mirror of
https://github.com/hwchase17/langchain.git
synced 2026-05-18 05:26:09 +00:00
4c593b35fbcbd67504378141edea3084cc81123f
1691 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
dependabot[bot]
|
1662347879 |
chore: bump mistune from 3.1.4 to 3.2.1 in /libs/core (#37237)
Bumps [mistune](https://github.com/lepture/mistune) from 3.1.4 to 3.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lepture/mistune/releases">mistune's releases</a>.</em></p> <blockquote> <h2>v3.2.1</h2> <h3> 🐞 Bug Fixes</h3> <ul> <li>Resolve Windows compatibility issues in file inclusion and tests - by <a href="https://github.com/Yuki9814"><code>@Yuki9814</code></a> <a href="https://github.com/lepture/mistune/commit/2547102"><!-- raw HTML omitted -->(25471)<!-- raw HTML omitted --></a></li> <li>Escape html text - by <a href="https://github.com/lepture"><code>@lepture</code></a> <a href="https://github.com/lepture/mistune/commit/a3cb6e5"><!-- raw HTML omitted -->(a3cb6)<!-- raw HTML omitted --></a></li> <li>Update link reference - by <a href="https://github.com/lepture"><code>@lepture</code></a> <a href="https://github.com/lepture/mistune/commit/85eb54f"><!-- raw HTML omitted -->(85eb5)<!-- raw HTML omitted --></a></li> <li>Handle escaped dollar signs in inline math - by <a href="https://github.com/saschabuehrle"><code>@saschabuehrle</code></a> in <a href="https://redirect.github.com/lepture/mistune/issues/370">lepture/mistune#370</a> <a href="https://github.com/lepture/mistune/commit/7bd5709"><!-- raw HTML omitted -->(7bd57)<!-- raw HTML omitted --></a></li> <li>Escape id of toc - by <a href="https://github.com/lepture"><code>@lepture</code></a> <a href="https://github.com/lepture/mistune/commit/04880a0"><!-- raw HTML omitted -->(04880)<!-- raw HTML omitted --></a></li> <li>Escape id of headings - by <a href="https://github.com/lepture"><code>@lepture</code></a> <a href="https://github.com/lepture/mistune/commit/2855622"><!-- raw HTML omitted -->(28556)<!-- raw HTML omitted --></a></li> <li>Remove double-encoding of image alt text - by <a href="https://github.com/lawrence3699"><code>@lawrence3699</code></a> <a href="https://github.com/lepture/mistune/commit/0d6f3d8"><!-- raw HTML omitted -->(0d6f3)<!-- raw HTML omitted --></a></li> <li>Escape xml for math plugin - by <a href="https://github.com/lepture"><code>@lepture</code></a> <a href="https://github.com/lepture/mistune/commit/5fa092e"><!-- raw HTML omitted -->(5fa09)<!-- raw HTML omitted --></a></li> <li>Use strict regex for image's height and width - by <a href="https://github.com/lepture"><code>@lepture</code></a> <a href="https://github.com/lepture/mistune/commit/8d0cb75"><!-- raw HTML omitted -->(8d0cb)<!-- raw HTML omitted --></a></li> </ul> <h5> <a href="https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1">View changes on GitHub</a></h5> <h2>v3.2.0</h2> <h3> 🚀 Features</h3> <ul> <li>Support footnotes that start on the next line. - by <a href="https://github.com/kylechui"><code>@kylechui</code></a> <a href="https://github.com/lepture/mistune/commit/2677e2d"><!-- raw HTML omitted -->(2677e)<!-- raw HTML omitted --></a></li> <li>Properly handle code blocks inside footnotes. - by <a href="https://github.com/kylechui"><code>@kylechui</code></a> <a href="https://github.com/lepture/mistune/commit/0516c9e"><!-- raw HTML omitted -->(0516c)<!-- raw HTML omitted --></a></li> <li>Support python 3.14 - by <a href="https://github.com/lepture"><code>@lepture</code></a> <a href="https://github.com/lepture/mistune/commit/7e0eb65"><!-- raw HTML omitted -->(7e0eb)<!-- raw HTML omitted --></a></li> </ul> <h3> 🐞 Bug Fixes</h3> <ul> <li>Render ref links and footnotes in footnotes. - by <a href="https://github.com/lepture"><code>@lepture</code></a> <a href="https://github.com/lepture/mistune/commit/bd90e44"><!-- raw HTML omitted -->(bd90e)<!-- raw HTML omitted --></a></li> <li>Render ref links in TOC. - by <a href="https://github.com/lemon24"><code>@lemon24</code></a> <a href="https://github.com/lepture/mistune/commit/a0a0148"><!-- raw HTML omitted -->(a0a01)<!-- raw HTML omitted --></a></li> <li>Update typing for mypy upgrades - by <a href="https://github.com/lepture"><code>@lepture</code></a> <a href="https://github.com/lepture/mistune/commit/8d49cba"><!-- raw HTML omitted -->(8d49c)<!-- raw HTML omitted --></a></li> <li>Render correct html for footnotes - by <a href="https://github.com/lepture"><code>@lepture</code></a> <a href="https://github.com/lepture/mistune/commit/9b62204"><!-- raw HTML omitted -->(9b622)<!-- raw HTML omitted --></a></li> </ul> <h5> <a href="https://github.com/lepture/mistune/compare/v3.1.4...v3.2.0">View changes on GitHub</a></h5> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/lepture/mistune/blob/main/docs/changes.rst">mistune's changelog</a>.</em></p> <blockquote> <h2>Version 3.2.1</h2> <p><strong>Released on May 3, 2026</strong></p> <ul> <li>Escape link in <code>render_toc_ul</code>.</li> <li>Escape text in math plugin.</li> <li>Fix regex for math plugin.</li> <li>Escape heading's ID attribute.</li> <li>Fix <code>LINK_TITLE_RE</code> to prevent DoS.</li> <li>Escape class attribute for admonition directive.</li> <li>Remove double-encoding of image alt text.</li> <li>Escape class attribute for image directive.</li> <li>Fix width/height attribute for image directive.</li> </ul> <h2>Version 3.2.0</h2> <p><strong>Released on Dec 23, 2025</strong></p> <ul> <li>Announce supports for python 3.14</li> <li>Fix footnotes plugins for code blocks, ref links, blockquote and etc.</li> <li>Fix ref links in TOC.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
2ca920cf82 |
chore: bump jupyter-server from 2.17.0 to 2.18.0 in /libs/core (#37204)
Bumps [jupyter-server](https://github.com/jupyter-server/jupyter_server) from 2.17.0 to 2.18.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jupyter-server/jupyter_server/releases">jupyter-server's releases</a>.</em></p> <blockquote> <h2>v2.18.0</h2> <h2>2.18.0</h2> <p>(<a href="https://github.com/jupyter-server/jupyter_server/compare/v2.17.0...49b34392feaa97735b3b777e3baf8f22f2a14ed8">Full Changelog</a>)</p> <h3>Security patches</h3> <ul> <li>CVE-2026-40110 <a href="https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-24qx-w28j-9m6p">https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-24qx-w28j-9m6p</a></li> <li>CVE-2025-61669 <a href="https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6qm3-653w">https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6qm3-653w</a></li> <li>CVE-2026-40934 <a href="https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5mrq-x3x5-8v8f">https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5mrq-x3x5-8v8f</a></li> <li>CVE-2026-35397 <a href="https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3">https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3</a></li> </ul> <h3>API and Breaking Changes</h3> <ul> <li>Add query param to sanitize HTML in GET /nbconvert/html <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1618">#1618</a> (<a href="https://github.com/Yann-P"><code>@Yann-P</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> </ul> <h3>Enhancements made</h3> <ul> <li>Update handlers.py to fix ioloop blockers(sync file operations) <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1617">#1617</a> (<a href="https://github.com/zolyfarkas-fb"><code>@zolyfarkas-fb</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Add resolvePath API for resolving kernel-relative paths <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1331">#1331</a> (<a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/blink1073"><code>@blink1073</code></a>)</li> </ul> <h3>Bugs fixed</h3> <ul> <li>Move check origin into a util function and add it to websocket <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1630">#1630</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/Yann-P"><code>@Yann-P</code></a>)</li> <li>Fix flaky test_restart_kernel by unsticking nudge() after port-changing restart <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1628">#1628</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/claude"><code>@claude</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Try to fix flaky test "test_restart_kernel" <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1625">#1625</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Fix potential unraisable pytest error <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1624">#1624</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>fix: use %s placeholders in HTTPError to prevent Tornado from doubling % in gateway URLs <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1620">#1620</a> (<a href="https://github.com/terminalchai"><code>@terminalchai</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/ptch314"><code>@ptch314</code></a>)</li> <li>Fix three file descriptor leaks in kernel connection lifecycle (<a href="https://redirect.github.com/jupyter-server/jupyter_server/issues/1506">#1506</a>) <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1619">#1619</a> (<a href="https://github.com/tonyx93"><code>@tonyx93</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Use web.HTTPError for kernel restart failures <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1616">#1616</a> (<a href="https://github.com/YDawn"><code>@YDawn</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Handle EADDRINUSE and EACCES in _bind_http_server_tcp <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1613">#1613</a> (<a href="https://github.com/YDawn"><code>@YDawn</code></a>, <a href="https://github.com/Zsailer"><code>@Zsailer</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>Use st_birthtime for file created timestamp on macOS/BSD <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1594">#1594</a> (<a href="https://github.com/ktaletsk"><code>@ktaletsk</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>Fix double write when refusing hidden files in contents handler <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1585">#1585</a> (<a href="https://github.com/Krish-876"><code>@Krish-876</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>Close all sockets in _find_http_port explicitly <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1584">#1584</a> (<a href="https://github.com/MaryushSoroka"><code>@MaryushSoroka</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>Fix writing on remote file systems with attribute cache <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1574">#1574</a> (<a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/Zsailer"><code>@Zsailer</code></a>)</li> <li>Add IdentityProvider.cookie_secret_hook <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1569">#1569</a> (<a href="https://github.com/emin63"><code>@emin63</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>fix context pollution <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1561">#1561</a> (<a href="https://github.com/dualc"><code>@dualc</code></a>, <a href="https://github.com/Zsailer"><code>@Zsailer</code></a>)</li> <li>Fix gateway cookie handling <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1558">#1558</a> (<a href="https://github.com/kevin-bates"><code>@kevin-bates</code></a>, <a href="https://github.com/RRosio"><code>@RRosio</code></a>, <a href="https://github.com/lresende"><code>@lresende</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>fix connection exception cause high cpu load <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1484">#1484</a> (<a href="https://github.com/dualc"><code>@dualc</code></a>, <a href="https://github.com/lresende"><code>@lresende</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> </ul> <h3>Maintenance and upkeep improvements</h3> <ul> <li>Start to test on Python 3.13 and 3.14 <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1623">#1623</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Bump actions/create-github-app-token from 2 to 3 in the actions group across 1 directory <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1621">#1621</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Bump brace-expansion from 1.1.12 to 1.1.13 <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1615">#1615</a> (<a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>Fix package spec for jupytext <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1614">#1614</a> (<a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/Zsailer"><code>@Zsailer</code></a>)</li> <li>chore: update pre-commit hooks <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1607">#1607</a> (<a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>try to fix ci on windows <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1600">#1600</a> (<a href="https://github.com/minrk"><code>@minrk</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>run prerelease tests on 3.14 <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1599">#1599</a> (<a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>Pin sphinx to an older version (<9) to fix docs <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1597">#1597</a> (<a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jupyter-server/jupyter_server/blob/main/CHANGELOG.md">jupyter-server's changelog</a>.</em></p> <blockquote> <h2>2.18.0</h2> <p>(<a href="https://github.com/jupyter-server/jupyter_server/compare/v2.9.1...49b34392feaa97735b3b777e3baf8f22f2a14ed8">Full Changelog</a>)</p> <h3>API and Breaking Changes</h3> <ul> <li>Add query param to sanitize HTML in GET /nbconvert/html <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1618">#1618</a> (<a href="https://github.com/Yann-P"><code>@Yann-P</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> </ul> <h3>Enhancements made</h3> <ul> <li>Update handlers.py to fix ioloop blockers(sync file operations) <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1617">#1617</a> (<a href="https://github.com/zolyfarkas-fb"><code>@zolyfarkas-fb</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Avoid redundant call to <code>_get_os_path</code> in <code>_dir_model</code> <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1547">#1547</a> (<a href="https://github.com/joeyutong"><code>@joeyutong</code></a>, <a href="https://github.com/vidartf"><code>@vidartf</code></a>)</li> <li>Allow specifying extra params to scrub from logs <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1538">#1538</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>, <a href="https://github.com/Zsailer"><code>@Zsailer</code></a>, <a href="https://github.com/vidartf"><code>@vidartf</code></a>)</li> <li>Add a logger to the ExtensionPoint API <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1523">#1523</a> (<a href="https://github.com/Zsailer"><code>@Zsailer</code></a>, <a href="https://github.com/vidartf"><code>@vidartf</code></a>)</li> <li>Allow user to update identity values <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1518">#1518</a> (<a href="https://github.com/brichet"><code>@brichet</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>If ServerApp.ip is ipv6 use [::1] as local_url <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1495">#1495</a> (<a href="https://github.com/manics"><code>@manics</code></a>, <a href="https://github.com/afshin"><code>@afshin</code></a>)</li> <li>Better error message when starting kernel for session. <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1478">#1478</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/davidbrochart"><code>@davidbrochart</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>Add a traitlet to disable recording HTTP request metrics <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1472">#1472</a> (<a href="https://github.com/yuvipanda"><code>@yuvipanda</code></a>, <a href="https://github.com/Zsailer"><code>@Zsailer</code></a>)</li> <li>prometheus: Expose 3 activity metrics <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1471">#1471</a> (<a href="https://github.com/yuvipanda"><code>@yuvipanda</code></a>, <a href="https://github.com/Zsailer"><code>@Zsailer</code></a>)</li> <li>Add prometheus info metrics listing server extensions + versions <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1470">#1470</a> (<a href="https://github.com/yuvipanda"><code>@yuvipanda</code></a>, <a href="https://github.com/Zsailer"><code>@Zsailer</code></a>)</li> <li>Add prometheus metric with version information <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1467">#1467</a> (<a href="https://github.com/yuvipanda"><code>@yuvipanda</code></a>, <a href="https://github.com/Zsailer"><code>@Zsailer</code></a>)</li> <li>Don't hide .so,.dylib files by default <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1457">#1457</a> (<a href="https://github.com/nokados"><code>@nokados</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>, <a href="https://github.com/vidartf"><code>@vidartf</code></a>)</li> <li>Better hash format error message <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1442">#1442</a> (<a href="https://github.com/fcollonval"><code>@fcollonval</code></a>, <a href="https://github.com/Zsailer"><code>@Zsailer</code></a>)</li> <li>Removing excessive logging from reading local files <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1420">#1420</a> (<a href="https://github.com/lresende"><code>@lresende</code></a>, <a href="https://github.com/kevin-bates"><code>@kevin-bates</code></a>)</li> <li>Add async start hook to ExtensionApp API <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1417">#1417</a> (<a href="https://github.com/Zsailer"><code>@Zsailer</code></a>, <a href="https://github.com/Darshan808"><code>@Darshan808</code></a>, <a href="https://github.com/bollwyvl"><code>@bollwyvl</code></a>, <a href="https://github.com/fcollonval"><code>@fcollonval</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Do not include token in dashboard link, when available <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1406">#1406</a> (<a href="https://github.com/minrk"><code>@minrk</code></a>, <a href="https://github.com/blink1073"><code>@blink1073</code></a>)</li> <li>Add an option to have authentication enabled for all endpoints by default <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1392">#1392</a> (<a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/Wh1isper"><code>@Wh1isper</code></a>, <a href="https://github.com/blink1073"><code>@blink1073</code></a>, <a href="https://github.com/bollwyvl"><code>@bollwyvl</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>, <a href="https://github.com/yuvipanda"><code>@yuvipanda</code></a>)</li> <li>websockets: add configurations for ping interval and timeout <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1391">#1391</a> (<a href="https://github.com/oliver-sanders"><code>@oliver-sanders</code></a>, <a href="https://github.com/blink1073"><code>@blink1073</code></a>)</li> <li>log extension import time at debug level unless it's actually slow <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1375">#1375</a> (<a href="https://github.com/minrk"><code>@minrk</code></a>, <a href="https://github.com/Zsailer"><code>@Zsailer</code></a>, <a href="https://github.com/yuvipanda"><code>@yuvipanda</code></a>)</li> <li>Add support for async Authorizers (part 2) <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1374">#1374</a> (<a href="https://github.com/Zsailer"><code>@Zsailer</code></a>, <a href="https://github.com/blink1073"><code>@blink1073</code></a>)</li> <li>Support async Authorizers <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1373">#1373</a> (<a href="https://github.com/Zsailer"><code>@Zsailer</code></a>, <a href="https://github.com/blink1073"><code>@blink1073</code></a>)</li> <li>Support get file(notebook) md5 <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1363">#1363</a> (<a href="https://github.com/Wh1isper"><code>@Wh1isper</code></a>, <a href="https://github.com/blink1073"><code>@blink1073</code></a>, <a href="https://github.com/bollwyvl"><code>@bollwyvl</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Update kernel env to reflect changes in session <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1354">#1354</a> (<a href="https://github.com/blink1073"><code>@blink1073</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Add resolvePath API for resolving kernel-relative paths <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1331">#1331</a> (<a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/blink1073"><code>@blink1073</code></a>)</li> </ul> <h3>Bugs fixed</h3> <ul> <li>Move check origin into a util function and add it to websocket <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1630">#1630</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/Yann-P"><code>@Yann-P</code></a>)</li> <li>Fix flaky test_restart_kernel by unsticking nudge() after port-changing restart <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1628">#1628</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/claude"><code>@claude</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Try to fix flaky test "test_restart_kernel" <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1625">#1625</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Fix potential unraisable pytest error <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1624">#1624</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>fix: use %s placeholders in HTTPError to prevent Tornado from doubling % in gateway URLs <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1620">#1620</a> (<a href="https://github.com/terminalchai"><code>@terminalchai</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/ptch314"><code>@ptch314</code></a>)</li> <li>Fix three file descriptor leaks in kernel connection lifecycle (<a href="https://redirect.github.com/jupyter-server/jupyter_server/issues/1506">#1506</a>) <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1619">#1619</a> (<a href="https://github.com/tonyx93"><code>@tonyx93</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Use web.HTTPError for kernel restart failures <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1616">#1616</a> (<a href="https://github.com/YDawn"><code>@YDawn</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Handle EADDRINUSE and EACCES in _bind_http_server_tcp <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1613">#1613</a> (<a href="https://github.com/YDawn"><code>@YDawn</code></a>, <a href="https://github.com/Zsailer"><code>@Zsailer</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>Use st_birthtime for file created timestamp on macOS/BSD <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1594">#1594</a> (<a href="https://github.com/ktaletsk"><code>@ktaletsk</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>Fix double write when refusing hidden files in contents handler <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1585">#1585</a> (<a href="https://github.com/Krish-876"><code>@Krish-876</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>Close all sockets in _find_http_port explicitly <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1584">#1584</a> (<a href="https://github.com/MaryushSoroka"><code>@MaryushSoroka</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>Fix writing on remote file systems with attribute cache <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1574">#1574</a> (<a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/Zsailer"><code>@Zsailer</code></a>)</li> <li>Add IdentityProvider.cookie_secret_hook <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1569">#1569</a> (<a href="https://github.com/emin63"><code>@emin63</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
Nick Hollon
|
5039dfec1f | release(core): 1.3.3 (#37198) | ||
|
Nick Hollon
|
55a7707837 |
fix(core): set deprecation since to 1.3.3 to match release (#37200)
|
||
|
Nick Hollon
|
c979c6187b |
fix(core, langchain): harden load() against untrusted manifests (#37197)
|
||
|
dependabot[bot]
|
8eb3bec99f |
chore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (#37109)
Bumps [notebook](https://github.com/jupyter/notebook) from 7.5.0 to 7.5.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jupyter/notebook/releases">notebook's releases</a>.</em></p> <blockquote> <h2>v7.5.6</h2> <h2>7.5.6</h2> <p>(<a href="https://github.com/jupyter/notebook/compare/@jupyter-notebook/application-extension@7.5.5...2e642f0cb10be314ba5d97d709cffe41bf992d9e">Full Changelog</a>)</p> <h3>Security patches</h3> <ul> <li>CVE-2026-42557 <a href="https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-mqcg-5x36-vfcg">https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-mqcg-5x36-vfcg</a></li> <li>CVE-2026-40171 <a href="https://github.com/jupyter/notebook/security/advisories/GHSA-rch3-82jr-f9w9">https://github.com/jupyter/notebook/security/advisories/GHSA-rch3-82jr-f9w9</a></li> </ul> <h3>Maintenance and upkeep improvements</h3> <ul> <li>Update to JupyterLab v4.5.7 <a href="https://redirect.github.com/jupyter/notebook/pull/7902">#7902</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> </ul> <h3>Documentation improvements</h3> <ul> <li>docs: Fix broken links in troubleshooting and migration docs <a href="https://redirect.github.com/jupyter/notebook/pull/7824">#7824</a> (<a href="https://github.com/RamiNoodle733"><code>@RamiNoodle733</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter/notebook/graphs/contributors?from=2026-03-11&to=2026-04-30&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/jtpio"><code>@jtpio</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3Ajtpio+updated%3A2026-03-11..2026-04-30&type=Issues">activity</a>) | <a href="https://github.com/RamiNoodle733"><code>@RamiNoodle733</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3ARamiNoodle733+updated%3A2026-03-11..2026-04-30&type=Issues">activity</a>)</p> <h2>v7.5.5</h2> <h2>7.5.5</h2> <p>(<a href="https://github.com/jupyter/notebook/compare/@jupyter-notebook/application-extension@7.5.4...4f8438b0c67dc4f010bf8cd052da4f16e2ed3828">Full Changelog</a>)</p> <h3>Maintenance and upkeep improvements</h3> <ul> <li>Update to JupyterLab v4.5.6 <a href="https://redirect.github.com/jupyter/notebook/pull/7861">#7861</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> <li>[7.5.x] Drop Python 3.9 on CI <a href="https://redirect.github.com/jupyter/notebook/pull/7860">#7860</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> <li>Fix check links <a href="https://redirect.github.com/jupyter/notebook/pull/7857">#7857</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter/notebook/graphs/contributors?from=2026-02-24&to=2026-03-11&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/jtpio"><code>@jtpio</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3Ajtpio+updated%3A2026-02-24..2026-03-11&type=Issues">activity</a>)</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jupyter/notebook/blob/@jupyter-notebook/tree@7.5.6/CHANGELOG.md">notebook's changelog</a>.</em></p> <blockquote> <h2>7.5.6</h2> <p>(<a href="https://github.com/jupyter/notebook/compare/@jupyter-notebook/application-extension@7.5.5...2e642f0cb10be314ba5d97d709cffe41bf992d9e">Full Changelog</a>)</p> <h3>Maintenance and upkeep improvements</h3> <ul> <li>Update to JupyterLab v4.5.7 <a href="https://redirect.github.com/jupyter/notebook/pull/7902">#7902</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> </ul> <h3>Documentation improvements</h3> <ul> <li>docs: Fix broken links in troubleshooting and migration docs <a href="https://redirect.github.com/jupyter/notebook/pull/7824">#7824</a> (<a href="https://github.com/RamiNoodle733"><code>@RamiNoodle733</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter/notebook/graphs/contributors?from=2026-03-11&to=2026-04-30&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/jtpio"><code>@jtpio</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3Ajtpio+updated%3A2026-03-11..2026-04-30&type=Issues">activity</a>) | <a href="https://github.com/RamiNoodle733"><code>@RamiNoodle733</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3ARamiNoodle733+updated%3A2026-03-11..2026-04-30&type=Issues">activity</a>)</p> <!-- raw HTML omitted --> <h2>7.5.5</h2> <p>(<a href="https://github.com/jupyter/notebook/compare/@jupyter-notebook/application-extension@7.5.4...4f8438b0c67dc4f010bf8cd052da4f16e2ed3828">Full Changelog</a>)</p> <h3>Maintenance and upkeep improvements</h3> <ul> <li>Update to JupyterLab v4.5.6 <a href="https://redirect.github.com/jupyter/notebook/pull/7861">#7861</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> <li>[7.5.x] Drop Python 3.9 on CI <a href="https://redirect.github.com/jupyter/notebook/pull/7860">#7860</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> <li>Fix check links <a href="https://redirect.github.com/jupyter/notebook/pull/7857">#7857</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter/notebook/graphs/contributors?from=2026-02-24&to=2026-03-11&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/jtpio"><code>@jtpio</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3Ajtpio+updated%3A2026-02-24..2026-03-11&type=Issues">activity</a>)</p> <h2>7.5.4</h2> <p>(<a href="https://github.com/jupyter/notebook/compare/@jupyter-notebook/application-extension@7.5.3...e5d8418b706fcefd4208bb61c22399dd3123555b">Full Changelog</a>)</p> <h3>Maintenance and upkeep improvements</h3> <ul> <li>Update to JupyterLab v4.5.5 <a href="https://redirect.github.com/jupyter/notebook/pull/7842">#7842</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> <li>Fix PyO3 CI failure with Python 3.15 <a href="https://redirect.github.com/jupyter/notebook/pull/7836">#7836</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
bf715fac07 |
chore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (#37129)
Bumps [types-pyyaml](https://github.com/python/typeshed) from 6.0.12.20250915 to 6.0.12.20260408. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/python/typeshed/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
Mason Daugherty
|
a1f336fdc7 |
fix(core): preserve structured inputs on tool runs in tracers (#37108)
Tool runs in `_TracerCore._create_tool_run` were discarding the
structured `inputs` dict that `BaseTool.run` passes to `on_tool_start`,
replacing it with `{"input": str(filtered_tool_input)}`. Consequently,
every multi-arg tool (e.g. ones in `deepagents` like `execute`,
`edit_file`, `write_file`, `grep`, ...) appeared in LangSmith with a
stringified, escaped dump of its arguments — multi-line bash commands
rendered with `\n` and were effectively unreadable. Chain runs already
preserved dicts via `_get_chain_inputs`; tool runs are now symmetric.
## Changes
- Preserve `inputs` when it is already a `dict` in the `original` /
`original+chat` branch of `_TracerCore._create_tool_run`, falling back
to `{"input": input_str}` only when no structured payload was provided
- Add regression tests in the sync and async base-tracer suites that
pass a structured `inputs` to `on_tool_start` and assert the dict
survives onto the resulting `Run`
## Breaking change
Custom `BaseTracer` subclasses that parsed `Run.inputs["input"]` as a
stringified dict for tool runs will need to read the structured fields
directly. The shape now matches what `on_tool_start(inputs=...)` has
always received — introduced alongside `_schema_format` in the
`astream_events` work — and what `streaming_events` consumers already
see.
|
||
|
Mason Daugherty
|
38553c3f2d | release(perplexity): 1.2.0 (#37091) | ||
open-swe[bot]
|
ba897ffa7e |
chore(docs): update x handle references (#37081)
## Description Updates package metadata and README badges so LangChain social links point to the new `@langchain_oss` X handle. This was completed with AI-agent assistance. ## Test Plan - [ ] Validate README badges and package metadata links point to `https://x.com/langchain_oss` _Opened collaboratively by Mason Daugherty and open-swe._ --------- Co-authored-by: open-swe[bot] <open-swe@users.noreply.github.com> Co-authored-by: Mason Daugherty <61371264+mdrxy@users.noreply.github.com> |
||
|
Mason Daugherty
|
37be34be82 |
fix(core): make removal optional in warn_deprecated (#37056)
Drop the `NotImplementedError` branch in `warn_deprecated` so callers can pass `pending=False` without specifying a `removal` version. The previous behavior contradicted the docstring (which claimed an empty default would auto-compute a removal version) — no such computation existed; the function just raised a placeholder "Need to determine which default deprecation schedule to use" error. |
||
Sharvil Saxena
|
78546e9242 | fix(core): validate batch_size in _batch and _abatch to prevent infinite loop (#36663) | ||
|
Nick Hollon
|
c4498ccaf9 | chore(core): mark stream_v2/astream_v2 as beta (#36992) | ||
|
Nick Hollon
|
fa0f0d8efa | release(core): 1.3.2 (#36990) | ||
|
Nick Hollon
|
9ce72eba9f | feat(core): add content-block-centric streaming (v2) (#36834) | ||
ccurme
|
3f382a9e20 | release(core): 1.3.1 (#36972) | ||
Hunter Lovell
|
9a671d7919 | feat(core): allow _format_output to pass through list of ToolOutputMixin instances (#36963) | ||
|
dependabot[bot]
|
1442b41042 |
chore: bump nbconvert from 7.17.0 to 7.17.1 in /libs/core (#36923)
Bumps [nbconvert](https://github.com/jupyter/nbconvert) from 7.17.0 to 7.17.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jupyter/nbconvert/releases">nbconvert's releases</a>.</em></p> <blockquote> <h2>v7.17.1</h2> <h2>7.17.1</h2> <p>This is a security release, fixing two CVEs:</p> <ul> <li><a href="https://github.com/jupyter/nbconvert/security/advisories/GHSA-4c99-qj7h-p3vg">CVE-2026-39377</a></li> <li><a href="https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9">CVE-2026-39378</a></li> </ul> <p>(full advisories will be published seven days after release, on 2026-04-14).</p> <p>(<a href="https://github.com/jupyter/nbconvert/compare/v7.17.0...b3b6ec01f872e9af8fd1769eb9cf1889c720ecf3">Full Changelog</a>)</p> <h3>Enhancements made</h3> <ul> <li>Allow configureable WebPDF JavaScript processing timeout <a href="https://redirect.github.com/jupyter/nbconvert/pull/2250">#2250</a> (<a href="https://github.com/timkpaine"><code>@timkpaine</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> </ul> <h3>Bugs fixed</h3> <ul> <li>Fix <code>PermissionError</code> when checking template paths on shared filesystems <a href="https://redirect.github.com/jupyter/nbconvert/pull/2252">#2252</a> (<a href="https://github.com/ctcjab"><code>@ctcjab</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Tweak webpdf template logic to fix duplicate extension problem <a href="https://redirect.github.com/jupyter/nbconvert/pull/2249">#2249</a> (<a href="https://github.com/timkpaine"><code>@timkpaine</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> </ul> <h3>Maintenance and upkeep improvements</h3> <ul> <li>specify python version for pre <a href="https://redirect.github.com/jupyter/nbconvert/pull/2276">#2276</a> (<a href="https://github.com/minrk"><code>@minrk</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter/nbconvert/graphs/contributors?from=2026-01-29&to=2026-04-08&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/akhmerov"><code>@akhmerov</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aakhmerov+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/bollwyvl"><code>@bollwyvl</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/Carreau"><code>@Carreau</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/ctcjab"><code>@ctcjab</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Actcjab+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/davidbrochart"><code>@davidbrochart</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Adavidbrochart+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/Ken-B"><code>@Ken-B</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AKen-B+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/krassowski"><code>@krassowski</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/mgeier"><code>@mgeier</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgeier+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/minrk"><code>@minrk</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/mpacer"><code>@mpacer</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ampacer+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/MSeal"><code>@MSeal</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/SylvainCorlay"><code>@SylvainCorlay</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ASylvainCorlay+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/takluyver"><code>@takluyver</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Atakluyver+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/timkpaine"><code>@timkpaine</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Atimkpaine+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>)</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jupyter/nbconvert/blob/main/CHANGELOG.md">nbconvert's changelog</a>.</em></p> <blockquote> <h2>7.17.1</h2> <p>This is a security release, fixing two CVEs:</p> <ul> <li><a href="https://github.com/jupyter/nbconvert/security/advisories/GHSA-4c99-qj7h-p3vg">CVE-2026-39377</a></li> <li><a href="https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9">CVE-2026-39378</a></li> </ul> <p>(full advisories will be published seven days after release, on 2026-04-14).</p> <p>(<a href="https://github.com/jupyter/nbconvert/compare/v7.17.0...b3b6ec01f872e9af8fd1769eb9cf1889c720ecf3">Full Changelog</a>)</p> <h3>Enhancements made</h3> <ul> <li>Allow configureable WebPDF JavaScript processing timeout <a href="https://redirect.github.com/jupyter/nbconvert/pull/2250">#2250</a> (<a href="https://github.com/timkpaine"><code>@timkpaine</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> </ul> <h3>Bugs fixed</h3> <ul> <li>Fix <code>PermissionError</code> when checking template paths on shared filesystems <a href="https://redirect.github.com/jupyter/nbconvert/pull/2252">#2252</a> (<a href="https://github.com/ctcjab"><code>@ctcjab</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Tweak webpdf template logic to fix duplicate extension problem <a href="https://redirect.github.com/jupyter/nbconvert/pull/2249">#2249</a> (<a href="https://github.com/timkpaine"><code>@timkpaine</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> </ul> <h3>Maintenance and upkeep improvements</h3> <ul> <li>specify python version for pre <a href="https://redirect.github.com/jupyter/nbconvert/pull/2276">#2276</a> (<a href="https://github.com/minrk"><code>@minrk</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter/nbconvert/graphs/contributors?from=2026-01-29&to=2026-04-08&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/akhmerov"><code>@akhmerov</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aakhmerov+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/bollwyvl"><code>@bollwyvl</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/Carreau"><code>@Carreau</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/ctcjab"><code>@ctcjab</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Actcjab+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/davidbrochart"><code>@davidbrochart</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Adavidbrochart+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/Ken-B"><code>@Ken-B</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AKen-B+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/krassowski"><code>@krassowski</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/mgeier"><code>@mgeier</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgeier+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/minrk"><code>@minrk</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/mpacer"><code>@mpacer</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ampacer+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/MSeal"><code>@MSeal</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/SylvainCorlay"><code>@SylvainCorlay</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ASylvainCorlay+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/takluyver"><code>@takluyver</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Atakluyver+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>) | <a href="https://github.com/timkpaine"><code>@timkpaine</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Atimkpaine+updated%3A2026-01-29..2026-04-08&type=Issues">activity</a>)</p> <!-- raw HTML omitted --> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
Jacob Lee
|
40026a7282 |
feat(core): Update inheritance behavior for tracer metadata for special keys (#36900)
JS equivalent: https://github.com/langchain-ai/langchainjs/pull/10733 |
||
|
dependabot[bot]
|
9bd63b4ac8 |
chore: bump langsmith from 0.7.13 to 0.7.31 in /libs/core (#36813)
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from 0.7.13 to 0.7.31. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's releases</a>.</em></p> <blockquote> <h2>v0.7.31</h2> <h2>What's Changed</h2> <ul> <li>chore(deps-dev): bump langchain-core from 1.2.23 to 1.2.28 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2692">langchain-ai/langsmith-sdk#2692</a></li> <li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.82.0 to 0.84.0 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2684">langchain-ai/langsmith-sdk#2684</a></li> <li>chore(deps): bump cryptography from 46.0.6 to 46.0.7 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2693">langchain-ai/langsmith-sdk#2693</a></li> <li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.84.0 to 0.85.0 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2700">langchain-ai/langsmith-sdk#2700</a></li> <li>feat(py): Tag OpenAI Agent Python SDK runs with ls_agent_type by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2699">langchain-ai/langsmith-sdk#2699</a></li> <li>feat(js): Adds ls_agent_type metadata to AI SDK runs by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2701">langchain-ai/langsmith-sdk#2701</a></li> <li>chore(deps-dev): bump types-tqdm from 4.67.3.20260303 to 4.67.3.20260408 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2710">langchain-ai/langsmith-sdk#2710</a></li> <li>chore(deps): bump pnpm/action-setup from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2705">langchain-ai/langsmith-sdk#2705</a></li> <li>chore(deps): bump the py-minor-and-patch group across 1 directory with 10 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2711">langchain-ai/langsmith-sdk#2711</a></li> <li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.85.0 to 0.86.0 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2702">langchain-ai/langsmith-sdk#2702</a></li> <li>chore(deps): bump actions/github-script from 8 to 9 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2706">langchain-ai/langsmith-sdk#2706</a></li> <li>chore(deps-dev): bump the js-minor-and-patch group across 1 directory with 7 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2712">langchain-ai/langsmith-sdk#2712</a></li> <li>chore(deps-dev): bump types-psutil from 7.2.2.20260130 to 7.2.2.20260408 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2709">langchain-ai/langsmith-sdk#2709</a></li> <li>chore(deps-dev): bump rich from 14.3.3 to 15.0.0 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2708">langchain-ai/langsmith-sdk#2708</a></li> <li>feat: Filter kwargs from new token events by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2714">langchain-ai/langsmith-sdk#2714</a></li> <li>release(py): 0.7.31 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2716">langchain-ai/langsmith-sdk#2716</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31</a></p> <h2>v0.7.30</h2> <h2>What's Changed</h2> <ul> <li>feat(python): add service feature to sandbox by <a href="https://github.com/DanielKneipp"><code>@DanielKneipp</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2665">langchain-ai/langsmith-sdk#2665</a></li> <li>fix(js): Fix prototype pollution bug in anonymizers by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2690">langchain-ai/langsmith-sdk#2690</a></li> <li>release(js): 0.5.18 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2691">langchain-ai/langsmith-sdk#2691</a></li> <li>chore(js/sandbox): suppress warning log by <a href="https://github.com/hntrl"><code>@hntrl</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2694">langchain-ai/langsmith-sdk#2694</a></li> <li>feat(js): Add metadata to Claude Agent SDK JS tracing by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2695">langchain-ai/langsmith-sdk#2695</a></li> <li>fix(py): Fix run tree memory leak by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2696">langchain-ai/langsmith-sdk#2696</a></li> <li>release(py): 0.7.30 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2698">langchain-ai/langsmith-sdk#2698</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30</a></p> <h2>v0.7.29</h2> <h2>What's Changed</h2> <ul> <li>release(js): 0.5.17 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2681">langchain-ai/langsmith-sdk#2681</a></li> <li>feat(py): Fix race condition around Claude Agent SDK instrumentation by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2685">langchain-ai/langsmith-sdk#2685</a></li> <li>release(py): 0.7.29 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2686">langchain-ai/langsmith-sdk#2686</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29</a></p> <h2>v0.7.28</h2> <h2>What's Changed</h2> <ul> <li>feat(py): Support subagent tracing in Claude Agents SDK, fix usage and duplicate messages by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2670">langchain-ai/langsmith-sdk#2670</a></li> <li>chore(deps-dev): bump the py-minor-and-patch group across 1 directory with 11 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2677">langchain-ai/langsmith-sdk#2677</a></li> <li>chore(deps-dev): bump the js-minor-and-patch group across 1 directory with 8 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2667">langchain-ai/langsmith-sdk#2667</a></li> <li>chore(deps): bump pnpm/action-setup from 4 to 5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2658">langchain-ai/langsmith-sdk#2658</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
Eugene Yurtsev
|
c87cd04927 |
release(core): release 1.3.0 (#36851)
xRelease 1.3.0 |
||
|
Eugene Yurtsev
|
af0e174ef7 |
release(core): 1.3.0a3 (#36829)
release 1.3.0a3 |
||
|
Eugene Yurtsev
|
b00646d882 |
chore(core): keep checkpoint_ns behavior in streaming metadata for backwards compat (#36828)
minor buglet |
||
|
Jacob Lee
|
c04e05feb1 |
feat(core): Add chat model and LLM invocation params to traceable metadata (#36771)
Equivalent to: https://github.com/langchain-ai/langchainjs/pull/10711/ --------- Co-authored-by: Eugene Yurtsev <eyurtsev@gmail.com> |
||
|
ccurme
|
338aa8131a | fix(core): restore cloud metadata IPs and link-local range in SSRF policy (#36816) | ||
|
Mason Daugherty
|
7e81d09f2a |
chore(deps): bump pytest to 9.0.3 (#36801)
CVE-2025-71176 (medium severity) All are dev-only (test dependency group) — no impact on published packages. ### Why syrupy was also bumped syrupy 4.x (`<5.0.0`) constrains pytest to `<9.0.0`, blocking the CVE fix. Widening to `<6.0.0` allows syrupy 5.x which supports pytest 9.x. |
||
|
ccurme
|
7d601dc2c6 | chore(core): harden private SSRF utilities (#36768) | ||
William FH
|
885f2c2c2d | fix(openai): handle content blocks without type key in responses api conversion (#36725) | ||
|
dependabot[bot]
|
87ca15da86 |
chore: bump pytest from 9.0.2 to 9.0.3 in /libs/core (#36719)
Bumps [pytest](https://github.com/pytest-dev/pytest) from 9.0.2 to 9.0.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pytest-dev/pytest/releases">pytest's releases</a>.</em></p> <blockquote> <h2>9.0.3</h2> <h1>pytest 9.0.3 (2026-04-07)</h1> <h2>Bug fixes</h2> <ul> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/12444">#12444</a>: Fixed <code>pytest.approx</code> which now correctly takes into account <code>~collections.abc.Mapping</code> keys order to compare them.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13634">#13634</a>: Blocking a <code>conftest.py</code> file using the <code>-p no:</code> option is now explicitly disallowed.</p> <p>Previously this resulted in an internal assertion failure during plugin loading.</p> <p>Pytest now raises a clear <code>UsageError</code> explaining that conftest files are not plugins and cannot be disabled via <code>-p</code>.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13734">#13734</a>: Fixed crash when a test raises an exceptiongroup with <code>__tracebackhide__ = True</code>.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/14195">#14195</a>: Fixed an issue where non-string messages passed to <!-- raw HTML omitted -->unittest.TestCase.subTest()<!-- raw HTML omitted --> were not printed.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/14343">#14343</a>: Fixed use of insecure temporary directory (CVE-2025-71176).</p> </li> </ul> <h2>Improved documentation</h2> <ul> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/13388">#13388</a>: Clarified documentation for <code>-p</code> vs <code>PYTEST_PLUGINS</code> plugin loading and fixed an incorrect <code>-p</code> example.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/13731">#13731</a>: Clarified that capture fixtures (e.g. <code>capsys</code> and <code>capfd</code>) take precedence over the <code>-s</code> / <code>--capture=no</code> command-line options in <code>Accessing captured output from a test function <accessing-captured-output></code>.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/14088">#14088</a>: Clarified that the default <code>pytest_collection</code> hook sets <code>session.items</code> before it calls <code>pytest_collection_finish</code>, not after.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/14255">#14255</a>: TOML integer log levels must be quoted: Updating reference documentation.</li> </ul> <h2>Contributor-facing changes</h2> <ul> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/12689">#12689</a>: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible <a href="https://app.codecov.io/gh/pytest-dev/pytest/tests">on the web interface</a>.</p> <p>-- by <code>aleguy02</code></p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Eugene Yurtsev
|
8182d6302d |
release(core): 1.3.0.a2 (#36698)
release 1.3.0a2 |
||
|
Jacob Lee
|
a6eb829701 |
fix(core): Use reference counting for storing inherited run trees to support garbage collection (#36660)
When a langsmith `@traceable` function invokes a LangChain Runnable or LangGraph subgraph, the callback manager's `_configure` function injects the `@traceable` RunTree into the `LangChainTracer`'s `run_map` so that child runs can resolve their parent for trace nesting. However, since the RunTree was created outside the tracer's callback lifecycle, `_end_trace` never removes it. The entry persists in `run_map` indefinitely, retaining the full RunTree and its entire child tree. In applications with nested subgraph invocations (e.g. an outer investigation graph delegating to skill agent subgraphs, each compiled as their own `StateGraph`), this causes RunTree objects to accumulate linearly with every call. **Fix:** Track which `run_map` entries were injected externally via a shared `_external_run_ids` refcount dict on `_TracerCore`. When `_start_trace` adds a child under an external parent, it increments the count. When `_end_trace` finishes a child, it decrements — and evicts the external parent from `run_map` once the last child completes. The refcount (rather than a simple set) is necessary because a single external parent may have multiple sibling children in the callback chain (e.g. a `prompt | llm` `RunnableSequence`). Only truly external runs are tracked — the `_configure` guard `if run_id_str not in handler.run_map` prevents tracer-managed runs from being misclassified. |
||
|
Mason Daugherty
|
cfb16f634f | docs(core): nit (#36685) | ||
|
Eugene Yurtsev
|
9ee4617fba |
release(core): 1.3.0a1 (#36656)
1.3.0a1 release |
||
|
Eugene Yurtsev
|
af4d711a2f |
chore(core): reduce streaming metadata / perf (#36588)
- looking into reducing streaming metadata / perfm --------- Co-authored-by: William Fu-Hinthorn <13333726+hinthornw@users.noreply.github.com> |
||
|
Eugene Yurtsev
|
dd7c3eb3a4 |
release(core): release 1.2.28 (#36614)
release 1.27.8 |
||
|
Eugene Yurtsev
|
af2ed47c6f |
fix(core): add more sanitization to templates (#36612)
add more sanitization to templates |
||
|
ccurme
|
6486404116 | release(core): 1.2.27 (#36586) | ||
|
ccurme
|
7629c74726 |
fix(core): handle symlinks in deprecated prompt save path (#36585)
Resolve symlinks before validating file extensions in the deprecated `save()` method on prompt classes. Credit to Jeff Ponte (@JDP-Security) for reporting the symlink resolution issue. |
||
|
Mason Daugherty
|
555bdfbade |
chore: add comment explaining pygments>=2.20.0 (#36570)
|
||
|
Mason Daugherty
|
0a1d290ac2 | release(core): 1.2.26 (#36511) | ||
Michael Chin
|
ebecdddb1b |
fix(core): add init validator and serialization mappings for Bedrock models (#34510)
Adds serialization mappings for `ChatBedrockConverse` and `BedrockLLM` to unblock standard tests on `langchain-core>=1.2.5` (context: [langchain-aws#821](https://github.com/langchain-ai/langchain-aws/pull/821)). Also introduces a class-specific validator system in `langchain_core.load` that blocks deserialization of AWS Bedrock models when `endpoint_url` or `base_url` parameters are present, preventing SSRF attacks via crafted serialized payloads. Closes #34645 ## Changes - Add `ChatBedrockConverse` and `BedrockLLM` entries to `SERIALIZABLE_MAPPING` in `mapping.py`, mapping legacy paths to their `langchain_aws` import locations - Add `validators.py` with `_bedrock_validator` — rejects deserialization kwargs containing `endpoint_url` or `base_url` for all Bedrock-related classes (`ChatBedrock`, `BedrockChat`, `ChatBedrockConverse`, `ChatAnthropicBedrock`, `BedrockLLM`, `Bedrock`) - `CLASS_INIT_VALIDATORS` registry covers both serialized (legacy) keys and resolved import paths from `ALL_SERIALIZABLE_MAPPINGS`, preventing bypass via direct-path payloads - Move kwargs extraction and all validator checks (`CLASS_INIT_VALIDATORS` + `init_validator`) in `Reviver.__call__` to run **before** `importlib.import_module()` — fail fast on security violations before executing third-party code - Class-specific validators are independent of `init_validator` and cannot be disabled by passing `init_validator=None` ## Testing - `test_validator_registry_keys_in_serializable_mapping` — structural invariant test ensuring every `CLASS_INIT_VALIDATORS` key exists in `ALL_SERIALIZABLE_MAPPINGS` - 10 end-to-end `load()` tests covering all Bedrock class paths (legacy aliases, resolved import paths, `ChatAnthropicBedrock`, `init_validator=None` bypass attempt) - Unit tests for `_bedrock_validator` covering `endpoint_url`, `base_url`, both params, and safe kwargs --------- Co-authored-by: Mason Daugherty <mason@langchain.dev> Co-authored-by: Mason Daugherty <github@mdrxy.com> |
||
|
Mason Daugherty
|
e94cd41fee |
feat(core): add ChatBaseten to serializable mapping (#36510)
Register `ChatBaseten` from `langchain_baseten` in the core serialization mapping so it can round-trip through `loads`/`dumps`. Without this entry, serialized `ChatBaseten` objects fail to deserialize. |
||
|
Mason Daugherty
|
aec6d42d10 |
chore(core): drop gpt-3.5-turbo from docstrings (#36497)
|
||
Ujjwal Reddy K S
|
d1529dd0bc | fix(core): correct parameter names in filter_messages docstring example (#36462) | ||
|
ccurme
|
e89afedfec | release(core): 1.2.25 (#36473) | ||
|
ccurme
|
0b5f2c08ee | fix(core): harden check for txt files in deprecated prompt loading functions (#36471) | ||
jasiecky
|
c9f51aef85 |
fix(core): fixed typos in the documentation (#36459)
Fixes #36458 Fixed typos in the documentation in the core module. |
||
|
ccurme
|
b3dff4a04c | release(core): 1.2.24 (#36434) | ||
|
ccurme
|
bdfd4462ac | feat(core): impute placeholder filenames for OpenAI file inputs (#36433) | ||
John Kennedy
|
0f4f3f74c8 |
chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385)
## Summary Bumps `pygments` to `>=2.20.0` across all 21 affected packages to address [CVE-2026-4539](https://github.com/advisories/GHSA-XXXX) — ReDoS via inefficient GUID regex in Pygments. - **Severity:** Low - **Fixed in:** 2.20.0 (was 2.19.2) - **Change:** Added `pygments>=2.20.0` to `constraint-dependencies` in `[tool.uv]` for each package, then ran `uv lock --upgrade-package pygments` to regenerate lock files. Closes Dependabot alerts #3435–#3455. ## Release Note Patch deps ### Test Plan - [x] CI Green 🙏 Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> |