mirror of
https://github.com/hwchase17/langchain.git
synced 2026-06-09 10:17:00 +00:00
7bb4130c7d460f14ec6391805cb47bf01637b5c5
16051 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Sydney Runkle
|
7bb4130c7d |
chore(langchain): bump to 1.3.2, require langgraph>=1.2.2 (#37703)
- Bumps `langchain` to **1.3.2** (patch) - Raises minimum `langgraph` requirement from `>=1.2.1` to `>=1.2.2` langgraph 1.2.2 fixes a race condition where DeltaChannel checkpoint writes could serialize `BaseMessage` objects with `id=None` before `apply_writes()` ran the reducer, causing the same message to appear with a different ID on every `get_state()` call and across resumed invocations (langchain-ai/langgraph#7913). The lockfile will be updated once langgraph 1.2.2 is published to PyPI (langchain-ai/langgraph#7914).langchain==1.3.2 |
||
Nick Hollon
|
d9b8dd5183 |
fix(langchain): land final answer in last AIMessage for TodoListMiddleware (#37643)
|
||
Mason Daugherty
|
95c6a8aa76 |
chore(core): bump uuid-utils to 0.16.0 (#37699)
Refresh `langchain-core`'s lockfile so the dev/CI environment resolves `uuid-utils` to a release that ships free-threading wheels (`cp313t`, `cp314t`). Unblocks `pip install` on Python 3.14 free-threaded builds — previously the lock pinned `0.14.1`, which had no FT wheel and forced an sdist build. Related to #34870. |
||
|
Mason Daugherty
|
c7858c46d8 |
test(anthropic): retry integration tests on transient failures (#37697)
Enable `pytest-retry` on the `integration_tests` Make target so live API flakes (e.g. `test_batch` timing out against `api.anthropic.com`) no longer fail the job on first miss. Matches the existing convention in `libs/partners/groq`. |
||
langchain-model-profile-bot[bot]
|
53a5ac3352 |
chore(model-profiles): refresh model profile data (#37694)
Automated refresh of model profile data for all in-monorepo partner integrations via `langchain-profiles refresh`. 🤖 Generated by the `refresh_model_profiles` workflow. Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com> |
||
|
langchain-model-profile-bot[bot]
|
69d9e95ef4 |
chore(model-profiles): refresh model profile data (#37650)
Automated refresh of model profile data for all in-monorepo partner integrations via `langchain-profiles refresh`. 🤖 Generated by the `refresh_model_profiles` workflow. Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com> |
||
|
Mason Daugherty
|
33875fde2a |
ci(infra): serialize integration test shards across runs (#37648)
Add job-level `concurrency` to the scheduled integration tests so per-package shards from overlapping workflow dispatches don't hit the same live API credentials at once — e.g. a manually triggered `anthropic` run colliding with the daily `all libs` run. |
||
|
Mason Daugherty
|
2638f75e13 |
feat(standard-tests): forward LangSmith CI env vars to traces (#37645)
Scheduled integration runs set `LANGSMITH_TAGS` and `LANGSMITH_METADATA` in `$GITHUB_ENV` (per #37615), but the LangSmith SDK does not read those env vars natively, so the tags/metadata were silently dropped. A new pytest plugin in `langchain-tests` bridges that gap by entering `langsmith.run_helpers.tracing_context` for the duration of each session. |
||
|
Mason Daugherty
|
bdd7f71a1b |
ci(infra): trace scheduled integration tests (#37615)
Wire LangSmith tracing into the scheduled integration test workflow so partner test runs emit traces to a shared project with GitHub Actions metadata attached. Makes failures traceable back to the originating workflow run, sha, and matrix shard without hunting through CI logs. ## Usage - Filter the `oss-python-integration-tests` project by the `github-actions` tag to see only CI runs; add a `sha-<sha>` or `working_directory=<partner>` filter to narrow to a specific commit or partner shard. - From a failing trace, open the `github_run_url` metadata field to jump directly to the originating workflow run; `github_run_attempt` disambiguates reruns. - Tags are flat strings (good for facets); structured fields like `python_version` and `working_directory` live in metadata for richer querying. |
||
|
Nick Hollon
|
11cdce91dc |
ci(infra): add middleware evals workflow for workflow_dispatch discovery (#37644)
Fast-track companion to #37643. GitHub's `workflow_dispatch` event is only discoverable when the workflow file exists on the default branch — even though the workflow code that runs comes from the `ref` passed to the dispatch. This PR lands the `Middleware Evals` workflow file on master so that #37643 (which adds `libs/langchain_v1/tests/evals/`) can be dispatched against the feature branch via: ```bash gh workflow run middleware_evals.yml \ --ref nh/todo-middleware-loop-contract \ --field models='claude-sonnet-4-6,...' ``` without first merging the full eval framework. ## Caveats - The workflow's pytest invocation depends on `libs/langchain_v1/tests/evals/` and the partner SDK list, neither of which exists on master yet. Dispatching with `--ref master` before #37643 lands will fail at pytest collection. That's the intended behavior — the workflow's purpose is to dispatch against branches that ship the eval suite. - Once #37643 merges to master, this workflow file already matches what #37643 adds. The merge will be a no-op for `middleware_evals.yml` itself. |
||
|
Nick Hollon
|
d08245f70d |
feat(langchain): redact streamed PII in flight on PIIMiddleware (#37616)
`PIIMiddleware` previously scrubbed detected PII only at the state level via its `after_model` / `before_model` hooks. Consumers reading the live stream — `astream_events(version="v3")` or `run.messages` / `run.tool_calls` / `run.values` — saw the raw model text, the raw tool-call args, the raw tool outputs, and the raw state snapshots until the run finished and the canonical conversation history was written. This change registers a stream transformer ahead of `MessagesTransformer` that redacts every wire surface of an agent run. The transformer holds a sliding lookback buffer (default 128 characters) per `(run_id, content-block index)` so PII patterns that straddle delta boundaries are caught before the safe prefix is released downstream. Anything older than the lookback is run through the configured detector and emitted; the trailing tail stays buffered until a later delta extends it past the cap or the block finishes. `_finalize_block` always re-runs detection over the full block snapshot so the finalized content lands fully redacted even when the in-flight buffer never released a tail (short responses, or PII arriving in the final delta). The `block` strategy is now supported on the streaming path via a buffering mode that withholds every delta until the block resolves — clean blocks release the full text at finalize, PII-bearing blocks zero the wire and let `after_model` / `apply_to_tool_results` raise `PIIDetectionError` on the original state message. Activation is gated on `apply_to_output=True`, matching the existing post-hoc semantics. The middleware's transformer factory is cloned by `StreamMux._make_child` into every subgraph scope, so attaching `PIIMiddleware` at the outer agent also redacts streamed deltas from sub-agents invoked inside tools. ## Tool-call and tools-channel coverage The transformer covers every wire surface of an agent run, not just AI message text: - **Streamed AI text deltas** (`content-block-delta` of type `text-delta`) — lookback machinery, redacted in place. - **Streamed tool-call args** (`content-block-delta` with `tool_call_chunk` / `server_tool_call_chunk` fields) — each delta carries the full cumulative args string; detection runs on the field directly and redacts in place. Verified empirically against `_compat_bridge.py` and the consumer-side `_merge_block_delta_into_store` snapshot-replace semantics. - **Finalized tool-call blocks** (`content-block-finish` with `tool_call` / `server_tool_call` / `invalid_tool_call`) — `args` dict walked recursively and each string leaf redacted. - **Tool execution events on the `tools` channel** — `tool-started.input`, `tool-output-delta`, `tool-finished.output`, `tool-error.message` all run through detection. String deltas use the same lookback machinery as text-deltas keyed by `tool_call_id`; structured payloads walk recursively. - **State snapshots on the `values` channel** — message lists are walked and each message's `.content` is redacted on a fresh copy. Graph state itself stays intact for the state-level enforcer (`apply_to_tool_results` via `before_model`) to act on independently. - **Legacy `(BaseMessage, metadata)` payloads** on the `messages` channel (Python 3.10 path, where `langgraph`'s `ASYNCIO_ACCEPTS_CONTEXT = sys.version_info >= (3, 11)` falls back to a code path that doesn't propagate the streaming callback into the chat model) — `.content` and `AIMessage.tool_calls[*].args` are scrubbed. For `block`, the event's `data` tuple is replaced with an empty-content copy so the original message stays in state for `after_model` to raise on. ## Worth a careful look - `_PIIStreamTransformer._mutate_text_delta` — lookback partition. Anything older than `lookback` characters is released after redaction; the tail stays buffered. Bulletproof against whitespace-permissive detectors (notably `credit_card`, whose regex matches across spaces). - `_PIIStreamTransformer._mutate_tool_call_chunk_delta` — direct in-place redaction of the cumulative args string. No buffer; the wire shape is cumulative-snapshot, the consumer-side merge is replace-not-append. - `_PIIStreamTransformer._mutate_legacy_payload` — the dual path: mutate-in-place for non-`block` (idempotent with `after_model`), replace-with-empty-copy for `block` (keeps original in graph state for `after_model` to raise on). - `_PIIStreamTransformer._redact_value` — the recursive walker. `BaseMessage` branch returns a fresh `.content`-redacted copy via `model_copy(update=...)` — never mutates in place — so tool-output payloads that wrap a `ToolMessage` and message lists in state snapshots flow through cleanly. - The new `transformers` attribute on `PIIMiddleware`: this is what makes `create_agent` pick the factory up. Multiple `PIIMiddleware` instances each register one transformer; ordering is preserved within the `before_builtins` lane. ## Compatibility Bumps `langgraph` to `>=1.2.1` for the `before_builtins` opt-in on `StreamTransformer`. |
||
|
langchain-model-profile-bot[bot]
|
06e65072af |
chore(model-profiles): refresh model profile data (#37626)
Automated refresh of model profile data for all in-monorepo partner integrations via `langchain-profiles refresh`. 🤖 Generated by the `refresh_model_profiles` workflow. Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com> |
||
ccurme
|
a1e2daf098 | release(openai): 1.2.2 (#37617) langchain-openai==1.2.2 | ||
open-swe[bot]
|
9e21348d73 | fix(openai): guard httpx finalizers against uninitialized instances (#37568) | ||
|
Mason Daugherty
|
74cecb4774 |
ci(infra): expand integration tests dispatch dropdown to external partners (#37614)
Adds `aws`, `google-genai`, and `google-vertexai` to the manual-run
`working-directory` dropdown on the `⏰ Integration Tests` workflow.
These partners live in external repos (`langchain-ai/langchain-google`,
`langchain-ai/langchain-aws`) and were previously only reachable via the
free-form `working-directory-override` input despite the job already
checking them out into `libs/partners/`.
|
||
|
Mason Daugherty
|
269d628d9c |
fix(standard-tests): recognize parametrize-nested xfails in override check (#37613)
`test_no_overrides_DO_NOT_OVERRIDE` only treated an override as valid when the method itself carried an `@pytest.mark.xfail(reason=...)`. Overrides that re-parametrize a standard test and xfail only a subset of cases via `pytest.param(..., marks=pytest.mark.xfail(...))` were rejected. |
||
|
Mason Daugherty
|
23d369e2f4 |
test(xai): tolerate extra block types in web search and xfail v1 streaming tool calls (#37612)
Loosen the xAI integration tests to handle two recent provider behaviors: `web_search` responses may now include block types beyond the core trio, and streaming aggregation under `output_version="v1"` does not produce a `tool_call` content block (tool calls are only available on `.tool_calls`). |
||
|
Mason Daugherty
|
aef86c476d |
chore(infra): bump langchain-tests floor to 1.1.9 (#37610)
Bumps the `langchain-tests` minimum across the monorepo from `1.0.0` to `1.1.9` and adds a partner-level `Makefile` so partner lockfiles can be regenerated in one command, matching the existing convention under `libs/`. |
||
|
Mason Daugherty
|
ebc1880444 | release(standard-tests): 1.1.9 (#37609) langchain-tests==1.1.9 | ||
|
Mason Daugherty
|
22575adba4 |
test(standard-tests): allow extra content blocks in streaming assertions (#37592)
Reasoning-emitting chat models return `[reasoning, text]` content blocks where vanilla models return `[text]`. The shared streaming integration tests asserted exactly one block, which fails when reasoning blocks are returned when streaming is otherwise correct. Relaxed to assert text presence without touching the lifecycle, `chunk_position`, or `output_version` checks. |
||
|
Nick Hollon
|
1aa4496fb4 |
feat(langchain): register stream transformers on middleware (#37591)
Adds a `transformers` attribute to `AgentMiddleware` so middleware can
declare scope-aware `StreamTransformer` factories alongside their
`tools` and lifecycle hooks. `create_agent` merges middleware-registered
factories with any caller-supplied ones at compile time.
## API
```python
class MyMiddleware(AgentMiddleware):
transformers = (MyTransformer,) # factory: (scope,) -> StreamTransformer
```
When the agent compiles, the final transformer order on the run mux is:
1. Built-in ``ToolCallTransformer``
2. Middleware-registered factories, in middleware order
3. Caller-supplied ``transformers=`` from ``create_agent``
This ordering keeps the built-in tool-call projection in front of any
consumer transformers and gives caller-supplied entries the final word.
|
||
|
Mason Daugherty
|
d2931d878f | release(fireworks): 1.4.1 (#37603) langchain-fireworks==1.4.1 | ||
|
Mason Daugherty
|
3c4cb503a0 |
fix(fireworks): retry on bare APIConnectionError, default max_retries=2 (#37602)
`ChatFireworks` previously left `max_retries` at `None` (single attempt) and only retried `APITimeoutError`. When the Fireworks edge drops TCP without an HTTP response, the SDK wraps `httpx.RequestError` as a bare `APIConnectionError`, which slipped past the retry decorator. Aligning the default with the Fireworks SDK and `langchain-openai` (`max_retries=2`) and broadening the retryable parent class closes both gaps. |
||
|
Mason Daugherty
|
9545d05882 |
test(fireworks): stabilize integration tests with rate limiting and retries (#37590)
Fireworks integration tests have been flaky against the live API with 429s. Adds a shared, xdist-aware rate limiter and a global retry policy so transient rate-limit errors no longer fail the suite. Mirrors the same fix recently applied to `langchain-mistralai`. |
||
|
Mason Daugherty
|
515f1f4536 |
test(openai): unbreak audio chat and Azure embedding integration tests (#37589)
Two unrelated nightly-CI failures rooted in upstream API drift. OpenAI retired `gpt-4o-audio-preview` (now 404) and Azure embedding deployments running `text-embedding-3-*` with truncated `dimensions` no longer return unit-norm vectors. |
||
|
Mason Daugherty
|
4d2efcd756 |
test(mistralai): stabilize integration tests with rate limiting and retries (#37588)
Mistral integration tests have been flaky against the live API. This adds a shared, xdist-aware rate limiter and a global retry policy so transient 429s no longer fail the suite. |
||
|
Mason Daugherty
|
5197dd5985 | release(fireworks): 1.4.0 (#37582) langchain-fireworks==1.4.0 | ||
|
Mason Daugherty
|
d39950cb18 |
feat(fireworks): migrate to fireworks-ai 1.x SDK (#37581)
Closes #37172 --- Bumps `langchain-fireworks` to the rewritten `fireworks-ai` 1.x SDK (currently 1.2.0a*; Stainless-generated, pure-httpx, no `grpcio`/`protobuf`/`googleapis-common-protos`). The motivating bug is a startup crash in self-hosted LangGraph environments that also import `langchain-google-vertexai`. Importing `fireworks-ai` 0.19.x eagerly loads vendored grpcio protobuf modules under `fireworks.control_plane.generated.protos_grpcio.*`, which register `google/rpc/status.proto`, `google/api/*.proto`, and `google/longrunning/*.proto` in the default protobuf descriptor pool. When `langchain-google-vertexai` later triggers `google.api_core.exceptions` → `grpc_status.rpc_status` → `google.rpc.status_pb2`, the pool already holds a byte-different descriptor for `google/rpc/status.proto` and startup dies with: ``` TypeError: Couldn't build proto file into descriptor pool: duplicate file name google/rpc/status.proto ``` Fleet has been pinning around this by routing Fireworks through `ChatOpenAI` against the OpenAI-compat endpoint, which works for inference but means Fireworks `ModelProfile` data never loads — so Kimi K2.6's ~262k context window goes unrecognized and summarization triggers below limit. The 1.x SDK does not vendor protobuf at all. The control-plane gRPC code path is gone; chat inference goes over httpx. Verified locally that `import langchain_fireworks` and `from langchain_fireworks import ChatFireworks` load zero `_pb2` / `google.*` modules. ## What changed in `ChatFireworks` - Imports switch from `fireworks.client` to the top-level `fireworks` package. - Async path now `await client.chat.completions.create(...)`; the 0.x `acreate` shim is no longer used. - Error classes remapped to the 1.x hierarchy. `InvalidRequestError` → `BadRequestError`. `BadGatewayError` and `ServiceUnavailableError` no longer exist (1.x maps all `>=500` to `InternalServerError`) and were dropped from the retryable set with no loss of coverage. `FireworksContextOverflowError`'s parent class becomes `BadRequestError`. - `stream_options` is moved into the SDK's `extra_body` because the Stainless-generated `create()` signature does not model it as a typed kwarg. Top-level `stream_options` is preserved as a caller convenience; if a caller supplies both `extra_body["stream_options"]` and a top-level value, `extra_body` wins and the discarded value is logged. - The 0.x `(connect, read)` tuple form of `request_timeout` is normalized to an `httpx.Timeout` so existing user code keeps working. - The SDK's built-in retry layer is suppressed via `max_retries=0` on client construction so retries remain owned by `create_base_retry_decorator` and surface through the LangChain `run_manager`. ## Lifecycle methods Adds `close()` and `aclose()` on `ChatFireworks`. The 1.x `AsyncFireworks` client defaults to `httpx_aiohttp.HttpxAiohttpClient`, whose underlying aiohttp `ClientSession` is created lazily on first request. Sync-only paths therefore never open a session — which fixes the "Unclosed client session" warnings from #37172 at the source. Callers using async paths can now release the connector deterministically rather than relying on GC after the event loop has stopped. An autouse fixture in the integration `conftest.py` calls `aclose()` between tests to silence the corresponding `Unclosed connector` warning that surfaces under `pytest-asyncio`. ## Relation to #37227 Supersedes #37227. That PR monkey-patched `fireworks._util.is_running_in_async_context` and `fireworks.client.api_client.is_running_in_async_context` to suppress the 0.x SDK's eager `aiohttp.ClientSession` creation in async contexts. Both module paths are removed in 1.x; the SDK's lazy-session behavior makes the suppression unnecessary, and the explicit `aclose()` provides the cleaner long-term lifecycle hook. Thanks to @keenborder786 for surfacing the failure mode. ## Installation note `fireworks-ai` 1.x is currently published as an alpha (`1.2.0a*`); a stable 1.x is not yet out. `pip install langchain-fireworks` / `uv pip install langchain-fireworks` will need `--pre` (or `--prerelease=allow`) until Fireworks GAs 1.x. The `pyproject.toml` adds `[tool.uv] prerelease = "allow"` so the in-repo dev environment resolves cleanly. The package version is bumped to `1.4.0` — the public surface (`ChatFireworks`, `Fireworks`, `FireworksEmbeddings`) is unchanged; the breakage is confined to internal error classes and the transitive SDK. |
||
|
langchain-model-profile-bot[bot]
|
ac41199338 |
chore(model-profiles): refresh model profile data (#37574)
Automated refresh of model profile data for all in-monorepo partner integrations via `langchain-profiles refresh`. 🤖 Generated by the `refresh_model_profiles` workflow. Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com> |
||
Andy Young
|
625ed0ee8c |
fix(openai): guard httpx finalizers (#37570)
Same shape as the merged anthropic patch in #37064, ported to `libs/partners/openai`. `_SyncHttpxClientWrapper.__del__` / `_AsyncHttpxClientWrapper.__del__` check `self.is_closed`, which reads `self._state`. When a wrapper is created without `__init__` running to completion — `copy.deepcopy` via `__new__` + `__setstate__`, or a constructor that raised partway through — `_state` is missing and the finalizer prints ``` Exception ignored in: <function _SyncHttpxClientWrapper.__del__ at 0x...> Traceback (most recent call last): File ".../langchain_openai/chat_models/_client_utils.py", line 366, in __del__ if self.is_closed: File ".../httpx/_client.py", line 228, in is_closed return self._state == ClientState.CLOSED AttributeError: '_SyncHttpxClientWrapper' object has no attribute '_state' ``` at GC time. Same noise pattern that #37064 fixed for the anthropic partner. Hoist the `is_closed` access inside the existing `try/except` so the `AttributeError` is swallowed alongside the `close()` / `aclose()` exceptions that block already handles. Tests: two new unit tests build the wrappers via `__new__` (no `__init__` → no `_state`) and call `__del__` directly, mirroring the tests added in #37064. Verified: - `cd libs/partners/openai && make format` -> all checks passed - `cd libs/partners/openai && make test TEST_FILE=tests/unit_tests/chat_models/test_client_utils.py` -> 37 passed, 1 skipped (linux-only) - `cd libs/partners/openai && make lint` -> all checks passed, mypy clean |
||
湛露先生
|
b2ee0a9bba |
chore: unify core versions in text-splitters. (#37523)
Signed-off-by: zhanluxianshen <yanggangtony@163.com> |
||
dependabot[bot]
|
32556a0611 |
chore: bump idna from 3.11 to 3.15 in /libs/langchain_v1 (#37534)
Bumps [idna](https://github.com/kjd/idna) from 3.11 to 3.15. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/kjd/idna/blob/master/HISTORY.md">idna's changelog</a>.</em></p> <blockquote> <h2>3.15 (2026-05-12)</h2> <ul> <li>Enforce DNS-length cap on individual labels early in <code>check_label</code>, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.</li> <li>Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared <code>_unicode_dots_re</code> from <code>idna.core</code> in the codec module.</li> <li>Use <code>raise ... from err</code> for proper exception chaining and switch internal string formatting to f-strings.</li> <li>Allow <code>flit_core</code> 4.x in the build backend.</li> <li>Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.</li> <li>Add Dependabot configuration for GitHub Actions.</li> <li>Convert README and HISTORY from reStructuredText to Markdown.</li> <li>Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.</li> </ul> <p>Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.</p> <h2>3.14 (2026-05-10)</h2> <ul> <li>Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. [CVE-2026-45409]</li> </ul> <p>Thanks to Stan Ulbrych for reporting the issue.</p> <h2>3.13 (2026-04-22)</h2> <ul> <li>Correct classification error for codepoint U+A7F1</li> </ul> <h2>3.12 (2026-04-21)</h2> <ul> <li>Update to Unicode 17.0.0.</li> <li>Issue a deprecation warning for the transitional argument.</li> <li>Added lazy-loading to provide some performance improvements.</li> <li>Removed vestiges of code related to Python 2 support, including segmentation of data structures specific to Jython.</li> </ul> <p>Thanks to Rodrigo Nogueira for contributions to this release.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
73526d1438 |
chore: bump idna from 3.10 to 3.15 in /libs/text-splitters (#37535)
Bumps [idna](https://github.com/kjd/idna) from 3.10 to 3.15. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/kjd/idna/blob/master/HISTORY.md">idna's changelog</a>.</em></p> <blockquote> <h2>3.15 (2026-05-12)</h2> <ul> <li>Enforce DNS-length cap on individual labels early in <code>check_label</code>, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.</li> <li>Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared <code>_unicode_dots_re</code> from <code>idna.core</code> in the codec module.</li> <li>Use <code>raise ... from err</code> for proper exception chaining and switch internal string formatting to f-strings.</li> <li>Allow <code>flit_core</code> 4.x in the build backend.</li> <li>Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.</li> <li>Add Dependabot configuration for GitHub Actions.</li> <li>Convert README and HISTORY from reStructuredText to Markdown.</li> <li>Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.</li> </ul> <p>Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.</p> <h2>3.14 (2026-05-10)</h2> <ul> <li>Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. [CVE-2026-45409]</li> </ul> <p>Thanks to Stan Ulbrych for reporting the issue.</p> <h2>3.13 (2026-04-22)</h2> <ul> <li>Correct classification error for codepoint U+A7F1</li> </ul> <h2>3.12 (2026-04-21)</h2> <ul> <li>Update to Unicode 17.0.0.</li> <li>Issue a deprecation warning for the transitional argument.</li> <li>Added lazy-loading to provide some performance improvements.</li> <li>Removed vestiges of code related to Python 2 support, including segmentation of data structures specific to Jython.</li> </ul> <p>Thanks to Rodrigo Nogueira for contributions to this release.</p> <h2>3.11 (2025-10-12)</h2> <ul> <li>Update to Unicode 16.0.0, including significant changes to UTS46 processing. As a result of Unicode ending support for it, transitional processing no longer has an effect and returns the same result.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
0df3ecce5a |
chore: bump idna from 3.11 to 3.15 in /libs/standard-tests (#37536)
Bumps [idna](https://github.com/kjd/idna) from 3.11 to 3.15. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/kjd/idna/blob/master/HISTORY.md">idna's changelog</a>.</em></p> <blockquote> <h2>3.15 (2026-05-12)</h2> <ul> <li>Enforce DNS-length cap on individual labels early in <code>check_label</code>, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.</li> <li>Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared <code>_unicode_dots_re</code> from <code>idna.core</code> in the codec module.</li> <li>Use <code>raise ... from err</code> for proper exception chaining and switch internal string formatting to f-strings.</li> <li>Allow <code>flit_core</code> 4.x in the build backend.</li> <li>Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.</li> <li>Add Dependabot configuration for GitHub Actions.</li> <li>Convert README and HISTORY from reStructuredText to Markdown.</li> <li>Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.</li> </ul> <p>Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.</p> <h2>3.14 (2026-05-10)</h2> <ul> <li>Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. [CVE-2026-45409]</li> </ul> <p>Thanks to Stan Ulbrych for reporting the issue.</p> <h2>3.13 (2026-04-22)</h2> <ul> <li>Correct classification error for codepoint U+A7F1</li> </ul> <h2>3.12 (2026-04-21)</h2> <ul> <li>Update to Unicode 17.0.0.</li> <li>Issue a deprecation warning for the transitional argument.</li> <li>Added lazy-loading to provide some performance improvements.</li> <li>Removed vestiges of code related to Python 2 support, including segmentation of data structures specific to Jython.</li> </ul> <p>Thanks to Rodrigo Nogueira for contributions to this release.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
40329ae2a3 |
chore: bump idna from 3.10 to 3.15 in /libs/langchain (#37537)
Bumps [idna](https://github.com/kjd/idna) from 3.10 to 3.15. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/kjd/idna/blob/master/HISTORY.md">idna's changelog</a>.</em></p> <blockquote> <h2>3.15 (2026-05-12)</h2> <ul> <li>Enforce DNS-length cap on individual labels early in <code>check_label</code>, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.</li> <li>Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared <code>_unicode_dots_re</code> from <code>idna.core</code> in the codec module.</li> <li>Use <code>raise ... from err</code> for proper exception chaining and switch internal string formatting to f-strings.</li> <li>Allow <code>flit_core</code> 4.x in the build backend.</li> <li>Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.</li> <li>Add Dependabot configuration for GitHub Actions.</li> <li>Convert README and HISTORY from reStructuredText to Markdown.</li> <li>Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.</li> </ul> <p>Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.</p> <h2>3.14 (2026-05-10)</h2> <ul> <li>Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. [CVE-2026-45409]</li> </ul> <p>Thanks to Stan Ulbrych for reporting the issue.</p> <h2>3.13 (2026-04-22)</h2> <ul> <li>Correct classification error for codepoint U+A7F1</li> </ul> <h2>3.12 (2026-04-21)</h2> <ul> <li>Update to Unicode 17.0.0.</li> <li>Issue a deprecation warning for the transitional argument.</li> <li>Added lazy-loading to provide some performance improvements.</li> <li>Removed vestiges of code related to Python 2 support, including segmentation of data structures specific to Jython.</li> </ul> <p>Thanks to Rodrigo Nogueira for contributions to this release.</p> <h2>3.11 (2025-10-12)</h2> <ul> <li>Update to Unicode 16.0.0, including significant changes to UTS46 processing. As a result of Unicode ending support for it, transitional processing no longer has an effect and returns the same result.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
cfdbd799d6 |
chore: bump idna from 3.11 to 3.15 in /libs/model-profiles (#37538)
Bumps [idna](https://github.com/kjd/idna) from 3.11 to 3.15. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/kjd/idna/blob/master/HISTORY.md">idna's changelog</a>.</em></p> <blockquote> <h2>3.15 (2026-05-12)</h2> <ul> <li>Enforce DNS-length cap on individual labels early in <code>check_label</code>, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.</li> <li>Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared <code>_unicode_dots_re</code> from <code>idna.core</code> in the codec module.</li> <li>Use <code>raise ... from err</code> for proper exception chaining and switch internal string formatting to f-strings.</li> <li>Allow <code>flit_core</code> 4.x in the build backend.</li> <li>Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.</li> <li>Add Dependabot configuration for GitHub Actions.</li> <li>Convert README and HISTORY from reStructuredText to Markdown.</li> <li>Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.</li> </ul> <p>Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.</p> <h2>3.14 (2026-05-10)</h2> <ul> <li>Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. [CVE-2026-45409]</li> </ul> <p>Thanks to Stan Ulbrych for reporting the issue.</p> <h2>3.13 (2026-04-22)</h2> <ul> <li>Correct classification error for codepoint U+A7F1</li> </ul> <h2>3.12 (2026-04-21)</h2> <ul> <li>Update to Unicode 17.0.0.</li> <li>Issue a deprecation warning for the transitional argument.</li> <li>Added lazy-loading to provide some performance improvements.</li> <li>Removed vestiges of code related to Python 2 support, including segmentation of data structures specific to Jython.</li> </ul> <p>Thanks to Rodrigo Nogueira for contributions to this release.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
8cead6b77a |
chore: bump idna from 3.11 to 3.15 in /libs/core (#37539)
Bumps [idna](https://github.com/kjd/idna) from 3.11 to 3.15. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/kjd/idna/blob/master/HISTORY.md">idna's changelog</a>.</em></p> <blockquote> <h2>3.15 (2026-05-12)</h2> <ul> <li>Enforce DNS-length cap on individual labels early in <code>check_label</code>, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.</li> <li>Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared <code>_unicode_dots_re</code> from <code>idna.core</code> in the codec module.</li> <li>Use <code>raise ... from err</code> for proper exception chaining and switch internal string formatting to f-strings.</li> <li>Allow <code>flit_core</code> 4.x in the build backend.</li> <li>Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.</li> <li>Add Dependabot configuration for GitHub Actions.</li> <li>Convert README and HISTORY from reStructuredText to Markdown.</li> <li>Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.</li> </ul> <p>Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.</p> <h2>3.14 (2026-05-10)</h2> <ul> <li>Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. [CVE-2026-45409]</li> </ul> <p>Thanks to Stan Ulbrych for reporting the issue.</p> <h2>3.13 (2026-04-22)</h2> <ul> <li>Correct classification error for codepoint U+A7F1</li> </ul> <h2>3.12 (2026-04-21)</h2> <ul> <li>Update to Unicode 17.0.0.</li> <li>Issue a deprecation warning for the transitional argument.</li> <li>Added lazy-loading to provide some performance improvements.</li> <li>Removed vestiges of code related to Python 2 support, including segmentation of data structures specific to Jython.</li> </ul> <p>Thanks to Rodrigo Nogueira for contributions to this release.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
c53355c839 |
chore: bump idna from 3.10 to 3.15 in /libs/partners/xai (#37540)
Bumps [idna](https://github.com/kjd/idna) from 3.10 to 3.15. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/kjd/idna/blob/master/HISTORY.md">idna's changelog</a>.</em></p> <blockquote> <h2>3.15 (2026-05-12)</h2> <ul> <li>Enforce DNS-length cap on individual labels early in <code>check_label</code>, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.</li> <li>Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared <code>_unicode_dots_re</code> from <code>idna.core</code> in the codec module.</li> <li>Use <code>raise ... from err</code> for proper exception chaining and switch internal string formatting to f-strings.</li> <li>Allow <code>flit_core</code> 4.x in the build backend.</li> <li>Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.</li> <li>Add Dependabot configuration for GitHub Actions.</li> <li>Convert README and HISTORY from reStructuredText to Markdown.</li> <li>Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.</li> </ul> <p>Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.</p> <h2>3.14 (2026-05-10)</h2> <ul> <li>Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. [CVE-2026-45409]</li> </ul> <p>Thanks to Stan Ulbrych for reporting the issue.</p> <h2>3.13 (2026-04-22)</h2> <ul> <li>Correct classification error for codepoint U+A7F1</li> </ul> <h2>3.12 (2026-04-21)</h2> <ul> <li>Update to Unicode 17.0.0.</li> <li>Issue a deprecation warning for the transitional argument.</li> <li>Added lazy-loading to provide some performance improvements.</li> <li>Removed vestiges of code related to Python 2 support, including segmentation of data structures specific to Jython.</li> </ul> <p>Thanks to Rodrigo Nogueira for contributions to this release.</p> <h2>3.11 (2025-10-12)</h2> <ul> <li>Update to Unicode 16.0.0, including significant changes to UTS46 processing. As a result of Unicode ending support for it, transitional processing no longer has an effect and returns the same result.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
19f8ced3d7 |
chore: bump idna from 3.10 to 3.15 in /libs/partners/qdrant (#37543)
Bumps [idna](https://github.com/kjd/idna) from 3.10 to 3.15. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/kjd/idna/blob/master/HISTORY.md">idna's changelog</a>.</em></p> <blockquote> <h2>3.15 (2026-05-12)</h2> <ul> <li>Enforce DNS-length cap on individual labels early in <code>check_label</code>, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.</li> <li>Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared <code>_unicode_dots_re</code> from <code>idna.core</code> in the codec module.</li> <li>Use <code>raise ... from err</code> for proper exception chaining and switch internal string formatting to f-strings.</li> <li>Allow <code>flit_core</code> 4.x in the build backend.</li> <li>Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.</li> <li>Add Dependabot configuration for GitHub Actions.</li> <li>Convert README and HISTORY from reStructuredText to Markdown.</li> <li>Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.</li> </ul> <p>Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.</p> <h2>3.14 (2026-05-10)</h2> <ul> <li>Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. [CVE-2026-45409]</li> </ul> <p>Thanks to Stan Ulbrych for reporting the issue.</p> <h2>3.13 (2026-04-22)</h2> <ul> <li>Correct classification error for codepoint U+A7F1</li> </ul> <h2>3.12 (2026-04-21)</h2> <ul> <li>Update to Unicode 17.0.0.</li> <li>Issue a deprecation warning for the transitional argument.</li> <li>Added lazy-loading to provide some performance improvements.</li> <li>Removed vestiges of code related to Python 2 support, including segmentation of data structures specific to Jython.</li> </ul> <p>Thanks to Rodrigo Nogueira for contributions to this release.</p> <h2>3.11 (2025-10-12)</h2> <ul> <li>Update to Unicode 16.0.0, including significant changes to UTS46 processing. As a result of Unicode ending support for it, transitional processing no longer has an effect and returns the same result.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
0e97e85a09 |
chore: bump idna from 3.10 to 3.15 in /libs/partners/chroma (#37562)
Bumps [idna](https://github.com/kjd/idna) from 3.10 to 3.15. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/kjd/idna/blob/master/HISTORY.md">idna's changelog</a>.</em></p> <blockquote> <h2>3.15 (2026-05-12)</h2> <ul> <li>Enforce DNS-length cap on individual labels early in <code>check_label</code>, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.</li> <li>Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared <code>_unicode_dots_re</code> from <code>idna.core</code> in the codec module.</li> <li>Use <code>raise ... from err</code> for proper exception chaining and switch internal string formatting to f-strings.</li> <li>Allow <code>flit_core</code> 4.x in the build backend.</li> <li>Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.</li> <li>Add Dependabot configuration for GitHub Actions.</li> <li>Convert README and HISTORY from reStructuredText to Markdown.</li> <li>Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.</li> </ul> <p>Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.</p> <h2>3.14 (2026-05-10)</h2> <ul> <li>Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. [CVE-2026-45409]</li> </ul> <p>Thanks to Stan Ulbrych for reporting the issue.</p> <h2>3.13 (2026-04-22)</h2> <ul> <li>Correct classification error for codepoint U+A7F1</li> </ul> <h2>3.12 (2026-04-21)</h2> <ul> <li>Update to Unicode 17.0.0.</li> <li>Issue a deprecation warning for the transitional argument.</li> <li>Added lazy-loading to provide some performance improvements.</li> <li>Removed vestiges of code related to Python 2 support, including segmentation of data structures specific to Jython.</li> </ul> <p>Thanks to Rodrigo Nogueira for contributions to this release.</p> <h2>3.11 (2025-10-12)</h2> <ul> <li>Update to Unicode 16.0.0, including significant changes to UTS46 processing. As a result of Unicode ending support for it, transitional processing no longer has an effect and returns the same result.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
cf3fccdc43 |
chore: bump langsmith from 0.8.4 to 0.8.5 in /libs/partners/perplexity (#37545)
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from 0.8.4 to 0.8.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's releases</a>.</em></p> <blockquote> <h2>v0.8.5</h2> <h2>What's Changed</h2> <ul> <li>release(js): 0.7.0 by <a href="https://github.com/ramon-langchain"><code>@ramon-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2890">langchain-ai/langsmith-sdk#2890</a></li> <li>fix(js): add alias for <code>experimental/sandbox</code> to appease broad peer dep range within <code>deepagents</code> by <a href="https://github.com/dqbd"><code>@dqbd</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2893">langchain-ai/langsmith-sdk#2893</a></li> <li>feat(js): allow disabling multipart streaming via env variable by <a href="https://github.com/dqbd"><code>@dqbd</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2900">langchain-ai/langsmith-sdk#2900</a></li> <li>feat(python): add Client.close() to release session [closes LSDK-183] by <a href="https://github.com/open-swe"><code>@open-swe</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2866">langchain-ai/langsmith-sdk#2866</a></li> <li>feat(sandbox): forward client default headers on exec WebSocket by <a href="https://github.com/open-swe"><code>@open-swe</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2899">langchain-ai/langsmith-sdk#2899</a></li> <li>release(js): 0.7.1 by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2902">langchain-ai/langsmith-sdk#2902</a></li> <li>release(py): 0.8.5 by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2903">langchain-ai/langsmith-sdk#2903</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.4...v0.8.5">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.4...v0.8.5</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
a2d38151b0 |
chore: bump idna from 3.10 to 3.15 in /libs/partners/deepseek (#37560)
Bumps [idna](https://github.com/kjd/idna) from 3.10 to 3.15. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/kjd/idna/blob/master/HISTORY.md">idna's changelog</a>.</em></p> <blockquote> <h2>3.15 (2026-05-12)</h2> <ul> <li>Enforce DNS-length cap on individual labels early in <code>check_label</code>, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.</li> <li>Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared <code>_unicode_dots_re</code> from <code>idna.core</code> in the codec module.</li> <li>Use <code>raise ... from err</code> for proper exception chaining and switch internal string formatting to f-strings.</li> <li>Allow <code>flit_core</code> 4.x in the build backend.</li> <li>Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.</li> <li>Add Dependabot configuration for GitHub Actions.</li> <li>Convert README and HISTORY from reStructuredText to Markdown.</li> <li>Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.</li> </ul> <p>Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.</p> <h2>3.14 (2026-05-10)</h2> <ul> <li>Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. [CVE-2026-45409]</li> </ul> <p>Thanks to Stan Ulbrych for reporting the issue.</p> <h2>3.13 (2026-04-22)</h2> <ul> <li>Correct classification error for codepoint U+A7F1</li> </ul> <h2>3.12 (2026-04-21)</h2> <ul> <li>Update to Unicode 17.0.0.</li> <li>Issue a deprecation warning for the transitional argument.</li> <li>Added lazy-loading to provide some performance improvements.</li> <li>Removed vestiges of code related to Python 2 support, including segmentation of data structures specific to Jython.</li> </ul> <p>Thanks to Rodrigo Nogueira for contributions to this release.</p> <h2>3.11 (2025-10-12)</h2> <ul> <li>Update to Unicode 16.0.0, including significant changes to UTS46 processing. As a result of Unicode ending support for it, transitional processing no longer has an effect and returns the same result.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
ec83aeb81b |
chore: bump langsmith from 0.8.3 to 0.8.5 in /libs/partners/anthropic (#37564)
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from 0.8.3 to 0.8.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's releases</a>.</em></p> <blockquote> <h2>v0.8.5</h2> <h2>What's Changed</h2> <ul> <li>release(js): 0.7.0 by <a href="https://github.com/ramon-langchain"><code>@ramon-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2890">langchain-ai/langsmith-sdk#2890</a></li> <li>fix(js): add alias for <code>experimental/sandbox</code> to appease broad peer dep range within <code>deepagents</code> by <a href="https://github.com/dqbd"><code>@dqbd</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2893">langchain-ai/langsmith-sdk#2893</a></li> <li>feat(js): allow disabling multipart streaming via env variable by <a href="https://github.com/dqbd"><code>@dqbd</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2900">langchain-ai/langsmith-sdk#2900</a></li> <li>feat(python): add Client.close() to release session [closes LSDK-183] by <a href="https://github.com/open-swe"><code>@open-swe</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2866">langchain-ai/langsmith-sdk#2866</a></li> <li>feat(sandbox): forward client default headers on exec WebSocket by <a href="https://github.com/open-swe"><code>@open-swe</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2899">langchain-ai/langsmith-sdk#2899</a></li> <li>release(js): 0.7.1 by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2902">langchain-ai/langsmith-sdk#2902</a></li> <li>release(py): 0.8.5 by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2903">langchain-ai/langsmith-sdk#2903</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.4...v0.8.5">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.4...v0.8.5</a></p> <h2>v0.8.4</h2> <h2>What's Changed</h2> <ul> <li>release(js): 0.6.3 by <a href="https://github.com/vishnu-ssuresh"><code>@vishnu-ssuresh</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2864">langchain-ai/langsmith-sdk#2864</a></li> <li>chore(deps): bump python-multipart from 0.0.26 to 0.0.27 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2859">langchain-ai/langsmith-sdk#2859</a></li> <li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.91.1 to 0.92.0 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2858">langchain-ai/langsmith-sdk#2858</a></li> <li>chore(deps): bump postcss from 8.5.8 to 8.5.14 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2857">langchain-ai/langsmith-sdk#2857</a></li> <li>chore(deps): bump hono from 4.12.15 to 4.12.18 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2860">langchain-ai/langsmith-sdk#2860</a></li> <li>chore(deps-dev): bump langchain-core from 1.3.2 to 1.3.3 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2867">langchain-ai/langsmith-sdk#2867</a></li> <li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.92.0 to 0.93.0 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2869">langchain-ai/langsmith-sdk#2869</a></li> <li>chore(deps): bump urllib3 from 2.6.3 to 2.7.0 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2873">langchain-ai/langsmith-sdk#2873</a></li> <li>chore(deps): bump the py-minor-and-patch group across 1 directory with 12 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2876">langchain-ai/langsmith-sdk#2876</a></li> <li>chore(deps-dev): bump the js-minor-and-patch group across 1 directory with 16 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2877">langchain-ai/langsmith-sdk#2877</a></li> <li>chore(deps): bump the py-minor-and-patch group across 1 directory with 11 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2879">langchain-ai/langsmith-sdk#2879</a></li> <li>chore(deps): bump the npm_and_yarn group across 2 directories with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2868">langchain-ai/langsmith-sdk#2868</a></li> <li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.93.0 to 0.94.0 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2878">langchain-ai/langsmith-sdk#2878</a></li> <li>sdk(js): rename experimental/sandbox -> sandbox (breaking) by <a href="https://github.com/DanielKneipp"><code>@DanielKneipp</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2885">langchain-ai/langsmith-sdk#2885</a></li> <li>sdk(py): drop sandbox alpha/experimental warnings by <a href="https://github.com/DanielKneipp"><code>@DanielKneipp</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2884">langchain-ai/langsmith-sdk#2884</a></li> <li>feat(sandbox): make snapshot optional and add TS options overload by <a href="https://github.com/ramon-langchain"><code>@ramon-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2887">langchain-ai/langsmith-sdk#2887</a></li> <li>release(py): 0.8.4 by <a href="https://github.com/ramon-langchain"><code>@ramon-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2889">langchain-ai/langsmith-sdk#2889</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.3...v0.8.4">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.3...v0.8.4</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
070c98ae58 |
chore: bump idna from 3.10 to 3.15 in /libs/partners/exa (#37559)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [idna](https://github.com/kjd/idna) from 3.10 to 3.15. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/kjd/idna/blob/master/HISTORY.md">idna's changelog</a>.</em></p> <blockquote> <h2>3.15 (2026-05-12)</h2> <ul> <li>Enforce DNS-length cap on individual labels early in <code>check_label</code>, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.</li> <li>Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared <code>_unicode_dots_re</code> from <code>idna.core</code> in the codec module.</li> <li>Use <code>raise ... from err</code> for proper exception chaining and switch internal string formatting to f-strings.</li> <li>Allow <code>flit_core</code> 4.x in the build backend.</li> <li>Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.</li> <li>Add Dependabot configuration for GitHub Actions.</li> <li>Convert README and HISTORY from reStructuredText to Markdown.</li> <li>Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.</li> </ul> <p>Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.</p> <h2>3.14 (2026-05-10)</h2> <ul> <li>Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. [CVE-2026-45409]</li> </ul> <p>Thanks to Stan Ulbrych for reporting the issue.</p> <h2>3.13 (2026-04-22)</h2> <ul> <li>Correct classification error for codepoint U+A7F1</li> </ul> <h2>3.12 (2026-04-21)</h2> <ul> <li>Update to Unicode 17.0.0.</li> <li>Issue a deprecation warning for the transitional argument.</li> <li>Added lazy-loading to provide some performance improvements.</li> <li>Removed vestiges of code related to Python 2 support, including segmentation of data structures specific to Jython.</li> </ul> <p>Thanks to Rodrigo Nogueira for contributions to this release.</p> <h2>3.11 (2025-10-12)</h2> <ul> <li>Update to Unicode 16.0.0, including significant changes to UTS46 processing. As a result of Unicode ending support for it, transitional processing no longer has an effect and returns the same result.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
f9670ed513 |
chore: bump idna from 3.11 to 3.15 in /libs/partners/anthropic (#37565)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [idna](https://github.com/kjd/idna) from 3.11 to 3.15. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/kjd/idna/blob/master/HISTORY.md">idna's changelog</a>.</em></p> <blockquote> <h2>3.15 (2026-05-12)</h2> <ul> <li>Enforce DNS-length cap on individual labels early in <code>check_label</code>, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.</li> <li>Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared <code>_unicode_dots_re</code> from <code>idna.core</code> in the codec module.</li> <li>Use <code>raise ... from err</code> for proper exception chaining and switch internal string formatting to f-strings.</li> <li>Allow <code>flit_core</code> 4.x in the build backend.</li> <li>Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.</li> <li>Add Dependabot configuration for GitHub Actions.</li> <li>Convert README and HISTORY from reStructuredText to Markdown.</li> <li>Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.</li> </ul> <p>Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.</p> <h2>3.14 (2026-05-10)</h2> <ul> <li>Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. [CVE-2026-45409]</li> </ul> <p>Thanks to Stan Ulbrych for reporting the issue.</p> <h2>3.13 (2026-04-22)</h2> <ul> <li>Correct classification error for codepoint U+A7F1</li> </ul> <h2>3.12 (2026-04-21)</h2> <ul> <li>Update to Unicode 17.0.0.</li> <li>Issue a deprecation warning for the transitional argument.</li> <li>Added lazy-loading to provide some performance improvements.</li> <li>Removed vestiges of code related to Python 2 support, including segmentation of data structures specific to Jython.</li> </ul> <p>Thanks to Rodrigo Nogueira for contributions to this release.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
7fd45ebfea |
chore: bump langsmith from 0.8.4 to 0.8.5 in /libs/partners/xai (#37541)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from 0.8.4 to 0.8.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's releases</a>.</em></p> <blockquote> <h2>v0.8.5</h2> <h2>What's Changed</h2> <ul> <li>release(js): 0.7.0 by <a href="https://github.com/ramon-langchain"><code>@ramon-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2890">langchain-ai/langsmith-sdk#2890</a></li> <li>fix(js): add alias for <code>experimental/sandbox</code> to appease broad peer dep range within <code>deepagents</code> by <a href="https://github.com/dqbd"><code>@dqbd</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2893">langchain-ai/langsmith-sdk#2893</a></li> <li>feat(js): allow disabling multipart streaming via env variable by <a href="https://github.com/dqbd"><code>@dqbd</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2900">langchain-ai/langsmith-sdk#2900</a></li> <li>feat(python): add Client.close() to release session [closes LSDK-183] by <a href="https://github.com/open-swe"><code>@open-swe</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2866">langchain-ai/langsmith-sdk#2866</a></li> <li>feat(sandbox): forward client default headers on exec WebSocket by <a href="https://github.com/open-swe"><code>@open-swe</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2899">langchain-ai/langsmith-sdk#2899</a></li> <li>release(js): 0.7.1 by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2902">langchain-ai/langsmith-sdk#2902</a></li> <li>release(py): 0.8.5 by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2903">langchain-ai/langsmith-sdk#2903</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.4...v0.8.5">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.4...v0.8.5</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
12d85db0ae |
chore: bump langsmith from 0.8.4 to 0.8.5 in /libs/partners/qdrant (#37542)
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from 0.8.4 to 0.8.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's releases</a>.</em></p> <blockquote> <h2>v0.8.5</h2> <h2>What's Changed</h2> <ul> <li>release(js): 0.7.0 by <a href="https://github.com/ramon-langchain"><code>@ramon-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2890">langchain-ai/langsmith-sdk#2890</a></li> <li>fix(js): add alias for <code>experimental/sandbox</code> to appease broad peer dep range within <code>deepagents</code> by <a href="https://github.com/dqbd"><code>@dqbd</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2893">langchain-ai/langsmith-sdk#2893</a></li> <li>feat(js): allow disabling multipart streaming via env variable by <a href="https://github.com/dqbd"><code>@dqbd</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2900">langchain-ai/langsmith-sdk#2900</a></li> <li>feat(python): add Client.close() to release session [closes LSDK-183] by <a href="https://github.com/open-swe"><code>@open-swe</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2866">langchain-ai/langsmith-sdk#2866</a></li> <li>feat(sandbox): forward client default headers on exec WebSocket by <a href="https://github.com/open-swe"><code>@open-swe</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2899">langchain-ai/langsmith-sdk#2899</a></li> <li>release(js): 0.7.1 by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2902">langchain-ai/langsmith-sdk#2902</a></li> <li>release(py): 0.8.5 by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2903">langchain-ai/langsmith-sdk#2903</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.4...v0.8.5">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.4...v0.8.5</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
733eec764b |
chore: bump idna from 3.10 to 3.15 in /libs/partners/groq (#37556)
Bumps [idna](https://github.com/kjd/idna) from 3.10 to 3.15. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/kjd/idna/blob/master/HISTORY.md">idna's changelog</a>.</em></p> <blockquote> <h2>3.15 (2026-05-12)</h2> <ul> <li>Enforce DNS-length cap on individual labels early in <code>check_label</code>, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.</li> <li>Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared <code>_unicode_dots_re</code> from <code>idna.core</code> in the codec module.</li> <li>Use <code>raise ... from err</code> for proper exception chaining and switch internal string formatting to f-strings.</li> <li>Allow <code>flit_core</code> 4.x in the build backend.</li> <li>Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.</li> <li>Add Dependabot configuration for GitHub Actions.</li> <li>Convert README and HISTORY from reStructuredText to Markdown.</li> <li>Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.</li> </ul> <p>Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.</p> <h2>3.14 (2026-05-10)</h2> <ul> <li>Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. [CVE-2026-45409]</li> </ul> <p>Thanks to Stan Ulbrych for reporting the issue.</p> <h2>3.13 (2026-04-22)</h2> <ul> <li>Correct classification error for codepoint U+A7F1</li> </ul> <h2>3.12 (2026-04-21)</h2> <ul> <li>Update to Unicode 17.0.0.</li> <li>Issue a deprecation warning for the transitional argument.</li> <li>Added lazy-loading to provide some performance improvements.</li> <li>Removed vestiges of code related to Python 2 support, including segmentation of data structures specific to Jython.</li> </ul> <p>Thanks to Rodrigo Nogueira for contributions to this release.</p> <h2>3.11 (2025-10-12)</h2> <ul> <li>Update to Unicode 16.0.0, including significant changes to UTS46 processing. As a result of Unicode ending support for it, transitional processing no longer has an effect and returns the same result.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
78fd72a456 |
chore: bump idna from 3.10 to 3.15 in /libs/partners/mistralai (#37555)
Bumps [idna](https://github.com/kjd/idna) from 3.10 to 3.15. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/kjd/idna/blob/master/HISTORY.md">idna's changelog</a>.</em></p> <blockquote> <h2>3.15 (2026-05-12)</h2> <ul> <li>Enforce DNS-length cap on individual labels early in <code>check_label</code>, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.</li> <li>Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared <code>_unicode_dots_re</code> from <code>idna.core</code> in the codec module.</li> <li>Use <code>raise ... from err</code> for proper exception chaining and switch internal string formatting to f-strings.</li> <li>Allow <code>flit_core</code> 4.x in the build backend.</li> <li>Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.</li> <li>Add Dependabot configuration for GitHub Actions.</li> <li>Convert README and HISTORY from reStructuredText to Markdown.</li> <li>Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.</li> </ul> <p>Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.</p> <h2>3.14 (2026-05-10)</h2> <ul> <li>Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. [CVE-2026-45409]</li> </ul> <p>Thanks to Stan Ulbrych for reporting the issue.</p> <h2>3.13 (2026-04-22)</h2> <ul> <li>Correct classification error for codepoint U+A7F1</li> </ul> <h2>3.12 (2026-04-21)</h2> <ul> <li>Update to Unicode 17.0.0.</li> <li>Issue a deprecation warning for the transitional argument.</li> <li>Added lazy-loading to provide some performance improvements.</li> <li>Removed vestiges of code related to Python 2 support, including segmentation of data structures specific to Jython.</li> </ul> <p>Thanks to Rodrigo Nogueira for contributions to this release.</p> <h2>3.11 (2025-10-12)</h2> <ul> <li>Update to Unicode 16.0.0, including significant changes to UTS46 processing. As a result of Unicode ending support for it, transitional processing no longer has an effect and returns the same result.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
7b793fe1aa |
chore: bump idna from 3.10 to 3.15 in /libs/partners/perplexity (#37544)
Bumps [idna](https://github.com/kjd/idna) from 3.10 to 3.15. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/kjd/idna/blob/master/HISTORY.md">idna's changelog</a>.</em></p> <blockquote> <h2>3.15 (2026-05-12)</h2> <ul> <li>Enforce DNS-length cap on individual labels early in <code>check_label</code>, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.</li> <li>Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared <code>_unicode_dots_re</code> from <code>idna.core</code> in the codec module.</li> <li>Use <code>raise ... from err</code> for proper exception chaining and switch internal string formatting to f-strings.</li> <li>Allow <code>flit_core</code> 4.x in the build backend.</li> <li>Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.</li> <li>Add Dependabot configuration for GitHub Actions.</li> <li>Convert README and HISTORY from reStructuredText to Markdown.</li> <li>Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.</li> </ul> <p>Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.</p> <h2>3.14 (2026-05-10)</h2> <ul> <li>Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. [CVE-2026-45409]</li> </ul> <p>Thanks to Stan Ulbrych for reporting the issue.</p> <h2>3.13 (2026-04-22)</h2> <ul> <li>Correct classification error for codepoint U+A7F1</li> </ul> <h2>3.12 (2026-04-21)</h2> <ul> <li>Update to Unicode 17.0.0.</li> <li>Issue a deprecation warning for the transitional argument.</li> <li>Added lazy-loading to provide some performance improvements.</li> <li>Removed vestiges of code related to Python 2 support, including segmentation of data structures specific to Jython.</li> </ul> <p>Thanks to Rodrigo Nogueira for contributions to this release.</p> <h2>3.11 (2025-10-12)</h2> <ul> <li>Update to Unicode 16.0.0, including significant changes to UTS46 processing. As a result of Unicode ending support for it, transitional processing no longer has an effect and returns the same result.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |