` to `constraint-dependencies` in `[tool.uv]` for each package, then ran `uv lock --upgrade-package pygments` to regenerate lock files. Closes Dependabot alerts #3435–#3455. ## Release Note Patch deps ### Test Plan - [x] CI Green 🙏 Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> |
||
|
|
eb28ae1b20 | fix(text-splitters): prevent silent data loss for empty dict values in RecursiveJsonSplitter (#35079) | ||
|
|
61443c2580 | feat(text-splitters): support spacy tests with Python 3.14 (#36198) | ||
|
|
7bb9443e15 |
fix(infra): correct lint_diff relative paths in package makefiles (#36333)
Fixes #36332 Corrected lint_diff/format_diff relative path settings in three package Makefiles so changed-file linting runs against the correct package scope. This is an infra-only fix and does not change runtime behavior. How did you verify your code works? - make -n -C libs/langchain_v1 lint_diff - make -n -C libs/text-splitters lint_diff - make -n -C libs/partners/mistralai lint_diff - Confirmed only the three Makefiles are changed, with no uv.lock or pyproject.toml updates. AI assistance disclaimer: I used AI assistance to draft and review this contribution. |
||
|
|
c6d573f433 |
chore: bump requests from 2.32.5 to 2.33.0 in /libs/text-splitters (#36238)
Bumps [requests](https://github.com/psf/requests) from 2.32.5 to 2.33.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.33.0</h2> <h2>2.33.0 (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at <a href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>. Give it a try, and report any gaps or feedback you may have in the issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul> <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517 build system using setuptools. (<a href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (<a href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for Python 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/M0d3v1"><code>@M0d3v1</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6865">psf/requests#6865</a></li> <li><a href="https://github.com/aminvakil"><code>@aminvakil</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7220">psf/requests#7220</a></li> <li><a href="https://github.com/E8Price"><code>@E8Price</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6960">psf/requests#6960</a></li> <li><a href="https://github.com/mitre88"><code>@mitre88</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7244">psf/requests#7244</a></li> <li><a href="https://github.com/magsen"><code>@magsen</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6553">psf/requests#6553</a></li> <li><a href="https://github.com/Rohan5commit"><code>@Rohan5commit</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7227">psf/requests#7227</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25">https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.33.0 (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at <a href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>. Give it a try, and report any gaps or feedback you may have in the issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul> <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517 build system using setuptools. (<a href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (<a href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for Python 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
7ed0eb3a17 |
chore: bump nltk from 3.9.3 to 3.9.4 in /libs/text-splitters (#36237)
Bumps [nltk](https://github.com/nltk/nltk) from 3.9.3 to 3.9.4. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nltk/nltk/blob/develop/ChangeLog">nltk's changelog</a>.</em></p> <blockquote> <p>Version 3.9.4 2026-03-24</p> <ul> <li>Support Python 3.14</li> <li>Fix bug in Levenshtein distance when substitution_cost > 2</li> <li>Fix bug in Treebank detokeniser re quote ordering</li> <li>Fix bug in Jaro similarity for empty strings</li> <li>Several security enhancements</li> <li>Fix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder</li> <li>Implement TextTiling vocabulary introduction method (Hearst 1997)</li> <li>Fix ALINE feature matrix errors and add comprehensive tests</li> <li>Support multiple VerbNet versions, fix longid/shortid regex for VerbNet ids</li> <li>Let downloader fallback to md5 when sha256 is unavailable</li> <li>Several other minor bugfixes and code cleanups</li> </ul> <p>Thanks to the following contributors to 3.9.4: Min-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01, jancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,</p> <p>Version 3.9.3 2026-02-21</p> <ul> <li>Fix CVE-2025-14009: secure ZIP extraction in nltk.downloader (<a href="https://redirect.github.com/nltk/nltk/issues/3468">#3468</a>)</li> <li>Block path traversal/arbitrary reads in nltk.data for protocol-less refs (<a href="https://redirect.github.com/nltk/nltk/issues/3467">#3467</a>)</li> <li>Block path traversal/abs paths in corpus readers and FS pointers (<a href="https://redirect.github.com/nltk/nltk/issues/3479">#3479</a>, <a href="https://redirect.github.com/nltk/nltk/issues/3480">#3480</a>)</li> <li>Validate external StanfordSegmenter JARs using SHA256 (<a href="https://redirect.github.com/nltk/nltk/issues/3477">#3477</a>)</li> <li>Add optional sandbox enforcement for filestring() (<a href="https://redirect.github.com/nltk/nltk/issues/3485">#3485</a>)</li> <li>Maintenance: downloader/zipped models, CI/tooling updates</li> </ul> <p>Thanks to the following contributors to 3.9.3: Chris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith</p> <p>Version 3.9.2 2025-10-01</p> <ul> <li>Update download checksums to use SHA256 in built index</li> <li>Fix percentage escape in new-style string formatting</li> <li>replace shortened URLs using goo.gl</li> <li>Make Wordnet interoperable with various taggers and tagged corpora</li> <li>Fix saving PerceptronTagger</li> <li>Document how to reproduce old Wordnet studies</li> <li>properly initialize Portuguese corpus reader</li> <li>support for mixed rules conversion into Chomsky Normal Form</li> <li>only import tkinter if a GUI is needed</li> <li>issue <a href="https://redirect.github.com/nltk/nltk/issues/2112">#2112</a> with Corenlp</li> <li>new environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL</li> <li>Lesk defaults to most frequent sense in case of ties</li> </ul> <p>Thanks to the following contributors to 3.9.2: Jose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu, Samer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq, Christopher Smith, Ryan Mannion</p> <p>Version 3.9.1 2024-08-19</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
1778b082ec |
chore(partners): bump langchain-core min to 1.2.21 (#36183)
Bump the minimum `langchain-core` dependency to `>=1.2.21` across all 14 partner packages in the monorepo. Aligns partner lower bounds with the latest core release so consumers pick up recent fixes (notably the `ModelProfile` schema drift fix from core 1.2.21). |