mirror of
https://github.com/hwchase17/langchain.git
synced 2026-06-09 10:17:00 +00:00
97ac1d34d092464ca211605ac93217033169067c
86 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Mason Daugherty
|
56d6e89be0 | hotfix: bump min core versions (#36996) | ||
Nick Hollon
|
9ce72eba9f | feat(core): add content-block-centric streaming (v2) (#36834) | ||
|
Nick Hollon
|
ffaac42bf9 |
ci(infra): add pytest-xdist to partner test groups (#36988)
|
||
|
Mason Daugherty
|
b57eea2aed | hotfix(ci): remove nobenchmark flag (#36959) | ||
|
Mason Daugherty
|
ec337534c5 |
chore(partners): standardize integration test invocation (#36958)
Standardize the `integration_tests` Makefile target across all 15 partner packages in `libs/partners/`, mirroring the deepagents `libs/evals` pattern (`-v --tb=short`). Previously each partner had its own ad-hoc flag stack (some missing `-n auto`, some with `-vvv`, others with nothing), and every partner that used `-n auto` was emitting a `PytestBenchmarkWarning` because `pytest-benchmark` is pulled in transitively via `langchain-tests` even though no partner has benchmark tests. |
||
|
Mason Daugherty
|
7e81d09f2a |
chore(deps): bump pytest to 9.0.3 (#36801)
CVE-2025-71176 (medium severity) All are dev-only (test dependency group) — no impact on published packages. ### Why syrupy was also bumped syrupy 4.x (`<5.0.0`) constrains pytest to `<9.0.0`, blocking the CVE fix. Widening to `<6.0.0` allows syrupy 5.x which supports pytest 9.x. |
||
dependabot[bot]
|
e56763f8ed |
chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/partners/nomic (#36784)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from 0.6.3 to 0.7.31. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's releases</a>.</em></p> <blockquote> <h2>v0.7.31</h2> <h2>What's Changed</h2> <ul> <li>chore(deps-dev): bump langchain-core from 1.2.23 to 1.2.28 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2692">langchain-ai/langsmith-sdk#2692</a></li> <li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.82.0 to 0.84.0 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2684">langchain-ai/langsmith-sdk#2684</a></li> <li>chore(deps): bump cryptography from 46.0.6 to 46.0.7 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2693">langchain-ai/langsmith-sdk#2693</a></li> <li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.84.0 to 0.85.0 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2700">langchain-ai/langsmith-sdk#2700</a></li> <li>feat(py): Tag OpenAI Agent Python SDK runs with ls_agent_type by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2699">langchain-ai/langsmith-sdk#2699</a></li> <li>feat(js): Adds ls_agent_type metadata to AI SDK runs by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2701">langchain-ai/langsmith-sdk#2701</a></li> <li>chore(deps-dev): bump types-tqdm from 4.67.3.20260303 to 4.67.3.20260408 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2710">langchain-ai/langsmith-sdk#2710</a></li> <li>chore(deps): bump pnpm/action-setup from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2705">langchain-ai/langsmith-sdk#2705</a></li> <li>chore(deps): bump the py-minor-and-patch group across 1 directory with 10 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2711">langchain-ai/langsmith-sdk#2711</a></li> <li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.85.0 to 0.86.0 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2702">langchain-ai/langsmith-sdk#2702</a></li> <li>chore(deps): bump actions/github-script from 8 to 9 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2706">langchain-ai/langsmith-sdk#2706</a></li> <li>chore(deps-dev): bump the js-minor-and-patch group across 1 directory with 7 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2712">langchain-ai/langsmith-sdk#2712</a></li> <li>chore(deps-dev): bump types-psutil from 7.2.2.20260130 to 7.2.2.20260408 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2709">langchain-ai/langsmith-sdk#2709</a></li> <li>chore(deps-dev): bump rich from 14.3.3 to 15.0.0 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2708">langchain-ai/langsmith-sdk#2708</a></li> <li>feat: Filter kwargs from new token events by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2714">langchain-ai/langsmith-sdk#2714</a></li> <li>release(py): 0.7.31 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2716">langchain-ai/langsmith-sdk#2716</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31</a></p> <h2>v0.7.30</h2> <h2>What's Changed</h2> <ul> <li>feat(python): add service feature to sandbox by <a href="https://github.com/DanielKneipp"><code>@DanielKneipp</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2665">langchain-ai/langsmith-sdk#2665</a></li> <li>fix(js): Fix prototype pollution bug in anonymizers by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2690">langchain-ai/langsmith-sdk#2690</a></li> <li>release(js): 0.5.18 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2691">langchain-ai/langsmith-sdk#2691</a></li> <li>chore(js/sandbox): suppress warning log by <a href="https://github.com/hntrl"><code>@hntrl</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2694">langchain-ai/langsmith-sdk#2694</a></li> <li>feat(js): Add metadata to Claude Agent SDK JS tracing by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2695">langchain-ai/langsmith-sdk#2695</a></li> <li>fix(py): Fix run tree memory leak by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2696">langchain-ai/langsmith-sdk#2696</a></li> <li>release(py): 0.7.30 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2698">langchain-ai/langsmith-sdk#2698</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30</a></p> <h2>v0.7.29</h2> <h2>What's Changed</h2> <ul> <li>release(js): 0.5.17 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2681">langchain-ai/langsmith-sdk#2681</a></li> <li>feat(py): Fix race condition around Claude Agent SDK instrumentation by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2685">langchain-ai/langsmith-sdk#2685</a></li> <li>release(py): 0.7.29 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2686">langchain-ai/langsmith-sdk#2686</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29</a></p> <h2>v0.7.28</h2> <h2>What's Changed</h2> <ul> <li>feat(py): Support subagent tracing in Claude Agents SDK, fix usage and duplicate messages by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2670">langchain-ai/langsmith-sdk#2670</a></li> <li>chore(deps-dev): bump the py-minor-and-patch group across 1 directory with 11 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2677">langchain-ai/langsmith-sdk#2677</a></li> <li>chore(deps-dev): bump the js-minor-and-patch group across 1 directory with 8 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2667">langchain-ai/langsmith-sdk#2667</a></li> <li>chore(deps): bump pnpm/action-setup from 4 to 5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2658">langchain-ai/langsmith-sdk#2658</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/langchain-ai/langsmith-sdk/commits/v0.7.31">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langchain/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
263c0f23c2 |
chore: bump pillow from 12.1.1 to 12.2.0 in /libs/partners/nomic (#36779)
Bumps [pillow](https://github.com/python-pillow/Pillow) from 12.1.1 to 12.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/python-pillow/Pillow/releases">pillow's releases</a>.</em></p> <blockquote> <h2>12.2.0</h2> <p><a href="https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html">https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html</a></p> <h2>Documentation</h2> <ul> <li>Update 12.2.0 release notes <a href="https://redirect.github.com/python-pillow/Pillow/issues/9522">#9522</a> [<a href="https://github.com/hugovk"><code>@hugovk</code></a>]</li> <li>Add loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm <a href="https://redirect.github.com/python-pillow/Pillow/issues/9482">#9482</a> [<a href="https://github.com/bitplane"><code>@bitplane</code></a>]</li> <li>Update Python versions <a href="https://redirect.github.com/python-pillow/Pillow/issues/9515">#9515</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Jeffrey A. Clark -> Jeffrey 'Alex' Clark <a href="https://redirect.github.com/python-pillow/Pillow/issues/9513">#9513</a> [<a href="https://github.com/aclark4life"><code>@aclark4life</code></a>]</li> <li>Add release notes for <a href="https://redirect.github.com/python-pillow/Pillow/issues/9394">#9394</a>, <a href="https://redirect.github.com/python-pillow/Pillow/issues/9419">#9419</a> and <a href="https://redirect.github.com/python-pillow/Pillow/issues/9456">#9456</a> <a href="https://redirect.github.com/python-pillow/Pillow/issues/9467">#9467</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Add Amiga Workbench .info loader to 3rd party plugins list <a href="https://redirect.github.com/python-pillow/Pillow/issues/9459">#9459</a> [<a href="https://github.com/bitplane"><code>@bitplane</code></a>]</li> <li>Merge PFM documentation into PPM <a href="https://redirect.github.com/python-pillow/Pillow/issues/9434">#9434</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Update macOS tested Pillow versions <a href="https://redirect.github.com/python-pillow/Pillow/issues/9431">#9431</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Fix CVE number <a href="https://redirect.github.com/python-pillow/Pillow/issues/9430">#9430</a> [<a href="https://github.com/hugovk"><code>@hugovk</code></a>]</li> </ul> <h2>Dependencies</h2> <ul> <li>Update xz to 5.8.3 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9523">#9523</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Update libjpeg-turbo to 3.1.4.1 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9507">#9507</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Update libpng to 1.6.56 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9499">#9499</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Update freetype to 2.14.3 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9485">#9485</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Updated libavif to 1.4.1 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9479">#9479</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Updated harfbuzz to 13.2.1 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9461">#9461</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Update Ghostscript to 10.7.0 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9469">#9469</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Update harfbuzz to 13.0.1 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9453">#9453</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Update libavif to 1.4.0 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9460">#9460</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Update freetype to 2.14.2 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9449">#9449</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Update actions/download-artifact action to v8 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9451">#9451</a> [@<a href="https://github.com/apps/renovate">renovate[bot]</a>]</li> <li>Updated libpng to 1.6.55 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9425">#9425</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> </ul> <h2>Testing</h2> <ul> <li>Cleanup .spider extension in the same test where it is added <a href="https://redirect.github.com/python-pillow/Pillow/issues/9517">#9517</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Run tests in parallel via tox for 3.5x speedup <a href="https://redirect.github.com/python-pillow/Pillow/issues/9516">#9516</a> [<a href="https://github.com/hugovk"><code>@hugovk</code></a>]</li> <li>Enable colour in CI logs <a href="https://redirect.github.com/python-pillow/Pillow/issues/9486">#9486</a> [<a href="https://github.com/hugovk"><code>@hugovk</code></a>]</li> <li>Update Ghostscript to 10.7.0 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9469">#9469</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Simplify TGA test code <a href="https://redirect.github.com/python-pillow/Pillow/issues/9477">#9477</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Update tests to check for ValueError when encoding an empty image <a href="https://redirect.github.com/python-pillow/Pillow/issues/9464">#9464</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Upgrade CI from <code>macos-15-intel</code> to <code>macos-26-intel</code> <a href="https://redirect.github.com/python-pillow/Pillow/issues/9454">#9454</a> [<a href="https://github.com/hugovk"><code>@hugovk</code></a>]</li> <li>Add check-case-conflict hook <a href="https://redirect.github.com/python-pillow/Pillow/issues/9446">#9446</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Specify platform when pulling docker image <a href="https://redirect.github.com/python-pillow/Pillow/issues/9440">#9440</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>GHA: Cache libavif and webp builds for Ubuntu <a href="https://redirect.github.com/python-pillow/Pillow/issues/9437">#9437</a> [<a href="https://github.com/hugovk"><code>@hugovk</code></a>]</li> <li>Update macOS tested Pillow versions <a href="https://redirect.github.com/python-pillow/Pillow/issues/9431">#9431</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> </ul> <h2>Other changes</h2> <ul> <li>Check calloc return value <a href="https://redirect.github.com/python-pillow/Pillow/issues/9527">#9527</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Check all allocs in the Arrow tree <a href="https://redirect.github.com/python-pillow/Pillow/issues/9488">#9488</a> [<a href="https://github.com/wiredfool"><code>@wiredfool</code></a>]</li> <li>Reject non-numeric elements inside list coords <a href="https://redirect.github.com/python-pillow/Pillow/issues/9526">#9526</a> [<a href="https://github.com/hugovk"><code>@hugovk</code></a>]</li> <li>Move variable declaration inside define <a href="https://redirect.github.com/python-pillow/Pillow/issues/9525">#9525</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Mason Daugherty
|
555bdfbade |
chore: add comment explaining pygments>=2.20.0 (#36570)
|
||
John Kennedy
|
0f4f3f74c8 |
chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385)
## Summary Bumps `pygments` to `>=2.20.0` across all 21 affected packages to address [CVE-2026-4539](https://github.com/advisories/GHSA-XXXX) — ReDoS via inefficient GUID regex in Pygments. - **Severity:** Low - **Fixed in:** 2.20.0 (was 2.19.2) - **Change:** Added `pygments>=2.20.0` to `constraint-dependencies` in `[tool.uv]` for each package, then ran `uv lock --upgrade-package pygments` to regenerate lock files. Closes Dependabot alerts #3435–#3455. ## Release Note Patch deps ### Test Plan - [x] CI Green 🙏 Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> |
||
|
dependabot[bot]
|
b5f260eaa6 |
chore: bump requests from 2.32.5 to 2.33.0 in /libs/partners/nomic (#36250)
Bumps [requests](https://github.com/psf/requests) from 2.32.5 to 2.33.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.33.0</h2> <h2>2.33.0 (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at <a href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>. Give it a try, and report any gaps or feedback you may have in the issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul> <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517 build system using setuptools. (<a href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (<a href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for Python 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/M0d3v1"><code>@M0d3v1</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6865">psf/requests#6865</a></li> <li><a href="https://github.com/aminvakil"><code>@aminvakil</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7220">psf/requests#7220</a></li> <li><a href="https://github.com/E8Price"><code>@E8Price</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6960">psf/requests#6960</a></li> <li><a href="https://github.com/mitre88"><code>@mitre88</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7244">psf/requests#7244</a></li> <li><a href="https://github.com/magsen"><code>@magsen</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6553">psf/requests#6553</a></li> <li><a href="https://github.com/Rohan5commit"><code>@Rohan5commit</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7227">psf/requests#7227</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25">https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.33.0 (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at <a href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>. Give it a try, and report any gaps or feedback you may have in the issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul> <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517 build system using setuptools. (<a href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (<a href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for Python 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Mason Daugherty
|
1778b082ec |
chore(partners): bump langchain-core min to 1.2.21 (#36183)
Bump the minimum `langchain-core` dependency to `>=1.2.21` across all 14 partner packages in the monorepo. Aligns partner lower bounds with the latest core release so consumers pick up recent fixes (notably the `ModelProfile` schema drift fix from core 1.2.21). |
||
|
Mason Daugherty
|
faadc1f3ce |
ci: suppress pytest streaming output in CI (#36092)
Reduce CI log noise by suppressing pytest's per-test dot/verbose streaming output. The `_test.yml` workflow now passes `PYTEST_EXTRA=-q` to `make test`, which overrides the default verbosity with quiet mode — failures still print in full, but the thousands of `.......` progress lines are gone. Local `make test` is unaffected since `PYTEST_EXTRA` defaults empty. ## Changes - Add `PYTEST_EXTRA ?=` variable to all 21 package Makefiles and inject it into each `test` target's pytest invocation - Pass `PYTEST_EXTRA=-q` in `_test.yml` for both the main test step and the min-version retest step |
||
|
Mason Daugherty
|
07fa576de1 |
ci: avoid unnecessary dep installs in lint targets (#36046)
CI lint jobs use `uv run --all-groups` for all tools, but ruff doesn't need dependency resolution — only mypy does. By splitting into `UV_RUN_LINT` (ruff) and `UV_RUN_TYPE` (mypy), the CI-facing targets run ruff with `--group lint` only, giving fast-fail feedback before mypy triggers the full environment sync. For packages where source code only conditionally imports heavy deps (text-splitters, huggingface), `lint_package` also overrides `UV_RUN_TYPE` to `--group lint --group typing`, skipping the ~3.5GB `test_integration` download entirely. `lint_tests` keeps `--all-groups` since test code legitimately imports those deps. Additionally, `lint_imports.sh` was inconsistently wired — most packages had the script but weren't calling it. ## Changes **Makefile optimization** - Introduce `UV_RUN_LINT` and `UV_RUN_TYPE` Make variables, both defaulting to `uv run --all-groups`. For `lint_package` and `lint_tests`, `UV_RUN_LINT` is overridden to `uv run --group lint` so ruff runs instantly without syncing heavy deps - For `text-splitters` and `huggingface`, override `UV_RUN_TYPE` on `lint_package` to `uv run --group lint --group typing` — mypy runs without downloading torch, CUDA, spacy, etc. **mypy config for lean groups** - Add `transformers` and `transformers.*` to `ignore_missing_imports` in `text-splitters` pyproject.toml (conditional `try/except` import, same treatment as existing `konlpy`/`nltk` entries) - Add `torch`, `torch.*`, `langchain_community`, `langchain_community.*` to `ignore_missing_imports` in `huggingface` pyproject.toml - Add dual `# type: ignore[unreachable, unused-ignore]` in `text-splitters/base.py` to handle the `PreTrainedTokenizerBase` isinstance check that behaves differently depending on whether transformers is installed **lint_imports.sh consistency** - Add `./scripts/lint_imports.sh` to the lint recipe in every package that wasn't calling it (standard-tests, model-profiles, all 15 partners), and create the script for the two packages missing it entirely (`model-profiles`, `openrouter`) - Update all `lint_imports.sh` scripts to allow `from langchain.agents` and `from langchain.tools` imports (legitimate v1 middleware dependencies used by `langchain-anthropic` and `langchain-openai`) |
||
|
dependabot[bot]
|
1d2916bd5f |
chore: bump pyjwt from 2.10.1 to 2.12.0 in /libs/partners/nomic (#36031)
Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.10.1 to 2.12.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jpadilla/pyjwt/releases">pyjwt's releases</a>.</em></p> <blockquote> <h2>2.12.0</h2> <h2>Security</h2> <ul> <li>Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. by <a href="https://github.com/dmbs335"><code>@dmbs335</code></a> in <a href="https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f">GHSA-752w-5fwx-jx9f</a></li> </ul> <h2>What's Changed</h2> <ul> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1132">jpadilla/pyjwt#1132</a></li> <li>chore(docs): fix docs build by <a href="https://github.com/tamird"><code>@tamird</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1137">jpadilla/pyjwt#1137</a></li> <li>Annotate PyJWKSet.keys for pyright by <a href="https://github.com/tamird"><code>@tamird</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1134">jpadilla/pyjwt#1134</a></li> <li>fix: close HTTPError to prevent ResourceWarning on Python 3.14 by <a href="https://github.com/veeceey"><code>@veeceey</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1133">jpadilla/pyjwt#1133</a></li> <li>chore: remove superfluous constants by <a href="https://github.com/tamird"><code>@tamird</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1136">jpadilla/pyjwt#1136</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1135">jpadilla/pyjwt#1135</a></li> <li>chore(tests): enable mypy by <a href="https://github.com/tamird"><code>@tamird</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1138">jpadilla/pyjwt#1138</a></li> <li>Bump actions/download-artifact from 7 to 8 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1142">jpadilla/pyjwt#1142</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1141">jpadilla/pyjwt#1141</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1145">jpadilla/pyjwt#1145</a></li> <li>fix: do not store reference to algorithms dict on PyJWK by <a href="https://github.com/akx"><code>@akx</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1143">jpadilla/pyjwt#1143</a></li> <li>Use PyJWK algorithm when encoding without explicit algorithm by <a href="https://github.com/jpadilla"><code>@jpadilla</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1148">jpadilla/pyjwt#1148</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/tamird"><code>@tamird</code></a> made their first contribution in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1137">jpadilla/pyjwt#1137</a></li> <li><a href="https://github.com/veeceey"><code>@veeceey</code></a> made their first contribution in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1133">jpadilla/pyjwt#1133</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0">https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0</a></p> <h2>2.11.0</h2> <h2>What's Changed</h2> <ul> <li>Fixed type error in comment by <a href="https://github.com/shuhaib-aot"><code>@shuhaib-aot</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1026">jpadilla/pyjwt#1026</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1018">jpadilla/pyjwt#1018</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1033">jpadilla/pyjwt#1033</a></li> <li>Make note of use of leeway with nbf by <a href="https://github.com/djw8605"><code>@djw8605</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1034">jpadilla/pyjwt#1034</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1035">jpadilla/pyjwt#1035</a></li> <li>Fixes <a href="https://redirect.github.com/jpadilla/pyjwt/issues/964">#964</a>: Validate key against allowed types for Algorithm family by <a href="https://github.com/pachewise"><code>@pachewise</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/985">jpadilla/pyjwt#985</a></li> <li>Feat <a href="https://redirect.github.com/jpadilla/pyjwt/issues/1024">#1024</a>: Add iterator for PyJWKSet by <a href="https://github.com/pachewise"><code>@pachewise</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1041">jpadilla/pyjwt#1041</a></li> <li>Fixes <a href="https://redirect.github.com/jpadilla/pyjwt/issues/1039">#1039</a>: Add iss, issuer type checks by <a href="https://github.com/pachewise"><code>@pachewise</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1040">jpadilla/pyjwt#1040</a></li> <li>Fixes <a href="https://redirect.github.com/jpadilla/pyjwt/issues/660">#660</a>: Improve typing/logic for <code>options</code> in decode, decode_complete; Improve docs by <a href="https://github.com/pachewise"><code>@pachewise</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1045">jpadilla/pyjwt#1045</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1042">jpadilla/pyjwt#1042</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1052">jpadilla/pyjwt#1052</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1053">jpadilla/pyjwt#1053</a></li> <li>Fix <a href="https://redirect.github.com/jpadilla/pyjwt/issues/1022">#1022</a>: Map <code>algorithm=None</code> to "none" by <a href="https://github.com/qqii"><code>@qqii</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1056">jpadilla/pyjwt#1056</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1055">jpadilla/pyjwt#1055</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1058">jpadilla/pyjwt#1058</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1060">jpadilla/pyjwt#1060</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1061">jpadilla/pyjwt#1061</a></li> <li>Fixes <a href="https://redirect.github.com/jpadilla/pyjwt/issues/1047">#1047</a>: Correct <code>PyJWKClient.get_signing_key_from_jwt</code> annotation by <a href="https://github.com/khvn26"><code>@khvn26</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1048">jpadilla/pyjwt#1048</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1062">jpadilla/pyjwt#1062</a></li> <li>Fixed doc string typo in _validate_jti() function <a href="https://redirect.github.com/jpadilla/pyjwt/issues/1063">#1063</a> by <a href="https://github.com/kuldeepkhatke"><code>@kuldeepkhatke</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1064">jpadilla/pyjwt#1064</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1065">jpadilla/pyjwt#1065</a></li> <li>Update SECURITY.md by <a href="https://github.com/auvipy"><code>@auvipy</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1057">jpadilla/pyjwt#1057</a></li> <li>Typing fix: use <code>float</code> instead of <code>int</code> for <code>lifespan</code> and <code>timeout</code> by <a href="https://github.com/nikitagashkov"><code>@nikitagashkov</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1068">jpadilla/pyjwt#1068</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1067">jpadilla/pyjwt#1067</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst">pyjwt's changelog</a>.</em></p> <blockquote> <h2><code>v2.12.0 <https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0></code>__</h2> <p>Fixed</p> <pre><code> - Annotate PyJWKSet.keys for pyright by @tamird in `[#1134](https://github.com/jpadilla/pyjwt/issues/1134) <https://github.com/jpadilla/pyjwt/pull/1134>`__ - Close ``HTTPError`` response to prevent ``ResourceWarning`` on Python 3.14 by @veeceey in `[#1133](https://github.com/jpadilla/pyjwt/issues/1133) <https://github.com/jpadilla/pyjwt/pull/1133>`__ - Do not keep ``algorithms`` dict in PyJWK instances by @akx in `[#1143](https://github.com/jpadilla/pyjwt/issues/1143) <https://github.com/jpadilla/pyjwt/pull/1143>`__ - Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. by @dmbs335 in `GHSA-752w-5fwx-jx9f <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f>`__ - Use PyJWK algorithm when encoding without explicit algorithm in `[#1148](https://github.com/jpadilla/pyjwt/issues/1148) <https://github.com/jpadilla/pyjwt/pull/1148>`__ <p>Added </code></pre></p> <ul> <li>Docs: Add <code>PyJWKClient</code> API reference and document the two-tier caching system (JWK Set cache and signing key LRU cache).</li> </ul> <h2><code>v2.11.0 <https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0></code>__</h2> <p>Fixed</p> <pre><code> - Enforce ECDSA curve validation per RFC 7518 Section 3.4. - Fix build system warnings by @kurtmckee in `[#1105](https://github.com/jpadilla/pyjwt/issues/1105) <https://github.com/jpadilla/pyjwt/pull/1105>`__ - Validate key against allowed types for Algorithm family in `[#964](https://github.com/jpadilla/pyjwt/issues/964) <https://github.com/jpadilla/pyjwt/pull/964>`__ - Add iterator for JWKSet in `[#1041](https://github.com/jpadilla/pyjwt/issues/1041) <https://github.com/jpadilla/pyjwt/pull/1041>`__ - Validate `iss` claim is a string during encoding and decoding by @pachewise in `[#1040](https://github.com/jpadilla/pyjwt/issues/1040) <https://github.com/jpadilla/pyjwt/pull/1040>`__ - Improve typing/logic for `options` in decode, decode_complete by @pachewise in `[#1045](https://github.com/jpadilla/pyjwt/issues/1045) <https://github.com/jpadilla/pyjwt/pull/1045>`__ - Declare float supported type for lifespan and timeout by @nikitagashkov in `[#1068](https://github.com/jpadilla/pyjwt/issues/1068) <https://github.com/jpadilla/pyjwt/pull/1068>`__ - Fix ``SyntaxWarning``\s/``DeprecationWarning``\s caused by invalid escape sequences by @kurtmckee in `[#1103](https://github.com/jpadilla/pyjwt/issues/1103) <https://github.com/jpadilla/pyjwt/pull/1103>`__ - Development: Build a shared wheel once to speed up test suite setup times by @kurtmckee in `[#1114](https://github.com/jpadilla/pyjwt/issues/1114) <https://github.com/jpadilla/pyjwt/pull/1114>`__ - Development: Test type annotations across all supported Python versions, increase the strictness of the type checking, and remove the mypy pre-commit hook by @kurtmckee in `[#1112](https://github.com/jpadilla/pyjwt/issues/1112) <https://github.com/jpadilla/pyjwt/pull/1112>`__ <p>Added </code></pre></p> <ul> <li>Support Python 3.14, and test against PyPy 3.10 and 3.11 by <a href="https://github.com/kurtmckee"><code>@kurtmckee</code></a> in <code>[#1104](https://github.com/jpadilla/pyjwt/issues/1104) <https://github.com/jpadilla/pyjwt/pull/1104></code>__</li> <li>Development: Migrate to <code>build</code> to test package building in CI by <a href="https://github.com/kurtmckee"><code>@kurtmckee</code></a> in <code>[#1108](https://github.com/jpadilla/pyjwt/issues/1108) <https://github.com/jpadilla/pyjwt/pull/1108></code>__</li> <li>Development: Improve coverage config and eliminate unused test suite code by <a href="https://github.com/kurtmckee"><code>@kurtmckee</code></a> in <code>[#1115](https://github.com/jpadilla/pyjwt/issues/1115) <https://github.com/jpadilla/pyjwt/pull/1115></code>__</li> <li>Docs: Standardize CHANGELOG links to PRs by <a href="https://github.com/kurtmckee"><code>@kurtmckee</code></a> in <code>[#1110](https://github.com/jpadilla/pyjwt/issues/1110) <https://github.com/jpadilla/pyjwt/pull/1110></code>__</li> <li>Docs: Fix Read the Docs builds by <a href="https://github.com/kurtmckee"><code>@kurtmckee</code></a> in <code>[#1111](https://github.com/jpadilla/pyjwt/issues/1111) <https://github.com/jpadilla/pyjwt/pull/1111></code>__</li> <li>Docs: Add example of using leeway with nbf by <a href="https://github.com/djw8605"><code>@djw8605</code></a> in <code>[#1034](https://github.com/jpadilla/pyjwt/issues/1034) <https://github.com/jpadilla/pyjwt/pull/1034></code>__</li> <li>Docs: Refactored docs with <code>autodoc</code>; added <code>PyJWS</code> and <code>jwt.algorithms</code> docs by <a href="https://github.com/pachewise"><code>@pachewise</code></a> in <code>[#1045](https://github.com/jpadilla/pyjwt/issues/1045) <https://github.com/jpadilla/pyjwt/pull/1045></code>__</li> <li>Docs: Documentation improvements for "sub" and "jti" claims by <a href="https://github.com/cleder"><code>@cleder</code></a> in <code>[#1088](https://github.com/jpadilla/pyjwt/issues/1088) <https://github.com/jpadilla/pyjwt/pull/1088></code>__</li> <li>Development: Add pyupgrade as a pre-commit hook by <a href="https://github.com/kurtmckee"><code>@kurtmckee</code></a> in <code>[#1109](https://github.com/jpadilla/pyjwt/issues/1109) <https://github.com/jpadilla/pyjwt/pull/1109></code>__</li> <li>Add minimum key length validation for HMAC and RSA keys (CWE-326). Warns by default via <code>InsecureKeyLengthWarning</code> when keys are below</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
6f27c2b2c1 | chore: bump orjson from 3.11.5 to 3.11.6 in /libs/partners/nomic (#35859) | ||
Tune
|
68a14844b5 |
fix(nomic,openai,perplexity): update pillow version to >= 12.1.1, <13.0.0 (#35254)
Updates the minimum Pillow version to address CVE-2026-25990 (HIGH severity out-of-bounds write vulnerability affecting versions 10.3.0 through 12.1.0). Changes: langchain-nomic: pillow>=10.3.0,<13.0.0 → pillow>=12.1.1,<13.0.0 langchain-openai: pillow>=10.3.0,<13.0.0 → pillow>=12.1.1,<13.0.0 langchain-perplexity: pillow>=10.3.0,<13.0.0 → pillow>=12.1.1,<13.0.0 Safety: This is a minimum version bump within the existing constraint range (<13.0.0), so no breaking changes are introduced. CVE Details: CVE-2026-25990: An out-of-bounds write may be triggered when loading a specially crafted PSD image Affected versions: 10.3.0 to <12.1.1 Fixed in: 12.1.1 Reference: https://nvd.nist.gov/vuln/detail/CVE-2026-25990 ** Claude Helped me write this nice message ** The original findings was thanks to a Trivy scan --------- Co-authored-by: Mason Daugherty <mason@langchain.dev> |
||
|
dependabot[bot]
|
5e2f203e1d | chore(deps): bump pillow from 11.3.0 to 12.1.1 in /libs/partners/nomic (#35178) | ||
|
dependabot[bot]
|
cfc362b947 |
chore(deps): bump langsmith from 0.4.31 to 0.6.3 in /libs/partners/nomic (#35153)
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from 0.4.31 to 0.6.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's releases</a>.</em></p> <blockquote> <h2>v0.6.1</h2> <h2>What's Changed</h2> <ul> <li>ci: test more bundlers by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2263">langchain-ai/langsmith-sdk#2263</a></li> <li>feat(python sdk): Add support for setting commit tags when pushing a prompt by <a href="https://github.com/bees"><code>@bees</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2265">langchain-ai/langsmith-sdk#2265</a></li> <li>feat: Pass in Cache, rename by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2264">langchain-ai/langsmith-sdk#2264</a></li> <li>chore: bump sdk by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2268">langchain-ai/langsmith-sdk#2268</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.6.0...v0.6.1">https://github.com/langchain-ai/langsmith-sdk/compare/v0.6.0...v0.6.1</a></p> <h2>v0.6.0</h2> <h2>What's Changed</h2> <ul> <li>chore(js): bump JS to 0.4.3 by <a href="https://github.com/dqbd"><code>@dqbd</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2253">langchain-ai/langsmith-sdk#2253</a></li> <li>Revert "feat: add js prompt caching" by <a href="https://github.com/angus-langchain"><code>@angus-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2258">langchain-ai/langsmith-sdk#2258</a></li> <li>Revert "feat: Replace UUID5 with deterministic UUID7 for replicas" by <a href="https://github.com/angus-langchain"><code>@angus-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2257">langchain-ai/langsmith-sdk#2257</a></li> <li>release(js): bump to 0.4.4 by <a href="https://github.com/dqbd"><code>@dqbd</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2259">langchain-ai/langsmith-sdk#2259</a></li> <li>feat: add prompt cache back and setup environment tests by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2260">langchain-ai/langsmith-sdk#2260</a></li> <li>feat(python): Bump pydantic to v2 by <a href="https://github.com/angus-langchain"><code>@angus-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2248">langchain-ai/langsmith-sdk#2248</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.5.2...v0.6.0">https://github.com/langchain-ai/langsmith-sdk/compare/v0.5.2...v0.6.0</a></p> <h2>v0.6.0rc0</h2> <h2>What's Changed</h2> <ul> <li>feat(js): Add support for tracing AI SDK 6 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2237">langchain-ai/langsmith-sdk#2237</a></li> <li>fix(js): Remove default Jestlike timeout by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2243">langchain-ai/langsmith-sdk#2243</a></li> <li>feat(js): Add support for tracing tool loop agent by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2244">langchain-ai/langsmith-sdk#2244</a></li> <li>feat: Replace UUID5 with deterministic UUID7 for replicas by <a href="https://github.com/angus-langchain"><code>@angus-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2249">langchain-ai/langsmith-sdk#2249</a></li> <li>feat: add prompt caching to python sdk by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2246">langchain-ai/langsmith-sdk#2246</a></li> <li>feat: add js prompt caching by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2251">langchain-ai/langsmith-sdk#2251</a></li> <li>fix(claude): correctly parse llm and tool inputs in claude agent sdk by <a href="https://github.com/angus-langchain"><code>@angus-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2255">langchain-ai/langsmith-sdk#2255</a></li> <li>bump(python): 0.5.2 by <a href="https://github.com/angus-langchain"><code>@angus-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2256">langchain-ai/langsmith-sdk#2256</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.5.1...v0.6.0rc0">https://github.com/langchain-ai/langsmith-sdk/compare/v0.5.1...v0.6.0rc0</a></p> <h2>v0.5.2</h2> <h2>What's Changed</h2> <ul> <li>feat(js): Add support for tracing AI SDK 6 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2237">langchain-ai/langsmith-sdk#2237</a></li> <li>fix(js): Remove default Jestlike timeout by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2243">langchain-ai/langsmith-sdk#2243</a></li> <li>feat(js): Add support for tracing tool loop agent by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2244">langchain-ai/langsmith-sdk#2244</a></li> <li>feat: Replace UUID5 with deterministic UUID7 for replicas by <a href="https://github.com/angus-langchain"><code>@angus-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2249">langchain-ai/langsmith-sdk#2249</a></li> <li>feat: add prompt caching to python sdk by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2246">langchain-ai/langsmith-sdk#2246</a></li> <li>feat: add js prompt caching by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2251">langchain-ai/langsmith-sdk#2251</a></li> <li>fix(claude): correctly parse llm and tool inputs in claude agent sdk by <a href="https://github.com/angus-langchain"><code>@angus-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2255">langchain-ai/langsmith-sdk#2255</a></li> <li>bump(python): 0.5.2 by <a href="https://github.com/angus-langchain"><code>@angus-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2256">langchain-ai/langsmith-sdk#2256</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.5.1...v0.5.2">https://github.com/langchain-ai/langsmith-sdk/compare/v0.5.1...v0.5.2</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/langchain-ai/langsmith-sdk/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langchain/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Mason Daugherty
|
1bb366315f |
chore: add make type target (#35015)
|
||
|
Mason Daugherty
|
8e4c433541 |
revert: "chore: add typing target in Makefile" (#35013)
Reverts langchain-ai/langchain#35012 |
||
|
Mason Daugherty
|
88fa71a166 |
chore: add typing target in Makefile (#35012)
|
||
|
Mason Daugherty
|
5c018f5cd1 |
chore: enrich pyproject.toml files (#34980)
|
||
|
dependabot[bot]
|
328bf24a4c |
chore(deps): bump the uv group across 20 directories with 3 updates (#34941)
Bumps the uv group with 1 update in the /libs/core directory: [nbconvert](https://github.com/jupyter/nbconvert). Bumps the uv group with 3 updates in the /libs/langchain directory: [nbconvert](https://github.com/jupyter/nbconvert), [orjson](https://github.com/ijl/orjson) and [protobuf](https://github.com/protocolbuffers/protobuf). Bumps the uv group with 2 updates in the /libs/langchain_v1 directory: [orjson](https://github.com/ijl/orjson) and [protobuf](https://github.com/protocolbuffers/protobuf). Bumps the uv group with 1 update in the /libs/model-profiles directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/anthropic directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 2 updates in the /libs/partners/chroma directory: [orjson](https://github.com/ijl/orjson) and [protobuf](https://github.com/protocolbuffers/protobuf). Bumps the uv group with 1 update in the /libs/partners/deepseek directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/exa directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/fireworks directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/groq directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/huggingface directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/mistralai directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/nomic directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/ollama directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/openai directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/perplexity directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/prompty directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 2 updates in the /libs/partners/qdrant directory: [orjson](https://github.com/ijl/orjson) and [protobuf](https://github.com/protocolbuffers/protobuf). Bumps the uv group with 1 update in the /libs/partners/xai directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 2 updates in the /libs/text-splitters directory: [nbconvert](https://github.com/jupyter/nbconvert) and [orjson](https://github.com/ijl/orjson). Updates `nbconvert` from 7.16.6 to 7.17.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jupyter/nbconvert/releases">nbconvert's releases</a>.</em></p> <blockquote> <h2>v7.17.0</h2> <h2>7.17.0</h2> <p>(<a href="https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71">Full Changelog</a>)</p> <h3>Enhancements made</h3> <ul> <li>Add support for arbitrary browser arguments <a href="https://redirect.github.com/jupyter/nbconvert/pull/2227">#2227</a> (<a href="https://github.com/shreve"><code>@shreve</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> </ul> <h3>Bugs fixed</h3> <ul> <li>Fix QtPNGExporter returning empty bytes on macOS <a href="https://redirect.github.com/jupyter/nbconvert/pull/2264">#2264</a> (<a href="https://github.com/h3pdesign"><code>@h3pdesign</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/QuLogic"><code>@QuLogic</code></a>)</li> <li>Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) <a href="https://redirect.github.com/jupyter/nbconvert/pull/2261">#2261</a> (<a href="https://github.com/h3pdesign"><code>@h3pdesign</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/mberlanda"><code>@mberlanda</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>, <a href="https://github.com/salmankadaya"><code>@salmankadaya</code></a>, <a href="https://github.com/th3gowtham"><code>@th3gowtham</code></a>)</li> <li>Fix get_export_names and get_exporter default args <a href="https://redirect.github.com/jupyter/nbconvert/pull/2228">#2228</a> (<a href="https://github.com/shreve"><code>@shreve</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>PyPA-Compliant Summary <a href="https://redirect.github.com/jupyter/nbconvert/pull/2226">#2226</a> (<a href="https://github.com/hackowitz-af"><code>@hackowitz-af</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> </ul> <h3>Maintenance and upkeep improvements</h3> <ul> <li>avoid cov environment on free-threaded Pythons <a href="https://redirect.github.com/jupyter/nbconvert/pull/2267">#2267</a> (<a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>update pre-commit, and fix all issues. <a href="https://redirect.github.com/jupyter/nbconvert/pull/2238">#2238</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Drop test on 3.9, test on 3.13, 3.14, 3.14t <a href="https://redirect.github.com/jupyter/nbconvert/pull/2237">#2237</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Bump the actions group across 1 directory with 2 updates <a href="https://redirect.github.com/jupyter/nbconvert/pull/2231">#2231</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Replace <code>@flaky.flaky</code> decorate with pytest marker <a href="https://redirect.github.com/jupyter/nbconvert/pull/2229">#2229</a> (<a href="https://github.com/mgorny"><code>@mgorny</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>update to mermaid 11.10.0 <a href="https://redirect.github.com/jupyter/nbconvert/pull/2224">#2224</a> (<a href="https://github.com/bollwyvl"><code>@bollwyvl</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Drop support for Python 3.8, fix the CI tests <a href="https://redirect.github.com/jupyter/nbconvert/pull/2221">#2221</a> (<a href="https://github.com/shreve"><code>@shreve</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> </ul> <h3>Documentation improvements</h3> <ul> <li>Use <code>intersphinx_registry</code> <a href="https://redirect.github.com/jupyter/nbconvert/pull/2232">#2232</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28&to=2026-01-29&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/bollwyvl"><code>@bollwyvl</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/Carreau"><code>@Carreau</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/h3pdesign"><code>@h3pdesign</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/hackowitz-af"><code>@hackowitz-af</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/krassowski"><code>@krassowski</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/mberlanda"><code>@mberlanda</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/mgorny"><code>@mgorny</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/minrk"><code>@minrk</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/MSeal"><code>@MSeal</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/QuLogic"><code>@QuLogic</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/salmankadaya"><code>@salmankadaya</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/shreve"><code>@shreve</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/th3gowtham"><code>@th3gowtham</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>)</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jupyter/nbconvert/blob/main/CHANGELOG.md">nbconvert's changelog</a>.</em></p> <blockquote> <h2>7.17.0</h2> <p>(<a href="https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71">Full Changelog</a>)</p> <h3>Enhancements made</h3> <ul> <li>Add support for arbitrary browser arguments <a href="https://redirect.github.com/jupyter/nbconvert/pull/2227">#2227</a> (<a href="https://github.com/shreve"><code>@shreve</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> </ul> <h3>Bugs fixed</h3> <ul> <li>Fix QtPNGExporter returning empty bytes on macOS <a href="https://redirect.github.com/jupyter/nbconvert/pull/2264">#2264</a> (<a href="https://github.com/h3pdesign"><code>@h3pdesign</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/QuLogic"><code>@QuLogic</code></a>)</li> <li>Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) <a href="https://redirect.github.com/jupyter/nbconvert/pull/2261">#2261</a> (<a href="https://github.com/h3pdesign"><code>@h3pdesign</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/mberlanda"><code>@mberlanda</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>, <a href="https://github.com/salmankadaya"><code>@salmankadaya</code></a>, <a href="https://github.com/th3gowtham"><code>@th3gowtham</code></a>)</li> <li>Fix get_export_names and get_exporter default args <a href="https://redirect.github.com/jupyter/nbconvert/pull/2228">#2228</a> (<a href="https://github.com/shreve"><code>@shreve</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>PyPA-Compliant Summary <a href="https://redirect.github.com/jupyter/nbconvert/pull/2226">#2226</a> (<a href="https://github.com/hackowitz-af"><code>@hackowitz-af</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> </ul> <h3>Maintenance and upkeep improvements</h3> <ul> <li>avoid cov environment on free-threaded Pythons <a href="https://redirect.github.com/jupyter/nbconvert/pull/2267">#2267</a> (<a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>update pre-commit, and fix all issues. <a href="https://redirect.github.com/jupyter/nbconvert/pull/2238">#2238</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Drop test on 3.9, test on 3.13, 3.14, 3.14t <a href="https://redirect.github.com/jupyter/nbconvert/pull/2237">#2237</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Bump the actions group across 1 directory with 2 updates <a href="https://redirect.github.com/jupyter/nbconvert/pull/2231">#2231</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Replace <code>@flaky.flaky</code> decorate with pytest marker <a href="https://redirect.github.com/jupyter/nbconvert/pull/2229">#2229</a> (<a href="https://github.com/mgorny"><code>@mgorny</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>update to mermaid 11.10.0 <a href="https://redirect.github.com/jupyter/nbconvert/pull/2224">#2224</a> (<a href="https://github.com/bollwyvl"><code>@bollwyvl</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Drop support for Python 3.8, fix the CI tests <a href="https://redirect.github.com/jupyter/nbconvert/pull/2221">#2221</a> (<a href="https://github.com/shreve"><code>@shreve</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> </ul> <h3>Documentation improvements</h3> <ul> <li>Use <code>intersphinx_registry</code> <a href="https://redirect.github.com/jupyter/nbconvert/pull/2232">#2232</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28&to=2026-01-29&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/bollwyvl"><code>@bollwyvl</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/Carreau"><code>@Carreau</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/h3pdesign"><code>@h3pdesign</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/hackowitz-af"><code>@hackowitz-af</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/krassowski"><code>@krassowski</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/mberlanda"><code>@mberlanda</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/mgorny"><code>@mgorny</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/minrk"><code>@minrk</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/MSeal"><code>@MSeal</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/QuLogic"><code>@QuLogic</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/salmankadaya"><code>@salmankadaya</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/shreve"><code>@shreve</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) | <a href="https://github.com/th3gowtham"><code>@th3gowtham</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>)</p> <!-- raw HTML omitted --> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
John Kennedy
|
c5834cc028 | chore: upgrade urllib3 to 2.6.3 (#34940) | ||
|
Mason Daugherty
|
3d687ea8fb | chore: update twitter URLs (#34736) | ||
|
Mason Daugherty
|
18c25e9f10 | chore: ban relative imports on all packages (#34691) | ||
Sydney Runkle
|
78c10f8790 | chore: update core dep in lockfiles (#34216) | ||
|
Mason Daugherty
|
5d799b3174 |
release(nomic): 1.0.1 (#33948)
support Python 3.14 #33655 |
||
|
Mason Daugherty
|
f2dab562a8 | style: misc refs work (#33771) | ||
Christophe Bornet
|
dff37f6048 |
fix(nomic): support Python 3.14 (#33655)
Pyarrow just published 3.14 binaries Co-authored-by: Mason Daugherty <mason@langchain.dev> |
||
|
Mason Daugherty
|
64e6798a39 |
chore: update pyproject.toml url entries (#33587)
|
||
|
Mason Daugherty
|
6f4978041e | release(nomic): 1.0.0 (#33574) | ||
|
Mason Daugherty
|
1d2273597a | docs: more fixes for refs (#33554) | ||
|
Mason Daugherty
|
26e0a00c4c |
style: more work for refs (#33508)
Largely: - Remove explicit `"Default is x"` since new refs show default inferred from sig - Inline code (useful for eventual parsing) - Fix code block rendering (indentations) |
||
|
Mason Daugherty
|
79200cf3c2 | docs: update package READMEs (#33488) | ||
|
Mason Daugherty
|
6fc21afbc9 |
style: .. code-block:: admonition translations (#33400)
biiiiiiiiiiiiiiiigggggggg pass |
||
|
Mason Daugherty
|
d8a680ee57 | style: address Sphinx double-backtick snippet syntax (#33389) | ||
|
Mason Daugherty
|
31eeb50ce0 |
chore: drop UP045 (#33362)
Python 3.9 EOL |
||
|
Mason Daugherty
|
cda336295f |
chore: enrich pyproject.toml files with links to new references, others (#33343)
|
||
|
Mason Daugherty
|
8bcdfbb24e |
chore: clean up pyproject.toml files, use core a7 (#33334)
|
||
|
Mason Daugherty
|
90e4d944ac | chore(infra): pdm -> hatchling (#33289) | ||
|
Mason Daugherty
|
743e9b2ad1 | release(nomic): 1.0.0a1 (#33233) | ||
|
Mason Daugherty
|
986302322f | docs: more standardization (#33124) | ||
|
Christophe Bornet
|
eaf8dce7c2 |
chore: bump ruff version to 0.13 (#33043)
Co-authored-by: Mason Daugherty <mason@langchain.dev> |
||
|
Mason Daugherty
|
b92b394804 |
style: repo linting pass (#33089)
enable docstring-code-format |
||
|
Mason Daugherty
|
781db9d892 |
chore: update pyproject.toml files, remove codespell (#33028)
- Removes Codespell from deps, docs, and `Makefile`s - Python version requirements in all `pyproject.toml` files now use the `~=` (compatible release) specifier - All dependency groups and main dependencies now use explicit lower and upper bounds, reducing potential for breaking changes |
||
|
Mason Daugherty
|
0ea945d291 | release(nomic): 0.1.5 (#32905) | ||
|
Mason Daugherty
|
7a158c7f1c |
revert: "chore: remove ruff target-version" (#32895)
Reverts langchain-ai/langchain#32880 Not needed at the moment, will do when finishing v1 |
||
|
Christophe Bornet
|
b274416441 |
chore: remove ruff target-version (#32880)
This is not needed anymore since `requires-python` was added when moving to `uv`. |