github/langchain
1
0
Fork 0
mirror of https://github.com/hwchase17/langchain.git synced 2026-03-18 11:07:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
15,504 Commits 1,103 Branches 1,186 Tags
5624001bbdddc5fcbb0859d1176421c65d4924e3
Commit Graph

8676 Commits

Author SHA1 Message Date
dependabot[bot]
5624001bbd chore: bump orjson from 3.11.5 to 3.11.6 in /libs/partners/xai (#35862) 2026-03-14 13:11:04 -04:00
dependabot[bot]
8cea3e6dc2 chore: bump orjson from 3.11.5 to 3.11.6 in /libs/partners/perplexity (#35865) 2026-03-14 13:10:50 -04:00
dependabot[bot]
026da0ecff chore: bump orjson from 3.11.5 to 3.11.6 in /libs/partners/ollama (#35866) 2026-03-14 17:08:31 +00:00
dependabot[bot]
0157621224 chore: bump orjson from 3.11.5 to 3.11.6 in /libs/model-profiles (#35857) 2026-03-14 13:06:45 -04:00
dependabot[bot]
9e8e31d57e chore: bump black from 25.9.0 to 26.3.1 in /libs/langchain (#35858) 2026-03-14 13:06:28 -04:00
dependabot[bot]
dff48f84c1 chore: bump orjson from 3.11.5 to 3.11.6 in /libs/partners/exa (#35869) 2026-03-14 13:04:35 -04:00
dependabot[bot]
706782c434 chore: bump orjson from 3.11.5 to 3.11.6 in /libs/partners/groq (#35870) 2026-03-14 13:04:22 -04:00
ccurme
50febb79e8 release(anthropic): 1.3.5 (#35873) 2026-03-13 23:09:42 -04:00
dependabot[bot]
313d353646 chore: bump orjson from 3.11.5 to 3.11.6 in /libs/partners/chroma (#35800) 2026-03-13 21:39:44 -04:00
dependabot[bot]
1572ec1f65 chore: bump orjson from 3.11.5 to 3.11.6 in /libs/partners/qdrant (#35801) 2026-03-13 21:39:31 -04:00
dependabot[bot]
721b7e1cbd chore: bump black from 25.11.0 to 26.3.1 in /libs/langchain_v1 (#35802) 2026-03-13 21:39:16 -04:00
dependabot[bot]
7ef77c7253 chore: bump orjson from 3.11.5 to 3.11.6 in /libs/standard-tests (#35804) 2026-03-13 21:38:37 -04:00
dependabot[bot]
e2cd41e2a5 chore: bump orjson from 3.11.5 to 3.11.6 in /libs/langchain (#35806) 2026-03-13 21:37:38 -04:00
dependabot[bot]
44e8e83872 chore: bump orjson from 3.11.5 to 3.11.6 in /libs/langchain_v1 (#35807) 2026-03-13 21:37:25 -04:00
Jacob Lee
6d6d7191cf fix(anthropic): Ignore general usage cache_creation fields if more specific fields are set (#35845) 
Prevent double counting, since the sum of all `input_token_details`
should never exceed `input_tokens`

---------

Co-authored-by: Chester Curme <chester.curme@gmail.com>
 2026-03-13 20:21:06 -04:00
ccurme
b1f2d9c0fb fix(langchain-classic): format (#35854) 2026-03-13 20:19:02 -04:00
Tejas Attarde
d6dbcf6294 perf(.github): set a timeout on get min versions HTTP calls (#35851) 
During an automated code review of .github/scripts/get_min_versions.py,
the following issue was identified. Set a timeout on get min versions
HTTP calls. Network calls without a timeout can hang a worker
indefinitely. I kept the patch small and re-ran syntax checks after
applying it.
 2026-03-13 17:24:32 -04:00
Mason Daugherty
9b22f9c450 chore: housekeeping (#35850) 2026-03-13 16:24:35 -04:00
ccurme
a9707b35d3 release(mistralai): 1.1.2 (#35835) 2026-03-13 09:53:50 -04:00
ccurme
cf07003fc1 release(langchain): 1.0.3 (#35834) 2026-03-13 09:53:41 -04:00
ccurme
41cca203e6 release(core): 1.2.19 (#35832) 2026-03-13 09:41:49 -04:00
ccurme
307cdcac9e chore(core): move BaseCrossEncoder to langchain-core (#35809) 2026-03-12 20:12:42 -04:00
Mason Daugherty
cee6430b1c refactor(xai): remove redundant lc_attributes override (#35791) 
Remove the redundant `lc_attributes` override from `ChatXAI`. The
`xai_api_base` field is a declared Pydantic `Field`, so
`Serializable.to_json()` already picks it up via its standard field
iteration loop (line 225-232 in `serializable.py`). The override was a
no-op — it re-inserted the same key with the same value that the base
serialization already included.
 2026-03-12 15:23:22 +00:00
Mason Daugherty
6b9b4c6546 feat(xai): support base_url alias and XAI_API_BASE env var (#35790) 
Add `base_url` alias and `XAI_API_BASE` env variable support to
`ChatXAI.xai_api_base`, aligning the xAI integration with the pattern
used across other partner packages (OpenAI, Groq, Fireworks, etc.).
Previously the base URL was a plain string field with no alias or
env-var lookup, making it inconsistent with the rest of the ecosystem
and harder to configure in deployment environments.

## Changes
- Add `alias="base_url"` and `default_factory=from_env("XAI_API_BASE",
default="https://api.x.ai/v1/")` to `ChatXAI.xai_api_base`, matching the
convention in `langchain_openai`, `langchain_groq`, and
`langchain_fireworks`
 2026-03-12 14:55:36 +00:00
Mason Daugherty
b676167707 fix(deepseek): accept base_url as alias for api_base (#35789) 
Add `base_url` as a Pydantic alias for `ChatDeepSeek.api_base`, so users
can pass `base_url=` when constructing the model.
 2026-03-12 14:27:34 +00:00
Mason Daugherty
5d9568b5f5 feat(model-profiles): new fields + Makefile target (#35788) 
Extract additional fields from models.dev into `_model_data_to_profile`:
`name`, `status`, `release_date`, `last_updated`, `open_weights`,
`attachment`, `temperature`

Move the model profile refresh logic from an inline bash script in the
GitHub Actions workflow into a `make refresh-profiles` target in
`libs/model-profiles/Makefile`. This makes it runnable locally with a
single command and keeps the provider map in one place instead of
duplicated between CI and developer docs.
 2026-03-12 13:56:25 +00:00
dependabot[bot]
1891d414be chore: bump tornado from 6.5.2 to 6.5.5 in /libs/text-splitters (#35774) 
Bumps [tornado](https://github.com/tornadoweb/tornado) from 6.5.2 to
6.5.5.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst">tornado's
changelog</a>.</em></p>
<blockquote>
<h1>Release notes</h1>
<p>.. toctree::
:maxdepth: 2</p>
<p>releases/v6.5.5
releases/v6.5.4
releases/v6.5.3
releases/v6.5.2
releases/v6.5.1
releases/v6.5.0
releases/v6.4.2
releases/v6.4.1
releases/v6.4.0
releases/v6.3.3
releases/v6.3.2
releases/v6.3.1
releases/v6.3.0
releases/v6.2.0
releases/v6.1.0
releases/v6.0.4
releases/v6.0.3
releases/v6.0.2
releases/v6.0.1
releases/v6.0.0
releases/v5.1.1
releases/v5.1.0
releases/v5.0.2
releases/v5.0.1
releases/v5.0.0
releases/v4.5.3
releases/v4.5.2
releases/v4.5.1
releases/v4.5.0
releases/v4.4.3
releases/v4.4.2
releases/v4.4.1
releases/v4.4.0
releases/v4.3.0
releases/v4.2.1
releases/v4.2.0
releases/v4.1.0
releases/v4.0.2
releases/v4.0.1
releases/v4.0.0
releases/v3.2.2
releases/v3.2.1
releases/v3.2.0
releases/v3.1.1</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7d6465056c"><code>7d64650</code></a>
Merge pull request <a
href="https://redirect.github.com/tornadoweb/tornado/issues/3586">#3586</a>
from bdarnell/update-cibw</li>
<li><a
href="d05d59b808"><code>d05d59b</code></a>
build: Bump cibuildwheel to 3.4.0</li>
<li><a
href="c2f46732b0"><code>c2f4673</code></a>
Merge pull request <a
href="https://redirect.github.com/tornadoweb/tornado/issues/3585">#3585</a>
from bdarnell/release-655</li>
<li><a
href="e5f1aa4b6f"><code>e5f1aa4</code></a>
Release notes and version bump for v6.5.5</li>
<li><a
href="78a046f99f"><code>78a046f</code></a>
httputil: Add CRLF to _FORBIDDEN_HEADER_CHARS_RE</li>
<li><a
href="24a2d96ea1"><code>24a2d96</code></a>
web: Validate characters in all cookie attributes.</li>
<li><a
href="119a195e29"><code>119a195</code></a>
httputil: Add limits on multipart form data parsing</li>
<li><a
href="63d4df4eef"><code>63d4df4</code></a>
Merge pull request <a
href="https://redirect.github.com/tornadoweb/tornado/issues/3564">#3564</a>
from bdarnell/release-654</li>
<li><a
href="eadbf9adbe"><code>eadbf9a</code></a>
Release notes and version bump for 6.5.4</li>
<li><a
href="bbc2b1429c"><code>bbc2b14</code></a>
Make sure that the in-operator on HTTPHeaders is case insensitive</li>
<li>Additional commits viewable in <a
href="https://github.com/tornadoweb/tornado/compare/v6.5.2...v6.5.5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tornado&package-manager=uv&previous-version=6.5.2&new-version=6.5.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-11 23:09:17 -04:00
dependabot[bot]
1d954bccfa chore: bump tornado from 6.5.2 to 6.5.5 in /libs/langchain (#35773) 
Bumps [tornado](https://github.com/tornadoweb/tornado) from 6.5.2 to
6.5.5.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst">tornado's
changelog</a>.</em></p>
<blockquote>
<h1>Release notes</h1>
<p>.. toctree::
:maxdepth: 2</p>
<p>releases/v6.5.5
releases/v6.5.4
releases/v6.5.3
releases/v6.5.2
releases/v6.5.1
releases/v6.5.0
releases/v6.4.2
releases/v6.4.1
releases/v6.4.0
releases/v6.3.3
releases/v6.3.2
releases/v6.3.1
releases/v6.3.0
releases/v6.2.0
releases/v6.1.0
releases/v6.0.4
releases/v6.0.3
releases/v6.0.2
releases/v6.0.1
releases/v6.0.0
releases/v5.1.1
releases/v5.1.0
releases/v5.0.2
releases/v5.0.1
releases/v5.0.0
releases/v4.5.3
releases/v4.5.2
releases/v4.5.1
releases/v4.5.0
releases/v4.4.3
releases/v4.4.2
releases/v4.4.1
releases/v4.4.0
releases/v4.3.0
releases/v4.2.1
releases/v4.2.0
releases/v4.1.0
releases/v4.0.2
releases/v4.0.1
releases/v4.0.0
releases/v3.2.2
releases/v3.2.1
releases/v3.2.0
releases/v3.1.1</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7d6465056c"><code>7d64650</code></a>
Merge pull request <a
href="https://redirect.github.com/tornadoweb/tornado/issues/3586">#3586</a>
from bdarnell/update-cibw</li>
<li><a
href="d05d59b808"><code>d05d59b</code></a>
build: Bump cibuildwheel to 3.4.0</li>
<li><a
href="c2f46732b0"><code>c2f4673</code></a>
Merge pull request <a
href="https://redirect.github.com/tornadoweb/tornado/issues/3585">#3585</a>
from bdarnell/release-655</li>
<li><a
href="e5f1aa4b6f"><code>e5f1aa4</code></a>
Release notes and version bump for v6.5.5</li>
<li><a
href="78a046f99f"><code>78a046f</code></a>
httputil: Add CRLF to _FORBIDDEN_HEADER_CHARS_RE</li>
<li><a
href="24a2d96ea1"><code>24a2d96</code></a>
web: Validate characters in all cookie attributes.</li>
<li><a
href="119a195e29"><code>119a195</code></a>
httputil: Add limits on multipart form data parsing</li>
<li><a
href="63d4df4eef"><code>63d4df4</code></a>
Merge pull request <a
href="https://redirect.github.com/tornadoweb/tornado/issues/3564">#3564</a>
from bdarnell/release-654</li>
<li><a
href="eadbf9adbe"><code>eadbf9a</code></a>
Release notes and version bump for 6.5.4</li>
<li><a
href="bbc2b1429c"><code>bbc2b14</code></a>
Make sure that the in-operator on HTTPHeaders is case insensitive</li>
<li>Additional commits viewable in <a
href="https://github.com/tornadoweb/tornado/compare/v6.5.2...v6.5.5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tornado&package-manager=uv&previous-version=6.5.2&new-version=6.5.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-11 23:09:15 -04:00
dependabot[bot]
261b1d57e4 chore: bump tornado from 6.5.2 to 6.5.5 in /libs/core (#35775) 
Bumps [tornado](https://github.com/tornadoweb/tornado) from 6.5.2 to
6.5.5.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst">tornado's
changelog</a>.</em></p>
<blockquote>
<h1>Release notes</h1>
<p>.. toctree::
:maxdepth: 2</p>
<p>releases/v6.5.5
releases/v6.5.4
releases/v6.5.3
releases/v6.5.2
releases/v6.5.1
releases/v6.5.0
releases/v6.4.2
releases/v6.4.1
releases/v6.4.0
releases/v6.3.3
releases/v6.3.2
releases/v6.3.1
releases/v6.3.0
releases/v6.2.0
releases/v6.1.0
releases/v6.0.4
releases/v6.0.3
releases/v6.0.2
releases/v6.0.1
releases/v6.0.0
releases/v5.1.1
releases/v5.1.0
releases/v5.0.2
releases/v5.0.1
releases/v5.0.0
releases/v4.5.3
releases/v4.5.2
releases/v4.5.1
releases/v4.5.0
releases/v4.4.3
releases/v4.4.2
releases/v4.4.1
releases/v4.4.0
releases/v4.3.0
releases/v4.2.1
releases/v4.2.0
releases/v4.1.0
releases/v4.0.2
releases/v4.0.1
releases/v4.0.0
releases/v3.2.2
releases/v3.2.1
releases/v3.2.0
releases/v3.1.1</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7d6465056c"><code>7d64650</code></a>
Merge pull request <a
href="https://redirect.github.com/tornadoweb/tornado/issues/3586">#3586</a>
from bdarnell/update-cibw</li>
<li><a
href="d05d59b808"><code>d05d59b</code></a>
build: Bump cibuildwheel to 3.4.0</li>
<li><a
href="c2f46732b0"><code>c2f4673</code></a>
Merge pull request <a
href="https://redirect.github.com/tornadoweb/tornado/issues/3585">#3585</a>
from bdarnell/release-655</li>
<li><a
href="e5f1aa4b6f"><code>e5f1aa4</code></a>
Release notes and version bump for v6.5.5</li>
<li><a
href="78a046f99f"><code>78a046f</code></a>
httputil: Add CRLF to _FORBIDDEN_HEADER_CHARS_RE</li>
<li><a
href="24a2d96ea1"><code>24a2d96</code></a>
web: Validate characters in all cookie attributes.</li>
<li><a
href="119a195e29"><code>119a195</code></a>
httputil: Add limits on multipart form data parsing</li>
<li><a
href="63d4df4eef"><code>63d4df4</code></a>
Merge pull request <a
href="https://redirect.github.com/tornadoweb/tornado/issues/3564">#3564</a>
from bdarnell/release-654</li>
<li><a
href="eadbf9adbe"><code>eadbf9a</code></a>
Release notes and version bump for 6.5.4</li>
<li><a
href="bbc2b1429c"><code>bbc2b14</code></a>
Make sure that the in-operator on HTTPHeaders is case insensitive</li>
<li>Additional commits viewable in <a
href="https://github.com/tornadoweb/tornado/compare/v6.5.2...v6.5.5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tornado&package-manager=uv&previous-version=6.5.2&new-version=6.5.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-11 23:09:06 -04:00
Matt Van Horn
9521c679db fix(openai): close PIL Image handles in token counting to prevent fd leak (#35742) 2026-03-11 23:07:45 -04:00
ccurme
92be5b62b0 fix(anthropic): support eager_input_streaming (#35779) 2026-03-11 23:07:13 -04:00
Mason Daugherty
4f400be31d chore(langchain): add baseten to _BUILTIN_PROVIDERS (#35777) 2026-03-11 22:09:33 -04:00
dependabot[bot]
2a71c1a43f chore: bump tornado from 6.5.2 to 6.5.5 in /libs/partners/huggingface (#35776) 
Bumps [tornado](https://github.com/tornadoweb/tornado) from 6.5.2 to
6.5.5.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst">tornado's
changelog</a>.</em></p>
<blockquote>
<h1>Release notes</h1>
<p>.. toctree::
:maxdepth: 2</p>
<p>releases/v6.5.5
releases/v6.5.4
releases/v6.5.3
releases/v6.5.2
releases/v6.5.1
releases/v6.5.0
releases/v6.4.2
releases/v6.4.1
releases/v6.4.0
releases/v6.3.3
releases/v6.3.2
releases/v6.3.1
releases/v6.3.0
releases/v6.2.0
releases/v6.1.0
releases/v6.0.4
releases/v6.0.3
releases/v6.0.2
releases/v6.0.1
releases/v6.0.0
releases/v5.1.1
releases/v5.1.0
releases/v5.0.2
releases/v5.0.1
releases/v5.0.0
releases/v4.5.3
releases/v4.5.2
releases/v4.5.1
releases/v4.5.0
releases/v4.4.3
releases/v4.4.2
releases/v4.4.1
releases/v4.4.0
releases/v4.3.0
releases/v4.2.1
releases/v4.2.0
releases/v4.1.0
releases/v4.0.2
releases/v4.0.1
releases/v4.0.0
releases/v3.2.2
releases/v3.2.1
releases/v3.2.0
releases/v3.1.1</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7d6465056c"><code>7d64650</code></a>
Merge pull request <a
href="https://redirect.github.com/tornadoweb/tornado/issues/3586">#3586</a>
from bdarnell/update-cibw</li>
<li><a
href="d05d59b808"><code>d05d59b</code></a>
build: Bump cibuildwheel to 3.4.0</li>
<li><a
href="c2f46732b0"><code>c2f4673</code></a>
Merge pull request <a
href="https://redirect.github.com/tornadoweb/tornado/issues/3585">#3585</a>
from bdarnell/release-655</li>
<li><a
href="e5f1aa4b6f"><code>e5f1aa4</code></a>
Release notes and version bump for v6.5.5</li>
<li><a
href="78a046f99f"><code>78a046f</code></a>
httputil: Add CRLF to _FORBIDDEN_HEADER_CHARS_RE</li>
<li><a
href="24a2d96ea1"><code>24a2d96</code></a>
web: Validate characters in all cookie attributes.</li>
<li><a
href="119a195e29"><code>119a195</code></a>
httputil: Add limits on multipart form data parsing</li>
<li><a
href="63d4df4eef"><code>63d4df4</code></a>
Merge pull request <a
href="https://redirect.github.com/tornadoweb/tornado/issues/3564">#3564</a>
from bdarnell/release-654</li>
<li><a
href="eadbf9adbe"><code>eadbf9a</code></a>
Release notes and version bump for 6.5.4</li>
<li><a
href="bbc2b1429c"><code>bbc2b14</code></a>
Make sure that the in-operator on HTTPHeaders is case insensitive</li>
<li>Additional commits viewable in <a
href="https://github.com/tornadoweb/tornado/compare/v6.5.2...v6.5.5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tornado&package-manager=uv&previous-version=6.5.2&new-version=6.5.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-11 20:42:40 -04:00
Sydney Runkle
2a137bf491 release(langchain_v1): 1.2.12 (#35770) 2026-03-11 22:18:08 +00:00
Sydney Runkle
25f94eecce feat: tracing for wrap model + tool call (#35765) 
Adding tracing for `wrap_model_call` and `wrap_tool_call`
Scrubbing `request.runtime` and `handler` for now

`wrap_model_call`:
<img width="1292" height="433" alt="Screenshot 2026-03-11 at 2 22 31 PM"
src="https://github.com/user-attachments/assets/7717ef52-1498-41cf-97da-93e171377c9f"
/>


`wrap_tool_call`:
<img width="1301" height="664" alt="Screenshot 2026-03-11 at 2 22 50 PM"
src="https://github.com/user-attachments/assets/8722b28a-2482-40cf-911e-dae5cd383373"
/>
 2026-03-11 15:57:41 -04:00
LincolnBurrows2017
f9dbd22fe1 fix(openai): typo (#35763) 
Fixed typo in comment: "equivelent" -> "equivalent" in
libs/partners/openai/langchain_openai/chat_models/base.py

Co-authored-by: AI Assistant <assistant@example.com>
 2026-03-11 11:46:06 -04:00
langchain-model-profile-bot[bot]
3e4c0d5949 chore(model-profiles): refresh model profile data (#35754) 
Automated refresh of model profile data for all in-monorepo partner
integrations via `langchain-profiles refresh`.

🤖 Generated by the `refresh_model_profiles` workflow.

Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>
 2026-03-11 09:47:53 -04:00
Sydney Runkle
057c484ba2 release(langchain_v1): 1.2.11 (#35723) 2026-03-10 19:38:33 +00:00
Anix Lynch
292d0bda86 docs(huggingface): add [full] install guidance and sentence-transformers>=5.2.0 migration note (#35713) 2026-03-10 10:54:06 -04:00
ccurme
fcca6e2dc4 fix(openai): bump min core version (#35705) 2026-03-09 18:52:13 -04:00
ccurme
6b25caf1ae release(core): 1.2.18 (#35704) 2026-03-09 16:36:50 -04:00
ccurme
637145012d release(openai): 1.1.11 (#35703) 2026-03-09 16:22:23 -04:00
langchain-model-profile-bot[bot]
527fc02980 chore(model-profiles): refresh model profile data (#35681) 
Automated refresh of model profile data for all in-monorepo partner
integrations via `langchain-profiles refresh`.

🤖 Generated by the `refresh_model_profiles` workflow.

Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>
 2026-03-09 10:00:36 -04:00
Mohammad Mohtashim
3af0bc0141 fix(openai): update responses API model detection for pro and codex models (#35594) 2026-03-09 09:20:20 -04:00
Ethan T.
f838c78788 fix(core): fix double backticks in deprecation docstring for alternative_import (#35658) 2026-03-08 15:36:04 -04:00
Mohammad Mohtashim
b21c0a8062 fix(core): preserve default_factory when generating tool call schema (#35550) 2026-03-08 15:34:21 -04:00
langchain-model-profile-bot[bot]
e015fb2267 chore(model-profiles): refresh model profile data (#35646) 
Automated refresh of model profile data for all in-monorepo partner
integrations via `langchain-profiles refresh`.

🤖 Generated by the `refresh_model_profiles` workflow.

Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>
 2026-03-08 15:24:29 -04:00
Giulio Leone
46fdade7e6 fix(langchain): normalize custom detector output to prevent KeyError in hash/mask strategies (#35651) 2026-03-08 15:07:36 -04:00
ccurme
f11a105023 fix(anthropic): move _make_message_chunk_from_anthropic_event to instance method (#35670) 2026-03-08 14:52:07 -04:00
ccurme
fbfe4b812d feat(openai): support tool search (#35582) 2026-03-08 08:53:13 -04:00