github/langchain
1
0
Fork 0
mirror of https://github.com/hwchase17/langchain.git synced 2026-06-09 10:17:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
16,096 Commits 1,164 Branches 1,270 Tags
3b999176c84c1236e1f6fbaa5194782360e82264
Commit Graph

43 Commits

Author SHA1 Message Date
dependabot[bot]
d55c08bc72 chore: bump langsmith from 0.8.7 to 0.8.9 in /libs/partners/chroma (#37884) 
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from
0.8.7 to 0.8.9.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.8.9</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(sandbox): add JS Dockerfile snapshots by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2951">langchain-ai/langsmith-sdk#2951</a></li>
<li>chore(deps-dev): bump the js-minor-and-patch group across 1
directory with 11 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2931">langchain-ai/langsmith-sdk#2931</a></li>
<li>chore(deps): bump websockets from 15.0.1 to 16.0 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2811">langchain-ai/langsmith-sdk#2811</a></li>
<li>chore(deps): update myst-parser requirement from &gt;=3 to
&gt;=4.0.1 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2841">langchain-ai/langsmith-sdk#2841</a></li>
<li>chore(deps): bump the py-minor-and-patch group across 1 directory
with 19 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2934">langchain-ai/langsmith-sdk#2934</a></li>
<li>chore(deps): bump typescript from 5.9.3 to 6.0.3 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2839">langchain-ai/langsmith-sdk#2839</a></li>
<li>chore(deps-dev): bump google-adk from 1.10.0 to 2.1.0 in /python by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2960">langchain-ai/langsmith-sdk#2960</a></li>
<li>chore(deps-dev): bump wrapt from 1.17.3 to 2.2.1 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2961">langchain-ai/langsmith-sdk#2961</a></li>
<li>chore(deps-dev): bump the py-minor-and-patch group in /python with 6
updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2958">langchain-ai/langsmith-sdk#2958</a></li>
<li>chore(deps-dev): bump types-tqdm from 4.67.3.20260408 to
4.67.3.20260518 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2959">langchain-ai/langsmith-sdk#2959</a></li>
<li>ci: add minimum workflow permissions by <a
href="https://github.com/jkennedyvz"><code>@​jkennedyvz</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2967">langchain-ai/langsmith-sdk#2967</a></li>
<li>chore: update dependabot.yml to comply with posture checks by <a
href="https://github.com/jkennedyvz"><code>@​jkennedyvz</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2966">langchain-ai/langsmith-sdk#2966</a></li>
<li>test(python): deflake test_tracing_queue_limit_drops_when_full by <a
href="https://github.com/baskaryan"><code>@​baskaryan</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2964">langchain-ai/langsmith-sdk#2964</a></li>
<li>feat(sandbox): size the dockerfile-build sandbox via vcpus/mem_bytes
(python) by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2979">langchain-ai/langsmith-sdk#2979</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.8...v0.8.9">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.8...v0.8.9</a></p>
<h2>v0.8.8</h2>
<h2>What's Changed</h2>
<ul>
<li>fix(python): retry sandbox pool timeouts by <a
href="https://github.com/baskaryan"><code>@​baskaryan</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2953">langchain-ai/langsmith-sdk#2953</a></li>
<li>fix(sandbox): build Dockerfile snapshots off /tmp by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2956">langchain-ai/langsmith-sdk#2956</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.7...v0.8.8">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.7...v0.8.8</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1eda04b4e8"><code>1eda04b</code></a>
feat(sandbox): size the dockerfile-build sandbox via vcpus/mem_bytes
(python)...</li>
<li><a
href="5960910cbe"><code>5960910</code></a>
test(python): deflake test_tracing_queue_limit_drops_when_full (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2964">#2964</a>)</li>
<li><a
href="846d4c5b17"><code>846d4c5</code></a>
chore: update dependabot.yml to comply with posture checks (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2966">#2966</a>)</li>
<li><a
href="48b66b3cca"><code>48b66b3</code></a>
ci: add minimum workflow permissions (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2967">#2967</a>)</li>
<li><a
href="d0a93ac8a2"><code>d0a93ac</code></a>
chore(deps-dev): bump types-tqdm from 4.67.3.20260408 to 4.67.3.20260518
in /...</li>
<li><a
href="fc9ba745e3"><code>fc9ba74</code></a>
chore(deps-dev): bump the py-minor-and-patch group in /python with 6
updates ...</li>
<li><a
href="d54e69b689"><code>d54e69b</code></a>
chore(deps-dev): bump wrapt from 1.17.3 to 2.2.1 in /python (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2961">#2961</a>)</li>
<li><a
href="1d212585b8"><code>1d21258</code></a>
chore(deps-dev): bump google-adk from 1.10.0 to 2.1.0 in /python (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2960">#2960</a>)</li>
<li><a
href="b66d791bfe"><code>b66d791</code></a>
chore(deps-dev): bump typescript from 5.9.3 to 6.0.3 in /js (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2839">#2839</a>)</li>
<li><a
href="a0f9eff836"><code>a0f9eff</code></a>
chore(deps): bump the py-minor-and-patch group across 1 directory with
19 upd...</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.7...v0.8.9">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=langsmith&package-manager=uv&previous-version=0.8.7&new-version=0.8.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-06-03 19:11:00 -04:00
dependabot[bot]
4a7476093d chore: bump chromadb from 1.5.5 to 1.5.9 in /libs/partners/chroma (#37779) 
Bumps [chromadb](https://github.com/chroma-core/chroma) from 1.5.5 to
1.5.9.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/chroma-core/chroma/releases">chromadb's
releases</a>.</em></p>
<blockquote>
<h2>1.5.9</h2>
<p>Version: <code>1.5.9</code>
Git ref: <code>refs/tags/1.5.9</code>
Build Date: <code>2026-05-05T05:55</code>
PIP Package: <code>chroma-1.5.9.tar.gz</code>
Github Container Registry Image: <code>:1.5.9</code>
DockerHub Image: <code>:1.5.9</code></p>
<h2>What's Changed</h2>
<ul>
<li><a
href="https://github.com/chroma-core/chroma/blob/HEAD/frontend">ENH</a>:
block functions on topology dbs by <a
href="https://github.com/rescrv"><code>@​rescrv</code></a> in <a
href="https://redirect.github.com/chroma-core/chroma/pull/6836">chroma-core/chroma#6836</a></li>
<li><a
href="https://github.com/chroma-core/chroma/blob/HEAD/faults">ENH</a>:
Add Tilt fault injection CLI by <a
href="https://github.com/rescrv"><code>@​rescrv</code></a> in <a
href="https://redirect.github.com/chroma-core/chroma/pull/6881">chroma-core/chroma#6881</a></li>
<li>[CHORE] Debug TimeoutError in test_add.py by <a
href="https://github.com/rescrv"><code>@​rescrv</code></a> in <a
href="https://redirect.github.com/chroma-core/chroma/pull/6905">chroma-core/chroma#6905</a></li>
<li>[ENH]: Enable rebuilds for sharded collections by <a
href="https://github.com/tanujnay112"><code>@​tanujnay112</code></a> in
<a
href="https://redirect.github.com/chroma-core/chroma/pull/6916">chroma-core/chroma#6916</a></li>
<li>[ENH]: Group by support with sharding by <a
href="https://github.com/sanketkedia"><code>@​sanketkedia</code></a> in
<a
href="https://redirect.github.com/chroma-core/chroma/pull/6909">chroma-core/chroma#6909</a></li>
<li>[CHORE]: Denormalize tenant and database into
collection_compaction_cursors table by <a
href="https://github.com/tanujnay112"><code>@​tanujnay112</code></a> in
<a
href="https://redirect.github.com/chroma-core/chroma/pull/6940">chroma-core/chroma#6940</a></li>
<li>[CHORE] Use normalized record sets for test add by <a
href="https://github.com/rescrv"><code>@​rescrv</code></a> in <a
href="https://redirect.github.com/chroma-core/chroma/pull/6935">chroma-core/chroma#6935</a></li>
<li>[ENH]: Add workflow to build and publish service container images by
<a href="https://github.com/jasonvigil"><code>@​jasonvigil</code></a> in
<a
href="https://redirect.github.com/chroma-core/chroma/pull/6944">chroma-core/chroma#6944</a></li>
<li>[ENH] - Updates language around Chroma Cloud to be more
representative. by <a
href="https://github.com/tjkrusinskichroma"><code>@​tjkrusinskichroma</code></a>
in <a
href="https://redirect.github.com/chroma-core/chroma/pull/6952">chroma-core/chroma#6952</a></li>
<li>[ENH]: Add change stream to collection compaction cursors by <a
href="https://github.com/tanujnay112"><code>@​tanujnay112</code></a> in
<a
href="https://redirect.github.com/chroma-core/chroma/pull/6955">chroma-core/chroma#6955</a></li>
<li>[BUG] Switch to storing DOCKERHUB_USERNAME as var by <a
href="https://github.com/jasonvigil"><code>@​jasonvigil</code></a> in <a
href="https://redirect.github.com/chroma-core/chroma/pull/6962">chroma-core/chroma#6962</a></li>
<li>[CHORE]: Standardize Tilt CI image build on root docker-bake.hcl by
<a href="https://github.com/jasonvigil"><code>@​jasonvigil</code></a> in
<a
href="https://redirect.github.com/chroma-core/chroma/pull/6958">chroma-core/chroma#6958</a></li>
<li>[BUG]: Rename database on soft delete by <a
href="https://github.com/tanujnay112"><code>@​tanujnay112</code></a> in
<a
href="https://redirect.github.com/chroma-core/chroma/pull/6943">chroma-core/chroma#6943</a></li>
<li>Revert &quot;[CHORE]: Standardize Tilt CI image build on root
docker-bake.hcl&quot; by <a
href="https://github.com/jasonvigil"><code>@​jasonvigil</code></a> in <a
href="https://redirect.github.com/chroma-core/chroma/pull/6965">chroma-core/chroma#6965</a></li>
<li><a
href="https://github.com/chroma-core/chroma/blob/HEAD/system">ENH</a>:
name and size all worker threads by <a
href="https://github.com/rescrv"><code>@​rescrv</code></a> in <a
href="https://redirect.github.com/chroma-core/chroma/pull/6936">chroma-core/chroma#6936</a></li>
<li><a
href="https://github.com/chroma-core/chroma/blob/HEAD/test">BUG</a>:
simplify flaky indexing progress test by <a
href="https://github.com/rescrv"><code>@​rescrv</code></a> in <a
href="https://redirect.github.com/chroma-core/chroma/pull/6968">chroma-core/chroma#6968</a></li>
<li>[CHORE] stabilize Tilt dev environment configs by <a
href="https://github.com/rescrv"><code>@​rescrv</code></a> in <a
href="https://redirect.github.com/chroma-core/chroma/pull/6937">chroma-core/chroma#6937</a></li>
<li><a
href="https://github.com/chroma-core/chroma/blob/HEAD/garbage_collector">BUG</a>:
use correct version file per collection in ancestor walk by <a
href="https://github.com/rescrv"><code>@​rescrv</code></a> in <a
href="https://redirect.github.com/chroma-core/chroma/pull/6970">chroma-core/chroma#6970</a></li>
<li>[ENH] Add SparsePostingBlock by <a
href="https://github.com/HammadB"><code>@​HammadB</code></a> in <a
href="https://redirect.github.com/chroma-core/chroma/pull/6823">chroma-core/chroma#6823</a></li>
<li>[ENH] Add basic maxscore writer/reader by <a
href="https://github.com/HammadB"><code>@​HammadB</code></a> in <a
href="https://redirect.github.com/chroma-core/chroma/pull/6825">chroma-core/chroma#6825</a></li>
<li>[ENH] Add maxscore lazy cursor by <a
href="https://github.com/HammadB"><code>@​HammadB</code></a> in <a
href="https://redirect.github.com/chroma-core/chroma/pull/6829">chroma-core/chroma#6829</a></li>
<li>[ENH] Add SIMD for maxscore by <a
href="https://github.com/Sicheng-Pan"><code>@​Sicheng-Pan</code></a> in
<a
href="https://redirect.github.com/chroma-core/chroma/pull/6865">chroma-core/chroma#6865</a></li>
<li>[ENH] Benchmark maxscore by <a
href="https://github.com/Sicheng-Pan"><code>@​Sicheng-Pan</code></a> in
<a
href="https://redirect.github.com/chroma-core/chroma/pull/6866">chroma-core/chroma#6866</a></li>
<li>[ENH] Add maxscore option in schema by <a
href="https://github.com/Sicheng-Pan"><code>@​Sicheng-Pan</code></a> in
<a
href="https://redirect.github.com/chroma-core/chroma/pull/6878">chroma-core/chroma#6878</a></li>
<li>[ENH] Add maxscore index to metadata segment by <a
href="https://github.com/Sicheng-Pan"><code>@​Sicheng-Pan</code></a> in
<a
href="https://redirect.github.com/chroma-core/chroma/pull/6880">chroma-core/chroma#6880</a></li>
<li>[ENH] Wire maxscore reader in search by <a
href="https://github.com/Sicheng-Pan"><code>@​Sicheng-Pan</code></a> in
<a
href="https://redirect.github.com/chroma-core/chroma/pull/6899">chroma-core/chroma#6899</a></li>
<li>[PERF] Batch load lazy cursor by <a
href="https://github.com/Sicheng-Pan"><code>@​Sicheng-Pan</code></a> in
<a
href="https://redirect.github.com/chroma-core/chroma/pull/6974">chroma-core/chroma#6974</a></li>
<li><a
href="https://github.com/chroma-core/chroma/blob/HEAD/garbage_collector">ENH</a>:
add MCMR support for log GC by <a
href="https://github.com/rescrv"><code>@​rescrv</code></a> in <a
href="https://redirect.github.com/chroma-core/chroma/pull/6946">chroma-core/chroma#6946</a></li>
<li><a
href="https://github.com/chroma-core/chroma/blob/HEAD/test">ENH</a>:
parameterize multi-region config by <a
href="https://github.com/rescrv"><code>@​rescrv</code></a> in <a
href="https://redirect.github.com/chroma-core/chroma/pull/6951">chroma-core/chroma#6951</a></li>
<li>[CHORE] fix merge conflict in main by <a
href="https://github.com/rescrv"><code>@​rescrv</code></a> in <a
href="https://redirect.github.com/chroma-core/chroma/pull/6986">chroma-core/chroma#6986</a></li>
<li>[ENH]: Refactor offset_id to be a mutable AtomicU32 in record by <a
href="https://github.com/tanujnay112"><code>@​tanujnay112</code></a> in
<a
href="https://redirect.github.com/chroma-core/chroma/pull/6922">chroma-core/chroma#6922</a></li>
<li><a
href="https://github.com/chroma-core/chroma/blob/HEAD/spanner">ENH</a>:
add spanner-cli wrapper binary by <a
href="https://github.com/rescrv"><code>@​rescrv</code></a> in <a
href="https://redirect.github.com/chroma-core/chroma/pull/6959">chroma-core/chroma#6959</a></li>
<li><a
href="https://github.com/chroma-core/chroma/blob/HEAD/sysdb">BUG</a>:
preserve legacy hnsw: metadata keys by <a
href="https://github.com/rescrv"><code>@​rescrv</code></a> in <a
href="https://redirect.github.com/chroma-core/chroma/pull/6953">chroma-core/chroma#6953</a></li>
<li>[TST] refactor repair collection log offset test by <a
href="https://github.com/rescrv"><code>@​rescrv</code></a> in <a
href="https://redirect.github.com/chroma-core/chroma/pull/6954">chroma-core/chroma#6954</a></li>
<li><a
href="https://github.com/chroma-core/chroma/blob/HEAD/garbage_collector">TST</a>:
add MCMR hard delete test by <a
href="https://github.com/rescrv"><code>@​rescrv</code></a> in <a
href="https://redirect.github.com/chroma-core/chroma/pull/6947">chroma-core/chroma#6947</a></li>
<li><a
href="https://github.com/chroma-core/chroma/blob/HEAD/log-service">ENH</a>:
defer Spanner init to first use by <a
href="https://github.com/rescrv"><code>@​rescrv</code></a> in <a
href="https://redirect.github.com/chroma-core/chroma/pull/6915">chroma-core/chroma#6915</a></li>
<li>[CHORE]: Denormalize is_deleted in mcmr by <a
href="https://github.com/tanujnay112"><code>@​tanujnay112</code></a> in
<a
href="https://redirect.github.com/chroma-core/chroma/pull/6989">chroma-core/chroma#6989</a></li>
<li>[BUG] Reject NaN/Infinity in base64-encoded embeddings by <a
href="https://github.com/philipithomas"><code>@​philipithomas</code></a>
in <a
href="https://redirect.github.com/chroma-core/chroma/pull/6664">chroma-core/chroma#6664</a></li>
<li>Revert &quot;<a
href="https://github.com/chroma-core/chroma/blob/HEAD/garbage_collector">TST</a>:
add MCMR hard delete test&quot; by <a
href="https://github.com/rescrv"><code>@​rescrv</code></a> in <a
href="https://redirect.github.com/chroma-core/chroma/pull/6992">chroma-core/chroma#6992</a></li>
<li>[ENH] Verify file path for compaction by <a
href="https://github.com/Sicheng-Pan"><code>@​Sicheng-Pan</code></a> in
<a
href="https://redirect.github.com/chroma-core/chroma/pull/6991">chroma-core/chroma#6991</a></li>
<li>[DOC]: Document file-upload sync API, AWS credential reuse, and EU
region by <a
href="https://github.com/philipithomas"><code>@​philipithomas</code></a>
in <a
href="https://redirect.github.com/chroma-core/chroma/pull/6988">chroma-core/chroma#6988</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="11f3c7435e"><code>11f3c74</code></a>
[RELEASE] CLI 1.4.4 Python 1.5.9 JS 3.4.5 (<a
href="https://redirect.github.com/chroma-core/chroma/issues/7018">#7018</a>)</li>
<li><a
href="f16d06a3b9"><code>f16d06a</code></a>
[ENH]: add client header to Gemini embedding functions (<a
href="https://redirect.github.com/chroma-core/chroma/issues/6990">#6990</a>)</li>
<li><a
href="b7cb6acb3f"><code>b7cb6ac</code></a>
[CHORE]: Remove foundation/ from chroma (<a
href="https://redirect.github.com/chroma-core/chroma/issues/7017">#7017</a>)</li>
<li><a
href="bec3105aa0"><code>bec3105</code></a>
<a href="foundation-cli">ENH</a>: Add login, logout, and whoami commands
(<a
href="https://redirect.github.com/chroma-core/chroma/issues/7007">#7007</a>)</li>
<li><a
href="1251ff7659"><code>1251ff7</code></a>
[DOC] Add CLAUDE.md, AGENTS.md, scoped Rust rule (<a
href="https://redirect.github.com/chroma-core/chroma/issues/7010">#7010</a>)</li>
<li><a
href="f4bbbf2e33"><code>f4bbbf2</code></a>
[BLD] Add foundation CLI install script (<a
href="https://redirect.github.com/chroma-core/chroma/issues/7005">#7005</a>)</li>
<li><a
href="2c8f49f0d0"><code>2c8f49f</code></a>
<a href="ci">ENH</a>: move foundation/ to top-level so rust/** filters
skip it (<a
href="https://redirect.github.com/chroma-core/chroma/issues/7008">#7008</a>)</li>
<li><a
href="51eebdb588"><code>51eebdb</code></a>
[ENH] scaffold foundation CLI project (<a
href="https://redirect.github.com/chroma-core/chroma/issues/6999">#6999</a>)</li>
<li><a
href="874b700beb"><code>874b700</code></a>
<a href="gc">ENH</a>: GC empty MCMR collections (<a
href="https://redirect.github.com/chroma-core/chroma/issues/6961">#6961</a>)</li>
<li><a
href="aedf9a668d"><code>aedf9a6</code></a>
<a href="rust-client">ENH</a>: Add read-only backend failover (<a
href="https://redirect.github.com/chroma-core/chroma/issues/6985">#6985</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/chroma-core/chroma/compare/1.5.5...1.5.9">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chromadb&package-manager=uv&previous-version=1.5.5&new-version=1.5.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-29 18:20:43 -04:00
dependabot[bot]
7336690902 chore: bump langsmith from 0.8.3 to 0.8.7 in /libs/partners/chroma (#37780) 
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from
0.8.3 to 0.8.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.8.7</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: reconnect sandbox command streams on EOF by <a
href="https://github.com/ramon-langchain"><code>@​ramon-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2941">langchain-ai/langsmith-sdk#2941</a></li>
<li>feat(sandbox): build snapshots from Dockerfiles by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2950">langchain-ai/langsmith-sdk#2950</a></li>
<li>fix(python): add organization id to context URLs by <a
href="https://github.com/vishnu-ssuresh"><code>@​vishnu-ssuresh</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2945">langchain-ai/langsmith-sdk#2945</a></li>
<li>fix(js): add organization id to context URLs by <a
href="https://github.com/vishnu-ssuresh"><code>@​vishnu-ssuresh</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2946">langchain-ai/langsmith-sdk#2946</a></li>
<li>release(py): 0.8.7 by <a
href="https://github.com/ramon-langchain"><code>@​ramon-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2947">langchain-ai/langsmith-sdk#2947</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.6...v0.8.7">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.6...v0.8.7</a></p>
<h2>v0.8.6</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(deps-dev): bump <code>@​google/genai</code> from 1.50.1 to
2.0.1 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2875">langchain-ai/langsmith-sdk#2875</a></li>
<li>chore(deps): bump mako from 1.3.11 to 1.3.12 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2880">langchain-ai/langsmith-sdk#2880</a></li>
<li>chore(deps): bump authlib from 1.6.11 to 1.6.12 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2888">langchain-ai/langsmith-sdk#2888</a></li>
<li>chore(deps): bump hono from 4.12.15 to 4.12.18 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2894">langchain-ai/langsmith-sdk#2894</a></li>
<li>chore(deps): bump fast-uri from 3.1.0 to 3.1.2 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2895">langchain-ai/langsmith-sdk#2895</a></li>
<li>chore(deps-dev): bump <code>@​anthropic-ai/sdk</code> from 0.94.0 to
0.95.0 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2881">langchain-ai/langsmith-sdk#2881</a></li>
<li>chore(deps): bump postcss from 8.5.8 to 8.5.14 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2898">langchain-ai/langsmith-sdk#2898</a></li>
<li>chore(deps): bump <code>@​protobufjs/utf8</code> from 1.1.0 to 1.1.1
in /js/internal/environment_tests/test-exports-vite in the npm_and_yarn
group across 1 directory by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2908">langchain-ai/langsmith-sdk#2908</a></li>
<li>chore(deps): bump hono from 4.12.18 to 4.12.19 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2909">langchain-ai/langsmith-sdk#2909</a></li>
<li>chore(deps): bump protobufjs from 7.5.7 to 8.0.1 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2896">langchain-ai/langsmith-sdk#2896</a></li>
<li>chore(deps): bump idna from 3.11 to 3.15 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2913">langchain-ai/langsmith-sdk#2913</a></li>
<li>chore(deps-dev): bump <code>@​anthropic-ai/sdk</code> from 0.95.0 to
0.95.1 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2912">langchain-ai/langsmith-sdk#2912</a></li>
<li>AI SDK telemetry and AI SDK v7 support by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2901">langchain-ai/langsmith-sdk#2901</a></li>
<li>feat: install websockets by default for sandbox by <a
href="https://github.com/open-swe"><code>@​open-swe</code></a>[bot] in
<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2916">langchain-ai/langsmith-sdk#2916</a></li>
<li>release(js): 0.7.2 by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2922">langchain-ai/langsmith-sdk#2922</a></li>
<li>feat: add list_runs_from_annotation_queue method [closes LSDK-193]
by <a
href="https://github.com/open-swe"><code>@​open-swe</code></a>[bot] in
<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2892">langchain-ai/langsmith-sdk#2892</a></li>
<li>chore(deps-dev): bump <code>@​anthropic-ai/sdk</code> from 0.95.1 to
0.95.2 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2917">langchain-ai/langsmith-sdk#2917</a></li>
<li>chore(deps-dev): bump types-pyyaml from 6.0.12.20250915 to
6.0.12.20260518 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2927">langchain-ai/langsmith-sdk#2927</a></li>
<li>chore(deps): update pydata-sphinx-theme requirement from &gt;=0.15
to &gt;=0.18.0 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2928">langchain-ai/langsmith-sdk#2928</a></li>
<li>chore: exclude langsmith_api from ruff linter by <a
href="https://github.com/KiewanVillatel"><code>@​KiewanVillatel</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2933">langchain-ai/langsmith-sdk#2933</a></li>
<li>fix(python): retry sandbox connect timeouts by <a
href="https://github.com/ramon-langchain"><code>@​ramon-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2940">langchain-ai/langsmith-sdk#2940</a></li>
<li>fix(js): [LSDK-202] return context hub URLs for pushed contexts by
<a
href="https://github.com/vishnu-ssuresh"><code>@​vishnu-ssuresh</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2939">langchain-ai/langsmith-sdk#2939</a></li>
<li>fix(python): RunTree.create_child appends to self.child_runs
LSE-2221 by <a
href="https://github.com/catherine-langchain"><code>@​catherine-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2942">langchain-ai/langsmith-sdk#2942</a></li>
<li>release(js): 0.7.3 by <a
href="https://github.com/vishnu-ssuresh"><code>@​vishnu-ssuresh</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2943">langchain-ai/langsmith-sdk#2943</a></li>
<li>fix(python): [LSDK-202] return context hub URLs for pushed contexts
by <a
href="https://github.com/vishnu-ssuresh"><code>@​vishnu-ssuresh</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2938">langchain-ai/langsmith-sdk#2938</a></li>
<li>release(py): 0.8.6 by <a
href="https://github.com/vishnu-ssuresh"><code>@​vishnu-ssuresh</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2944">langchain-ai/langsmith-sdk#2944</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/KiewanVillatel"><code>@​KiewanVillatel</code></a>
made their first contribution in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2933">langchain-ai/langsmith-sdk#2933</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.5...v0.8.6">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.5...v0.8.6</a></p>
<h2>v0.8.5</h2>
<h2>What's Changed</h2>
<ul>
<li>release(js): 0.7.0 by <a
href="https://github.com/ramon-langchain"><code>@​ramon-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2890">langchain-ai/langsmith-sdk#2890</a></li>
<li>fix(js): add alias for <code>experimental/sandbox</code> to appease
broad peer dep range within <code>deepagents</code> by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2893">langchain-ai/langsmith-sdk#2893</a></li>
<li>feat(js): allow disabling multipart streaming via env variable by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2900">langchain-ai/langsmith-sdk#2900</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1b3bfc44ef"><code>1b3bfc4</code></a>
release(py): 0.8.7 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2947">#2947</a>)</li>
<li><a
href="9303f0b918"><code>9303f0b</code></a>
fix(js): add organization id to context URLs (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2946">#2946</a>)</li>
<li><a
href="cf028ed6f4"><code>cf028ed</code></a>
fix(python): add organization id to context URLs (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2945">#2945</a>)</li>
<li><a
href="52305b2815"><code>52305b2</code></a>
feat(sandbox): build snapshots from Dockerfiles (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2950">#2950</a>)</li>
<li><a
href="cb9e116bed"><code>cb9e116</code></a>
fix: reconnect sandbox command streams on EOF (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2941">#2941</a>)</li>
<li><a
href="29f6e07681"><code>29f6e07</code></a>
release(py): 0.8.6 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2944">#2944</a>)</li>
<li><a
href="33f89aaf19"><code>33f89aa</code></a>
fix(python): [LSDK-202] return context hub URLs for pushed contexts (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2938">#2938</a>)</li>
<li><a
href="4e1a29b8ec"><code>4e1a29b</code></a>
release(js): 0.7.3 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2943">#2943</a>)</li>
<li><a
href="6bd9365baf"><code>6bd9365</code></a>
fix(python): RunTree.create_child appends to self.child_runs LSE-2221
(<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2942">#2942</a>)</li>
<li><a
href="df9735d0ba"><code>df9735d</code></a>
fix(js): [LSDK-202] return context hub URLs for pushed contexts (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2939">#2939</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.3...v0.8.7">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=langsmith&package-manager=uv&previous-version=0.8.3&new-version=0.8.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-29 18:20:35 -04:00
Mason Daugherty
aef86c476d chore(infra): bump langchain-tests floor to 1.1.9 (#37610) 
Bumps the `langchain-tests` minimum across the monorepo from `1.0.0` to
`1.1.9` and adds a partner-level `Makefile` so partner lockfiles can be
regenerated in one command, matching the existing convention under
`libs/`.
 2026-05-21 13:36:22 -05:00
dependabot[bot]
0e97e85a09 chore: bump idna from 3.10 to 3.15 in /libs/partners/chroma (#37562) 
Bumps [idna](https://github.com/kjd/idna) from 3.10 to 3.15.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/kjd/idna/blob/master/HISTORY.md">idna's
changelog</a>.</em></p>
<blockquote>
<h2>3.15 (2026-05-12)</h2>
<ul>
<li>Enforce DNS-length cap on individual labels early in
<code>check_label</code>,
short-circuiting contextual-rule processing for oversized input
while staying compatible with UTS 46 usage.</li>
<li>Tidy core helpers: hoist bidi category sets to module-level
frozensets (avoiding per-codepoint list construction), simplify
length checks, and reuse the shared <code>_unicode_dots_re</code> from
<code>idna.core</code> in the codec module.</li>
<li>Use <code>raise ... from err</code> for proper exception chaining
and
switch internal string formatting to f-strings.</li>
<li>Allow <code>flit_core</code> 4.x in the build backend.</li>
<li>Expand the ruff lint set (flake8-bugbear, flake8-simplify,
pyupgrade, perflint) and apply the surfaced fixes; pin lint CI
to Python 3.14.</li>
<li>Add Dependabot configuration for GitHub Actions.</li>
<li>Convert README and HISTORY from reStructuredText to Markdown.</li>
<li>Reference CVE-2026-45409 for the 3.14 advisory in place of the
initial GHSA identifier.</li>
</ul>
<p>Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for
contributions to this release.</p>
<h2>3.14 (2026-05-10)</h2>
<ul>
<li>Removed opportunity to process long inputs into quadratic
time by rejecting oversize inputs up-front. Closes a bypass
of the CVE-2024-3651 mitigation. [CVE-2026-45409]</li>
</ul>
<p>Thanks to Stan Ulbrych for reporting the issue.</p>
<h2>3.13 (2026-04-22)</h2>
<ul>
<li>Correct classification error for codepoint U+A7F1</li>
</ul>
<h2>3.12 (2026-04-21)</h2>
<ul>
<li>Update to Unicode 17.0.0.</li>
<li>Issue a deprecation warning for the transitional argument.</li>
<li>Added lazy-loading to provide some performance improvements.</li>
<li>Removed vestiges of code related to Python 2 support, including
segmentation of data structures specific to Jython.</li>
</ul>
<p>Thanks to Rodrigo Nogueira for contributions to this release.</p>
<h2>3.11 (2025-10-12)</h2>
<ul>
<li>Update to Unicode 16.0.0, including significant changes to UTS46
processing. As a result of Unicode ending support for it, transitional
processing no longer has an effect and returns the same result.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="af30a092e1"><code>af30a09</code></a>
Release 3.15</li>
<li><a
href="30314d4628"><code>30314d4</code></a>
Pre-release 3.15rc0</li>
<li><a
href="05d4b219aa"><code>05d4b21</code></a>
Merge pull request <a
href="https://redirect.github.com/kjd/idna/issues/237">#237</a> from
kjd/convert-docs-to-markdown</li>
<li><a
href="2987fdba19"><code>2987fdb</code></a>
Convert README and HISTORY from reStructuredText to Markdown</li>
<li><a
href="59fa8002d5"><code>59fa800</code></a>
Merge pull request <a
href="https://redirect.github.com/kjd/idna/issues/236">#236</a> from
kjd/dependabot/github_actions/actions-f3e34333ea</li>
<li><a
href="def69834ce"><code>def6983</code></a>
Merge branch 'master' into
dependabot/github_actions/actions-f3e34333ea</li>
<li><a
href="bbd8004a79"><code>bbd8004</code></a>
Merge pull request <a
href="https://redirect.github.com/kjd/idna/issues/234">#234</a> from
StanFromIreland/patch-1</li>
<li><a
href="edd07c0502"><code>edd07c0</code></a>
Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions
group</li>
<li><a
href="5557db030c"><code>5557db0</code></a>
Merge branch 'master' into patch-1</li>
<li><a
href="f11746cf49"><code>f11746c</code></a>
Merge pull request <a
href="https://redirect.github.com/kjd/idna/issues/235">#235</a> from
StanFromIreland/patch-2</li>
<li>Additional commits viewable in <a
href="https://github.com/kjd/idna/compare/v3.10...v3.15">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-19 17:58:17 +00:00
dependabot[bot]
ac47d547af chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/chroma (#37333) 
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.6.3 to 2.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/releases">urllib3's
releases</a>.</em></p>
<blockquote>
<h2>2.7.0</h2>
<h2>🚀 urllib3 is fundraising for HTTP/2 support</h2>
<p><a
href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3
is raising ~$40,000 USD</a> to release HTTP/2 support and ensure
long-term sustainable maintenance of the project after a sharp decline
in financial support. If your company or organization uses Python and
would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and
thousands of other projects <a
href="https://opencollective.com/urllib3">please consider contributing
financially</a> to ensure HTTP/2 support is developed sustainably and
maintained for the long-haul.</p>
<p>Thank you for your support.</p>
<h2>Security</h2>
<p>Addressed high-severity security issues. Impact was limited to
specific use cases detailed in the accompanying advisories; overall user
exposure was estimated to be marginal.</p>
<ul>
<li>
<p>Decompression-bomb safeguards of the streaming API were bypassed:</p>
<ol>
<li>When <code>HTTPResponse.drain_conn()</code> was called after the
response had been read and decompressed partially. (Reported by <a
href="https://github.com/Cycloctane"><code>@​Cycloctane</code></a>)</li>
<li>During the second <code>HTTPResponse.read(amt=N)</code> or
<code>HTTPResponse.stream(amt=N)</code> call when the response was
decompressed using the official <a
href="https://pypi.org/project/brotli/">Brotli</a> library. (Reported by
<a
href="https://github.com/kimkou2024"><code>@​kimkou2024</code></a>)</li>
</ol>
<p>See GHSA-mf9v-mfxr-j63j for details.</p>
</li>
<li>
<p>HTTP pools created using
<code>ProxyManager.connection_from_url</code> did not strip sensitive
headers specified in <code>Retry.remove_headers_on_redirect</code> when
redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by <a
href="https://github.com/christos-spearbit"><code>@​christos-spearbit</code></a>)</p>
</li>
</ul>
<h2>Deprecations and Removals</h2>
<ul>
<li>Used <code>FutureWarning</code> instead of
<code>DeprecationWarning</code> for better visibility of existing
deprecation notices. Rescheduled the removal of deprecated features to
version 3.0. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3763">urllib3/urllib3#3763</a>)</li>
<li>Removed support for end-of-life Python 3.9. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3720">urllib3/urllib3#3720</a>)</li>
<li>Removed support for end-of-life PyPy3.10. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4979">urllib3/urllib3#4979</a>)</li>
<li>Bumped the minimum supported pyOpenSSL version to 19.0.0. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3777">urllib3/urllib3#3777</a>)</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>Fixed a bug where <code>HTTPResponse.read(amt=None)</code> was
ignoring decompressed data buffered from previous partial reads. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3636">urllib3/urllib3#3636</a>)</li>
<li>Fixed a bug where <code>HTTPResponse.read()</code> could cache only
part of the response after a partial read when
<code>cache_content=True</code>. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4967">urllib3/urllib3#4967</a>)</li>
<li>Fixed <code>HTTPResponse.stream()</code> and
<code>HTTPResponse.read_chunked()</code> to handle <code>amt=0</code>.
(<a
href="https://redirect.github.com/urllib3/urllib3/issues/3793">urllib3/urllib3#3793</a>)</li>
<li>Updated <code>_TYPE_BODY</code> type alias to include missing
<code>Iterable[str]</code>, matching the documented and runtime behavior
of chunked request bodies. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3798">urllib3/urllib3#3798</a>)</li>
<li>Fixed <code>LocationParseError</code> when paths resembling
schemeless URIs were passed to
<code>HTTPConnectionPool.urlopen()</code>. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3352">urllib3/urllib3#3352</a>)</li>
<li>Fixed <code>BaseHTTPResponse.readinto()</code> type annotation to
accept <code>memoryview</code> in addition to <code>bytearray</code>,
matching the <code>io.RawIOBase.readinto</code> contract and enabling
use with <code>io.BufferedReader</code> without type errors. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3764">urllib3/urllib3#3764</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's
changelog</a>.</em></p>
<blockquote>
<h1>2.7.0 (2026-05-07)</h1>
<h2>Security</h2>
<p>Addressed high-severity security issues.
Impact was limited to specific use cases detailed in the accompanying
advisories; overall user exposure was estimated to be marginal.</p>
<ul>
<li>
<p>Decompression-bomb safeguards of the streaming API were bypassed:</p>
<ol>
<li>When <code>HTTPResponse.drain_conn()</code> was called after the
response had been
read and decompressed partially.</li>
<li>During the second <code>HTTPResponse.read(amt=N)</code> or
<code>HTTPResponse.stream(amt=N)</code> call when the response was
decompressed
using the official <code>Brotli
&lt;https://pypi.org/project/brotli/&gt;</code>__ library.</li>
</ol>
<p>See <code>GHSA-mf9v-mfxr-j63j
&lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j&gt;</code>__
for details.</p>
</li>
<li>
<p>HTTP pools created using
<code>ProxyManager.connection_from_url</code> did not strip
sensitive headers specified in
<code>Retry.remove_headers_on_redirect</code> when
redirecting to a different host.
(<code>GHSA-qccp-gfcp-xxvc
&lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc&gt;</code>__)</p>
</li>
</ul>
<h2>Deprecations and Removals</h2>
<ul>
<li>Used <code>FutureWarning</code> instead of
<code>DeprecationWarning</code> for better
visibility of existing deprecation notices. Rescheduled the removal of
deprecated features to version 3.0.
(<code>[#3763](https://github.com/urllib3/urllib3/issues/3763)
&lt;https://github.com/urllib3/urllib3/issues/3763&gt;</code>__)</li>
<li>Removed support for end-of-life Python 3.9.
(<code>[#3720](https://github.com/urllib3/urllib3/issues/3720)
&lt;https://github.com/urllib3/urllib3/issues/3720&gt;</code>__)</li>
<li>Removed support for end-of-life PyPy3.10.
(<code>[#4979](https://github.com/urllib3/urllib3/issues/4979)
&lt;https://github.com/urllib3/urllib3/issues/4979&gt;</code>__)</li>
<li>Bumped the minimum supported pyOpenSSL version to 19.0.0.
(<code>[#3777](https://github.com/urllib3/urllib3/issues/3777)
&lt;https://github.com/urllib3/urllib3/issues/3777&gt;</code>__)</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>Fixed a bug where <code>HTTPResponse.read(amt=None)</code> was
ignoring decompressed
data buffered from previous partial reads.
(<code>[#3636](https://github.com/urllib3/urllib3/issues/3636)
&lt;https://github.com/urllib3/urllib3/issues/3636&gt;</code>__)</li>
<li>Fixed a bug where <code>HTTPResponse.read()</code> could cache only
part of the
response after a partial read when <code>cache_content=True</code>.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9a950b92d9"><code>9a950b9</code></a>
Release 2.7.0</li>
<li><a
href="5ec0de499b"><code>5ec0de4</code></a>
Merge commit from fork</li>
<li><a
href="2bdcc44d1e"><code>2bdcc44</code></a>
Merge commit from fork</li>
<li><a
href="f45b0df09d"><code>f45b0df</code></a>
Fix a misleading example for <code>ProxyManager</code> (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4970">#4970</a>)</li>
<li><a
href="577193ca02"><code>577193c</code></a>
Switch to nightly PyPy3.11 in CI for now (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4984">#4984</a>)</li>
<li><a
href="e90af45bb0"><code>e90af45</code></a>
Avoid infinite loop in <code>HTTPResponse.read_chunked</code> when
<code>amt=0</code> (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4974">#4974</a>)</li>
<li><a
href="67ed74fdae"><code>67ed74f</code></a>
Bump dev dependencies (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4972">#4972</a>)</li>
<li><a
href="3abd481097"><code>3abd481</code></a>
Upgrade mypy to version 1.20.2 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4978">#4978</a>)</li>
<li><a
href="2b8725dfca"><code>2b8725d</code></a>
Drop support for EOL PyPy3.10 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4979">#4979</a>)</li>
<li><a
href="2944b2a0a6"><code>2944b2a</code></a>
Upgrade <code>setup-chrome</code> and <code>setup-firefox</code> to fix
warnings (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4973">#4973</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=uv&previous-version=2.6.3&new-version=2.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-11 11:19:54 -07:00
dependabot[bot]
d29a1804f5 chore: bump langsmith from 0.7.31 to 0.8.3 in /libs/partners/chroma (#37285) 
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from
0.7.31 to 0.8.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.8.3</h2>
<h2>What's Changed</h2>
<ul>
<li>fix(js): prevent sending [object Object] as span attribute when
dealing with nested objects, send full langsmith.usage_metadata if
present by <a href="https://github.com/dqbd"><code>@​dqbd</code></a> in
<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2845">langchain-ai/langsmith-sdk#2845</a></li>
<li>release(js): bump to 0.6.2 by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2856">langchain-ai/langsmith-sdk#2856</a></li>
<li>sdk(py): replace ttl_seconds with idle_ttl_seconds +
delete_after_stop_seconds by <a
href="https://github.com/DanielKneipp"><code>@​DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2853">langchain-ai/langsmith-sdk#2853</a></li>
<li>sdk(js): replace ttlSeconds with idleTtlSeconds +
deleteAfterStopSeconds by <a
href="https://github.com/DanielKneipp"><code>@​DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2854">langchain-ai/langsmith-sdk#2854</a></li>
<li>Fix push_agent URL owner for name-only identifiers by <a
href="https://github.com/vishnu-ssuresh"><code>@​vishnu-ssuresh</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2862">langchain-ai/langsmith-sdk#2862</a></li>
<li>docs(langsmith): clarify trust boundaries when working with hub by
<a href="https://github.com/eyurtsev"><code>@​eyurtsev</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2861">langchain-ai/langsmith-sdk#2861</a></li>
<li>release(py): 0.8.3 by <a
href="https://github.com/vishnu-ssuresh"><code>@​vishnu-ssuresh</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2863">langchain-ai/langsmith-sdk#2863</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.2...v0.8.3">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.2...v0.8.3</a></p>
<h2>v0.8.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump JS SDK version to 0.6.1 by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2847">langchain-ai/langsmith-sdk#2847</a></li>
<li>fix: parse urllib3 version with packaging.Version by <a
href="https://github.com/justinwolfington"><code>@​justinwolfington</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2851">langchain-ai/langsmith-sdk#2851</a></li>
<li>Bump Python SDK version to 0.8.2 by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2855">langchain-ai/langsmith-sdk#2855</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/justinwolfington"><code>@​justinwolfington</code></a>
made their first contribution in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2851">langchain-ai/langsmith-sdk#2851</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.1...v0.8.2">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.1...v0.8.2</a></p>
<h2>v0.8.1</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(js): remove experimental opencode integration by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2836">langchain-ai/langsmith-sdk#2836</a></li>
<li>chore(deps-dev): bump google-adk from 1.10.0 to 1.28.1 in /python by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2823">langchain-ai/langsmith-sdk#2823</a></li>
<li>chore(deps): bump postcss from 8.5.8 to 8.5.12 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2827">langchain-ai/langsmith-sdk#2827</a></li>
<li>Add JS profile loading by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2834">langchain-ai/langsmith-sdk#2834</a></li>
<li>Add Python profile loading by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2835">langchain-ai/langsmith-sdk#2835</a></li>
<li>Extract JS profile auth service by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2846">langchain-ai/langsmith-sdk#2846</a></li>
<li>Bump Python SDK version to 0.8.1 by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2848">langchain-ai/langsmith-sdk#2848</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.0...v0.8.1">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.0...v0.8.1</a></p>
<h2>v0.8.0</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(js,py): JS 0.6.0, Py 0.8.0 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2831">langchain-ai/langsmith-sdk#2831</a></li>
<li>release(js): 0.6.0 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2832">langchain-ai/langsmith-sdk#2832</a></li>
<li>release(py): 0.8.0 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2833">langchain-ai/langsmith-sdk#2833</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.38...v0.8.0">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.38...v0.8.0</a></p>
<h2>v0.7.38</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(js): add tracing of opencode by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2776">langchain-ai/langsmith-sdk#2776</a></li>
<li>chore(js): Remove types/uuid by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2814">langchain-ai/langsmith-sdk#2814</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e2386ad8aa"><code>e2386ad</code></a>
release(py): 0.8.3 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2863">#2863</a>)</li>
<li><a
href="11d51a370f"><code>11d51a3</code></a>
docs(langsmith): clarify trust boundaries when working with hub (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2861">#2861</a>)</li>
<li><a
href="d98c3ed8a9"><code>d98c3ed</code></a>
Fix push_agent URL owner for name-only identifiers (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2862">#2862</a>)</li>
<li><a
href="418fd415fc"><code>418fd41</code></a>
sdk(js): replace ttlSeconds with idleTtlSeconds + deleteAfterStopSeconds
(<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2854">#2854</a>)</li>
<li><a
href="1baa2c197d"><code>1baa2c1</code></a>
sdk(py): replace ttl_seconds with idle_ttl_seconds +
delete_after_stop_second...</li>
<li><a
href="361c8dd869"><code>361c8dd</code></a>
release(js): bump to 0.6.2 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2856">#2856</a>)</li>
<li><a
href="0d42882f2d"><code>0d42882</code></a>
fix(js): prevent sending [object Object] as span attribute when dealing
with ...</li>
<li><a
href="619818ba8d"><code>619818b</code></a>
Bump Python SDK version to 0.8.2 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2855">#2855</a>)</li>
<li><a
href="8a7d3c1356"><code>8a7d3c1</code></a>
fix: parse urllib3 version with packaging.Version (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2851">#2851</a>)</li>
<li><a
href="54f887704f"><code>54f8877</code></a>
Bump JS SDK version to 0.6.1 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2847">#2847</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.31...v0.8.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=langsmith&package-manager=uv&previous-version=0.7.31&new-version=0.8.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-09 12:20:30 -04:00
Mason Daugherty
56d6e89be0 hotfix: bump min core versions (#36996) 2026-04-24 15:23:28 -04:00
Nick Hollon
9ce72eba9f feat(core): add content-block-centric streaming (v2) (#36834) 2026-04-24 11:36:17 -04:00
Nick Hollon
ffaac42bf9 ci(infra): add pytest-xdist to partner test groups (#36988) 2026-04-24 13:23:03 +00:00
dependabot[bot]
e3a781cc26 chore: bump python-dotenv from 1.1.1 to 1.2.2 in /libs/partners/chroma (#36926) 
Bumps [python-dotenv](https://github.com/theskumar/python-dotenv) from
1.1.1 to 1.2.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/theskumar/python-dotenv/releases">python-dotenv's
releases</a>.</em></p>
<blockquote>
<h2>v1.2.2</h2>
<h3>Added</h3>
<ul>
<li>Support for Python 3.14, including the free-threaded (3.14t) build.
(#)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>The <code>dotenv run</code> command now forwards flags directly to
the specified command by <a
href="https://github.com/bbc2"><code>@​bbc2</code></a> in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/607">theskumar/python-dotenv#607</a></li>
<li>Improved documentation clarity regarding override behavior and the
reference page.</li>
<li>Updated PyPy support to version 3.11.</li>
<li>Documentation for FIFO file support.</li>
<li>Support for Python 3.9.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Improved <code>set_key</code> and <code>unset_key</code> behavior
when interacting with symlinks by <a
href="https://github.com/bbc2"><code>@​bbc2</code></a> in <a
href="790c5c0299">#790c5</a></li>
<li>Corrected the license specifier and added missing Python 3.14
classifiers in package metadata by <a
href="https://github.com/JYOuyang"><code>@​JYOuyang</code></a> in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/590">theskumar/python-dotenv#590</a></li>
</ul>
<h3>Breaking Changes</h3>
<ul>
<li>
<p><code>dotenv.set_key</code> and <code>dotenv.unset_key</code> used to
follow symlinks in some
situations. This is no longer the case. For that behavior to be restored
in
all cases, <code>follow_symlinks=True</code> should be used.</p>
</li>
<li>
<p>In the CLI, <code>set</code> and <code>unset</code> used to follow
symlinks in some situations. This
is no longer the case.</p>
</li>
<li>
<p><code>dotenv.set_key</code>, <code>dotenv.unset_key</code> and the
CLI commands <code>set</code> and <code>unset</code>
used to reset the file mode of the modified .env file to
<code>0o600</code> in some
situations. This is no longer the case: The original mode of the file is
now
preserved. Is the file needed to be created or wasn't a regular file,
mode
<code>0o600</code> is used.</p>
</li>
</ul>
<h3>Misc</h3>
<ul>
<li>skip 000 permission tests for root user by <a
href="https://github.com/burnout-projects"><code>@​burnout-projects</code></a>
in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/561">theskumar/python-dotenv#561</a></li>
<li>Bump actions/checkout from 5 to 6 in the github-actions group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/593">theskumar/python-dotenv#593</a></li>
<li>Add Windows testing to CI by <a
href="https://github.com/bbc2"><code>@​bbc2</code></a> in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/604">theskumar/python-dotenv#604</a></li>
<li>Improve workflow efficiency with best practices by <a
href="https://github.com/theskumar"><code>@​theskumar</code></a> in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/609">theskumar/python-dotenv#609</a></li>
<li>Remove the use of <code>sh</code> in tests by <a
href="https://github.com/bbc2"><code>@​bbc2</code></a> in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/612">theskumar/python-dotenv#612</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/JYOuyang"><code>@​JYOuyang</code></a>
made their first contribution in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/590">theskumar/python-dotenv#590</a></li>
<li><a
href="https://github.com/burnout-projects"><code>@​burnout-projects</code></a>
made their first contribution in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/561">theskumar/python-dotenv#561</a></li>
<li><a
href="https://github.com/cpackham-atlnz"><code>@​cpackham-atlnz</code></a>
made their first contribution in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/597">theskumar/python-dotenv#597</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2">https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2</a></p>
<h2>v1.2.1</h2>
<h2>What's Changed</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md">python-dotenv's
changelog</a>.</em></p>
<blockquote>
<h2>[1.2.2] - 2026-03-01</h2>
<h3>Added</h3>
<ul>
<li>Support for Python 3.14, including the free-threaded (3.14t) build.
(<a
href="https://redirect.github.com/theskumar/python-dotenv/issues/588">#588</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>The <code>dotenv run</code> command now forwards flags directly to
the specified command by [<a
href="https://github.com/bbc2"><code>@​bbc2</code></a>] in <a
href="https://redirect.github.com/theskumar/python-dotenv/issues/607">#607</a></li>
<li>Improved documentation clarity regarding override behavior and the
reference page.</li>
<li>Updated PyPy support to version 3.11.</li>
<li>Documentation for FIFO file support.</li>
<li>Dropped Support for Python 3.9.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Improved <code>set_key</code> and <code>unset_key</code> behavior
when interacting with symlinks by [<a
href="https://github.com/bbc2"><code>@​bbc2</code></a>] in
[790c5c0]</li>
<li>Corrected the license specifier and added missing Python 3.14
classifiers in package metadata by [<a
href="https://github.com/JYOuyang"><code>@​JYOuyang</code></a>] in <a
href="https://redirect.github.com/theskumar/python-dotenv/issues/590">#590</a></li>
</ul>
<h3>Breaking Changes</h3>
<ul>
<li>
<p><code>dotenv.set_key</code> and <code>dotenv.unset_key</code> used to
follow symlinks in some
situations. This is no longer the case. For that behavior to be restored
in
all cases, <code>follow_symlinks=True</code> should be used.</p>
</li>
<li>
<p>In the CLI, <code>set</code> and <code>unset</code> used to follow
symlinks in some situations. This
is no longer the case.</p>
</li>
<li>
<p><code>dotenv.set_key</code>, <code>dotenv.unset_key</code> and the
CLI commands <code>set</code> and <code>unset</code>
used to reset the file mode of the modified .env file to
<code>0o600</code> in some
situations. This is no longer the case: The original mode of the file is
now
preserved. Is the file needed to be created or wasn't a regular file,
mode
<code>0o600</code> is used.</p>
</li>
</ul>
<h2>[1.2.1] - 2025-10-26</h2>
<ul>
<li>Move more config to <code>pyproject.toml</code>, removed
<code>setup.cfg</code></li>
<li>Add support for reading <code>.env</code> from FIFOs (Unix) by [<a
href="https://github.com/sidharth-sudhir"><code>@​sidharth-sudhir</code></a>]
in <a
href="https://redirect.github.com/theskumar/python-dotenv/issues/586">#586</a></li>
</ul>
<h2>[1.2.0] - 2025-10-26</h2>
<ul>
<li>Upgrade build system to use PEP 517 &amp; PEP 518 to use
<code>build</code> and <code>pyproject.toml</code> by [<a
href="https://github.com/EpicWink"><code>@​EpicWink</code></a>] in <a
href="https://redirect.github.com/theskumar/python-dotenv/issues/583">#583</a></li>
<li>Add support for Python 3.14 by [<a
href="https://github.com/23f3001135"><code>@​23f3001135</code></a>] in
<a
href="https://redirect.github.com/theskumar/python-dotenv/issues/579">#579</a></li>
<li>Add support for disabling of <code>load_dotenv()</code> using
<code>PYTHON_DOTENV_DISABLED</code> env var. by [<a
href="https://github.com/matthewfranglen"><code>@​matthewfranglen</code></a>]
in <a
href="https://redirect.github.com/theskumar/python-dotenv/issues/569">#569</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="36004e0e34"><code>36004e0</code></a>
Bump version: 1.2.1 → 1.2.2</li>
<li><a
href="eb202520e5"><code>eb20252</code></a>
docs: update changelog for v1.2.2</li>
<li><a
href="790c5c0299"><code>790c5c0</code></a>
Merge commit from fork</li>
<li><a
href="43340da220"><code>43340da</code></a>
Remove the use of <code>sh</code> in tests (<a
href="https://redirect.github.com/theskumar/python-dotenv/issues/612">#612</a>)</li>
<li><a
href="09d7cee324"><code>09d7cee</code></a>
docs: clarify override behavior and document FIFO support (<a
href="https://redirect.github.com/theskumar/python-dotenv/issues/610">#610</a>)</li>
<li><a
href="c8de2887c0"><code>c8de288</code></a>
ci: improve workflow efficiency with best practices (<a
href="https://redirect.github.com/theskumar/python-dotenv/issues/609">#609</a>)</li>
<li><a
href="7bd9e3dbfe"><code>7bd9e3d</code></a>
Add Windows testing to CI (<a
href="https://redirect.github.com/theskumar/python-dotenv/issues/604">#604</a>)</li>
<li><a
href="1baaf04f33"><code>1baaf04</code></a>
Drop Python 3.9 support and update to PyPy 3.11 (<a
href="https://redirect.github.com/theskumar/python-dotenv/issues/608">#608</a>)</li>
<li><a
href="4a22cf8993"><code>4a22cf8</code></a>
ci: enable testing on Python 3.14t (free-threaded) (<a
href="https://redirect.github.com/theskumar/python-dotenv/issues/588">#588</a>)</li>
<li><a
href="e2e8e776b4"><code>e2e8e77</code></a>
Fix license specifier (<a
href="https://redirect.github.com/theskumar/python-dotenv/issues/597">#597</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/theskumar/python-dotenv/compare/v1.1.1...v1.2.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=python-dotenv&package-manager=uv&previous-version=1.1.1&new-version=1.2.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-21 15:05:43 -04:00
Mason Daugherty
7e81d09f2a chore(deps): bump pytest to 9.0.3 (#36801) 
CVE-2025-71176 (medium severity)

All are dev-only (test dependency group) — no impact on published
packages.

### Why syrupy was also bumped

syrupy 4.x (`<5.0.0`) constrains pytest to `<9.0.0`, blocking the CVE
fix. Widening to `<6.0.0` allows syrupy 5.x which supports pytest 9.x.
 2026-04-15 21:46:40 -06:00
dependabot[bot]
9ab05cb63a chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/partners/chroma (#36781) 
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from
0.6.3 to 0.7.31.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.7.31</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(deps-dev): bump langchain-core from 1.2.23 to 1.2.28 in
/python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2692">langchain-ai/langsmith-sdk#2692</a></li>
<li>chore(deps-dev): bump <code>@​anthropic-ai/sdk</code> from 0.82.0 to
0.84.0 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2684">langchain-ai/langsmith-sdk#2684</a></li>
<li>chore(deps): bump cryptography from 46.0.6 to 46.0.7 in /python by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2693">langchain-ai/langsmith-sdk#2693</a></li>
<li>chore(deps-dev): bump <code>@​anthropic-ai/sdk</code> from 0.84.0 to
0.85.0 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2700">langchain-ai/langsmith-sdk#2700</a></li>
<li>feat(py): Tag OpenAI Agent Python SDK runs with ls_agent_type by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2699">langchain-ai/langsmith-sdk#2699</a></li>
<li>feat(js): Adds ls_agent_type metadata to AI SDK runs by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2701">langchain-ai/langsmith-sdk#2701</a></li>
<li>chore(deps-dev): bump types-tqdm from 4.67.3.20260303 to
4.67.3.20260408 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2710">langchain-ai/langsmith-sdk#2710</a></li>
<li>chore(deps): bump pnpm/action-setup from 5 to 6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2705">langchain-ai/langsmith-sdk#2705</a></li>
<li>chore(deps): bump the py-minor-and-patch group across 1 directory
with 10 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2711">langchain-ai/langsmith-sdk#2711</a></li>
<li>chore(deps-dev): bump <code>@​anthropic-ai/sdk</code> from 0.85.0 to
0.86.0 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2702">langchain-ai/langsmith-sdk#2702</a></li>
<li>chore(deps): bump actions/github-script from 8 to 9 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2706">langchain-ai/langsmith-sdk#2706</a></li>
<li>chore(deps-dev): bump the js-minor-and-patch group across 1
directory with 7 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2712">langchain-ai/langsmith-sdk#2712</a></li>
<li>chore(deps-dev): bump types-psutil from 7.2.2.20260130 to
7.2.2.20260408 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2709">langchain-ai/langsmith-sdk#2709</a></li>
<li>chore(deps-dev): bump rich from 14.3.3 to 15.0.0 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2708">langchain-ai/langsmith-sdk#2708</a></li>
<li>feat: Filter kwargs from new token events by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2714">langchain-ai/langsmith-sdk#2714</a></li>
<li>release(py): 0.7.31 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2716">langchain-ai/langsmith-sdk#2716</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31</a></p>
<h2>v0.7.30</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(python): add service feature to sandbox by <a
href="https://github.com/DanielKneipp"><code>@​DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2665">langchain-ai/langsmith-sdk#2665</a></li>
<li>fix(js): Fix prototype pollution bug in anonymizers by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2690">langchain-ai/langsmith-sdk#2690</a></li>
<li>release(js): 0.5.18 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2691">langchain-ai/langsmith-sdk#2691</a></li>
<li>chore(js/sandbox): suppress warning log by <a
href="https://github.com/hntrl"><code>@​hntrl</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2694">langchain-ai/langsmith-sdk#2694</a></li>
<li>feat(js): Add metadata to Claude Agent SDK JS tracing by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2695">langchain-ai/langsmith-sdk#2695</a></li>
<li>fix(py): Fix run tree memory leak by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2696">langchain-ai/langsmith-sdk#2696</a></li>
<li>release(py): 0.7.30 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2698">langchain-ai/langsmith-sdk#2698</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30</a></p>
<h2>v0.7.29</h2>
<h2>What's Changed</h2>
<ul>
<li>release(js): 0.5.17 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2681">langchain-ai/langsmith-sdk#2681</a></li>
<li>feat(py): Fix race condition around Claude Agent SDK instrumentation
by <a href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2685">langchain-ai/langsmith-sdk#2685</a></li>
<li>release(py): 0.7.29 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2686">langchain-ai/langsmith-sdk#2686</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29</a></p>
<h2>v0.7.28</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(py): Support subagent tracing in Claude Agents SDK, fix usage
and duplicate messages by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2670">langchain-ai/langsmith-sdk#2670</a></li>
<li>chore(deps-dev): bump the py-minor-and-patch group across 1
directory with 11 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2677">langchain-ai/langsmith-sdk#2677</a></li>
<li>chore(deps-dev): bump the js-minor-and-patch group across 1
directory with 8 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2667">langchain-ai/langsmith-sdk#2667</a></li>
<li>chore(deps): bump pnpm/action-setup from 4 to 5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2658">langchain-ai/langsmith-sdk#2658</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/langchain-ai/langsmith-sdk/commits/v0.7.31">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=langsmith&package-manager=uv&previous-version=0.6.3&new-version=0.7.31)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-15 20:09:10 -06:00
John Kennedy
0f4f3f74c8 chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385) 
## Summary

Bumps `pygments` to `>=2.20.0` across all 21 affected packages to
address [CVE-2026-4539](https://github.com/advisories/GHSA-XXXX) — ReDoS
via inefficient GUID regex in Pygments.

- **Severity:** Low
- **Fixed in:** 2.20.0 (was 2.19.2)
- **Change:** Added `pygments>=2.20.0` to `constraint-dependencies` in
`[tool.uv]` for each package, then ran `uv lock --upgrade-package
pygments` to regenerate lock files.

Closes Dependabot alerts #3435–#3455.

## Release Note
Patch deps

### Test Plan
 - [x] CI Green 🙏

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-30 23:26:59 -04:00
Christophe Bornet
494b760028 fix(chroma): fix Python 3.14 support in langchain-chroma (#36199) 
Latest chromadb version supports Python 3.14 and pydantic 3.12.

Co-authored-by: Mason Daugherty <mason@langchain.dev>
 2026-03-27 15:40:42 -04:00
dependabot[bot]
1122a57f14 chore: bump requests from 2.32.5 to 2.33.0 in /libs/partners/chroma (#36257) 
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [requests](https://github.com/psf/requests) from 2.32.5 to 2.33.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/releases">requests's
releases</a>.</em></p>
<blockquote>
<h2>v2.33.0</h2>
<h2>2.33.0 (2026-03-25)</h2>
<p><strong>Announcements</strong></p>
<ul>
<li>📣 Requests is adding inline types. If you have a typed code base
that uses Requests, please take a look at <a
href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>.
Give it a try, and report any gaps or feedback you may have in the
issue. 📣</li>
</ul>
<p><strong>Security</strong></p>
<ul>
<li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now
extracts contents to a non-deterministic location to prevent malicious
file replacement. This does not affect default usage of Requests, only
applications calling the utility function directly.</li>
</ul>
<p><strong>Improvements</strong></p>
<ul>
<li>Migrated to a PEP 517 build system using setuptools. (<a
href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li>
</ul>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Fixed an issue where an empty netrc entry could cause malformed
authentication to be applied to Requests on Python 3.11+. (<a
href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li>
</ul>
<p><strong>Deprecations</strong></p>
<ul>
<li>Dropped support for Python 3.9 following its end of support. (<a
href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li>
</ul>
<p><strong>Documentation</strong></p>
<ul>
<li>Various typo fixes and doc improvements.</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/M0d3v1"><code>@​M0d3v1</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/6865">psf/requests#6865</a></li>
<li><a href="https://github.com/aminvakil"><code>@​aminvakil</code></a>
made their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/7220">psf/requests#7220</a></li>
<li><a href="https://github.com/E8Price"><code>@​E8Price</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/6960">psf/requests#6960</a></li>
<li><a href="https://github.com/mitre88"><code>@​mitre88</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/7244">psf/requests#7244</a></li>
<li><a href="https://github.com/magsen"><code>@​magsen</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/6553">psf/requests#6553</a></li>
<li><a
href="https://github.com/Rohan5commit"><code>@​Rohan5commit</code></a>
made their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/7227">psf/requests#7227</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25">https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's
changelog</a>.</em></p>
<blockquote>
<h2>2.33.0 (2026-03-25)</h2>
<p><strong>Announcements</strong></p>
<ul>
<li>📣 Requests is adding inline types. If you have a typed code base
that
uses Requests, please take a look at <a
href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>.
Give it a try, and report
any gaps or feedback you may have in the issue. 📣</li>
</ul>
<p><strong>Security</strong></p>
<ul>
<li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now
extracts
contents to a non-deterministic location to prevent malicious file
replacement. This does not affect default usage of Requests, only
applications calling the utility function directly.</li>
</ul>
<p><strong>Improvements</strong></p>
<ul>
<li>Migrated to a PEP 517 build system using setuptools. (<a
href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li>
</ul>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Fixed an issue where an empty netrc entry could cause
malformed authentication to be applied to Requests on
Python 3.11+. (<a
href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li>
</ul>
<p><strong>Deprecations</strong></p>
<ul>
<li>Dropped support for Python 3.9 following its end of support. (<a
href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li>
</ul>
<p><strong>Documentation</strong></p>
<ul>
<li>Various typo fixes and doc improvements.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="bc04dfd6da"><code>bc04dfd</code></a>
v2.33.0</li>
<li><a
href="66d21cb07b"><code>66d21cb</code></a>
Merge commit from fork</li>
<li><a
href="8b9bc8fc0f"><code>8b9bc8f</code></a>
Move badges to top of README (<a
href="https://redirect.github.com/psf/requests/issues/7293">#7293</a>)</li>
<li><a
href="e331a288f3"><code>e331a28</code></a>
Remove unused extraction call (<a
href="https://redirect.github.com/psf/requests/issues/7292">#7292</a>)</li>
<li><a
href="753fd08c5e"><code>753fd08</code></a>
docs: fix FAQ grammar in httplib2 example</li>
<li><a
href="774a0b837a"><code>774a0b8</code></a>
docs(socks): same block as other sections</li>
<li><a
href="9c72a41bec"><code>9c72a41</code></a>
Bump github/codeql-action from 4.33.0 to 4.34.1</li>
<li><a
href="ebf7190679"><code>ebf7190</code></a>
Bump github/codeql-action from 4.32.0 to 4.33.0</li>
<li><a
href="0e4ae38f0c"><code>0e4ae38</code></a>
docs: exclude Response.is_permanent_redirect from API docs (<a
href="https://redirect.github.com/psf/requests/issues/7244">#7244</a>)</li>
<li><a
href="d568f47278"><code>d568f47</code></a>
docs: clarify Quickstart POST example (<a
href="https://redirect.github.com/psf/requests/issues/6960">#6960</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/psf/requests/compare/v2.32.5...v2.33.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=requests&package-manager=uv&previous-version=2.32.5&new-version=2.33.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-25 23:05:41 -04:00
dependabot[bot]
313d353646 chore: bump orjson from 3.11.5 to 3.11.6 in /libs/partners/chroma (#35800) 2026-03-13 21:39:44 -04:00
dependabot[bot]
c05a2fb71b chore(deps): bump langsmith from 0.4.31 to 0.6.3 in /libs/partners/chroma (#35165) 
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from
0.4.31 to 0.6.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.6.1</h2>
<h2>What's Changed</h2>
<ul>
<li>ci: test more bundlers by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2263">langchain-ai/langsmith-sdk#2263</a></li>
<li>feat(python sdk): Add support for setting commit tags when pushing a
prompt by <a href="https://github.com/bees"><code>@​bees</code></a> in
<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2265">langchain-ai/langsmith-sdk#2265</a></li>
<li>feat: Pass in Cache, rename by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2264">langchain-ai/langsmith-sdk#2264</a></li>
<li>chore: bump sdk by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2268">langchain-ai/langsmith-sdk#2268</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.6.0...v0.6.1">https://github.com/langchain-ai/langsmith-sdk/compare/v0.6.0...v0.6.1</a></p>
<h2>v0.6.0</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(js): bump JS to 0.4.3 by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2253">langchain-ai/langsmith-sdk#2253</a></li>
<li>Revert &quot;feat: add js prompt caching&quot; by <a
href="https://github.com/angus-langchain"><code>@​angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2258">langchain-ai/langsmith-sdk#2258</a></li>
<li>Revert &quot;feat: Replace UUID5 with deterministic UUID7 for
replicas&quot; by <a
href="https://github.com/angus-langchain"><code>@​angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2257">langchain-ai/langsmith-sdk#2257</a></li>
<li>release(js): bump to 0.4.4 by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2259">langchain-ai/langsmith-sdk#2259</a></li>
<li>feat: add prompt cache back and setup environment tests by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2260">langchain-ai/langsmith-sdk#2260</a></li>
<li>feat(python): Bump pydantic to v2 by <a
href="https://github.com/angus-langchain"><code>@​angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2248">langchain-ai/langsmith-sdk#2248</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.5.2...v0.6.0">https://github.com/langchain-ai/langsmith-sdk/compare/v0.5.2...v0.6.0</a></p>
<h2>v0.6.0rc0</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(js): Add support for tracing AI SDK 6 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2237">langchain-ai/langsmith-sdk#2237</a></li>
<li>fix(js): Remove default Jestlike timeout by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2243">langchain-ai/langsmith-sdk#2243</a></li>
<li>feat(js): Add support for tracing tool loop agent by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2244">langchain-ai/langsmith-sdk#2244</a></li>
<li>feat: Replace UUID5 with deterministic UUID7 for replicas by <a
href="https://github.com/angus-langchain"><code>@​angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2249">langchain-ai/langsmith-sdk#2249</a></li>
<li>feat: add prompt caching to python sdk by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2246">langchain-ai/langsmith-sdk#2246</a></li>
<li>feat: add js prompt caching by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2251">langchain-ai/langsmith-sdk#2251</a></li>
<li>fix(claude): correctly parse llm and tool inputs in claude agent sdk
by <a
href="https://github.com/angus-langchain"><code>@​angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2255">langchain-ai/langsmith-sdk#2255</a></li>
<li>bump(python): 0.5.2 by <a
href="https://github.com/angus-langchain"><code>@​angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2256">langchain-ai/langsmith-sdk#2256</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.5.1...v0.6.0rc0">https://github.com/langchain-ai/langsmith-sdk/compare/v0.5.1...v0.6.0rc0</a></p>
<h2>v0.5.2</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(js): Add support for tracing AI SDK 6 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2237">langchain-ai/langsmith-sdk#2237</a></li>
<li>fix(js): Remove default Jestlike timeout by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2243">langchain-ai/langsmith-sdk#2243</a></li>
<li>feat(js): Add support for tracing tool loop agent by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2244">langchain-ai/langsmith-sdk#2244</a></li>
<li>feat: Replace UUID5 with deterministic UUID7 for replicas by <a
href="https://github.com/angus-langchain"><code>@​angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2249">langchain-ai/langsmith-sdk#2249</a></li>
<li>feat: add prompt caching to python sdk by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2246">langchain-ai/langsmith-sdk#2246</a></li>
<li>feat: add js prompt caching by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2251">langchain-ai/langsmith-sdk#2251</a></li>
<li>fix(claude): correctly parse llm and tool inputs in claude agent sdk
by <a
href="https://github.com/angus-langchain"><code>@​angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2255">langchain-ai/langsmith-sdk#2255</a></li>
<li>bump(python): 0.5.2 by <a
href="https://github.com/angus-langchain"><code>@​angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2256">langchain-ai/langsmith-sdk#2256</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.5.1...v0.5.2">https://github.com/langchain-ai/langsmith-sdk/compare/v0.5.1...v0.5.2</a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/langchain-ai/langsmith-sdk/commits">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=langsmith&package-manager=uv&previous-version=0.4.31&new-version=0.6.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-10 20:32:29 -08:00
dependabot[bot]
328bf24a4c chore(deps): bump the uv group across 20 directories with 3 updates (#34941) 
Bumps the uv group with 1 update in the /libs/core directory:
[nbconvert](https://github.com/jupyter/nbconvert).
Bumps the uv group with 3 updates in the /libs/langchain directory:
[nbconvert](https://github.com/jupyter/nbconvert),
[orjson](https://github.com/ijl/orjson) and
[protobuf](https://github.com/protocolbuffers/protobuf).
Bumps the uv group with 2 updates in the /libs/langchain_v1 directory:
[orjson](https://github.com/ijl/orjson) and
[protobuf](https://github.com/protocolbuffers/protobuf).
Bumps the uv group with 1 update in the /libs/model-profiles directory:
[orjson](https://github.com/ijl/orjson).
Bumps the uv group with 1 update in the /libs/partners/anthropic
directory: [orjson](https://github.com/ijl/orjson).
Bumps the uv group with 2 updates in the /libs/partners/chroma
directory: [orjson](https://github.com/ijl/orjson) and
[protobuf](https://github.com/protocolbuffers/protobuf).
Bumps the uv group with 1 update in the /libs/partners/deepseek
directory: [orjson](https://github.com/ijl/orjson).
Bumps the uv group with 1 update in the /libs/partners/exa directory:
[orjson](https://github.com/ijl/orjson).
Bumps the uv group with 1 update in the /libs/partners/fireworks
directory: [orjson](https://github.com/ijl/orjson).
Bumps the uv group with 1 update in the /libs/partners/groq directory:
[orjson](https://github.com/ijl/orjson).
Bumps the uv group with 1 update in the /libs/partners/huggingface
directory: [orjson](https://github.com/ijl/orjson).
Bumps the uv group with 1 update in the /libs/partners/mistralai
directory: [orjson](https://github.com/ijl/orjson).
Bumps the uv group with 1 update in the /libs/partners/nomic directory:
[orjson](https://github.com/ijl/orjson).
Bumps the uv group with 1 update in the /libs/partners/ollama directory:
[orjson](https://github.com/ijl/orjson).
Bumps the uv group with 1 update in the /libs/partners/openai directory:
[orjson](https://github.com/ijl/orjson).
Bumps the uv group with 1 update in the /libs/partners/perplexity
directory: [orjson](https://github.com/ijl/orjson).
Bumps the uv group with 1 update in the /libs/partners/prompty
directory: [orjson](https://github.com/ijl/orjson).
Bumps the uv group with 2 updates in the /libs/partners/qdrant
directory: [orjson](https://github.com/ijl/orjson) and
[protobuf](https://github.com/protocolbuffers/protobuf).
Bumps the uv group with 1 update in the /libs/partners/xai directory:
[orjson](https://github.com/ijl/orjson).
Bumps the uv group with 2 updates in the /libs/text-splitters directory:
[nbconvert](https://github.com/jupyter/nbconvert) and
[orjson](https://github.com/ijl/orjson).

Updates `nbconvert` from 7.16.6 to 7.17.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/jupyter/nbconvert/releases">nbconvert's
releases</a>.</em></p>
<blockquote>
<h2>v7.17.0</h2>
<h2>7.17.0</h2>
<p>(<a
href="https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71">Full
Changelog</a>)</p>
<h3>Enhancements made</h3>
<ul>
<li>Add support for arbitrary browser arguments <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2227">#2227</a>
(<a href="https://github.com/shreve"><code>@​shreve</code></a>, <a
href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
</ul>
<h3>Bugs fixed</h3>
<ul>
<li>Fix QtPNGExporter returning empty bytes on macOS <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2264">#2264</a>
(<a href="https://github.com/h3pdesign"><code>@​h3pdesign</code></a>, <a
href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/QuLogic"><code>@​QuLogic</code></a>)</li>
<li>Fix CVE-2025-53000: Secure Inkscape Windows path (registry first +
block CWD) <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2261">#2261</a>
(<a href="https://github.com/h3pdesign"><code>@​h3pdesign</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>, <a
href="https://github.com/mberlanda"><code>@​mberlanda</code></a>, <a
href="https://github.com/minrk"><code>@​minrk</code></a>, <a
href="https://github.com/salmankadaya"><code>@​salmankadaya</code></a>,
<a
href="https://github.com/th3gowtham"><code>@​th3gowtham</code></a>)</li>
<li>Fix get_export_names and get_exporter default args <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2228">#2228</a>
(<a href="https://github.com/shreve"><code>@​shreve</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
<li>PyPA-Compliant Summary <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2226">#2226</a>
(<a
href="https://github.com/hackowitz-af"><code>@​hackowitz-af</code></a>,
<a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
</ul>
<h3>Maintenance and upkeep improvements</h3>
<ul>
<li>avoid cov environment on free-threaded Pythons <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2267">#2267</a>
(<a href="https://github.com/minrk"><code>@​minrk</code></a>)</li>
<li>update pre-commit, and fix all issues. <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2238">#2238</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
<li>Drop test on 3.9, test on 3.13, 3.14, 3.14t <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2237">#2237</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
<li>Bump the actions group across 1 directory with 2 updates <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2231">#2231</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
<li>Replace <code>@flaky.flaky</code> decorate with pytest marker <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2229">#2229</a>
(<a href="https://github.com/mgorny"><code>@​mgorny</code></a>, <a
href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
<li>update to mermaid 11.10.0 <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2224">#2224</a>
(<a href="https://github.com/bollwyvl"><code>@​bollwyvl</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
<li>Drop support for Python 3.8, fix the CI tests <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2221">#2221</a>
(<a href="https://github.com/shreve"><code>@​shreve</code></a>, <a
href="https://github.com/minrk"><code>@​minrk</code></a>)</li>
</ul>
<h3>Documentation improvements</h3>
<ul>
<li>Use <code>intersphinx_registry</code> <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2232">#2232</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
</ul>
<h3>Contributors to this release</h3>
<p>The following people contributed discussions, new ideas, code and
documentation contributions, and review.
See <a
href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our
definition of contributors</a>.</p>
<p>(<a
href="https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28&amp;to=2026-01-29&amp;type=c">GitHub
contributors page for this release</a>)</p>
<p><a href="https://github.com/bollwyvl"><code>@​bollwyvl</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/Carreau"><code>@​Carreau</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/h3pdesign"><code>@​h3pdesign</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a
href="https://github.com/hackowitz-af"><code>@​hackowitz-af</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/krassowski"><code>@​krassowski</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/mberlanda"><code>@​mberlanda</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/mgorny"><code>@​mgorny</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/minrk"><code>@​minrk</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/MSeal"><code>@​MSeal</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/QuLogic"><code>@​QuLogic</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a
href="https://github.com/salmankadaya"><code>@​salmankadaya</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/shreve"><code>@​shreve</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/th3gowtham"><code>@​th3gowtham</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/jupyter/nbconvert/blob/main/CHANGELOG.md">nbconvert's
changelog</a>.</em></p>
<blockquote>
<h2>7.17.0</h2>
<p>(<a
href="https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71">Full
Changelog</a>)</p>
<h3>Enhancements made</h3>
<ul>
<li>Add support for arbitrary browser arguments <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2227">#2227</a>
(<a href="https://github.com/shreve"><code>@​shreve</code></a>, <a
href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
</ul>
<h3>Bugs fixed</h3>
<ul>
<li>Fix QtPNGExporter returning empty bytes on macOS <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2264">#2264</a>
(<a href="https://github.com/h3pdesign"><code>@​h3pdesign</code></a>, <a
href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/QuLogic"><code>@​QuLogic</code></a>)</li>
<li>Fix CVE-2025-53000: Secure Inkscape Windows path (registry first +
block CWD) <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2261">#2261</a>
(<a href="https://github.com/h3pdesign"><code>@​h3pdesign</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>, <a
href="https://github.com/mberlanda"><code>@​mberlanda</code></a>, <a
href="https://github.com/minrk"><code>@​minrk</code></a>, <a
href="https://github.com/salmankadaya"><code>@​salmankadaya</code></a>,
<a
href="https://github.com/th3gowtham"><code>@​th3gowtham</code></a>)</li>
<li>Fix get_export_names and get_exporter default args <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2228">#2228</a>
(<a href="https://github.com/shreve"><code>@​shreve</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
<li>PyPA-Compliant Summary <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2226">#2226</a>
(<a
href="https://github.com/hackowitz-af"><code>@​hackowitz-af</code></a>,
<a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
</ul>
<h3>Maintenance and upkeep improvements</h3>
<ul>
<li>avoid cov environment on free-threaded Pythons <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2267">#2267</a>
(<a href="https://github.com/minrk"><code>@​minrk</code></a>)</li>
<li>update pre-commit, and fix all issues. <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2238">#2238</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
<li>Drop test on 3.9, test on 3.13, 3.14, 3.14t <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2237">#2237</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
<li>Bump the actions group across 1 directory with 2 updates <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2231">#2231</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
<li>Replace <code>@flaky.flaky</code> decorate with pytest marker <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2229">#2229</a>
(<a href="https://github.com/mgorny"><code>@​mgorny</code></a>, <a
href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
<li>update to mermaid 11.10.0 <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2224">#2224</a>
(<a href="https://github.com/bollwyvl"><code>@​bollwyvl</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
<li>Drop support for Python 3.8, fix the CI tests <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2221">#2221</a>
(<a href="https://github.com/shreve"><code>@​shreve</code></a>, <a
href="https://github.com/minrk"><code>@​minrk</code></a>)</li>
</ul>
<h3>Documentation improvements</h3>
<ul>
<li>Use <code>intersphinx_registry</code> <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2232">#2232</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
</ul>
<h3>Contributors to this release</h3>
<p>The following people contributed discussions, new ideas, code and
documentation contributions, and review.
See <a
href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our
definition of contributors</a>.</p>
<p>(<a
href="https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28&amp;to=2026-01-29&amp;type=c">GitHub
contributors page for this release</a>)</p>
<p><a href="https://github.com/bollwyvl"><code>@​bollwyvl</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/Carreau"><code>@​Carreau</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/h3pdesign"><code>@​h3pdesign</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a
href="https://github.com/hackowitz-af"><code>@​hackowitz-af</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/krassowski"><code>@​krassowski</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/mberlanda"><code>@​mberlanda</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/mgorny"><code>@​mgorny</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/minrk"><code>@​minrk</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/MSeal"><code>@​MSeal</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/QuLogic"><code>@​QuLogic</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a
href="https://github.com/salmankadaya"><code>@​salmankadaya</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/shreve"><code>@​shreve</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/th3gowtham"><code>@​th3gowtham</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)</p>
<!-- raw HTML omitted -->
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="21b35d85b4"><code>21b35d8</code></a>
Publish 7.17.0</li>
<li><a
href="c9ac1d1040"><code>c9ac1d1</code></a>
Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block
CWD)...</li>
<li><a
href="b13276d80a"><code>b13276d</code></a>
avoid cov environment on free-threaded Pythons (<a
href="https://redirect.github.com/jupyter/nbconvert/issues/2267">#2267</a>)</li>
<li><a
href="7c7055fe83"><code>7c7055f</code></a>
[pre-commit.ci] auto fixes from pre-commit.com hooks</li>
<li><a
href="74f3ddd37e"><code>74f3ddd</code></a>
Fix QtPNGExporter returning empty bytes on macOS</li>
<li><a
href="216550b2aa"><code>216550b</code></a>
fix links</li>
<li><a
href="39777ac571"><code>39777ac</code></a>
try to comment fialing test</li>
<li><a
href="7b591ca526"><code>7b591ca</code></a>
ruff-check</li>
<li><a
href="6ec7638a3d"><code>6ec7638</code></a>
parent</li>
<li><a
href="59414b36f9"><code>59414b3</code></a>
fix mypy</li>
<li>Additional commits viewable in <a
href="https://github.com/jupyter/nbconvert/compare/v7.16.6...v7.17.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `nbconvert` from 7.16.6 to 7.17.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/jupyter/nbconvert/releases">nbconvert's
releases</a>.</em></p>
<blockquote>
<h2>v7.17.0</h2>
<h2>7.17.0</h2>
<p>(<a
href="https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71">Full
Changelog</a>)</p>
<h3>Enhancements made</h3>
<ul>
<li>Add support for arbitrary browser arguments <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2227">#2227</a>
(<a href="https://github.com/shreve"><code>@​shreve</code></a>, <a
href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
</ul>
<h3>Bugs fixed</h3>
<ul>
<li>Fix QtPNGExporter returning empty bytes on macOS <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2264">#2264</a>
(<a href="https://github.com/h3pdesign"><code>@​h3pdesign</code></a>, <a
href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/QuLogic"><code>@​QuLogic</code></a>)</li>
<li>Fix CVE-2025-53000: Secure Inkscape Windows path (registry first +
block CWD) <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2261">#2261</a>
(<a href="https://github.com/h3pdesign"><code>@​h3pdesign</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>, <a
href="https://github.com/mberlanda"><code>@​mberlanda</code></a>, <a
href="https://github.com/minrk"><code>@​minrk</code></a>, <a
href="https://github.com/salmankadaya"><code>@​salmankadaya</code></a>,
<a
href="https://github.com/th3gowtham"><code>@​th3gowtham</code></a>)</li>
<li>Fix get_export_names and get_exporter default args <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2228">#2228</a>
(<a href="https://github.com/shreve"><code>@​shreve</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
<li>PyPA-Compliant Summary <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2226">#2226</a>
(<a
href="https://github.com/hackowitz-af"><code>@​hackowitz-af</code></a>,
<a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
</ul>
<h3>Maintenance and upkeep improvements</h3>
<ul>
<li>avoid cov environment on free-threaded Pythons <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2267">#2267</a>
(<a href="https://github.com/minrk"><code>@​minrk</code></a>)</li>
<li>update pre-commit, and fix all issues. <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2238">#2238</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
<li>Drop test on 3.9, test on 3.13, 3.14, 3.14t <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2237">#2237</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
<li>Bump the actions group across 1 directory with 2 updates <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2231">#2231</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
<li>Replace <code>@flaky.flaky</code> decorate with pytest marker <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2229">#2229</a>
(<a href="https://github.com/mgorny"><code>@​mgorny</code></a>, <a
href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
<li>update to mermaid 11.10.0 <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2224">#2224</a>
(<a href="https://github.com/bollwyvl"><code>@​bollwyvl</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
<li>Drop support for Python 3.8, fix the CI tests <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2221">#2221</a>
(<a href="https://github.com/shreve"><code>@​shreve</code></a>, <a
href="https://github.com/minrk"><code>@​minrk</code></a>)</li>
</ul>
<h3>Documentation improvements</h3>
<ul>
<li>Use <code>intersphinx_registry</code> <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2232">#2232</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
</ul>
<h3>Contributors to this release</h3>
<p>The following people contributed discussions, new ideas, code and
documentation contributions, and review.
See <a
href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our
definition of contributors</a>.</p>
<p>(<a
href="https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28&amp;to=2026-01-29&amp;type=c">GitHub
contributors page for this release</a>)</p>
<p><a href="https://github.com/bollwyvl"><code>@​bollwyvl</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/Carreau"><code>@​Carreau</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/h3pdesign"><code>@​h3pdesign</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a
href="https://github.com/hackowitz-af"><code>@​hackowitz-af</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/krassowski"><code>@​krassowski</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/mberlanda"><code>@​mberlanda</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/mgorny"><code>@​mgorny</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/minrk"><code>@​minrk</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/MSeal"><code>@​MSeal</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/QuLogic"><code>@​QuLogic</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a
href="https://github.com/salmankadaya"><code>@​salmankadaya</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/shreve"><code>@​shreve</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/th3gowtham"><code>@​th3gowtham</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/jupyter/nbconvert/blob/main/CHANGELOG.md">nbconvert's
changelog</a>.</em></p>
<blockquote>
<h2>7.17.0</h2>
<p>(<a
href="https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71">Full
Changelog</a>)</p>
<h3>Enhancements made</h3>
<ul>
<li>Add support for arbitrary browser arguments <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2227">#2227</a>
(<a href="https://github.com/shreve"><code>@​shreve</code></a>, <a
href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
</ul>
<h3>Bugs fixed</h3>
<ul>
<li>Fix QtPNGExporter returning empty bytes on macOS <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2264">#2264</a>
(<a href="https://github.com/h3pdesign"><code>@​h3pdesign</code></a>, <a
href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/QuLogic"><code>@​QuLogic</code></a>)</li>
<li>Fix CVE-2025-53000: Secure Inkscape Windows path (registry first +
block CWD) <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2261">#2261</a>
(<a href="https://github.com/h3pdesign"><code>@​h3pdesign</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>, <a
href="https://github.com/mberlanda"><code>@​mberlanda</code></a>, <a
href="https://github.com/minrk"><code>@​minrk</code></a>, <a
href="https://github.com/salmankadaya"><code>@​salmankadaya</code></a>,
<a
href="https://github.com/th3gowtham"><code>@​th3gowtham</code></a>)</li>
<li>Fix get_export_names and get_exporter default args <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2228">#2228</a>
(<a href="https://github.com/shreve"><code>@​shreve</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
<li>PyPA-Compliant Summary <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2226">#2226</a>
(<a
href="https://github.com/hackowitz-af"><code>@​hackowitz-af</code></a>,
<a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
</ul>
<h3>Maintenance and upkeep improvements</h3>
<ul>
<li>avoid cov environment on free-threaded Pythons <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2267">#2267</a>
(<a href="https://github.com/minrk"><code>@​minrk</code></a>)</li>
<li>update pre-commit, and fix all issues. <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2238">#2238</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
<li>Drop test on 3.9, test on 3.13, 3.14, 3.14t <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2237">#2237</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
<li>Bump the actions group across 1 directory with 2 updates <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2231">#2231</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
<li>Replace <code>@flaky.flaky</code> decorate with pytest marker <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2229">#2229</a>
(<a href="https://github.com/mgorny"><code>@​mgorny</code></a>, <a
href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
<li>update to mermaid 11.10.0 <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2224">#2224</a>
(<a href="https://github.com/bollwyvl"><code>@​bollwyvl</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
<li>Drop support for Python 3.8, fix the CI tests <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2221">#2221</a>
(<a href="https://github.com/shreve"><code>@​shreve</code></a>, <a
href="https://github.com/minrk"><code>@​minrk</code></a>)</li>
</ul>
<h3>Documentation improvements</h3>
<ul>
<li>Use <code>intersphinx_registry</code> <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2232">#2232</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
</ul>
<h3>Contributors to this release</h3>
<p>The following people contributed discussions, new ideas, code and
documentation contributions, and review.
See <a
href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our
definition of contributors</a>.</p>
<p>(<a
href="https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28&amp;to=2026-01-29&amp;type=c">GitHub
contributors page for this release</a>)</p>
<p><a href="https://github.com/bollwyvl"><code>@​bollwyvl</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/Carreau"><code>@​Carreau</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/h3pdesign"><code>@​h3pdesign</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a
href="https://github.com/hackowitz-af"><code>@​hackowitz-af</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/krassowski"><code>@​krassowski</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/mberlanda"><code>@​mberlanda</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/mgorny"><code>@​mgorny</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/minrk"><code>@​minrk</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/MSeal"><code>@​MSeal</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/QuLogic"><code>@​QuLogic</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a
href="https://github.com/salmankadaya"><code>@​salmankadaya</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/shreve"><code>@​shreve</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/th3gowtham"><code>@​th3gowtham</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)</p>
<!-- raw HTML omitted -->
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="21b35d85b4"><code>21b35d8</code></a>
Publish 7.17.0</li>
<li><a
href="c9ac1d1040"><code>c9ac1d1</code></a>
Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block
CWD)...</li>
<li><a
href="b13276d80a"><code>b13276d</code></a>
avoid cov environment on free-threaded Pythons (<a
href="https://redirect.github.com/jupyter/nbconvert/issues/2267">#2267</a>)</li>
<li><a
href="7c7055fe83"><code>7c7055f</code></a>
[pre-commit.ci] auto fixes from pre-commit.com hooks</li>
<li><a
href="74f3ddd37e"><code>74f3ddd</code></a>
Fix QtPNGExporter returning empty bytes on macOS</li>
<li><a
href="216550b2aa"><code>216550b</code></a>
fix links</li>
<li><a
href="39777ac571"><code>39777ac</code></a>
try to comment fialing test</li>
<li><a
href="7b591ca526"><code>7b591ca</code></a>
ruff-check</li>
<li><a
href="6ec7638a3d"><code>6ec7638</code></a>
parent</li>
<li><a
href="59414b36f9"><code>59414b3</code></a>
fix mypy</li>
<li>Additional commits viewable in <a
href="https://github.com/jupyter/nbconvert/compare/v7.16.6...v7.17.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `orjson` from 3.11.3 to 3.11.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ijl/orjson/releases">orjson's
releases</a>.</em></p>
<blockquote>
<h2>3.11.5</h2>
<h3>Changed</h3>
<ul>
<li>Show simple error message instead of traceback when attempting to
build on unsupported Python versions.</li>
</ul>
<h2>3.11.4</h2>
<h3>Changed</h3>
<ul>
<li>ABI compatibility with CPython 3.15 alpha 1.</li>
<li>Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7,
manylinux ppc64le, manylinux s390x.</li>
<li>Build now requires a C compiler.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/ijl/orjson/blob/master/CHANGELOG.md">orjson's
changelog</a>.</em></p>
<blockquote>
<h2>3.11.5 - 2025-12-06</h2>
<h3>Changed</h3>
<ul>
<li>Show simple error message instead of traceback when attempting to
build on unsupported Python versions.</li>
</ul>
<h2>3.11.4 - 2025-10-24</h2>
<h3>Changed</h3>
<ul>
<li>ABI compatibility with CPython 3.15 alpha 1.</li>
<li>Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7,
manylinux ppc64le, manylinux s390x.</li>
<li>Build now requires a C compiler.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fb3eb1f729"><code>fb3eb1f</code></a>
3.11.5</li>
<li><a
href="52688e02c5"><code>52688e0</code></a>
Record contributors in headers</li>
<li><a
href="dc083e87d5"><code>dc083e8</code></a>
Further compatibility and build misc</li>
<li><a
href="18f0186d47"><code>18f0186</code></a>
Compatibility and build misc</li>
<li><a
href="a4fdeb3aff"><code>a4fdeb3</code></a>
3.11.4</li>
<li><a
href="2e80d68afa"><code>2e80d68</code></a>
unlikely to cold_path, remove intrinsics</li>
<li><a
href="27edea92f8"><code>27edea9</code></a>
FFI through crate::ffi, partial non-CPython compatibility</li>
<li><a
href="416a8c9578"><code>416a8c9</code></a>
Unconditionally build yyjson</li>
<li><a
href="c8c1a17dca"><code>c8c1a17</code></a>
edition 2024</li>
<li><a
href="af4179a1fa"><code>af4179a</code></a>
build maintenance, panic_immediate_abort break, test 3.15</li>
<li>See full diff in <a
href="https://github.com/ijl/orjson/compare/3.11.3...3.11.5">compare
view</a></li>
</ul>
</details>
<br />

Updates `protobuf` from 6.32.1 to 6.33.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/protocolbuffers/protobuf/releases">protobuf's
releases</a>.</em></p>
<blockquote>
<h2>Protocol Buffers v34.0-rc1</h2>
<h1>Announcements</h1>
<ul>
<li><strong>This version includes breaking changes to: C++, Objective-C,
PHP, Python.</strong></li>
<li>[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use
equivalent transitive_sources instead (<a
href="0a5c2f6b63</a>)</li>
<li>[C++] Make generator headers private (<a
href="3a2af3510f</a>)</li>
<li>[C++] Add a debug check that the target of CopyFrom is not a
descendant of the source. (<a
href="7a7589823d</a>)</li>
<li>[C++] Add [[nodiscard]] to many APIs. (<a
href="a70115f33f</a>)</li>
<li>[C++] Make the arena-enabled constructors of
<code>RepeatedField</code>, <code>RepeatedPtrField</code>, and
<code>Map</code> private. (<a
href="ef890c3d0c</a>)</li>
<li>[C++] Remove deprecated FieldDescriptor::label() in OSS. Use
is_repeated() or is_required() instead (<a
href="b76faa921f</a>)</li>
<li>[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria
that takes a raw pointer as an argument in favor of the overload that
takes a unique_ptr. Remove macro
PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (<a
href="b115358c64</a>)</li>
<li>[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in
OSS. Use is_repeated() or has_presence() instead (<a
href="68346ec934</a>)</li>
<li>[C++] Remove AddUnusedImportTrackFile() and
ClearUnusedImportTrackFiles(). Remove
PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (<a
href="837a2cd1d6</a>)</li>
<li>[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use
(!is_required() &amp;&amp; !is_repeated()) instead (<a
href="9dbc5d479a</a>)</li>
<li>[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (<a
href="c301c2ca28</a>)</li>
<li>[C++] All entity names have length limit (2afb0dc)</li>
<li>[ObjC] Remove <code>generate_minimal_imports</code> generation
option warning (<a
href="45b1297fda</a>)</li>
<li>[ObjC] Fix nullability annotations on some
<code>GPB*Dictionary</code> types. (<a
href="ea67d6d26a</a>)</li>
<li>[ObjC] Remove <code>-[GPBFieldDescriptor optional]</code> (<a
href="3414dc151e</a>)</li>
<li>[Other] Remove deprecated flag for enabling MSVC support (<a
href="97c979be6e</a>)</li>
<li>[PHP] Remove deprecated PHP APIs (<a
href="9c45014099</a>)</li>
<li>[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use
IsRepeated or isRequired instead. (<a
href="4208121992</a>,
<a
href="cd76e675b1</a>,
<a
href="4208121992</a>)</li>
<li>[PHP] Add PHP typehints for setters and remove redundant GPBUtil
checks (<a
href="https://redirect.github.com/protocolbuffers/protobuf/pull/25296">protocolbuffers/protobuf#25296</a>)
(<a
href="aee03b7892</a>)</li>
<li>[PHP] support default values for editions/proto2 (<a
href="https://redirect.github.com/protocolbuffers/protobuf/pull/25161">protocolbuffers/protobuf#25161</a>)
(<a
href="b01099d563</a>)</li>
<li>[Python] Raise errors in OSS when assign bool to int/enum field in
Python Proto. (<a
href="5b116fe2f1</a>)</li>
<li>[Python] Remove float_format/double_format from python proto
text_format (<a
href="e4854a186e</a>)</li>
<li>[Python] Raise TypeError when convert non-timedelta to Duration, or
convert non-datetime to Timestamp in python proto. (Original code may
raise ArributeError) (<a
href="00aaca1b4d</a>)</li>
<li>[Python] Remove float_precision from python proto json_format (<a
href="f027f1fcd5</a>)</li>
<li>[Python] Remove deprecated FieldDescriptor::label() in OSS. Use
is_repeated() or is_required() instead (<a
href="b76faa921f</a>)</li>
<li>[Python] Remove deprecated FieldDescriptor.label (<a
href="0a8ff55518</a>)</li>
<li>[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts()
(<a
href="c301c2ca28</a>)</li>
<li><a href="https://protobuf.dev/news/">Protobuf News</a> may include
additional announcements or pre-announcements for upcoming changes.</li>
<li><a href="https://protobuf.dev/support/migration/">Migration
Guide</a> may include additional guidance for breaking changes.</li>
</ul>
<h1>Bazel</h1>
<ul>
<li>Fix: cc_toolchain should prefer protoc when prebuilt flag is
flipped. (<a
href="https://redirect.github.com/protocolbuffers/protobuf/issues/25168">#25168</a>)
(<a
href="8c857c3a1c</a>)</li>
<li>Breaking change: Remove deprecated ProtoInfo.transitive_imports. Use
equivalent transitive_sources instead (<a
href="0a5c2f6b63</a>)</li>
<li>Feat(bazel): wire up prebuilt protoc toolchain (<a
href="https://redirect.github.com/protocolbuffers/protobuf/issues/24115">#24115</a>)
(<a
href="cc23698b48</a>)</li>
<li>Migrate <code>proto_descriptor_set</code> (<a
href="https://redirect.github.com/protocolbuffers/protobuf/issues/23369">#23369</a>)
(<a
href="8d4dfdd39a</a>)</li>
</ul>
<h1>Compiler</h1>
<ul>
<li>Ruby codegen: support generation of rbs files (<a
href="https://redirect.github.com/protocolbuffers/protobuf/issues/15633">#15633</a>)
(<a
href="6ebdf851ba</a>)</li>
<li>Avoid collision name problems between a message named
<code>Xyz</code> and a direct sibling enum named <code>XyzView</code>
(<a
href="eba53e8f17</a>)</li>
<li>Generalizing and implementing ValidateFeatureSupport for both
Options and Features during proto parsing (<a
href="ed3c57114d</a>)</li>
<li>Fix a bug with custom features outside of the <code>pb</code>
package. (<a
href="872d3ce7a4</a>)</li>
<li>Fix import option handling when include_imports isn't set. (<a
href="9ef9e80afd</a>)</li>
<li>Fix a bug in STRICT check of namespaced enums to properly check for
'reserved 1 to max' (<a
href="1229d4adba</a>)</li>
<li>Prevent accidental stripping of <code>debug_redact</code> options
via import option. (<a
href="f58b098bff</a>)</li>
</ul>
<h1>C++</h1>
<ul>
<li>Add EnumerateEnumValues function. (<a
href="397d5d99db</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/protocolbuffers/protobuf/commits">compare
view</a></li>
</ul>
</details>
<br />

Updates `orjson` from 3.11.4 to 3.11.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ijl/orjson/releases">orjson's
releases</a>.</em></p>
<blockquote>
<h2>3.11.5</h2>
<h3>Changed</h3>
<ul>
<li>Show simple error message instead of traceback when attempting to
build on unsupported Python versions.</li>
</ul>
<h2>3.11.4</h2>
<h3>Changed</h3>
<ul>
<li>ABI compatibility with CPython 3.15 alpha 1.</li>
<li>Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7,
manylinux ppc64le, manylinux s390x.</li>
<li>Build now requires a C compiler.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/ijl/orjson/blob/master/CHANGELOG.md">orjson's
changelog</a>.</em></p>
<blockquote>
<h2>3.11.5 - 2025-12-06</h2>
<h3>Changed</h3>
<ul>
<li>Show simple error message instead of traceback when attempting to
build on unsupported Python versions.</li>
</ul>
<h2>3.11.4 - 2025-10-24</h2>
<h3>Changed</h3>
<ul>
<li>ABI compatibility with CPython 3.15 alpha 1.</li>
<li>Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7,
manylinux ppc64le, manylinux s390x.</li>
<li>Build now requires a C compiler.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fb3eb1f729"><code>fb3eb1f</code></a>
3.11.5</li>
<li><a
href="52688e02c5"><code>52688e0</code></a>
Record contributors in headers</li>
<li><a
href="dc083e87d5"><code>dc083e8</code></a>
Further compatibility and build misc</li>
<li><a
href="18f0186d47"><code>18f0186</code></a>
Compatibility and build misc</li>
<li><a
href="a4fdeb3aff"><code>a4fdeb3</code></a>
3.11.4</li>
<li><a
href="2e80d68afa"><code>2e80d68</code></a>
unlikely to cold_path, remove intrinsics</li>
<li><a
href="27edea92f8"><code>27edea9</code></a>
FFI through crate::ffi, partial non-CPython compatibility</li>
<li><a
href="416a8c9578"><code>416a8c9</code></a>
Unconditionally build yyjson</li>
<li><a
href="c8c1a17dca"><code>c8c1a17</code></a>
edition 2024</li>
<li><a
href="af4179a1fa"><code>af4179a</code></a>
build maintenance, panic_immediate_abort break, test 3.15</li>
<li>See full diff in <a
href="https://github.com/ijl/orjson/compare/3.11.3...3.11.5">compare
view</a></li>
</ul>
</details>
<br />

Updates `protobuf` from 6.33.1 to 6.33.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/protocolbuffers/protobuf/releases">protobuf's
releases</a>.</em></p>
<blockquote>
<h2>Protocol Buffers v34.0-rc1</h2>
<h1>Announcements</h1>
<ul>
<li><strong>This version includes breaking changes to: C++, Objective-C,
PHP, Python.</strong></li>
<li>[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use
equivalent transitive_sources instead (<a
href="0a5c2f6b63</a>)</li>
<li>[C++] Make generator headers private (<a
href="3a2af3510f</a>)</li>
<li>[C++] Add a debug check that the target of CopyFrom is not a
descendant of the source. (<a
href="7a7589823d</a>)</li>
<li>[C++] Add [[nodiscard]] to many APIs. (<a
href="a70115f33f</a>)</li>
<li>[C++] Make the arena-enabled constructors of
<code>RepeatedField</code>, <code>RepeatedPtrField</code>, and
<code>Map</code> private. (<a
href="ef890c3d0c</a>)</li>
<li>[C++] Remove deprecated FieldDescriptor::label() in OSS. Use
is_repeated() or is_required() instead (<a
href="b76faa921f</a>)</li>
<li>[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria
that takes a raw pointer as an argument in favor of the overload that
takes a unique_ptr. Remove macro
PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (<a
href="b115358c64</a>)</li>
<li>[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in
OSS. Use is_repeated() or has_presence() instead (<a
href="68346ec934</a>)</li>
<li>[C++] Remove AddUnusedImportTrackFile() and
ClearUnusedImportTrackFiles(). Remove
PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (<a
href="837a2cd1d6</a>)</li>
<li>[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use
(!is_required() &amp;&amp; !is_repeated()) instead (<a
href="9dbc5d479a</a>)</li>
<li>[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (<a
href="c301c2ca28</a>)</li>
<li>[C++] All entity names have length limit (2afb0dc)</li>
<li>[ObjC] Remove <code>generate_minimal_imports</code> generation
option warning (<a
href="45b1297fda</a>)</li>
<li>[ObjC] Fix nullability annotations on some
<code>GPB*Dictionary</code> types. (<a
href="ea67d6d26a</a>)</li>
<li>[ObjC] Remove <code>-[GPBFieldDescriptor optional]</code> (<a
href="3414dc151e</a>)</li>
<li>[Other] Remove deprecated flag for enabling MSVC support (<a
href="97c979be6e</a>)</li>
<li>[PHP] Remove deprecated PHP APIs (<a
href="9c45014099</a>)</li>
<li>[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use
IsRepeated or isRequired instead. (<a
href="4208121992</a>,
<a
href="cd76e675b1</a>,
<a
href="4208121992</a>)</li>
<li>[PHP] Add PHP typehints for setters and remove redundant GPBUtil
checks (<a
href="https://redirect.github.com/protocolbuffers/protobuf/pull/25296">protocolbuffers/protobuf#25296</a>)
(<a
href="aee03b7892</a>)</li>
<li>[PHP] support default values for editions/proto2 (<a
href="https://redirect.github.com/protocolbuffers/protobuf/pull/25161">protocolbuffers/protobuf#25161</a>)
(<a
href="b01099d563</a>)</li>
<li>[Python] Raise errors in OSS when assign bool to int/enum field in
Python Proto. (<a
href="5b116fe2f1</a>)</li>
<li>[Python] Remove float_format/double_format from python proto
text_format (<a
href="e4854a186e</a>)</li>
<li>[Python] Raise TypeError when convert non-timedelta to Duration, or
convert non-datetime to Timestamp in python proto. (Original code may
raise ArributeError) (<a
href="00aaca1b4d</a>)</li>
<li>[Python] Remove float_precision from python proto json_format (<a
href="f027f1fcd5</a>)</li>
<li>[Python] Remove deprecated FieldDescriptor::label() in OSS. Use
is_repeated() or is_required() instead (<a
href="b76faa921f</a>)</li>
<li>[Python] Remove deprecated FieldDescriptor.label (<a
href="0a8ff55518</a>)</li>
<li>[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts()
(<a
href="c301c2ca28</a>)</li>
<li><a href="https://protobuf.dev/news/">Protobuf News</a> may include
additional announcements or pre-announcements for upcoming changes.</li>
<li><a href="https://protobuf.dev/support/migration/">Migration
Guide</a> may include additional guidance for breaking changes.</li>
</ul>
<h1>Bazel</h1>
<ul>
<li>Fix: cc_toolchain should prefer protoc when prebuilt flag is
flipped. (<a
href="https://redirect.github.com/protocolbuffers/protobuf/issues/25168">#25168</a>)
(<a
href="8c857c3a1c</a>)</li>
<li>Breaking change: Remove deprecated ProtoInfo.transitive_imports. Use
equivalent transitive_sources instead (<a
href="0a5c2f6b63</a>)</li>
<li>Feat(bazel): wire up prebuilt protoc toolchain (<a
href="https://redirect.github.com/protocolbuffers/protobuf/issues/24115">#24115</a>)
(<a
href="cc23698b48">...

_Description has been truncated_

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: ccurme <chester.curme@gmail.com>
 2026-02-01 11:56:31 -08:00
John Kennedy
c5834cc028 chore: upgrade urllib3 to 2.6.3 (#34940) 2026-01-31 16:30:17 -05:00
dependabot[bot]
89e1594196 chore(deps): bump the uv group across 5 directories with 5 updates (#34785) 
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-16 22:28:13 -05:00
dependabot[bot]
3356d05557 chore(deps): bump the uv group across 3 directories with 1 update (#34741) 
Bumps the uv group with 1 update in the /libs/langchain directory:
[filelock](https://github.com/tox-dev/py-filelock).
Bumps the uv group with 1 update in the /libs/text-splitters directory:
[filelock](https://github.com/tox-dev/py-filelock).
Bumps the uv group with 1 update in the /libs/partners/chroma directory:
[filelock](https://github.com/tox-dev/py-filelock).

Updates `filelock` from 3.19.1 to 3.20.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tox-dev/py-filelock/releases">filelock's
releases</a>.</em></p>
<blockquote>
<h2>3.20.3</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>Fix TOCTOU symlink vulnerability in SoftFileLock by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/465">tox-dev/filelock#465</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3">https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3</a></p>
<h2>3.20.2</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>Support Unix systems without O_NOFOLLOW by <a
href="https://github.com/mwilliamson"><code>@​mwilliamson</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/463">tox-dev/filelock#463</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a
href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a>[bot]
in <a
href="https://redirect.github.com/tox-dev/filelock/pull/464">tox-dev/filelock#464</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/mwilliamson"><code>@​mwilliamson</code></a>
made their first contribution in <a
href="https://redirect.github.com/tox-dev/filelock/pull/463">tox-dev/filelock#463</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2">https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2</a></p>
<h2>3.20.1</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>CVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file
creation by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/461">tox-dev/filelock#461</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1">https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1</a></p>
<h2>3.20.0</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>Add tox.toml to sdist by <a
href="https://github.com/mtelka"><code>@​mtelka</code></a> in <a
href="https://redirect.github.com/tox-dev/filelock/pull/436">tox-dev/filelock#436</a></li>
<li>Update docs with example by <a
href="https://github.com/znichollscr"><code>@​znichollscr</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/438">tox-dev/filelock#438</a></li>
<li>Add 3.14 support and drop 3.9 by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/448">tox-dev/filelock#448</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/mtelka"><code>@​mtelka</code></a> made
their first contribution in <a
href="https://redirect.github.com/tox-dev/filelock/pull/436">tox-dev/filelock#436</a></li>
<li><a
href="https://github.com/znichollscr"><code>@​znichollscr</code></a>
made their first contribution in <a
href="https://redirect.github.com/tox-dev/filelock/pull/438">tox-dev/filelock#438</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.19.1...3.20.0">https://github.com/tox-dev/filelock/compare/3.19.1...3.20.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="41b42dd2c7"><code>41b42dd</code></a>
Fix TOCTOU symlink vulnerability in SoftFileLock (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/465">#465</a>)</li>
<li><a
href="f2e7d4046b"><code>f2e7d40</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/464">#464</a>)</li>
<li><a
href="50888548eb"><code>5088854</code></a>
Support Unix systems without O_NOFOLLOW (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/463">#463</a>)</li>
<li><a
href="377f62251d"><code>377f622</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/460">#460</a>)</li>
<li><a
href="4724d7f8c3"><code>4724d7f</code></a>
Fix TOCTOU symlink vulnerability in lock file creation (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/461">#461</a>)</li>
<li><a
href="cb69414a23"><code>cb69414</code></a>
Bump actions/upload-artifact from 5 to 6 (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/459">#459</a>)</li>
<li><a
href="0769294f14"><code>0769294</code></a>
Bump actions/download-artifact from 6 to 7 (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/458">#458</a>)</li>
<li><a
href="414193a188"><code>414193a</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/457">#457</a>)</li>
<li><a
href="1456797beb"><code>1456797</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/456">#456</a>)</li>
<li><a
href="8d6bf90af3"><code>8d6bf90</code></a>
Bump actions/checkout from 5 to 6 (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/455">#455</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tox-dev/py-filelock/compare/3.19.1...3.20.3">compare
view</a></li>
</ul>
</details>
<br />

Updates `filelock` from 3.19.1 to 3.20.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tox-dev/py-filelock/releases">filelock's
releases</a>.</em></p>
<blockquote>
<h2>3.20.3</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>Fix TOCTOU symlink vulnerability in SoftFileLock by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/465">tox-dev/filelock#465</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3">https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3</a></p>
<h2>3.20.2</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>Support Unix systems without O_NOFOLLOW by <a
href="https://github.com/mwilliamson"><code>@​mwilliamson</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/463">tox-dev/filelock#463</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a
href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a>[bot]
in <a
href="https://redirect.github.com/tox-dev/filelock/pull/464">tox-dev/filelock#464</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/mwilliamson"><code>@​mwilliamson</code></a>
made their first contribution in <a
href="https://redirect.github.com/tox-dev/filelock/pull/463">tox-dev/filelock#463</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2">https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2</a></p>
<h2>3.20.1</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>CVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file
creation by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/461">tox-dev/filelock#461</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1">https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1</a></p>
<h2>3.20.0</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>Add tox.toml to sdist by <a
href="https://github.com/mtelka"><code>@​mtelka</code></a> in <a
href="https://redirect.github.com/tox-dev/filelock/pull/436">tox-dev/filelock#436</a></li>
<li>Update docs with example by <a
href="https://github.com/znichollscr"><code>@​znichollscr</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/438">tox-dev/filelock#438</a></li>
<li>Add 3.14 support and drop 3.9 by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/448">tox-dev/filelock#448</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/mtelka"><code>@​mtelka</code></a> made
their first contribution in <a
href="https://redirect.github.com/tox-dev/filelock/pull/436">tox-dev/filelock#436</a></li>
<li><a
href="https://github.com/znichollscr"><code>@​znichollscr</code></a>
made their first contribution in <a
href="https://redirect.github.com/tox-dev/filelock/pull/438">tox-dev/filelock#438</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.19.1...3.20.0">https://github.com/tox-dev/filelock/compare/3.19.1...3.20.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="41b42dd2c7"><code>41b42dd</code></a>
Fix TOCTOU symlink vulnerability in SoftFileLock (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/465">#465</a>)</li>
<li><a
href="f2e7d4046b"><code>f2e7d40</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/464">#464</a>)</li>
<li><a
href="50888548eb"><code>5088854</code></a>
Support Unix systems without O_NOFOLLOW (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/463">#463</a>)</li>
<li><a
href="377f62251d"><code>377f622</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/460">#460</a>)</li>
<li><a
href="4724d7f8c3"><code>4724d7f</code></a>
Fix TOCTOU symlink vulnerability in lock file creation (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/461">#461</a>)</li>
<li><a
href="cb69414a23"><code>cb69414</code></a>
Bump actions/upload-artifact from 5 to 6 (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/459">#459</a>)</li>
<li><a
href="0769294f14"><code>0769294</code></a>
Bump actions/download-artifact from 6 to 7 (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/458">#458</a>)</li>
<li><a
href="414193a188"><code>414193a</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/457">#457</a>)</li>
<li><a
href="1456797beb"><code>1456797</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/456">#456</a>)</li>
<li><a
href="8d6bf90af3"><code>8d6bf90</code></a>
Bump actions/checkout from 5 to 6 (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/455">#455</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tox-dev/py-filelock/compare/3.19.1...3.20.3">compare
view</a></li>
</ul>
</details>
<br />

Updates `filelock` from 3.19.1 to 3.20.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tox-dev/py-filelock/releases">filelock's
releases</a>.</em></p>
<blockquote>
<h2>3.20.3</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>Fix TOCTOU symlink vulnerability in SoftFileLock by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/465">tox-dev/filelock#465</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3">https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3</a></p>
<h2>3.20.2</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>Support Unix systems without O_NOFOLLOW by <a
href="https://github.com/mwilliamson"><code>@​mwilliamson</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/463">tox-dev/filelock#463</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a
href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a>[bot]
in <a
href="https://redirect.github.com/tox-dev/filelock/pull/464">tox-dev/filelock#464</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/mwilliamson"><code>@​mwilliamson</code></a>
made their first contribution in <a
href="https://redirect.github.com/tox-dev/filelock/pull/463">tox-dev/filelock#463</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2">https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2</a></p>
<h2>3.20.1</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>CVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file
creation by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/461">tox-dev/filelock#461</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1">https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1</a></p>
<h2>3.20.0</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>Add tox.toml to sdist by <a
href="https://github.com/mtelka"><code>@​mtelka</code></a> in <a
href="https://redirect.github.com/tox-dev/filelock/pull/436">tox-dev/filelock#436</a></li>
<li>Update docs with example by <a
href="https://github.com/znichollscr"><code>@​znichollscr</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/438">tox-dev/filelock#438</a></li>
<li>Add 3.14 support and drop 3.9 by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/448">tox-dev/filelock#448</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/mtelka"><code>@​mtelka</code></a> made
their first contribution in <a
href="https://redirect.github.com/tox-dev/filelock/pull/436">tox-dev/filelock#436</a></li>
<li><a
href="https://github.com/znichollscr"><code>@​znichollscr</code></a>
made their first contribution in <a
href="https://redirect.github.com/tox-dev/filelock/pull/438">tox-dev/filelock#438</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.19.1...3.20.0">https://github.com/tox-dev/filelock/compare/3.19.1...3.20.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="41b42dd2c7"><code>41b42dd</code></a>
Fix TOCTOU symlink vulnerability in SoftFileLock (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/465">#465</a>)</li>
<li><a
href="f2e7d4046b"><code>f2e7d40</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/464">#464</a>)</li>
<li><a
href="50888548eb"><code>5088854</code></a>
Support Unix systems without O_NOFOLLOW (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/463">#463</a>)</li>
<li><a
href="377f62251d"><code>377f622</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/460">#460</a>)</li>
<li><a
href="4724d7f8c3"><code>4724d7f</code></a>
Fix TOCTOU symlink vulnerability in lock file creation (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/461">#461</a>)</li>
<li><a
href="cb69414a23"><code>cb69414</code></a>
Bump actions/upload-artifact from 5 to 6 (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/459">#459</a>)</li>
<li><a
href="0769294f14"><code>0769294</code></a>
Bump actions/download-artifact from 6 to 7 (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/458">#458</a>)</li>
<li><a
href="414193a188"><code>414193a</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/457">#457</a>)</li>
<li><a
href="1456797beb"><code>1456797</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/456">#456</a>)</li>
<li><a
href="8d6bf90af3"><code>8d6bf90</code></a>
Bump actions/checkout from 5 to 6 (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/455">#455</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tox-dev/py-filelock/compare/3.19.1...3.20.3">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-13 15:59:08 -05:00
ccurme
bc232e6d03 release(chroma): 1.1 (#34316) 2025-12-12 11:20:47 -05:00
itaismith
be32382d92 feat(chroma): Add Search API (#34273) 2025-12-12 11:14:47 -05:00
Sydney Runkle
78c10f8790 chore: update core dep in lockfiles (#34216) 2025-12-04 15:30:42 -05:00
Mason Daugherty
f1fca4f46f release(chroma): 1.0.0 (#33569) 2025-10-17 11:16:24 -04:00
Mason Daugherty
31eeb50ce0 chore: drop UP045 (#33362) 
Python 3.9 EOL
 2025-10-08 21:17:53 -04:00
Mason Daugherty
86cf3fad4d release(chroma): 1.0.0a1 (#33227) 2025-10-02 19:04:14 -04:00
Christophe Bornet
eaf8dce7c2 chore: bump ruff version to 0.13 (#33043) 
Co-authored-by: Mason Daugherty <mason@langchain.dev>
 2025-09-25 12:27:39 -04:00
Mason Daugherty
781db9d892 chore: update pyproject.toml files, remove codespell (#33028) 
- Removes Codespell from deps, docs, and `Makefile`s
- Python version requirements in all `pyproject.toml` files now use the
`~=` (compatible release) specifier
- All dependency groups and main dependencies now use explicit lower and
upper bounds, reducing potential for breaking changes
 2025-09-20 22:09:33 -04:00
Mason Daugherty
bd765753ca release(chroma): 0.2.6 (#32901) 2025-09-11 15:52:19 -04:00
Mason Daugherty
3d08b6bd11 chore: adress pytest-asyncio deprecation warnings + other nits (#32696) 
amongst some linting imcompatible rules
 2025-08-26 15:51:38 -04:00
ccurme
e41e6ec6aa release(chroma): 0.2.5 (#32183) 2025-07-22 15:24:03 -04:00
Mason Daugherty
4d9eefecab fix: bump lockfiles (#31923) 
* bump lockfiles after upgrading ruff
* resolve resulting linting fixes
 2025-07-08 13:27:55 -04:00
ccurme
14c561e15d infra: relax types-requests version range (#31504) 2025-06-05 18:57:08 +00:00
ccurme
6bbc12b7f7 chroma: release 0.2.4 (#31252) 2025-05-15 15:58:29 -04:00
Jai Radhakrishnan
aa4890c136 partners: update deps for langchain-chroma (#31251) 
Updates dependencies to Chroma to integrate the major release of Chroma
with improved performance, and to fix issues users have been seeing
using the latest chroma docker image with langchain-chroma

https://github.com/langchain-ai/langchain/issues/31047#issuecomment-2850790841
Updates chromadb dependency to >=1.0.9

This also removes the dependency of chroma-hnswlib, meaning it can run
against python 3.13 runners for tests as well.

Tested this by pulling the latest Chroma docker image, running
langchain-chroma using client mode
```
httpClient = chromadb.HttpClient(host="localhost", port=8000)

vector_store = Chroma(
    client=httpClient,
    collection_name="test",
    embedding_function=embeddings,
)
```
 2025-05-15 15:55:15 -04:00
Sydney Runkle
7e926520d5 packaging: remove Python upper bound for langchain and co libs (#31025) 
Follow up to https://github.com/langchain-ai/langsmith-sdk/pull/1696,
I've bumped the `langsmith` version where applicable in `uv.lock`.

Type checking problems here because deps have been updated in
`pyproject.toml` and `uv lock` hasn't been run - we should enforce that
in the future - goes with the other dependabot todos :).
 2025-04-28 14:44:28 -04:00
Sydney Runkle
cf2697ec53 chroma: release 0.2.3 (#30860) 2025-04-15 14:11:23 -04:00
Sydney Runkle
4556b81b1d Clean up numpy dependencies and speed up 3.13 CI with numpy>=2.1.0 (#30714) 
Generally, this PR is CI performance focused + aims to clean up some
dependencies at the same time.

1. Unpins upper bounds for `numpy` in all `pyproject.toml` files where
`numpy` is specified
2. Requires `numpy >= 2.1.0` for Python 3.13 and `numpy > v1.26.0` for
Python 3.12, plus a `numpy` min version bump for `chroma`
3. Speeds up CI by minutes - linting on Python 3.13, installing `numpy <
2.1.0` was taking [~3
minutes](https://github.com/langchain-ai/langchain/actions/runs/14316342925/job/40123305868?pr=30713),
now the entire env setup takes a few seconds
4. Deleted the `numpy` test dependency from partners where that was not
used, specifically `huggingface`, `voyageai`, `xai`, and `nomic`.

It's a bit unfortunate that `langchain-community` depends on `numpy`, we
might want to try to fix that in the future...

Closes https://github.com/langchain-ai/langchain/issues/26026
Fixes https://github.com/langchain-ai/langchain/issues/30555
 2025-04-08 09:45:07 -04:00
Erick Friis
1a225fad03 multiple: fix uv path deps (#29790) 
file:// format wasn't working with updates - it doesn't install as an
editable dep

move to tool.uv.sources with path= instead
 2025-02-13 21:32:34 +00:00
ccurme
16fb1f5371 chroma[patch]: release 0.2.2 (#29769) 
Resolves https://github.com/langchain-ai/langchain/issues/29765
 2025-02-13 02:39:16 +00:00
ccurme
d172984c91 infra: migrate to uv (#29566) 2025-02-06 13:36:26 -05:00