mirror of
https://github.com/hwchase17/langchain.git
synced 2026-06-09 10:17:00 +00:00
7e81d09f2aa5513f4d74e4c2edfe3ef0dfa2ec2e
45 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Mason Daugherty
|
7e81d09f2a |
chore(deps): bump pytest to 9.0.3 (#36801)
CVE-2025-71176 (medium severity) All are dev-only (test dependency group) — no impact on published packages. ### Why syrupy was also bumped syrupy 4.x (`<5.0.0`) constrains pytest to `<9.0.0`, blocking the CVE fix. Widening to `<6.0.0` allows syrupy 5.x which supports pytest 9.x. |
||
dependabot[bot]
|
11924288bf |
chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/partners/huggingface (#36794)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from 0.6.3 to 0.7.31. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's releases</a>.</em></p> <blockquote> <h2>v0.7.31</h2> <h2>What's Changed</h2> <ul> <li>chore(deps-dev): bump langchain-core from 1.2.23 to 1.2.28 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2692">langchain-ai/langsmith-sdk#2692</a></li> <li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.82.0 to 0.84.0 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2684">langchain-ai/langsmith-sdk#2684</a></li> <li>chore(deps): bump cryptography from 46.0.6 to 46.0.7 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2693">langchain-ai/langsmith-sdk#2693</a></li> <li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.84.0 to 0.85.0 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2700">langchain-ai/langsmith-sdk#2700</a></li> <li>feat(py): Tag OpenAI Agent Python SDK runs with ls_agent_type by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2699">langchain-ai/langsmith-sdk#2699</a></li> <li>feat(js): Adds ls_agent_type metadata to AI SDK runs by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2701">langchain-ai/langsmith-sdk#2701</a></li> <li>chore(deps-dev): bump types-tqdm from 4.67.3.20260303 to 4.67.3.20260408 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2710">langchain-ai/langsmith-sdk#2710</a></li> <li>chore(deps): bump pnpm/action-setup from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2705">langchain-ai/langsmith-sdk#2705</a></li> <li>chore(deps): bump the py-minor-and-patch group across 1 directory with 10 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2711">langchain-ai/langsmith-sdk#2711</a></li> <li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.85.0 to 0.86.0 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2702">langchain-ai/langsmith-sdk#2702</a></li> <li>chore(deps): bump actions/github-script from 8 to 9 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2706">langchain-ai/langsmith-sdk#2706</a></li> <li>chore(deps-dev): bump the js-minor-and-patch group across 1 directory with 7 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2712">langchain-ai/langsmith-sdk#2712</a></li> <li>chore(deps-dev): bump types-psutil from 7.2.2.20260130 to 7.2.2.20260408 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2709">langchain-ai/langsmith-sdk#2709</a></li> <li>chore(deps-dev): bump rich from 14.3.3 to 15.0.0 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2708">langchain-ai/langsmith-sdk#2708</a></li> <li>feat: Filter kwargs from new token events by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2714">langchain-ai/langsmith-sdk#2714</a></li> <li>release(py): 0.7.31 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2716">langchain-ai/langsmith-sdk#2716</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31</a></p> <h2>v0.7.30</h2> <h2>What's Changed</h2> <ul> <li>feat(python): add service feature to sandbox by <a href="https://github.com/DanielKneipp"><code>@DanielKneipp</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2665">langchain-ai/langsmith-sdk#2665</a></li> <li>fix(js): Fix prototype pollution bug in anonymizers by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2690">langchain-ai/langsmith-sdk#2690</a></li> <li>release(js): 0.5.18 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2691">langchain-ai/langsmith-sdk#2691</a></li> <li>chore(js/sandbox): suppress warning log by <a href="https://github.com/hntrl"><code>@hntrl</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2694">langchain-ai/langsmith-sdk#2694</a></li> <li>feat(js): Add metadata to Claude Agent SDK JS tracing by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2695">langchain-ai/langsmith-sdk#2695</a></li> <li>fix(py): Fix run tree memory leak by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2696">langchain-ai/langsmith-sdk#2696</a></li> <li>release(py): 0.7.30 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2698">langchain-ai/langsmith-sdk#2698</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30</a></p> <h2>v0.7.29</h2> <h2>What's Changed</h2> <ul> <li>release(js): 0.5.17 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2681">langchain-ai/langsmith-sdk#2681</a></li> <li>feat(py): Fix race condition around Claude Agent SDK instrumentation by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2685">langchain-ai/langsmith-sdk#2685</a></li> <li>release(py): 0.7.29 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2686">langchain-ai/langsmith-sdk#2686</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29</a></p> <h2>v0.7.28</h2> <h2>What's Changed</h2> <ul> <li>feat(py): Support subagent tracing in Claude Agents SDK, fix usage and duplicate messages by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2670">langchain-ai/langsmith-sdk#2670</a></li> <li>chore(deps-dev): bump the py-minor-and-patch group across 1 directory with 11 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2677">langchain-ai/langsmith-sdk#2677</a></li> <li>chore(deps-dev): bump the js-minor-and-patch group across 1 directory with 8 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2667">langchain-ai/langsmith-sdk#2667</a></li> <li>chore(deps): bump pnpm/action-setup from 4 to 5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2658">langchain-ai/langsmith-sdk#2658</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/langchain-ai/langsmith-sdk/commits/v0.7.31">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
34c4a2ae08 |
chore: bump aiohttp from 3.13.3 to 3.13.4 in /libs/partners/huggingface (#36436)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langchain/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
John Kennedy
|
0f4f3f74c8 |
chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385)
## Summary Bumps `pygments` to `>=2.20.0` across all 21 affected packages to address [CVE-2026-4539](https://github.com/advisories/GHSA-XXXX) — ReDoS via inefficient GUID regex in Pygments. - **Severity:** Low - **Fixed in:** 2.20.0 (was 2.19.2) - **Change:** Added `pygments>=2.20.0` to `constraint-dependencies` in `[tool.uv]` for each package, then ran `uv lock --upgrade-package pygments` to regenerate lock files. Closes Dependabot alerts #3435–#3455. ## Release Note Patch deps ### Test Plan - [x] CI Green 🙏 Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> |
||
|
dependabot[bot]
|
a544f03955 |
chore: bump requests from 2.32.5 to 2.33.0 in /libs/partners/huggingface (#36252)
Bumps [requests](https://github.com/psf/requests) from 2.32.5 to 2.33.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.33.0</h2> <h2>2.33.0 (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at <a href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>. Give it a try, and report any gaps or feedback you may have in the issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul> <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517 build system using setuptools. (<a href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (<a href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for Python 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/M0d3v1"><code>@M0d3v1</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6865">psf/requests#6865</a></li> <li><a href="https://github.com/aminvakil"><code>@aminvakil</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7220">psf/requests#7220</a></li> <li><a href="https://github.com/E8Price"><code>@E8Price</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6960">psf/requests#6960</a></li> <li><a href="https://github.com/mitre88"><code>@mitre88</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7244">psf/requests#7244</a></li> <li><a href="https://github.com/magsen"><code>@magsen</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6553">psf/requests#6553</a></li> <li><a href="https://github.com/Rohan5commit"><code>@Rohan5commit</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7227">psf/requests#7227</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25">https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.33.0 (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at <a href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>. Give it a try, and report any gaps or feedback you may have in the issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul> <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517 build system using setuptools. (<a href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (<a href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for Python 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Mason Daugherty
|
2f64d80cc6 |
fix(core,model-profiles): add missing ModelProfile fields, warn on schema drift (#36129)
PR #35788 added 7 new fields to the `langchain-profiles` CLI output (`name`, `status`, `release_date`, `last_updated`, `open_weights`, `attachment`, `temperature`) but didn't update `ModelProfile` in `langchain-core`. Partner packages like `langchain-aws` that set `extra="forbid"` on their Pydantic models hit `extra_forbidden` validation errors when Pydantic encountered undeclared TypedDict keys at construction time. This adds the missing fields, makes `ModelProfile` forward-compatible, provides a base-class hook so partners can stop duplicating model-profile validator boilerplate, migrates all in-repo partners to the new hook, and adds runtime + CI-time warnings for schema drift. ## Changes ### `langchain-core` - Add `__pydantic_config__ = ConfigDict(extra="allow")` to `ModelProfile` so unknown profile keys pass Pydantic validation even on models with `extra="forbid"` — forward-compatibility for when the CLI schema evolves ahead of core - Declare the 7 missing fields on `ModelProfile`: `name`, `status`, `release_date`, `last_updated`, `open_weights` (metadata) and `attachment`, `temperature` (capabilities) - Add `_warn_unknown_profile_keys()` in `model_profile.py` — emits a `UserWarning` when a profile dict contains keys not in `ModelProfile`, suggesting a core upgrade. Wrapped in a bare `except` so introspection failures never crash model construction - Add `BaseChatModel._resolve_model_profile()` hook that returns `None` by default. Partners can override this single method instead of redefining the full `_set_model_profile` validator — the base validator calls it automatically - Add `BaseChatModel._check_profile_keys` as a separate `model_validator` that calls `_warn_unknown_profile_keys`. Uses a distinct method name so partner overrides of `_set_model_profile` don't inadvertently suppress the check ### `langchain-profiles` CLI - Add `_warn_undeclared_profile_keys()` to the CLI (`cli.py`), called after merging augmentations in `refresh()` — warns at profile-generation time (not just runtime) when emitted keys aren't declared in `ModelProfile`. Gracefully skips if `langchain-core` isn't installed - Add guard test `test_model_data_to_profile_keys_subset_of_model_profile` in model-profiles — feeds a fully-populated model dict to `_model_data_to_profile()` and asserts every emitted key exists in `ModelProfile.__annotations__`. CI fails before any release if someone adds a CLI field without updating the TypedDict ### Partner packages - Migrate all 10 in-repo partners to the `_resolve_model_profile()` hook, replacing duplicated `@model_validator` / `_set_model_profile` overrides: anthropic, deepseek, fireworks, groq, huggingface, mistralai, openai (base + azure), openrouter, perplexity, xai - Anthropic retains custom logic (context-1m beta → `max_input_tokens` override); all others reduce to a one-liner - Add `pr_lint.yml` scope for the new `model-profiles` package |
||
|
dependabot[bot]
|
4a632cf6a9 | chore: bump orjson from 3.11.5 to 3.11.6 in /libs/partners/huggingface (#35861) | ||
|
dependabot[bot]
|
2a71c1a43f |
chore: bump tornado from 6.5.2 to 6.5.5 in /libs/partners/huggingface (#35776)
Bumps [tornado](https://github.com/tornadoweb/tornado) from 6.5.2 to 6.5.5. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst">tornado's changelog</a>.</em></p> <blockquote> <h1>Release notes</h1> <p>.. toctree:: :maxdepth: 2</p> <p>releases/v6.5.5 releases/v6.5.4 releases/v6.5.3 releases/v6.5.2 releases/v6.5.1 releases/v6.5.0 releases/v6.4.2 releases/v6.4.1 releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1 releases/v3.2.0 releases/v3.1.1</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
576ee9d409 |
chore: bump langgraph from 1.0.8 to 1.0.10rc1 in /libs/partners/huggingface (#35613)
Bumps [langgraph](https://github.com/langchain-ai/langgraph) from 1.0.8 to 1.0.10rc1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langgraph/releases">langgraph's releases</a>.</em></p> <blockquote> <h2>langgraph==1.0.10rc1</h2> <p>Changes since 1.0.9</p> <ul> <li>release: Candidate (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6947">#6947</a>)</li> <li>Merge commit from fork</li> <li>chore: add tests to confirm expected subgraph persistence behavior (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6943">#6943</a>)</li> <li>fix(langgraph): correct ParentCommand bubbling when checkpoint_ns includes numeric task segments (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6864">#6864</a>)</li> <li>chore: add <code>make type</code> target for type checking (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6748">#6748</a>)</li> </ul> <h2>langgraph==1.0.9</h2> <p>Changes since 1.0.8</p> <ul> <li>release: langgraph + prebuilt (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6875">#6875</a>)</li> <li>fix: sequential interrupt handling w/ functional API (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6863">#6863</a>)</li> <li>chore: state_updated_at sort by (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6857">#6857</a>)</li> <li>chore: bump orjson (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6852">#6852</a>)</li> <li>chore: conformance testing (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6842">#6842</a>)</li> <li>chore(deps): bump the all-dependencies group in /libs/langgraph with 6 updates (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6815">#6815</a>)</li> <li>chore(deps): bump protobuf from 6.33.4 to 6.33.5 in /libs/langgraph (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6833">#6833</a>)</li> <li>chore(deps): bump cryptography from 46.0.3 to 46.0.5 in /libs/langgraph (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6837">#6837</a>)</li> <li>chore(deps): bump nbconvert from 7.16.6 to 7.17.0 in /libs/langgraph (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6832">#6832</a>)</li> <li>chore: server runtime type (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6774">#6774</a>)</li> <li>refactor: replace bare except with BaseException in AsyncQueue (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6765">#6765</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Mason Daugherty
|
6d39b72892 |
fix(huggingface): bump transformers and sentence-transformers lower bounds (#35522)
Bump `transformers` and `sentence-transformers` lower bounds in `langchain-huggingface` to resolve a dependency conflict with `huggingface-hub` 1.x. The existing constraints allowed `huggingface-hub>=0.33.4,<2.0.0` (so hub 1.x is valid), but `transformers` 4.x requires `huggingface-hub<1.0` — causing the pre-release CI job to fail when `uv pip install --force-reinstall` resolved hub to 1.5.0 while leaving `transformers` at 4.56.2. Breaking change for users on transformers 4.x or sentence-transformers<5.2.0 who install langchain-huggingface[full]. |
||
|
dependabot[bot]
|
dac22ced14 |
chore: bump langgraph-checkpoint from 3.0.0 to 4.0.0 in /libs/partners/huggingface (#35447)
Bumps [langgraph-checkpoint](https://github.com/langchain-ai/langgraph) from 3.0.0 to 4.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langgraph/releases">langgraph-checkpoint's releases</a>.</em></p> <blockquote> <h2>langgraph-checkpoint==4.0.0</h2> <p>Changes since checkpoint==3.0.1</p> <ul> <li>fix: flip default on base cache (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6677">#6677</a>)</li> <li>fix(checkpoint): InMemorySaver context managers should return self in… (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6529">#6529</a>)</li> <li>fix: docstring for serializer protocol (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6525">#6525</a>)</li> <li>chore: clean up some refs (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6487">#6487</a>)</li> <li>chore: add <code>pyproject.toml</code> links (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6364">#6364</a>)</li> </ul> <h2>langgraph-checkpoint-postgres==3.0.4</h2> <p>Changes since checkpointpostgres==3.0.3</p> <ul> <li>chore: Omit lock when using connection pool (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6734">#6734</a>)</li> <li>chore(deps): upgrade dependencies with <code>uv lock --upgrade</code> (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6671">#6671</a>)</li> <li>chore: update twitter URLs (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6683">#6683</a>)</li> </ul> <h2>langgraph-checkpoint-postgres==3.0.3</h2> <p>Changes since checkpointpostgres==3.0.2</p> <ul> <li>fix: flip default on base cache (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6677">#6677</a>)</li> <li>docs: storage nits (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6651">#6651</a>)</li> </ul> <h2>langgraph-checkpoint-sqlite==3.0.3</h2> <p>Changes since checkpointsqlite==3.0.2</p> <ul> <li>fix: aiosqlite's breaking change (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6699">#6699</a>)</li> <li>chore(deps): upgrade dependencies with <code>uv lock --upgrade</code> (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6671">#6671</a>)</li> <li>chore: update twitter URLs (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6683">#6683</a>)</li> </ul> <h2>langgraph-checkpoint-postgres==3.0.2</h2> <p>Changes since checkpointpostgres==3.0.1</p> <ul> <li>release(checkpoint-postgres): 3.0.1 (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6568">#6568</a>)</li> <li>chore: pgqs (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6567">#6567</a>)</li> <li>fix(checkpoint-postgres): ensure vector extension is created only if not exists (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6154">#6154</a>)</li> <li>fix(checkpoint-postgres): Replace f-string SQL formatting with parameterized queries in migration statements (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6328">#6328</a>)</li> <li>chore: add <code>pyproject.toml</code> links (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6364">#6364</a>)</li> <li>docs: add license files for checkpoint-sqlite and checkpoint-postgres (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6392">#6392</a>)</li> </ul> <h2>langgraph-checkpoint-sqlite==3.0.2</h2> <p>Changes since checkpointsqlite==3.0.1</p> <ul> <li>fix: flip default on base cache (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6677">#6677</a>)</li> <li>docs: storage nits (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6651">#6651</a>)</li> </ul> <h2>checkpoint==3.0.1</h2> <p>Changes since checkpoint==3.0.0</p> <ul> <li>chore: update ormsgpack minbound and add OPT_REPLACE_SURROGATES (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6395">#6395</a>)</li> <li>fix(checkpoint): update checkpoint interface specification in README (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6386">#6386</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Mason Daugherty
|
82ae4fb6fa | chore: bump model profiles (#35294) | ||
ccurme
|
8f859bd91f | release(huggingface): 1.2.1 (#35182) | ||
Mohammad Mohtashim
|
f89e30eb13 | chore(huggingface): version bump for huggingface-hub and transformers deps (#35061) | ||
|
dependabot[bot]
|
cad0025216 | chore(deps): bump pillow from 11.3.0 to 12.1.1 in /libs/partners/huggingface (#35179) | ||
|
dependabot[bot]
|
7ec96bbee5 |
chore(deps): bump langsmith from 0.4.32rc0 to 0.6.3 in /libs/partners/huggingface (#35152)
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from 0.4.32rc0 to 0.6.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's releases</a>.</em></p> <blockquote> <h2>v0.6.1</h2> <h2>What's Changed</h2> <ul> <li>ci: test more bundlers by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2263">langchain-ai/langsmith-sdk#2263</a></li> <li>feat(python sdk): Add support for setting commit tags when pushing a prompt by <a href="https://github.com/bees"><code>@bees</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2265">langchain-ai/langsmith-sdk#2265</a></li> <li>feat: Pass in Cache, rename by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2264">langchain-ai/langsmith-sdk#2264</a></li> <li>chore: bump sdk by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2268">langchain-ai/langsmith-sdk#2268</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.6.0...v0.6.1">https://github.com/langchain-ai/langsmith-sdk/compare/v0.6.0...v0.6.1</a></p> <h2>v0.6.0</h2> <h2>What's Changed</h2> <ul> <li>chore(js): bump JS to 0.4.3 by <a href="https://github.com/dqbd"><code>@dqbd</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2253">langchain-ai/langsmith-sdk#2253</a></li> <li>Revert "feat: add js prompt caching" by <a href="https://github.com/angus-langchain"><code>@angus-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2258">langchain-ai/langsmith-sdk#2258</a></li> <li>Revert "feat: Replace UUID5 with deterministic UUID7 for replicas" by <a href="https://github.com/angus-langchain"><code>@angus-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2257">langchain-ai/langsmith-sdk#2257</a></li> <li>release(js): bump to 0.4.4 by <a href="https://github.com/dqbd"><code>@dqbd</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2259">langchain-ai/langsmith-sdk#2259</a></li> <li>feat: add prompt cache back and setup environment tests by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2260">langchain-ai/langsmith-sdk#2260</a></li> <li>feat(python): Bump pydantic to v2 by <a href="https://github.com/angus-langchain"><code>@angus-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2248">langchain-ai/langsmith-sdk#2248</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.5.2...v0.6.0">https://github.com/langchain-ai/langsmith-sdk/compare/v0.5.2...v0.6.0</a></p> <h2>v0.6.0rc0</h2> <h2>What's Changed</h2> <ul> <li>feat(js): Add support for tracing AI SDK 6 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2237">langchain-ai/langsmith-sdk#2237</a></li> <li>fix(js): Remove default Jestlike timeout by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2243">langchain-ai/langsmith-sdk#2243</a></li> <li>feat(js): Add support for tracing tool loop agent by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2244">langchain-ai/langsmith-sdk#2244</a></li> <li>feat: Replace UUID5 with deterministic UUID7 for replicas by <a href="https://github.com/angus-langchain"><code>@angus-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2249">langchain-ai/langsmith-sdk#2249</a></li> <li>feat: add prompt caching to python sdk by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2246">langchain-ai/langsmith-sdk#2246</a></li> <li>feat: add js prompt caching by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2251">langchain-ai/langsmith-sdk#2251</a></li> <li>fix(claude): correctly parse llm and tool inputs in claude agent sdk by <a href="https://github.com/angus-langchain"><code>@angus-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2255">langchain-ai/langsmith-sdk#2255</a></li> <li>bump(python): 0.5.2 by <a href="https://github.com/angus-langchain"><code>@angus-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2256">langchain-ai/langsmith-sdk#2256</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.5.1...v0.6.0rc0">https://github.com/langchain-ai/langsmith-sdk/compare/v0.5.1...v0.6.0rc0</a></p> <h2>v0.5.2</h2> <h2>What's Changed</h2> <ul> <li>feat(js): Add support for tracing AI SDK 6 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2237">langchain-ai/langsmith-sdk#2237</a></li> <li>fix(js): Remove default Jestlike timeout by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2243">langchain-ai/langsmith-sdk#2243</a></li> <li>feat(js): Add support for tracing tool loop agent by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2244">langchain-ai/langsmith-sdk#2244</a></li> <li>feat: Replace UUID5 with deterministic UUID7 for replicas by <a href="https://github.com/angus-langchain"><code>@angus-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2249">langchain-ai/langsmith-sdk#2249</a></li> <li>feat: add prompt caching to python sdk by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2246">langchain-ai/langsmith-sdk#2246</a></li> <li>feat: add js prompt caching by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2251">langchain-ai/langsmith-sdk#2251</a></li> <li>fix(claude): correctly parse llm and tool inputs in claude agent sdk by <a href="https://github.com/angus-langchain"><code>@angus-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2255">langchain-ai/langsmith-sdk#2255</a></li> <li>bump(python): 0.5.2 by <a href="https://github.com/angus-langchain"><code>@angus-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2256">langchain-ai/langsmith-sdk#2256</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.5.1...v0.5.2">https://github.com/langchain-ai/langsmith-sdk/compare/v0.5.1...v0.5.2</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/langchain-ai/langsmith-sdk/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langchain/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
328bf24a4c |
chore(deps): bump the uv group across 20 directories with 3 updates (#34941)
Bumps the uv group with 1 update in the /libs/core directory: [nbconvert](https://github.com/jupyter/nbconvert). Bumps the uv group with 3 updates in the /libs/langchain directory: [nbconvert](https://github.com/jupyter/nbconvert), [orjson](https://github.com/ijl/orjson) and [protobuf](https://github.com/protocolbuffers/protobuf). Bumps the uv group with 2 updates in the /libs/langchain_v1 directory: [orjson](https://github.com/ijl/orjson) and [protobuf](https://github.com/protocolbuffers/protobuf). Bumps the uv group with 1 update in the /libs/model-profiles directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/anthropic directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 2 updates in the /libs/partners/chroma directory: [orjson](https://github.com/ijl/orjson) and [protobuf](https://github.com/protocolbuffers/protobuf). Bumps the uv group with 1 update in the /libs/partners/deepseek directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/exa directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/fireworks directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/groq directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/huggingface directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/mistralai directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/nomic directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/ollama directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/openai directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/perplexity directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/prompty directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 2 updates in the /libs/partners/qdrant directory: [orjson](https://github.com/ijl/orjson) and [protobuf](https://github.com/protocolbuffers/protobuf). Bumps the uv group with 1 update in the /libs/partners/xai directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 2 updates in the /libs/text-splitters directory: [nbconvert](https://github.com/jupyter/nbconvert) and [orjson](https://github.com/ijl/orjson). Updates `nbconvert` from 7.16.6 to 7.17.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jupyter/nbconvert/releases">nbconvert's releases</a>.</em></p> <blockquote> <h2>v7.17.0</h2> <h2>7.17.0</h2> <p>(<a href="https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71">Full Changelog</a>)</p> <h3>Enhancements made</h3> <ul> <li>Add support for arbitrary browser arguments <a href="https://redirect.github.com/jupyter/nbconvert/pull/2227">#2227</a> (<a href="https://github.com/shreve"><code>@shreve</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> </ul> <h3>Bugs fixed</h3> <ul> <li>Fix QtPNGExporter returning empty bytes on macOS <a href="https://redirect.github.com/jupyter/nbconvert/pull/2264">#2264</a> (<a href="https://github.com/h3pdesign"><code>@h3pdesign</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/QuLogic"><code>@QuLogic</code></a>)</li> <li>Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) <a href="https://redirect.github.com/jupyter/nbconvert/pull/2261">#2261</a> (<a href="https://github.com/h3pdesign"><code>@h3pdesign</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/mberlanda"><code>@mberlanda</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>, <a href="https://github.com/salmankadaya"><code>@salmankadaya</code></a>, <a href="https://github.com/th3gowtham"><code>@th3gowtham</code></a>)</li> <li>Fix get_export_names and get_exporter default args <a href="https://redirect.github.com/jupyter/nbconvert/pull/2228">#2228</a> (<a href="https://github.com/shreve"><code>@shreve</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>PyPA-Compliant Summary <a href="https://redirect.github.com/jupyter/nbconvert/pull/2226">#2226</a> (<a href="https://github.com/hackowitz-af"><code>@hackowitz-af</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> </ul> <h3>Maintenance and upkeep improvements</h3> <ul> <li>avoid cov environment on free-threaded Pythons <a href="https://redirect.github.com/jupyter/nbconvert/pull/2267">#2267</a> (<a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>update pre-commit, and fix all issues. <a href="https://redirect.github.com/jupyter/nbconvert/pull/2238">#2238</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Drop test on 3.9, test on 3.13, 3.14, 3.14t <a href="https://redirect.github.com/jupyter/nbconvert/pull/2237">#2237</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Bump the actions group across 1 directory with 2 updates <a href="https://redirect.github.com/jupyter/nbconvert/pull/2231">#2231</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Replace <code>@flaky.flaky</code> decorate with pytest marker <a href="https://redirect.github.com/jupyter/nbconvert/pull/2229">#2229</a> (<a href="https://github.com/mgorny"><code>@mgorny</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>update to mermaid 11.10.0 <a href="https://redirect.github.com/jupyter/nbconvert/pull/2224">#2224</a> (<a href="https://github.com/bollwyvl"><code>@bollwyvl</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Drop support for Python 3.8, fix the CI tests <a href="https://redirect.github.com/jupyter/nbconvert/pull/2221">#2221</a> (<a href="https://github.com/shreve"><code>@shreve</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> </ul> <h3>Documentation improvements</h3> <ul> <li>Use <code>intersphinx_registry</code> <a href="https://redirect.github.com/jupyter/nbconvert/pull/2232">#2232</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28&to=2026-01-29&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/bollwyvl"><code>@bollwyvl</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/Carreau"><code>@Carreau</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/h3pdesign"><code>@h3pdesign</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/hackowitz-af"><code>@hackowitz-af</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/krassowski"><code>@krassowski</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/mberlanda"><code>@mberlanda</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/mgorny"><code>@mgorny</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/minrk"><code>@minrk</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/MSeal"><code>@MSeal</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/QuLogic"><code>@QuLogic</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/salmankadaya"><code>@salmankadaya</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/shreve"><code>@shreve</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/th3gowtham"><code>@th3gowtham</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>)</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jupyter/nbconvert/blob/main/CHANGELOG.md">nbconvert's changelog</a>.</em></p> <blockquote> <h2>7.17.0</h2> <p>(<a href="https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71">Full Changelog</a>)</p> <h3>Enhancements made</h3> <ul> <li>Add support for arbitrary browser arguments <a href="https://redirect.github.com/jupyter/nbconvert/pull/2227">#2227</a> (<a href="https://github.com/shreve"><code>@shreve</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> </ul> <h3>Bugs fixed</h3> <ul> <li>Fix QtPNGExporter returning empty bytes on macOS <a href="https://redirect.github.com/jupyter/nbconvert/pull/2264">#2264</a> (<a href="https://github.com/h3pdesign"><code>@h3pdesign</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/QuLogic"><code>@QuLogic</code></a>)</li> <li>Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) <a href="https://redirect.github.com/jupyter/nbconvert/pull/2261">#2261</a> (<a href="https://github.com/h3pdesign"><code>@h3pdesign</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/mberlanda"><code>@mberlanda</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>, <a href="https://github.com/salmankadaya"><code>@salmankadaya</code></a>, <a href="https://github.com/th3gowtham"><code>@th3gowtham</code></a>)</li> <li>Fix get_export_names and get_exporter default args <a href="https://redirect.github.com/jupyter/nbconvert/pull/2228">#2228</a> (<a href="https://github.com/shreve"><code>@shreve</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>PyPA-Compliant Summary <a href="https://redirect.github.com/jupyter/nbconvert/pull/2226">#2226</a> (<a href="https://github.com/hackowitz-af"><code>@hackowitz-af</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> </ul> <h3>Maintenance and upkeep improvements</h3> <ul> <li>avoid cov environment on free-threaded Pythons <a href="https://redirect.github.com/jupyter/nbconvert/pull/2267">#2267</a> (<a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>update pre-commit, and fix all issues. <a href="https://redirect.github.com/jupyter/nbconvert/pull/2238">#2238</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Drop test on 3.9, test on 3.13, 3.14, 3.14t <a href="https://redirect.github.com/jupyter/nbconvert/pull/2237">#2237</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Bump the actions group across 1 directory with 2 updates <a href="https://redirect.github.com/jupyter/nbconvert/pull/2231">#2231</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Replace <code>@flaky.flaky</code> decorate with pytest marker <a href="https://redirect.github.com/jupyter/nbconvert/pull/2229">#2229</a> (<a href="https://github.com/mgorny"><code>@mgorny</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>update to mermaid 11.10.0 <a href="https://redirect.github.com/jupyter/nbconvert/pull/2224">#2224</a> (<a href="https://github.com/bollwyvl"><code>@bollwyvl</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Drop support for Python 3.8, fix the CI tests <a href="https://redirect.github.com/jupyter/nbconvert/pull/2221">#2221</a> (<a href="https://github.com/shreve"><code>@shreve</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> </ul> <h3>Documentation improvements</h3> <ul> <li>Use <code>intersphinx_registry</code> <a href="https://redirect.github.com/jupyter/nbconvert/pull/2232">#2232</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28&to=2026-01-29&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/bollwyvl"><code>@bollwyvl</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/Carreau"><code>@Carreau</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/h3pdesign"><code>@h3pdesign</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/hackowitz-af"><code>@hackowitz-af</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/krassowski"><code>@krassowski</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/mberlanda"><code>@mberlanda</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/mgorny"><code>@mgorny</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/minrk"><code>@minrk</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/MSeal"><code>@MSeal</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/QuLogic"><code>@QuLogic</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/salmankadaya"><code>@salmankadaya</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/shreve"><code>@shreve</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/th3gowtham"><code>@th3gowtham</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>)</p> <!-- raw HTML omitted --> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
John Kennedy
|
c5834cc028 | chore: upgrade urllib3 to 2.6.3 (#34940) | ||
|
dependabot[bot]
|
a84722e2d7 |
chore(deps): bump the uv group across 8 directories with 6 updates (#34773)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langchain/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Mason Daugherty
|
2f8af61218 | release(huggingface): 1.2.0 (#34335) | ||
Georgey
|
16c984ef0a | fix(langchain-classic): fix init_chat_model for HuggingFace models (#33943) | ||
Sydney Runkle
|
78c10f8790 | chore: update core dep in lockfiles (#34216) | ||
|
ccurme
|
eb0545a173 | release: (integration packages) 1.1 (#34087) | ||
|
ccurme
|
2f67f9ddcb | release(huggingface): 1.0.1 (#33803) | ||
|
Mason Daugherty
|
a194ae6959 | release(huggingface): 1.0.0 (#33572) | ||
|
ccurme
|
3152d25811 |
fix: support python 3.14 in various projects (#33575)
Co-authored-by: cbornet <cbornet@hotmail.com> Co-authored-by: Mason Daugherty <mason@langchain.dev> |
||
|
Mason Daugherty
|
5489df75d7 | release(huggingface): 1.0.0a1 (#33536) | ||
|
Mason Daugherty
|
eaa6dcce9e |
release: v1.0.0 (#32567)
Co-authored-by: Mohammad Mohtashim <45242107+keenborder786@users.noreply.github.com> Co-authored-by: Caspar Broekhuizen <caspar@langchain.dev> Co-authored-by: ccurme <chester.curme@gmail.com> Co-authored-by: Christophe Bornet <cbornet@hotmail.com> Co-authored-by: Eugene Yurtsev <eyurtsev@gmail.com> Co-authored-by: Sadra Barikbin <sadraqazvin1@yahoo.com> Co-authored-by: Vadym Barda <vadim.barda@gmail.com> |
||
Christophe Bornet
|
eaf8dce7c2 |
chore: bump ruff version to 0.13 (#33043)
Co-authored-by: Mason Daugherty <mason@langchain.dev> |
||
|
Mason Daugherty
|
781db9d892 |
chore: update pyproject.toml files, remove codespell (#33028)
- Removes Codespell from deps, docs, and `Makefile`s - Python version requirements in all `pyproject.toml` files now use the `~=` (compatible release) specifier - All dependency groups and main dependencies now use explicit lower and upper bounds, reducing potential for breaking changes |
||
|
Mason Daugherty
|
3d08b6bd11 |
chore: adress pytest-asyncio deprecation warnings + other nits (#32696)
amongst some linting imcompatible rules |
||
|
Mason Daugherty
|
ee4c2510eb |
feat: port various nit changes from wip-v0.4 (#32506)
Lots of work that wasn't directly related to core improvements/messages/testing functionality |
||
|
Mason Daugherty
|
116b758498 |
fix: bump deps for release (#32179)
forgot to bump the `pyproject.toml` files |
||
|
Mason Daugherty
|
64dac1faf7 | release(huggingface): 0.3.1 (#32177) | ||
|
Mason Daugherty
|
4d9eefecab |
fix: bump lockfiles (#31923)
* bump lockfiles after upgrading ruff * resolve resulting linting fixes |
||
|
ccurme
|
4071670f56 | huggingface[patch]: bump transformers (#31559) | ||
|
ccurme
|
40d6d4c738 | huggingface[patch]: bump core dep (#31558) | ||
Eugene Yurtsev
|
73655b0ca8 |
huggingface: 0.3.0 release (#31503)
Breaking change to make some dependencies optional: https://github.com/langchain-ai/langchain/pull/31268 --------- Co-authored-by: Chester Curme <chester.curme@gmail.com> |
||
|
ccurme
|
d7e016c5fc | huggingface: release 0.2 (#31153) | ||
|
ccurme
|
4b11cbeb47 | huggingface[patch]: update lockfile (#31152) | ||
célina
|
868f07f8f4 |
partners: (langchain-huggingface) Chat Models - Integrate Hugging Face Inference Providers and remove deprecated code (#30733)
Hi there, I'm Célina from 🤗, This PR introduces support for Hugging Face's serverless Inference Providers (documentation [here](https://huggingface.co/docs/inference-providers/index)), allowing users to specify different providers for chat completion and text generation tasks. This PR also removes the usage of `InferenceClient.post()` method in `HuggingFaceEndpoint`, in favor of the task-specific `text_generation` method. `InferenceClient.post()` is deprecated and will be removed in `huggingface_hub v0.31.0`. --- ## Changes made - bumped the minimum required version of the `huggingface-hub` package to ensure compatibility with the latest API usage. - added a `provider` field to `HuggingFaceEndpoint`, enabling users to select the inference provider (e.g., 'cerebras', 'together', 'fireworks-ai'). Defaults to `hf-inference` (HF Inference API). - replaced the deprecated `InferenceClient.post()` call in `HuggingFaceEndpoint` with the task-specific `text_generation` method for future-proofing, `post()` will be removed in huggingface-hub v0.31.0. - updated the `ChatHuggingFace` component: - added async and streaming support. - added support for tool calling. - exposed underlying chat completion parameters for more granular control. - Added integration tests for `ChatHuggingFace` and updated the corresponding unit tests. ✅ All changes are backward compatible. --------- Co-authored-by: ccurme <chester.curme@gmail.com> |
||
|
Sydney Runkle
|
7e926520d5 |
packaging: remove Python upper bound for langchain and co libs (#31025)
Follow up to https://github.com/langchain-ai/langsmith-sdk/pull/1696, I've bumped the `langsmith` version where applicable in `uv.lock`. Type checking problems here because deps have been updated in `pyproject.toml` and `uv lock` hasn't been run - we should enforce that in the future - goes with the other dependabot todos :). |
||
|
Sydney Runkle
|
4556b81b1d |
Clean up numpy dependencies and speed up 3.13 CI with numpy>=2.1.0 (#30714)
Generally, this PR is CI performance focused + aims to clean up some dependencies at the same time. 1. Unpins upper bounds for `numpy` in all `pyproject.toml` files where `numpy` is specified 2. Requires `numpy >= 2.1.0` for Python 3.13 and `numpy > v1.26.0` for Python 3.12, plus a `numpy` min version bump for `chroma` 3. Speeds up CI by minutes - linting on Python 3.13, installing `numpy < 2.1.0` was taking [~3 minutes](https://github.com/langchain-ai/langchain/actions/runs/14316342925/job/40123305868?pr=30713), now the entire env setup takes a few seconds 4. Deleted the `numpy` test dependency from partners where that was not used, specifically `huggingface`, `voyageai`, `xai`, and `nomic`. It's a bit unfortunate that `langchain-community` depends on `numpy`, we might want to try to fix that in the future... Closes https://github.com/langchain-ai/langchain/issues/26026 Fixes https://github.com/langchain-ai/langchain/issues/30555 |
||
Erick Friis
|
1a225fad03 |
multiple: fix uv path deps (#29790)
file:// format wasn't working with updates - it doesn't install as an editable dep move to tool.uv.sources with path= instead |
||
|
ccurme
|
d172984c91 | infra: migrate to uv (#29566) |