Commit Graph

15718 Commits

Author SHA1 Message Date
Nick Hollon
416d55b3d6 promote projection and stream producer API to public
Renames the stream's and projections' "private" producer-side methods to
public names, since they are the intended call surface for anyone driving
the stream (the pump, langgraph's forthcoming handler, tests). Removes
~36 `noqa: SLF001` suppressions along the way.

On `_ProjectionBase`:
- `_push` -> `push`
- `_finish` -> `complete`
- `_fail` -> `fail`
- adds `done` / `error` read-only properties for sidekicks (iterator)
- `SyncProjection.set_request_more(cb)` replaces direct `_request_more` assignment

On `ChatModelStream`:
- `_bind_pump` -> `bind_pump`
- `_fail` -> `fail`
- adds `output_message` property (non-blocking peek)
- new `dispatch(event)` method replaces the module-level `dispatch_event`
  helper (kept as a thin deprecated wrapper for back-compat)

The genuinely internal helpers (`_record_event`, `_push_*`, `_finish`
on the stream, `_drain`, `_assemble_message`) stay private — they have
one caller each, inside the class.

Remaining SLF001 suppressions in this file are intentional
`_AsyncProjectionIterator` coupling to its projection's `_deltas` and
`_event`; annotated with a comment.
2026-04-16 17:45:15 -04:00
Nick Hollon
204c6af2f1 simplify AsyncProjection with asyncio.Event
Replaces the list-of-futures + `_wake()` pattern with a single
`asyncio.Event` shared by all waiters (the awaitable plus every async
iterator cursor). Each waiter clears the event before awaiting and
re-checks its own condition on wake, so stale notifications don't cause
spin loops.

Single-loop only — if cross-thread wake is ever required, revert to the
list-of-futures pattern with `call_soon_threadsafe`. Noted in the
AsyncProjection docstring.

Net -9 lines; drops `import contextlib` and the per-iteration
`create_future`/`append` boilerplate.
2026-04-16 17:24:14 -04:00
Nick Hollon
6aef1fd4fe format message_to_events per ruff 2026-04-16 17:12:21 -04:00
Nick Hollon
8773cb8c4e add on_stream_event callback for v2 protocol events
Adds a new `on_stream_event` hook on `LLMManagerMixin` / `AsyncCallbackHandler`
that fires once per `MessagesData` event produced by `stream_v2` /
`astream_v2`, with dispatch methods on `CallbackManagerForLLMRun` and
`AsyncCallbackManagerForLLMRun`.

This is v2's observer hook, analogous to `on_llm_new_token` in v1 but at
event granularity rather than chunk. It fires uniformly whether the
provider emits events natively via `_stream_chat_model_events` or goes
through the chunk-to-event compat bridge — observers see the same event
stream regardless of how the underlying model produces output.

Primary consumer: langgraph's forthcoming `StreamProtocolMessagesHandler`,
which can now be a one-line forwarder (lookup namespace metadata by run_id,
push `(ns, "messages", (event, meta))` to the graph's output stream)
instead of re-implementing the chunks-to-events state machine internally.

Does not fire from v1 `stream()` / `astream()`. Purely additive —
`on_chat_model_start`, `on_llm_end`, and `on_llm_error` continue to
bracket a v2 call as they do a v1 call.
2026-04-16 16:53:56 -04:00
Nick Hollon
a1d331e8f0 populate on_llm_end, propagate cancellation, add message_to_events
- `stream_v2` / `astream_v2` now pass the assembled `AIMessage` to
  `on_llm_end` via `LLMResult(generations=[[ChatGeneration(message=...)]])`,
  so LangSmith and other tracers see the final response on v2 calls (was
  previously `generations=[]`).
- `astream_v2`'s producer re-raises `asyncio.CancelledError` ahead of the
  generic handler, so cancellation propagates normally instead of being
  converted into `on_llm_error` + a swallowed exception.
- New `message_to_events` / `amessage_to_events` in `_compat_bridge`
  replay a finalized `AIMessage` as a synthetic content-block lifecycle.
  Intended for the langgraph-side handler that emits protocol events for
  non-streamed node outputs (cache hits, `model.invoke()` inside a node,
  checkpointed state). Turns `_extract_final_blocks` from a dangling
  helper into a real caller.
- Document the optional `_stream_chat_model_events` /
  `_astream_chat_model_events` provider hooks inline at the getattr
  sites so integrators can discover the expected signature.
2026-04-16 16:26:12 -04:00
Nick Hollon
352a725d5c bump langchain-protocol to 0.0.8 from pypi
Drop the local path override in `[tool.uv.sources]` now that 0.0.8 is
published, and raise the lower bound to match the APIs the compat
bridge relies on (notably `MessageFinishData.metadata`).
2026-04-16 16:07:46 -04:00
Nick Hollon
6b203f082d fix(core): forward bound kwargs through RunnableBinding.stream_v2
Add explicit `stream_v2` / `astream_v2` overrides on `RunnableBinding` that
merge `self.kwargs` into the delegated call, mirroring the existing
`stream` / `astream` / `invoke` overrides. Without these, calls that chained
through `bind` or `bind_tools` fell through `__getattr__` (which merges
`self.config` but not `self.kwargs`) and silently dropped bound tools,
stop sequences, and other runtime kwargs.

The returns are typed as `Any` to avoid pulling chat-model types into
`langchain_core.runnables.base`; the method only makes sense when the bound
runnable is a chat model, and `AttributeError` propagates unchanged if it
isn't.

Adds tests covering bound-kwarg forwarding for both sync and async paths
plus the call-time kwarg override semantics.
2026-04-16 15:03:03 -04:00
Nick Hollon
14442f4d10 feat(core): add content-block-centric streaming (v2)
Add `BaseChatModel.stream_v2()` / `astream_v2()` returning a `ChatModelStream`
with typed projections (`.text`, `.reasoning`, `.tool_calls`, `.usage`,
`.output`) plus raw protocol event iteration. Providers that only implement
`_stream()` get a compat bridge that converts `AIMessageChunk`s to the
content-block protocol lifecycle, preserving usage and response metadata for
v1 parity.

- New module `chat_model_stream.py` with `ChatModelStream`, `AsyncChatModelStream`,
  and push/pull projection hierarchy (`SyncProjection`, `SyncTextProjection`,
  `AsyncProjection`).
- New module `_compat_bridge.py` that converts chunk streams to protocol
  events, with `response_metadata` preserved via `MessageStartData.metadata`
  and `MessageFinishData.metadata`.
- `stream_v2` wires `on_chat_model_start` / `on_llm_end` / `on_llm_error`
  callbacks into the pump; `astream_v2` spawns a producer task and awaits it
  alongside the output so `on_llm_end` fires before `await stream` returns.
- tool_use finish-reason inference runs after finalization so malformed
  tool-call JSON (finalized as `invalid_tool_call`) does not flip
  `finish_reason` to `"tool_use"`.
- Add `langchain-protocol>=0.0.6` dependency (local path override retained
  for dev).

Tests cover projection semantics, tool-call streaming (single + parallel +
malformed args), async/sync event replay, callback firing, and v1 parity
(text, tool calls, usage, response metadata, reasoning+text ordering, error
propagation).
2026-04-16 14:41:24 -04:00
ccurme
311675a517 revert: fix(infra): skip serdes tests in min-version release step (#36759) 2026-04-15 09:01:08 -04:00
ccurme
d647311ecf fix(infra): skip serdes tests in min-version release step (#36730) langchain-openai==1.1.13 2026-04-14 18:45:44 -04:00
ccurme
00919ba4bb release(openai): 1.1.13 (#36729) 2026-04-14 16:55:47 -04:00
William FH
885f2c2c2d fix(openai): handle content blocks without type key in responses api conversion (#36725) 2026-04-14 15:13:40 -04:00
langchain-model-profile-bot[bot]
01a324af0e chore(model-profiles): refresh model profile data (#36720)
Automated refresh of model profile data for all in-monorepo partner
integrations via `langchain-profiles refresh`.

🤖 Generated by the `refresh_model_profiles` workflow.

Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>
2026-04-14 10:55:55 -07:00
dependabot[bot]
87ca15da86 chore: bump pytest from 9.0.2 to 9.0.3 in /libs/core (#36719)
Bumps [pytest](https://github.com/pytest-dev/pytest) from 9.0.2 to
9.0.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pytest-dev/pytest/releases">pytest's
releases</a>.</em></p>
<blockquote>
<h2>9.0.3</h2>
<h1>pytest 9.0.3 (2026-04-07)</h1>
<h2>Bug fixes</h2>
<ul>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/12444">#12444</a>:
Fixed <code>pytest.approx</code> which now correctly takes into account
<code>~collections.abc.Mapping</code> keys order to compare them.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13634">#13634</a>:
Blocking a <code>conftest.py</code> file using the <code>-p no:</code>
option is now explicitly disallowed.</p>
<p>Previously this resulted in an internal assertion failure during
plugin loading.</p>
<p>Pytest now raises a clear <code>UsageError</code> explaining that
conftest files are not plugins and cannot be disabled via
<code>-p</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13734">#13734</a>:
Fixed crash when a test raises an exceptiongroup with
<code>__tracebackhide__ = True</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14195">#14195</a>:
Fixed an issue where non-string messages passed to <!-- raw HTML omitted
-->unittest.TestCase.subTest()<!-- raw HTML omitted --> were not
printed.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14343">#14343</a>:
Fixed use of insecure temporary directory (CVE-2025-71176).</p>
</li>
</ul>
<h2>Improved documentation</h2>
<ul>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13388">#13388</a>:
Clarified documentation for <code>-p</code> vs
<code>PYTEST_PLUGINS</code> plugin loading and fixed an incorrect
<code>-p</code> example.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13731">#13731</a>:
Clarified that capture fixtures (e.g. <code>capsys</code> and
<code>capfd</code>) take precedence over the <code>-s</code> /
<code>--capture=no</code> command-line options in <code>Accessing
captured output from a test function
&lt;accessing-captured-output&gt;</code>.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14088">#14088</a>:
Clarified that the default <code>pytest_collection</code> hook sets
<code>session.items</code> before it calls
<code>pytest_collection_finish</code>, not after.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14255">#14255</a>:
TOML integer log levels must be quoted: Updating reference
documentation.</li>
</ul>
<h2>Contributor-facing changes</h2>
<ul>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/12689">#12689</a>:
The test reports are now published to Codecov from GitHub Actions.
The test statistics is visible <a
href="https://app.codecov.io/gh/pytest-dev/pytest/tests">on the web
interface</a>.</p>
<p>-- by <code>aleguy02</code></p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a7d58d7a21"><code>a7d58d7</code></a>
Prepare release version 9.0.3</li>
<li><a
href="089d98199c"><code>089d981</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14366">#14366</a>
from bluetech/revert-14193-backport</li>
<li><a
href="8127eaf4ab"><code>8127eaf</code></a>
Revert &quot;Fix: assertrepr_compare respects dict insertion order (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14050">#14050</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14193">#14193</a>)&quot;</li>
<li><a
href="99a7e6029e"><code>99a7e60</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14363">#14363</a>
from pytest-dev/patchback/backports/9.0.x/95d8423bd...</li>
<li><a
href="ddee02a578"><code>ddee02a</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14343">#14343</a>
from bluetech/cve-2025-71176-simple</li>
<li><a
href="74eac6916f"><code>74eac69</code></a>
doc: Update training info (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14298">#14298</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14301">#14301</a>)</li>
<li><a
href="f92dee777c"><code>f92dee7</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14267">#14267</a>
from pytest-dev/patchback/backports/9.0.x/d6fa26c62...</li>
<li><a
href="7ee58acc87"><code>7ee58ac</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/12378">#12378</a>
from Pierre-Sassoulas/fix-implicit-str-concat-and-d...</li>
<li><a
href="37da870d37"><code>37da870</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14259">#14259</a>
from mitre88/patch-4 (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14268">#14268</a>)</li>
<li><a
href="c34bfa3b7a"><code>c34bfa3</code></a>
Add explanation for string context diffs (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14257">#14257</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14266">#14266</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-14 17:33:13 +00:00
dependabot[bot]
a2076dd197 chore: bump pytest from 9.0.2 to 9.0.3 in /libs/langchain (#36718)
Bumps [pytest](https://github.com/pytest-dev/pytest) from 9.0.2 to
9.0.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pytest-dev/pytest/releases">pytest's
releases</a>.</em></p>
<blockquote>
<h2>9.0.3</h2>
<h1>pytest 9.0.3 (2026-04-07)</h1>
<h2>Bug fixes</h2>
<ul>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/12444">#12444</a>:
Fixed <code>pytest.approx</code> which now correctly takes into account
<code>~collections.abc.Mapping</code> keys order to compare them.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13634">#13634</a>:
Blocking a <code>conftest.py</code> file using the <code>-p no:</code>
option is now explicitly disallowed.</p>
<p>Previously this resulted in an internal assertion failure during
plugin loading.</p>
<p>Pytest now raises a clear <code>UsageError</code> explaining that
conftest files are not plugins and cannot be disabled via
<code>-p</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13734">#13734</a>:
Fixed crash when a test raises an exceptiongroup with
<code>__tracebackhide__ = True</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14195">#14195</a>:
Fixed an issue where non-string messages passed to <!-- raw HTML omitted
-->unittest.TestCase.subTest()<!-- raw HTML omitted --> were not
printed.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14343">#14343</a>:
Fixed use of insecure temporary directory (CVE-2025-71176).</p>
</li>
</ul>
<h2>Improved documentation</h2>
<ul>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13388">#13388</a>:
Clarified documentation for <code>-p</code> vs
<code>PYTEST_PLUGINS</code> plugin loading and fixed an incorrect
<code>-p</code> example.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13731">#13731</a>:
Clarified that capture fixtures (e.g. <code>capsys</code> and
<code>capfd</code>) take precedence over the <code>-s</code> /
<code>--capture=no</code> command-line options in <code>Accessing
captured output from a test function
&lt;accessing-captured-output&gt;</code>.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14088">#14088</a>:
Clarified that the default <code>pytest_collection</code> hook sets
<code>session.items</code> before it calls
<code>pytest_collection_finish</code>, not after.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14255">#14255</a>:
TOML integer log levels must be quoted: Updating reference
documentation.</li>
</ul>
<h2>Contributor-facing changes</h2>
<ul>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/12689">#12689</a>:
The test reports are now published to Codecov from GitHub Actions.
The test statistics is visible <a
href="https://app.codecov.io/gh/pytest-dev/pytest/tests">on the web
interface</a>.</p>
<p>-- by <code>aleguy02</code></p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a7d58d7a21"><code>a7d58d7</code></a>
Prepare release version 9.0.3</li>
<li><a
href="089d98199c"><code>089d981</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14366">#14366</a>
from bluetech/revert-14193-backport</li>
<li><a
href="8127eaf4ab"><code>8127eaf</code></a>
Revert &quot;Fix: assertrepr_compare respects dict insertion order (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14050">#14050</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14193">#14193</a>)&quot;</li>
<li><a
href="99a7e6029e"><code>99a7e60</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14363">#14363</a>
from pytest-dev/patchback/backports/9.0.x/95d8423bd...</li>
<li><a
href="ddee02a578"><code>ddee02a</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14343">#14343</a>
from bluetech/cve-2025-71176-simple</li>
<li><a
href="74eac6916f"><code>74eac69</code></a>
doc: Update training info (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14298">#14298</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14301">#14301</a>)</li>
<li><a
href="f92dee777c"><code>f92dee7</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14267">#14267</a>
from pytest-dev/patchback/backports/9.0.x/d6fa26c62...</li>
<li><a
href="7ee58acc87"><code>7ee58ac</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/12378">#12378</a>
from Pierre-Sassoulas/fix-implicit-str-concat-and-d...</li>
<li><a
href="37da870d37"><code>37da870</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14259">#14259</a>
from mitre88/patch-4 (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14268">#14268</a>)</li>
<li><a
href="c34bfa3b7a"><code>c34bfa3</code></a>
Add explanation for string context diffs (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14257">#14257</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14266">#14266</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-14 10:26:53 -07:00
dependabot[bot]
af681ae90f chore: bump pytest from 9.0.2 to 9.0.3 in /libs/langchain_v1 (#36717)
Bumps [pytest](https://github.com/pytest-dev/pytest) from 9.0.2 to
9.0.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pytest-dev/pytest/releases">pytest's
releases</a>.</em></p>
<blockquote>
<h2>9.0.3</h2>
<h1>pytest 9.0.3 (2026-04-07)</h1>
<h2>Bug fixes</h2>
<ul>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/12444">#12444</a>:
Fixed <code>pytest.approx</code> which now correctly takes into account
<code>~collections.abc.Mapping</code> keys order to compare them.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13634">#13634</a>:
Blocking a <code>conftest.py</code> file using the <code>-p no:</code>
option is now explicitly disallowed.</p>
<p>Previously this resulted in an internal assertion failure during
plugin loading.</p>
<p>Pytest now raises a clear <code>UsageError</code> explaining that
conftest files are not plugins and cannot be disabled via
<code>-p</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13734">#13734</a>:
Fixed crash when a test raises an exceptiongroup with
<code>__tracebackhide__ = True</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14195">#14195</a>:
Fixed an issue where non-string messages passed to <!-- raw HTML omitted
-->unittest.TestCase.subTest()<!-- raw HTML omitted --> were not
printed.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14343">#14343</a>:
Fixed use of insecure temporary directory (CVE-2025-71176).</p>
</li>
</ul>
<h2>Improved documentation</h2>
<ul>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13388">#13388</a>:
Clarified documentation for <code>-p</code> vs
<code>PYTEST_PLUGINS</code> plugin loading and fixed an incorrect
<code>-p</code> example.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13731">#13731</a>:
Clarified that capture fixtures (e.g. <code>capsys</code> and
<code>capfd</code>) take precedence over the <code>-s</code> /
<code>--capture=no</code> command-line options in <code>Accessing
captured output from a test function
&lt;accessing-captured-output&gt;</code>.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14088">#14088</a>:
Clarified that the default <code>pytest_collection</code> hook sets
<code>session.items</code> before it calls
<code>pytest_collection_finish</code>, not after.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14255">#14255</a>:
TOML integer log levels must be quoted: Updating reference
documentation.</li>
</ul>
<h2>Contributor-facing changes</h2>
<ul>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/12689">#12689</a>:
The test reports are now published to Codecov from GitHub Actions.
The test statistics is visible <a
href="https://app.codecov.io/gh/pytest-dev/pytest/tests">on the web
interface</a>.</p>
<p>-- by <code>aleguy02</code></p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a7d58d7a21"><code>a7d58d7</code></a>
Prepare release version 9.0.3</li>
<li><a
href="089d98199c"><code>089d981</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14366">#14366</a>
from bluetech/revert-14193-backport</li>
<li><a
href="8127eaf4ab"><code>8127eaf</code></a>
Revert &quot;Fix: assertrepr_compare respects dict insertion order (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14050">#14050</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14193">#14193</a>)&quot;</li>
<li><a
href="99a7e6029e"><code>99a7e60</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14363">#14363</a>
from pytest-dev/patchback/backports/9.0.x/95d8423bd...</li>
<li><a
href="ddee02a578"><code>ddee02a</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14343">#14343</a>
from bluetech/cve-2025-71176-simple</li>
<li><a
href="74eac6916f"><code>74eac69</code></a>
doc: Update training info (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14298">#14298</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14301">#14301</a>)</li>
<li><a
href="f92dee777c"><code>f92dee7</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14267">#14267</a>
from pytest-dev/patchback/backports/9.0.x/d6fa26c62...</li>
<li><a
href="7ee58acc87"><code>7ee58ac</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/12378">#12378</a>
from Pierre-Sassoulas/fix-implicit-str-concat-and-d...</li>
<li><a
href="37da870d37"><code>37da870</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14259">#14259</a>
from mitre88/patch-4 (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14268">#14268</a>)</li>
<li><a
href="c34bfa3b7a"><code>c34bfa3</code></a>
Add explanation for string context diffs (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14257">#14257</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14266">#14266</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pytest&package-manager=uv&previous-version=9.0.2&new-version=9.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-14 10:20:16 -07:00
dependabot[bot]
db149ff291 chore: bump pytest from 9.0.2 to 9.0.3 in /libs/model-profiles (#36716)
Bumps [pytest](https://github.com/pytest-dev/pytest) from 9.0.2 to
9.0.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pytest-dev/pytest/releases">pytest's
releases</a>.</em></p>
<blockquote>
<h2>9.0.3</h2>
<h1>pytest 9.0.3 (2026-04-07)</h1>
<h2>Bug fixes</h2>
<ul>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/12444">#12444</a>:
Fixed <code>pytest.approx</code> which now correctly takes into account
<code>~collections.abc.Mapping</code> keys order to compare them.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13634">#13634</a>:
Blocking a <code>conftest.py</code> file using the <code>-p no:</code>
option is now explicitly disallowed.</p>
<p>Previously this resulted in an internal assertion failure during
plugin loading.</p>
<p>Pytest now raises a clear <code>UsageError</code> explaining that
conftest files are not plugins and cannot be disabled via
<code>-p</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13734">#13734</a>:
Fixed crash when a test raises an exceptiongroup with
<code>__tracebackhide__ = True</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14195">#14195</a>:
Fixed an issue where non-string messages passed to <!-- raw HTML omitted
-->unittest.TestCase.subTest()<!-- raw HTML omitted --> were not
printed.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14343">#14343</a>:
Fixed use of insecure temporary directory (CVE-2025-71176).</p>
</li>
</ul>
<h2>Improved documentation</h2>
<ul>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13388">#13388</a>:
Clarified documentation for <code>-p</code> vs
<code>PYTEST_PLUGINS</code> plugin loading and fixed an incorrect
<code>-p</code> example.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13731">#13731</a>:
Clarified that capture fixtures (e.g. <code>capsys</code> and
<code>capfd</code>) take precedence over the <code>-s</code> /
<code>--capture=no</code> command-line options in <code>Accessing
captured output from a test function
&lt;accessing-captured-output&gt;</code>.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14088">#14088</a>:
Clarified that the default <code>pytest_collection</code> hook sets
<code>session.items</code> before it calls
<code>pytest_collection_finish</code>, not after.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14255">#14255</a>:
TOML integer log levels must be quoted: Updating reference
documentation.</li>
</ul>
<h2>Contributor-facing changes</h2>
<ul>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/12689">#12689</a>:
The test reports are now published to Codecov from GitHub Actions.
The test statistics is visible <a
href="https://app.codecov.io/gh/pytest-dev/pytest/tests">on the web
interface</a>.</p>
<p>-- by <code>aleguy02</code></p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a7d58d7a21"><code>a7d58d7</code></a>
Prepare release version 9.0.3</li>
<li><a
href="089d98199c"><code>089d981</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14366">#14366</a>
from bluetech/revert-14193-backport</li>
<li><a
href="8127eaf4ab"><code>8127eaf</code></a>
Revert &quot;Fix: assertrepr_compare respects dict insertion order (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14050">#14050</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14193">#14193</a>)&quot;</li>
<li><a
href="99a7e6029e"><code>99a7e60</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14363">#14363</a>
from pytest-dev/patchback/backports/9.0.x/95d8423bd...</li>
<li><a
href="ddee02a578"><code>ddee02a</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14343">#14343</a>
from bluetech/cve-2025-71176-simple</li>
<li><a
href="74eac6916f"><code>74eac69</code></a>
doc: Update training info (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14298">#14298</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14301">#14301</a>)</li>
<li><a
href="f92dee777c"><code>f92dee7</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14267">#14267</a>
from pytest-dev/patchback/backports/9.0.x/d6fa26c62...</li>
<li><a
href="7ee58acc87"><code>7ee58ac</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/12378">#12378</a>
from Pierre-Sassoulas/fix-implicit-str-concat-and-d...</li>
<li><a
href="37da870d37"><code>37da870</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14259">#14259</a>
from mitre88/patch-4 (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14268">#14268</a>)</li>
<li><a
href="c34bfa3b7a"><code>c34bfa3</code></a>
Add explanation for string context diffs (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14257">#14257</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14266">#14266</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pytest&package-manager=uv&previous-version=9.0.2&new-version=9.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-14 10:20:07 -07:00
dependabot[bot]
986d46ae49 chore: bump pytest from 9.0.2 to 9.0.3 in /libs/standard-tests (#36715)
Bumps [pytest](https://github.com/pytest-dev/pytest) from 9.0.2 to
9.0.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pytest-dev/pytest/releases">pytest's
releases</a>.</em></p>
<blockquote>
<h2>9.0.3</h2>
<h1>pytest 9.0.3 (2026-04-07)</h1>
<h2>Bug fixes</h2>
<ul>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/12444">#12444</a>:
Fixed <code>pytest.approx</code> which now correctly takes into account
<code>~collections.abc.Mapping</code> keys order to compare them.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13634">#13634</a>:
Blocking a <code>conftest.py</code> file using the <code>-p no:</code>
option is now explicitly disallowed.</p>
<p>Previously this resulted in an internal assertion failure during
plugin loading.</p>
<p>Pytest now raises a clear <code>UsageError</code> explaining that
conftest files are not plugins and cannot be disabled via
<code>-p</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13734">#13734</a>:
Fixed crash when a test raises an exceptiongroup with
<code>__tracebackhide__ = True</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14195">#14195</a>:
Fixed an issue where non-string messages passed to <!-- raw HTML omitted
-->unittest.TestCase.subTest()<!-- raw HTML omitted --> were not
printed.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14343">#14343</a>:
Fixed use of insecure temporary directory (CVE-2025-71176).</p>
</li>
</ul>
<h2>Improved documentation</h2>
<ul>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13388">#13388</a>:
Clarified documentation for <code>-p</code> vs
<code>PYTEST_PLUGINS</code> plugin loading and fixed an incorrect
<code>-p</code> example.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13731">#13731</a>:
Clarified that capture fixtures (e.g. <code>capsys</code> and
<code>capfd</code>) take precedence over the <code>-s</code> /
<code>--capture=no</code> command-line options in <code>Accessing
captured output from a test function
&lt;accessing-captured-output&gt;</code>.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14088">#14088</a>:
Clarified that the default <code>pytest_collection</code> hook sets
<code>session.items</code> before it calls
<code>pytest_collection_finish</code>, not after.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14255">#14255</a>:
TOML integer log levels must be quoted: Updating reference
documentation.</li>
</ul>
<h2>Contributor-facing changes</h2>
<ul>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/12689">#12689</a>:
The test reports are now published to Codecov from GitHub Actions.
The test statistics is visible <a
href="https://app.codecov.io/gh/pytest-dev/pytest/tests">on the web
interface</a>.</p>
<p>-- by <code>aleguy02</code></p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a7d58d7a21"><code>a7d58d7</code></a>
Prepare release version 9.0.3</li>
<li><a
href="089d98199c"><code>089d981</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14366">#14366</a>
from bluetech/revert-14193-backport</li>
<li><a
href="8127eaf4ab"><code>8127eaf</code></a>
Revert &quot;Fix: assertrepr_compare respects dict insertion order (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14050">#14050</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14193">#14193</a>)&quot;</li>
<li><a
href="99a7e6029e"><code>99a7e60</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14363">#14363</a>
from pytest-dev/patchback/backports/9.0.x/95d8423bd...</li>
<li><a
href="ddee02a578"><code>ddee02a</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14343">#14343</a>
from bluetech/cve-2025-71176-simple</li>
<li><a
href="74eac6916f"><code>74eac69</code></a>
doc: Update training info (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14298">#14298</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14301">#14301</a>)</li>
<li><a
href="f92dee777c"><code>f92dee7</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14267">#14267</a>
from pytest-dev/patchback/backports/9.0.x/d6fa26c62...</li>
<li><a
href="7ee58acc87"><code>7ee58ac</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/12378">#12378</a>
from Pierre-Sassoulas/fix-implicit-str-concat-and-d...</li>
<li><a
href="37da870d37"><code>37da870</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14259">#14259</a>
from mitre88/patch-4 (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14268">#14268</a>)</li>
<li><a
href="c34bfa3b7a"><code>c34bfa3</code></a>
Add explanation for string context diffs (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14257">#14257</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14266">#14266</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pytest&package-manager=uv&previous-version=9.0.2&new-version=9.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-14 10:19:56 -07:00
dependabot[bot]
2d90e4275f chore: bump pytest from 9.0.2 to 9.0.3 in /libs/text-splitters (#36714)
Bumps [pytest](https://github.com/pytest-dev/pytest) from 9.0.2 to
9.0.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pytest-dev/pytest/releases">pytest's
releases</a>.</em></p>
<blockquote>
<h2>9.0.3</h2>
<h1>pytest 9.0.3 (2026-04-07)</h1>
<h2>Bug fixes</h2>
<ul>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/12444">#12444</a>:
Fixed <code>pytest.approx</code> which now correctly takes into account
<code>~collections.abc.Mapping</code> keys order to compare them.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13634">#13634</a>:
Blocking a <code>conftest.py</code> file using the <code>-p no:</code>
option is now explicitly disallowed.</p>
<p>Previously this resulted in an internal assertion failure during
plugin loading.</p>
<p>Pytest now raises a clear <code>UsageError</code> explaining that
conftest files are not plugins and cannot be disabled via
<code>-p</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13734">#13734</a>:
Fixed crash when a test raises an exceptiongroup with
<code>__tracebackhide__ = True</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14195">#14195</a>:
Fixed an issue where non-string messages passed to <!-- raw HTML omitted
-->unittest.TestCase.subTest()<!-- raw HTML omitted --> were not
printed.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14343">#14343</a>:
Fixed use of insecure temporary directory (CVE-2025-71176).</p>
</li>
</ul>
<h2>Improved documentation</h2>
<ul>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13388">#13388</a>:
Clarified documentation for <code>-p</code> vs
<code>PYTEST_PLUGINS</code> plugin loading and fixed an incorrect
<code>-p</code> example.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13731">#13731</a>:
Clarified that capture fixtures (e.g. <code>capsys</code> and
<code>capfd</code>) take precedence over the <code>-s</code> /
<code>--capture=no</code> command-line options in <code>Accessing
captured output from a test function
&lt;accessing-captured-output&gt;</code>.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14088">#14088</a>:
Clarified that the default <code>pytest_collection</code> hook sets
<code>session.items</code> before it calls
<code>pytest_collection_finish</code>, not after.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14255">#14255</a>:
TOML integer log levels must be quoted: Updating reference
documentation.</li>
</ul>
<h2>Contributor-facing changes</h2>
<ul>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/12689">#12689</a>:
The test reports are now published to Codecov from GitHub Actions.
The test statistics is visible <a
href="https://app.codecov.io/gh/pytest-dev/pytest/tests">on the web
interface</a>.</p>
<p>-- by <code>aleguy02</code></p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a7d58d7a21"><code>a7d58d7</code></a>
Prepare release version 9.0.3</li>
<li><a
href="089d98199c"><code>089d981</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14366">#14366</a>
from bluetech/revert-14193-backport</li>
<li><a
href="8127eaf4ab"><code>8127eaf</code></a>
Revert &quot;Fix: assertrepr_compare respects dict insertion order (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14050">#14050</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14193">#14193</a>)&quot;</li>
<li><a
href="99a7e6029e"><code>99a7e60</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14363">#14363</a>
from pytest-dev/patchback/backports/9.0.x/95d8423bd...</li>
<li><a
href="ddee02a578"><code>ddee02a</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14343">#14343</a>
from bluetech/cve-2025-71176-simple</li>
<li><a
href="74eac6916f"><code>74eac69</code></a>
doc: Update training info (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14298">#14298</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14301">#14301</a>)</li>
<li><a
href="f92dee777c"><code>f92dee7</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14267">#14267</a>
from pytest-dev/patchback/backports/9.0.x/d6fa26c62...</li>
<li><a
href="7ee58acc87"><code>7ee58ac</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/12378">#12378</a>
from Pierre-Sassoulas/fix-implicit-str-concat-and-d...</li>
<li><a
href="37da870d37"><code>37da870</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14259">#14259</a>
from mitre88/patch-4 (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14268">#14268</a>)</li>
<li><a
href="c34bfa3b7a"><code>c34bfa3</code></a>
Add explanation for string context diffs (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14257">#14257</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14266">#14266</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pytest&package-manager=uv&previous-version=9.0.2&new-version=9.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-14 10:19:44 -07:00
dependabot[bot]
a5173bfbec chore: bump pillow from 12.1.1 to 12.2.0 in /libs/langchain_v1 (#36710)
Bumps [pillow](https://github.com/python-pillow/Pillow) from 12.1.1 to
12.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/python-pillow/Pillow/releases">pillow's
releases</a>.</em></p>
<blockquote>
<h2>12.2.0</h2>
<p><a
href="https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html">https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html</a></p>
<h2>Documentation</h2>
<ul>
<li>Update 12.2.0 release notes <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9522">#9522</a>
[<a href="https://github.com/hugovk"><code>@​hugovk</code></a>]</li>
<li>Add loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats
via Netpbm <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9482">#9482</a>
[<a href="https://github.com/bitplane"><code>@​bitplane</code></a>]</li>
<li>Update Python versions <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9515">#9515</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Jeffrey A. Clark -&gt; Jeffrey 'Alex' Clark <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9513">#9513</a>
[<a
href="https://github.com/aclark4life"><code>@​aclark4life</code></a>]</li>
<li>Add release notes for <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9394">#9394</a>,
<a
href="https://redirect.github.com/python-pillow/Pillow/issues/9419">#9419</a>
and <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9456">#9456</a>
<a
href="https://redirect.github.com/python-pillow/Pillow/issues/9467">#9467</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Add Amiga Workbench .info loader to 3rd party plugins list <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9459">#9459</a>
[<a href="https://github.com/bitplane"><code>@​bitplane</code></a>]</li>
<li>Merge PFM documentation into PPM <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9434">#9434</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Update macOS tested Pillow versions <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9431">#9431</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Fix CVE number <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9430">#9430</a>
[<a href="https://github.com/hugovk"><code>@​hugovk</code></a>]</li>
</ul>
<h2>Dependencies</h2>
<ul>
<li>Update xz to 5.8.3 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9523">#9523</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Update libjpeg-turbo to 3.1.4.1 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9507">#9507</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Update libpng to 1.6.56 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9499">#9499</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Update freetype to 2.14.3 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9485">#9485</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Updated libavif to 1.4.1 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9479">#9479</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Updated harfbuzz to 13.2.1 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9461">#9461</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Update Ghostscript to 10.7.0 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9469">#9469</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Update harfbuzz to 13.0.1 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9453">#9453</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Update libavif to 1.4.0 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9460">#9460</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Update freetype to 2.14.2 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9449">#9449</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Update actions/download-artifact action to v8 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9451">#9451</a>
[@<a href="https://github.com/apps/renovate">renovate[bot]</a>]</li>
<li>Updated libpng to 1.6.55 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9425">#9425</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
</ul>
<h2>Testing</h2>
<ul>
<li>Cleanup .spider extension in the same test where it is added <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9517">#9517</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Run tests in parallel via tox for 3.5x speedup <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9516">#9516</a>
[<a href="https://github.com/hugovk"><code>@​hugovk</code></a>]</li>
<li>Enable colour in CI logs <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9486">#9486</a>
[<a href="https://github.com/hugovk"><code>@​hugovk</code></a>]</li>
<li>Update Ghostscript to 10.7.0 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9469">#9469</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Simplify TGA test code <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9477">#9477</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Update tests to check for ValueError when encoding an empty image <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9464">#9464</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Upgrade CI from <code>macos-15-intel</code> to
<code>macos-26-intel</code> <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9454">#9454</a>
[<a href="https://github.com/hugovk"><code>@​hugovk</code></a>]</li>
<li>Add check-case-conflict hook <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9446">#9446</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Specify platform when pulling docker image <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9440">#9440</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>GHA: Cache libavif and webp builds for Ubuntu <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9437">#9437</a>
[<a href="https://github.com/hugovk"><code>@​hugovk</code></a>]</li>
<li>Update macOS tested Pillow versions <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9431">#9431</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
</ul>
<h2>Other changes</h2>
<ul>
<li>Check calloc return value <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9527">#9527</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Check all allocs in the Arrow tree <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9488">#9488</a>
[<a
href="https://github.com/wiredfool"><code>@​wiredfool</code></a>]</li>
<li>Reject non-numeric elements inside list coords <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9526">#9526</a>
[<a href="https://github.com/hugovk"><code>@​hugovk</code></a>]</li>
<li>Move variable declaration inside define <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9525">#9525</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3c41c09506"><code>3c41c09</code></a>
12.2.0 version bump</li>
<li><a
href="cdaa29eb52"><code>cdaa29e</code></a>
Check calloc return value (<a
href="https://redirect.github.com/python-pillow/Pillow/issues/9527">#9527</a>)</li>
<li><a
href="585b2f5a78"><code>585b2f5</code></a>
Check calloc return value</li>
<li><a
href="ecf011ea15"><code>ecf011e</code></a>
Check all allocs in the Arrow tree (<a
href="https://redirect.github.com/python-pillow/Pillow/issues/9488">#9488</a>)</li>
<li><a
href="cf6de8ca9b"><code>cf6de8c</code></a>
Reject non-numeric elements inside list coords (<a
href="https://redirect.github.com/python-pillow/Pillow/issues/9526">#9526</a>)</li>
<li><a
href="ffdcede651"><code>ffdcede</code></a>
Update 12.2.0 release notes (<a
href="https://redirect.github.com/python-pillow/Pillow/issues/9522">#9522</a>)</li>
<li><a
href="7929d7760f"><code>7929d77</code></a>
Added security release notes (<a
href="https://redirect.github.com/python-pillow/Pillow/issues/149">#149</a>)</li>
<li><a
href="c4f7aa5dfb"><code>c4f7aa5</code></a>
Added security release notes</li>
<li><a
href="22cdb5f2e4"><code>22cdb5f</code></a>
Move variable declaration inside define (<a
href="https://redirect.github.com/python-pillow/Pillow/issues/9525">#9525</a>)</li>
<li><a
href="fc15b3b018"><code>fc15b3b</code></a>
Resize tall images vertically first (<a
href="https://redirect.github.com/python-pillow/Pillow/issues/9524">#9524</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/python-pillow/Pillow/compare/12.1.1...12.2.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pillow&package-manager=uv&previous-version=12.1.1&new-version=12.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-14 10:19:32 -07:00
dependabot[bot]
01eb63d21e chore: bump pillow from 12.1.1 to 12.2.0 in /libs/langchain (#36709)
Bumps [pillow](https://github.com/python-pillow/Pillow) from 12.1.1 to
12.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/python-pillow/Pillow/releases">pillow's
releases</a>.</em></p>
<blockquote>
<h2>12.2.0</h2>
<p><a
href="https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html">https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html</a></p>
<h2>Documentation</h2>
<ul>
<li>Update 12.2.0 release notes <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9522">#9522</a>
[<a href="https://github.com/hugovk"><code>@​hugovk</code></a>]</li>
<li>Add loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats
via Netpbm <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9482">#9482</a>
[<a href="https://github.com/bitplane"><code>@​bitplane</code></a>]</li>
<li>Update Python versions <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9515">#9515</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Jeffrey A. Clark -&gt; Jeffrey 'Alex' Clark <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9513">#9513</a>
[<a
href="https://github.com/aclark4life"><code>@​aclark4life</code></a>]</li>
<li>Add release notes for <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9394">#9394</a>,
<a
href="https://redirect.github.com/python-pillow/Pillow/issues/9419">#9419</a>
and <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9456">#9456</a>
<a
href="https://redirect.github.com/python-pillow/Pillow/issues/9467">#9467</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Add Amiga Workbench .info loader to 3rd party plugins list <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9459">#9459</a>
[<a href="https://github.com/bitplane"><code>@​bitplane</code></a>]</li>
<li>Merge PFM documentation into PPM <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9434">#9434</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Update macOS tested Pillow versions <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9431">#9431</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Fix CVE number <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9430">#9430</a>
[<a href="https://github.com/hugovk"><code>@​hugovk</code></a>]</li>
</ul>
<h2>Dependencies</h2>
<ul>
<li>Update xz to 5.8.3 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9523">#9523</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Update libjpeg-turbo to 3.1.4.1 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9507">#9507</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Update libpng to 1.6.56 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9499">#9499</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Update freetype to 2.14.3 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9485">#9485</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Updated libavif to 1.4.1 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9479">#9479</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Updated harfbuzz to 13.2.1 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9461">#9461</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Update Ghostscript to 10.7.0 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9469">#9469</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Update harfbuzz to 13.0.1 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9453">#9453</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Update libavif to 1.4.0 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9460">#9460</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Update freetype to 2.14.2 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9449">#9449</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Update actions/download-artifact action to v8 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9451">#9451</a>
[@<a href="https://github.com/apps/renovate">renovate[bot]</a>]</li>
<li>Updated libpng to 1.6.55 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9425">#9425</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
</ul>
<h2>Testing</h2>
<ul>
<li>Cleanup .spider extension in the same test where it is added <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9517">#9517</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Run tests in parallel via tox for 3.5x speedup <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9516">#9516</a>
[<a href="https://github.com/hugovk"><code>@​hugovk</code></a>]</li>
<li>Enable colour in CI logs <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9486">#9486</a>
[<a href="https://github.com/hugovk"><code>@​hugovk</code></a>]</li>
<li>Update Ghostscript to 10.7.0 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9469">#9469</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Simplify TGA test code <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9477">#9477</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Update tests to check for ValueError when encoding an empty image <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9464">#9464</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Upgrade CI from <code>macos-15-intel</code> to
<code>macos-26-intel</code> <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9454">#9454</a>
[<a href="https://github.com/hugovk"><code>@​hugovk</code></a>]</li>
<li>Add check-case-conflict hook <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9446">#9446</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Specify platform when pulling docker image <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9440">#9440</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>GHA: Cache libavif and webp builds for Ubuntu <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9437">#9437</a>
[<a href="https://github.com/hugovk"><code>@​hugovk</code></a>]</li>
<li>Update macOS tested Pillow versions <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9431">#9431</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
</ul>
<h2>Other changes</h2>
<ul>
<li>Check calloc return value <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9527">#9527</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Check all allocs in the Arrow tree <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9488">#9488</a>
[<a
href="https://github.com/wiredfool"><code>@​wiredfool</code></a>]</li>
<li>Reject non-numeric elements inside list coords <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9526">#9526</a>
[<a href="https://github.com/hugovk"><code>@​hugovk</code></a>]</li>
<li>Move variable declaration inside define <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9525">#9525</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3c41c09506"><code>3c41c09</code></a>
12.2.0 version bump</li>
<li><a
href="cdaa29eb52"><code>cdaa29e</code></a>
Check calloc return value (<a
href="https://redirect.github.com/python-pillow/Pillow/issues/9527">#9527</a>)</li>
<li><a
href="585b2f5a78"><code>585b2f5</code></a>
Check calloc return value</li>
<li><a
href="ecf011ea15"><code>ecf011e</code></a>
Check all allocs in the Arrow tree (<a
href="https://redirect.github.com/python-pillow/Pillow/issues/9488">#9488</a>)</li>
<li><a
href="cf6de8ca9b"><code>cf6de8c</code></a>
Reject non-numeric elements inside list coords (<a
href="https://redirect.github.com/python-pillow/Pillow/issues/9526">#9526</a>)</li>
<li><a
href="ffdcede651"><code>ffdcede</code></a>
Update 12.2.0 release notes (<a
href="https://redirect.github.com/python-pillow/Pillow/issues/9522">#9522</a>)</li>
<li><a
href="7929d7760f"><code>7929d77</code></a>
Added security release notes (<a
href="https://redirect.github.com/python-pillow/Pillow/issues/149">#149</a>)</li>
<li><a
href="c4f7aa5dfb"><code>c4f7aa5</code></a>
Added security release notes</li>
<li><a
href="22cdb5f2e4"><code>22cdb5f</code></a>
Move variable declaration inside define (<a
href="https://redirect.github.com/python-pillow/Pillow/issues/9525">#9525</a>)</li>
<li><a
href="fc15b3b018"><code>fc15b3b</code></a>
Resize tall images vertically first (<a
href="https://redirect.github.com/python-pillow/Pillow/issues/9524">#9524</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/python-pillow/Pillow/compare/12.1.1...12.2.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pillow&package-manager=uv&previous-version=12.1.1&new-version=12.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-14 10:19:21 -07:00
Eugene Yurtsev
8182d6302d release(core): 1.3.0.a2 (#36698)
release 1.3.0a2
langchain-core==1.3.0a2
2026-04-13 10:13:48 -04:00
Eugene Yurtsev
8f5c800f41 test(langchain): test cache hit/miss on lru (#36659)
add quick test
2026-04-13 10:13:21 -04:00
Jacob Lee
a6eb829701 fix(core): Use reference counting for storing inherited run trees to support garbage collection (#36660)
When a langsmith `@traceable` function invokes a LangChain Runnable or
LangGraph subgraph, the callback manager's `_configure` function injects
the `@traceable` RunTree into the `LangChainTracer`'s `run_map` so that
child runs can resolve their parent for trace nesting. However, since
the RunTree was created outside the tracer's callback lifecycle,
`_end_trace` never removes it. The entry persists in `run_map`
indefinitely, retaining the full RunTree and its entire child tree.

In applications with nested subgraph invocations (e.g. an outer
investigation graph delegating to skill agent subgraphs, each compiled
as their own `StateGraph`), this causes RunTree objects to accumulate
linearly with every call.

**Fix:** Track which `run_map` entries were injected externally via a
shared `_external_run_ids` refcount dict on `_TracerCore`. When
`_start_trace` adds a child under an external parent, it increments the
count. When `_end_trace` finishes a child, it decrements — and evicts
the external parent from `run_map` once the last child completes.

The refcount (rather than a simple set) is necessary because a single
external parent may have multiple sibling children in the callback chain
(e.g. a `prompt | llm` `RunnableSequence`). Only truly external runs are
tracked — the `_configure` guard `if run_id_str not in handler.run_map`
prevents tracer-managed runs from being misclassified.
2026-04-13 09:50:37 -04:00
Mason Daugherty
c59e83a1ff ci(infra): add dropdown + override inputs to release and integration test workflows (#36687)
Both `_release.yml` and `integration_tests.yml` previously required
manually typing a package path to target a specific library. Replace the
free-text-only inputs with a dropdown of known packages plus a free-text
override for unlisted paths. The release workflow consolidates the
override-or-default resolution into a single `EFFECTIVE_WORKING_DIR` env
var to eliminate duplication across 20+ step references.
2026-04-12 12:49:37 -06:00
Mason Daugherty
cfb16f634f docs(core): nit (#36685) 2026-04-12 12:56:02 -05:00
langchain-model-profile-bot[bot]
22f78afb0a chore(model-profiles): refresh model profile data (#36668)
Automated refresh of model profile data for all in-monorepo partner
integrations via `langchain-profiles refresh`.

🤖 Generated by the `refresh_model_profiles` workflow.

Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>
2026-04-12 11:31:13 -05:00
Eugene Yurtsev
9f232caa7a chore(infra): limit codspeed to benchmark tests (#36658)
limit codspeed to benchmark tests folder only
2026-04-10 12:02:49 -04:00
Eugene Yurtsev
9ee4617fba release(core): 1.3.0a1 (#36656)
1.3.0a1 release
langchain-core==1.3.0a1
2026-04-10 11:58:34 -04:00
Eugene Yurtsev
2c9296c423 perf(langchain): add lru cache when resolving types (#36649)
speed up for re-instantiation of the same agent
2026-04-10 11:25:58 -04:00
Eugene Yurtsev
1ca47a5411 perf(langchain): add another init test with middleware (#36644)
add another init test with middleware
2026-04-10 11:20:23 -04:00
Eugene Yurtsev
42d677e41f chore(infra): swap runner for codspeed (#36653)
change runner for codspeed
2026-04-10 11:06:03 -04:00
Eugene Yurtsev
1df6816fbd chore(infra): add langchain to codspeed (#36650)
add langchain to codspeed
2026-04-10 10:48:42 -04:00
Eugene Yurtsev
af4d711a2f chore(core): reduce streaming metadata / perf (#36588)
- looking into reducing streaming metadata / perfm

---------

Co-authored-by: William Fu-Hinthorn <13333726+hinthornw@users.noreply.github.com>
2026-04-10 10:47:54 -04:00
Eugene Yurtsev
f0c5a28fa0 perf(langchain): add benchmark command (#36641)
add benchmark in Makefile
2026-04-09 16:05:17 -04:00
langchain-model-profile-bot[bot]
644821e5b4 chore(model-profiles): refresh model profile data (#36630)
Automated refresh of model profile data for all in-monorepo partner
integrations via `langchain-profiles refresh`.

🤖 Generated by the `refresh_model_profiles` workflow.

Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>
2026-04-09 11:15:42 -04:00
dependabot[bot]
690c6ca2ce chore: bump cryptography from 46.0.6 to 46.0.7 in /libs/langchain_v1 (#36619)
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.6
to 46.0.7.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's
changelog</a>.</em></p>
<blockquote>
<p>46.0.7 - 2026-04-07</p>
<pre><code>
* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could
be
  passed to APIs that accept Python buffers, which could lead to buffer
  overflow. **CVE-2026-39892**
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL
3.5.6.
<p>.. _v46-0-6:<br />
</code></pre></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="622d672e42"><code>622d672</code></a>
46.0.7 release (<a
href="https://redirect.github.com/pyca/cryptography/issues/14602">#14602</a>)</li>
<li>See full diff in <a
href="https://github.com/pyca/cryptography/compare/46.0.6...46.0.7">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography&package-manager=uv&previous-version=46.0.6&new-version=46.0.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-09 00:47:49 -04:00
dependabot[bot]
4be8744950 chore: bump cryptography from 46.0.6 to 46.0.7 in /libs/langchain (#36620)
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.6
to 46.0.7.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's
changelog</a>.</em></p>
<blockquote>
<p>46.0.7 - 2026-04-07</p>
<pre><code>
* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could
be
  passed to APIs that accept Python buffers, which could lead to buffer
  overflow. **CVE-2026-39892**
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL
3.5.6.
<p>.. _v46-0-6:<br />
</code></pre></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="622d672e42"><code>622d672</code></a>
46.0.7 release (<a
href="https://redirect.github.com/pyca/cryptography/issues/14602">#14602</a>)</li>
<li>See full diff in <a
href="https://github.com/pyca/cryptography/compare/46.0.6...46.0.7">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography&package-manager=uv&previous-version=46.0.6&new-version=46.0.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-09 00:47:41 -04:00
Mason Daugherty
ffe4def5e4 docs(infra): add model reference freshness guidelines (#36626)
Add a "Model references in docs and examples" subsection to `AGENTS.md`
and `CLAUDE.md` under Documentation standards. Codifies that docstrings
and examples should use current GA model names, not stale ones — and
explicitly draws the line between updating illustrative references
(encouraged) and changing shipped code defaults (breaking change,
separate process).
2026-04-09 01:50:54 +00:00
Mason Daugherty
efa97e598b docs(infra): note sha pinning requirement in agent files (#36625)
Following #36621
2026-04-09 00:18:14 +00:00
Mason Daugherty
6443612fa3 ci: pin all actions to full-length commit SHAs (#36621)
Pin all remaining GitHub Actions references to full-length commit SHAs,
matching the convention already established by third-party actions in
this repo. This is a prerequisite for enabling GitHub's "Require actions
to be pinned to a full-length commit SHA" repository ruleset, which
mitigates tag-hijacking supply chain attacks.
2026-04-08 19:02:58 -04:00
Eugene Yurtsev
dd7c3eb3a4 release(core): release 1.2.28 (#36614)
release 1.27.8
langchain-core==1.2.28
2026-04-08 14:15:50 -04:00
Eugene Yurtsev
af2ed47c6f fix(core): add more sanitization to templates (#36612)
add more sanitization to templates
2026-04-08 14:10:10 -04:00
ccurme
7e5858d807 release(standard-tests): 1.1.6 (#36610) langchain-tests==1.1.6 2026-04-08 11:16:09 -04:00
ccurme
fe99cb2912 fix(standard-tests): update standard tests for sandbox backends (#36036)
Co-authored-by: Eugene Yurtsev <eyurtsev@gmail.com>
2026-04-08 11:08:54 -04:00
langchain-model-profile-bot[bot]
65bbd47cb2 chore(model-profiles): refresh model profile data (#36596)
Automated refresh of model profile data for all in-monorepo partner
integrations via `langchain-profiles refresh`.

🤖 Generated by the `refresh_model_profiles` workflow.

Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>
2026-04-07 15:48:36 -04:00
ccurme
6486404116 release(core): 1.2.27 (#36586) langchain-core==1.2.27 2026-04-07 10:52:46 -04:00
ccurme
7629c74726 fix(core): handle symlinks in deprecated prompt save path (#36585)
Resolve symlinks before validating file extensions in the deprecated
`save()` method on prompt classes.

Credit to Jeff Ponte (@JDP-Security) for reporting the symlink
resolution issue.
2026-04-07 10:45:42 -04:00
Mason Daugherty
ce21bf469d ci: convert working-directory to validated dropdown (#36575)
Convert the `working-directory` input in the release workflow from a
free-text string to a dropdown of known package paths.

## Changes
- Change `working-directory` from `type: string` to `type: choice` in
`_release.yml`, enumerating all 21 releasable packages under `libs/` and
`libs/partners/`
- Add `check-release-options` CI job in `check_diffs.yml` that runs a
pytest script to assert the dropdown options match directories
containing a `pyproject.toml`
langchain-ollama==1.1.0
2026-04-06 22:46:11 -04:00
Mason Daugherty
b8698eacbd release(ollama): 1.1.0 (#36574) 2026-04-06 22:34:32 -04:00