langchain

mirror of https://github.com/hwchase17/langchain.git synced 2026-06-09 10:17:00 +00:00

Author	SHA1	Message	Date
Mason Daugherty	b57eea2aed	hotfix(ci): remove nobenchmark flag (#36959 )	2026-04-22 17:39:52 -04:00
Mason Daugherty	ec337534c5	chore(partners): standardize integration test invocation (#36958 ) Standardize the `integration_tests` Makefile target across all 15 partner packages in `libs/partners/`, mirroring the deepagents `libs/evals` pattern (`-v --tb=short`). Previously each partner had its own ad-hoc flag stack (some missing `-n auto`, some with `-vvv`, others with nothing), and every partner that used `-n auto` was emitting a `PytestBenchmarkWarning` because `pytest-benchmark` is pulled in transitively via `langchain-tests` even though no partner has benchmark tests.	2026-04-22 17:28:04 -04:00
dependabot[bot]	15ed3b1e1e	chore: bump python-dotenv from 1.1.1 to 1.2.2 in /libs/partners/huggingface (#36928 ) Bumps [python-dotenv](https://github.com/theskumar/python-dotenv) from 1.1.1 to 1.2.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/theskumar/python-dotenv/releases">python-dotenv's releases</a>.</em></p> <blockquote> <h2>v1.2.2</h2> <h3>Added</h3> <ul> <li>Support for Python 3.14, including the free-threaded (3.14t) build. (#)</li> </ul> <h3>Changed</h3> <ul> <li>The <code>dotenv run</code> command now forwards flags directly to the specified command by <a href="https://github.com/bbc2"><code>@bbc2</code></a> in <a href="https://redirect.github.com/theskumar/python-dotenv/pull/607">theskumar/python-dotenv#607</a></li> <li>Improved documentation clarity regarding override behavior and the reference page.</li> <li>Updated PyPy support to version 3.11.</li> <li>Documentation for FIFO file support.</li> <li>Support for Python 3.9.</li> </ul> <h3>Fixed</h3> <ul> <li>Improved <code>set_key</code> and <code>unset_key</code> behavior when interacting with symlinks by <a href="https://github.com/bbc2"><code>@bbc2</code></a> in <a href="`790c5c0299`">#790c5</a></li> <li>Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by <a href="https://github.com/JYOuyang"><code>@JYOuyang</code></a> in <a href="https://redirect.github.com/theskumar/python-dotenv/pull/590">theskumar/python-dotenv#590</a></li> </ul> <h3>Breaking Changes</h3> <ul> <li> <p><code>dotenv.set_key</code> and <code>dotenv.unset_key</code> used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, <code>follow_symlinks=True</code> should be used.</p> </li> <li> <p>In the CLI, <code>set</code> and <code>unset</code> used to follow symlinks in some situations. This is no longer the case.</p> </li> <li> <p><code>dotenv.set_key</code>, <code>dotenv.unset_key</code> and the CLI commands <code>set</code> and <code>unset</code> used to reset the file mode of the modified .env file to <code>0o600</code> in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode <code>0o600</code> is used.</p> </li> </ul> <h3>Misc</h3> <ul> <li>skip 000 permission tests for root user by <a href="https://github.com/burnout-projects"><code>@burnout-projects</code></a> in <a href="https://redirect.github.com/theskumar/python-dotenv/pull/561">theskumar/python-dotenv#561</a></li> <li>Bump actions/checkout from 5 to 6 in the github-actions group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/theskumar/python-dotenv/pull/593">theskumar/python-dotenv#593</a></li> <li>Add Windows testing to CI by <a href="https://github.com/bbc2"><code>@bbc2</code></a> in <a href="https://redirect.github.com/theskumar/python-dotenv/pull/604">theskumar/python-dotenv#604</a></li> <li>Improve workflow efficiency with best practices by <a href="https://github.com/theskumar"><code>@theskumar</code></a> in <a href="https://redirect.github.com/theskumar/python-dotenv/pull/609">theskumar/python-dotenv#609</a></li> <li>Remove the use of <code>sh</code> in tests by <a href="https://github.com/bbc2"><code>@bbc2</code></a> in <a href="https://redirect.github.com/theskumar/python-dotenv/pull/612">theskumar/python-dotenv#612</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/JYOuyang"><code>@JYOuyang</code></a> made their first contribution in <a href="https://redirect.github.com/theskumar/python-dotenv/pull/590">theskumar/python-dotenv#590</a></li> <li><a href="https://github.com/burnout-projects"><code>@burnout-projects</code></a> made their first contribution in <a href="https://redirect.github.com/theskumar/python-dotenv/pull/561">theskumar/python-dotenv#561</a></li> <li><a href="https://github.com/cpackham-atlnz"><code>@cpackham-atlnz</code></a> made their first contribution in <a href="https://redirect.github.com/theskumar/python-dotenv/pull/597">theskumar/python-dotenv#597</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2">https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2</a></p> <h2>v1.2.1</h2> <h2>What's Changed</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md">python-dotenv's changelog</a>.</em></p> <blockquote> <h2>[1.2.2] - 2026-03-01</h2> <h3>Added</h3> <ul> <li>Support for Python 3.14, including the free-threaded (3.14t) build. (<a href="https://redirect.github.com/theskumar/python-dotenv/issues/588">#588</a>)</li> </ul> <h3>Changed</h3> <ul> <li>The <code>dotenv run</code> command now forwards flags directly to the specified command by [<a href="https://github.com/bbc2"><code>@bbc2</code></a>] in <a href="https://redirect.github.com/theskumar/python-dotenv/issues/607">#607</a></li> <li>Improved documentation clarity regarding override behavior and the reference page.</li> <li>Updated PyPy support to version 3.11.</li> <li>Documentation for FIFO file support.</li> <li>Dropped Support for Python 3.9.</li> </ul> <h3>Fixed</h3> <ul> <li>Improved <code>set_key</code> and <code>unset_key</code> behavior when interacting with symlinks by [<a href="https://github.com/bbc2"><code>@bbc2</code></a>] in [790c5c0]</li> <li>Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by [<a href="https://github.com/JYOuyang"><code>@JYOuyang</code></a>] in <a href="https://redirect.github.com/theskumar/python-dotenv/issues/590">#590</a></li> </ul> <h3>Breaking Changes</h3> <ul> <li> <p><code>dotenv.set_key</code> and <code>dotenv.unset_key</code> used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, <code>follow_symlinks=True</code> should be used.</p> </li> <li> <p>In the CLI, <code>set</code> and <code>unset</code> used to follow symlinks in some situations. This is no longer the case.</p> </li> <li> <p><code>dotenv.set_key</code>, <code>dotenv.unset_key</code> and the CLI commands <code>set</code> and <code>unset</code> used to reset the file mode of the modified .env file to <code>0o600</code> in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode <code>0o600</code> is used.</p> </li> </ul> <h2>[1.2.1] - 2025-10-26</h2> <ul> <li>Move more config to <code>pyproject.toml</code>, removed <code>setup.cfg</code></li> <li>Add support for reading <code>.env</code> from FIFOs (Unix) by [<a href="https://github.com/sidharth-sudhir"><code>@sidharth-sudhir</code></a>] in <a href="https://redirect.github.com/theskumar/python-dotenv/issues/586">#586</a></li> </ul> <h2>[1.2.0] - 2025-10-26</h2> <ul> <li>Upgrade build system to use PEP 517 & PEP 518 to use <code>build</code> and <code>pyproject.toml</code> by [<a href="https://github.com/EpicWink"><code>@EpicWink</code></a>] in <a href="https://redirect.github.com/theskumar/python-dotenv/issues/583">#583</a></li> <li>Add support for Python 3.14 by [<a href="https://github.com/23f3001135"><code>@23f3001135</code></a>] in <a href="https://redirect.github.com/theskumar/python-dotenv/issues/579">#579</a></li> <li>Add support for disabling of <code>load_dotenv()</code> using <code>PYTHON_DOTENV_DISABLED</code> env var. by [<a href="https://github.com/matthewfranglen"><code>@matthewfranglen</code></a>] in <a href="https://redirect.github.com/theskumar/python-dotenv/issues/569">#569</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`36004e0e34`"><code>36004e0</code></a> Bump version: 1.2.1 → 1.2.2</li> <li><a href="`eb202520e5`"><code>eb20252</code></a> docs: update changelog for v1.2.2</li> <li><a href="`790c5c0299`"><code>790c5c0</code></a> Merge commit from fork</li> <li><a href="`43340da220`"><code>43340da</code></a> Remove the use of <code>sh</code> in tests (<a href="https://redirect.github.com/theskumar/python-dotenv/issues/612">#612</a>)</li> <li><a href="`09d7cee324`"><code>09d7cee</code></a> docs: clarify override behavior and document FIFO support (<a href="https://redirect.github.com/theskumar/python-dotenv/issues/610">#610</a>)</li> <li><a href="`c8de2887c0`"><code>c8de288</code></a> ci: improve workflow efficiency with best practices (<a href="https://redirect.github.com/theskumar/python-dotenv/issues/609">#609</a>)</li> <li><a href="`7bd9e3dbfe`"><code>7bd9e3d</code></a> Add Windows testing to CI (<a href="https://redirect.github.com/theskumar/python-dotenv/issues/604">#604</a>)</li> <li><a href="`1baaf04f33`"><code>1baaf04</code></a> Drop Python 3.9 support and update to PyPy 3.11 (<a href="https://redirect.github.com/theskumar/python-dotenv/issues/608">#608</a>)</li> <li><a href="`4a22cf8993`"><code>4a22cf8</code></a> ci: enable testing on Python 3.14t (free-threaded) (<a href="https://redirect.github.com/theskumar/python-dotenv/issues/588">#588</a>)</li> <li><a href="`e2e8e776b4`"><code>e2e8e77</code></a> Fix license specifier (<a href="https://redirect.github.com/theskumar/python-dotenv/issues/597">#597</a>)</li> <li>Additional commits viewable in <a href="https://github.com/theskumar/python-dotenv/compare/v1.1.1...v1.2.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=python-dotenv&package-manager=uv&previous-version=1.1.1&new-version=1.2.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langchain/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-21 15:11:18 -04:00
langchain-model-profile-bot[bot]	46df8365f2	chore(model-profiles): refresh model profile data (#36911 ) Automated refresh of model profile data for all in-monorepo partner integrations via `langchain-profiles refresh`. 🤖 Generated by the `refresh_model_profiles` workflow. Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>	2026-04-21 10:08:58 -04:00
ccurme	6fb37dba71	release(huggingface): 1.2.2 (#36832 )	2026-04-16 15:53:28 -04:00
ccurme	a029c7bf1d	fix(huggingface): harden hostname validation and reject URLs in repo_id (#36831 )	2026-04-16 15:49:48 -04:00
dependabot[bot]	fedb89821a	chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/partners/huggingface (#36802 ) Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from 0.6.3 to 0.7.31. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's releases</a>.</em></p> <blockquote> <h2>v0.7.31</h2> <h2>What's Changed</h2> <ul> <li>chore(deps-dev): bump langchain-core from 1.2.23 to 1.2.28 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2692">langchain-ai/langsmith-sdk#2692</a></li> <li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.82.0 to 0.84.0 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2684">langchain-ai/langsmith-sdk#2684</a></li> <li>chore(deps): bump cryptography from 46.0.6 to 46.0.7 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2693">langchain-ai/langsmith-sdk#2693</a></li> <li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.84.0 to 0.85.0 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2700">langchain-ai/langsmith-sdk#2700</a></li> <li>feat(py): Tag OpenAI Agent Python SDK runs with ls_agent_type by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2699">langchain-ai/langsmith-sdk#2699</a></li> <li>feat(js): Adds ls_agent_type metadata to AI SDK runs by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2701">langchain-ai/langsmith-sdk#2701</a></li> <li>chore(deps-dev): bump types-tqdm from 4.67.3.20260303 to 4.67.3.20260408 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2710">langchain-ai/langsmith-sdk#2710</a></li> <li>chore(deps): bump pnpm/action-setup from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2705">langchain-ai/langsmith-sdk#2705</a></li> <li>chore(deps): bump the py-minor-and-patch group across 1 directory with 10 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2711">langchain-ai/langsmith-sdk#2711</a></li> <li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.85.0 to 0.86.0 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2702">langchain-ai/langsmith-sdk#2702</a></li> <li>chore(deps): bump actions/github-script from 8 to 9 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2706">langchain-ai/langsmith-sdk#2706</a></li> <li>chore(deps-dev): bump the js-minor-and-patch group across 1 directory with 7 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2712">langchain-ai/langsmith-sdk#2712</a></li> <li>chore(deps-dev): bump types-psutil from 7.2.2.20260130 to 7.2.2.20260408 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2709">langchain-ai/langsmith-sdk#2709</a></li> <li>chore(deps-dev): bump rich from 14.3.3 to 15.0.0 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2708">langchain-ai/langsmith-sdk#2708</a></li> <li>feat: Filter kwargs from new token events by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2714">langchain-ai/langsmith-sdk#2714</a></li> <li>release(py): 0.7.31 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2716">langchain-ai/langsmith-sdk#2716</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31</a></p> <h2>v0.7.30</h2> <h2>What's Changed</h2> <ul> <li>feat(python): add service feature to sandbox by <a href="https://github.com/DanielKneipp"><code>@DanielKneipp</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2665">langchain-ai/langsmith-sdk#2665</a></li> <li>fix(js): Fix prototype pollution bug in anonymizers by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2690">langchain-ai/langsmith-sdk#2690</a></li> <li>release(js): 0.5.18 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2691">langchain-ai/langsmith-sdk#2691</a></li> <li>chore(js/sandbox): suppress warning log by <a href="https://github.com/hntrl"><code>@hntrl</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2694">langchain-ai/langsmith-sdk#2694</a></li> <li>feat(js): Add metadata to Claude Agent SDK JS tracing by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2695">langchain-ai/langsmith-sdk#2695</a></li> <li>fix(py): Fix run tree memory leak by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2696">langchain-ai/langsmith-sdk#2696</a></li> <li>release(py): 0.7.30 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2698">langchain-ai/langsmith-sdk#2698</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30</a></p> <h2>v0.7.29</h2> <h2>What's Changed</h2> <ul> <li>release(js): 0.5.17 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2681">langchain-ai/langsmith-sdk#2681</a></li> <li>feat(py): Fix race condition around Claude Agent SDK instrumentation by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2685">langchain-ai/langsmith-sdk#2685</a></li> <li>release(py): 0.7.29 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2686">langchain-ai/langsmith-sdk#2686</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29</a></p> <h2>v0.7.28</h2> <h2>What's Changed</h2> <ul> <li>feat(py): Support subagent tracing in Claude Agents SDK, fix usage and duplicate messages by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2670">langchain-ai/langsmith-sdk#2670</a></li> <li>chore(deps-dev): bump the py-minor-and-patch group across 1 directory with 11 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2677">langchain-ai/langsmith-sdk#2677</a></li> <li>chore(deps-dev): bump the js-minor-and-patch group across 1 directory with 8 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2667">langchain-ai/langsmith-sdk#2667</a></li> <li>chore(deps): bump pnpm/action-setup from 4 to 5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2658">langchain-ai/langsmith-sdk#2658</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/langchain-ai/langsmith-sdk/commits/v0.7.31">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=langsmith&package-manager=uv&previous-version=0.6.3&new-version=0.7.31)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langchain/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-15 21:55:17 -06:00
Mason Daugherty	7e81d09f2a	chore(deps): bump pytest to `9.0.3` (#36801 ) CVE-2025-71176 (medium severity) All are dev-only (test dependency group) — no impact on published packages. ### Why syrupy was also bumped syrupy 4.x (`<5.0.0`) constrains pytest to `<9.0.0`, blocking the CVE fix. Widening to `<6.0.0` allows syrupy 5.x which supports pytest 9.x.	2026-04-15 21:46:40 -06:00
dependabot[bot]	11924288bf	chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/partners/huggingface (#36794 ) [//]: # (dependabot-start) ⚠️ Dependabot is rebasing this PR ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from 0.6.3 to 0.7.31. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's releases</a>.</em></p> <blockquote> <h2>v0.7.31</h2> <h2>What's Changed</h2> <ul> <li>chore(deps-dev): bump langchain-core from 1.2.23 to 1.2.28 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2692">langchain-ai/langsmith-sdk#2692</a></li> <li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.82.0 to 0.84.0 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2684">langchain-ai/langsmith-sdk#2684</a></li> <li>chore(deps): bump cryptography from 46.0.6 to 46.0.7 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2693">langchain-ai/langsmith-sdk#2693</a></li> <li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.84.0 to 0.85.0 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2700">langchain-ai/langsmith-sdk#2700</a></li> <li>feat(py): Tag OpenAI Agent Python SDK runs with ls_agent_type by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2699">langchain-ai/langsmith-sdk#2699</a></li> <li>feat(js): Adds ls_agent_type metadata to AI SDK runs by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2701">langchain-ai/langsmith-sdk#2701</a></li> <li>chore(deps-dev): bump types-tqdm from 4.67.3.20260303 to 4.67.3.20260408 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2710">langchain-ai/langsmith-sdk#2710</a></li> <li>chore(deps): bump pnpm/action-setup from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2705">langchain-ai/langsmith-sdk#2705</a></li> <li>chore(deps): bump the py-minor-and-patch group across 1 directory with 10 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2711">langchain-ai/langsmith-sdk#2711</a></li> <li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.85.0 to 0.86.0 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2702">langchain-ai/langsmith-sdk#2702</a></li> <li>chore(deps): bump actions/github-script from 8 to 9 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2706">langchain-ai/langsmith-sdk#2706</a></li> <li>chore(deps-dev): bump the js-minor-and-patch group across 1 directory with 7 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2712">langchain-ai/langsmith-sdk#2712</a></li> <li>chore(deps-dev): bump types-psutil from 7.2.2.20260130 to 7.2.2.20260408 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2709">langchain-ai/langsmith-sdk#2709</a></li> <li>chore(deps-dev): bump rich from 14.3.3 to 15.0.0 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2708">langchain-ai/langsmith-sdk#2708</a></li> <li>feat: Filter kwargs from new token events by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2714">langchain-ai/langsmith-sdk#2714</a></li> <li>release(py): 0.7.31 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2716">langchain-ai/langsmith-sdk#2716</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31</a></p> <h2>v0.7.30</h2> <h2>What's Changed</h2> <ul> <li>feat(python): add service feature to sandbox by <a href="https://github.com/DanielKneipp"><code>@DanielKneipp</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2665">langchain-ai/langsmith-sdk#2665</a></li> <li>fix(js): Fix prototype pollution bug in anonymizers by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2690">langchain-ai/langsmith-sdk#2690</a></li> <li>release(js): 0.5.18 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2691">langchain-ai/langsmith-sdk#2691</a></li> <li>chore(js/sandbox): suppress warning log by <a href="https://github.com/hntrl"><code>@hntrl</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2694">langchain-ai/langsmith-sdk#2694</a></li> <li>feat(js): Add metadata to Claude Agent SDK JS tracing by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2695">langchain-ai/langsmith-sdk#2695</a></li> <li>fix(py): Fix run tree memory leak by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2696">langchain-ai/langsmith-sdk#2696</a></li> <li>release(py): 0.7.30 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2698">langchain-ai/langsmith-sdk#2698</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30</a></p> <h2>v0.7.29</h2> <h2>What's Changed</h2> <ul> <li>release(js): 0.5.17 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2681">langchain-ai/langsmith-sdk#2681</a></li> <li>feat(py): Fix race condition around Claude Agent SDK instrumentation by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2685">langchain-ai/langsmith-sdk#2685</a></li> <li>release(py): 0.7.29 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2686">langchain-ai/langsmith-sdk#2686</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29</a></p> <h2>v0.7.28</h2> <h2>What's Changed</h2> <ul> <li>feat(py): Support subagent tracing in Claude Agents SDK, fix usage and duplicate messages by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2670">langchain-ai/langsmith-sdk#2670</a></li> <li>chore(deps-dev): bump the py-minor-and-patch group across 1 directory with 11 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2677">langchain-ai/langsmith-sdk#2677</a></li> <li>chore(deps-dev): bump the js-minor-and-patch group across 1 directory with 8 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2667">langchain-ai/langsmith-sdk#2667</a></li> <li>chore(deps): bump pnpm/action-setup from 4 to 5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2658">langchain-ai/langsmith-sdk#2658</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/langchain-ai/langsmith-sdk/commits/v0.7.31">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-15 20:11:34 -06:00
langchain-model-profile-bot[bot]	01a324af0e	chore(model-profiles): refresh model profile data (#36720 ) Automated refresh of model profile data for all in-monorepo partner integrations via `langchain-profiles refresh`. 🤖 Generated by the `refresh_model_profiles` workflow. Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>	2026-04-14 10:55:55 -07:00
langchain-model-profile-bot[bot]	65bbd47cb2	chore(model-profiles): refresh model profile data (#36596 ) Automated refresh of model profile data for all in-monorepo partner integrations via `langchain-profiles refresh`. 🤖 Generated by the `refresh_model_profiles` workflow. Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>	2026-04-07 15:48:36 -04:00
Mason Daugherty	555bdfbade	chore: add comment explaining `pygments>=2.20.0` (#36570 )	2026-04-06 15:07:07 -04:00
dependabot[bot]	34c4a2ae08	chore: bump aiohttp from 3.13.3 to 3.13.4 in /libs/partners/huggingface (#36436 ) [//]: # (dependabot-start) ⚠️ Dependabot is rebasing this PR ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aiohttp&package-manager=uv&previous-version=3.13.3&new-version=3.13.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langchain/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-02 10:24:46 -04:00
John Kennedy	0f4f3f74c8	chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385 ) ## Summary Bumps `pygments` to `>=2.20.0` across all 21 affected packages to address [CVE-2026-4539](https://github.com/advisories/GHSA-XXXX) — ReDoS via inefficient GUID regex in Pygments. - Severity: Low - Fixed in: 2.20.0 (was 2.19.2) - Change: Added `pygments>=2.20.0` to `constraint-dependencies` in `[tool.uv]` for each package, then ran `uv lock --upgrade-package pygments` to regenerate lock files. Closes Dependabot alerts #3435–#3455. ## Release Note Patch deps ### Test Plan - [x] CI Green 🙏 Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-30 23:26:59 -04:00
Darshan Gorasiya	aba72f7229	fix(huggingface): avoid hf api calls when using local HuggingFaceEndpoint (#35633 )	2026-03-28 21:14:36 -04:00
dependabot[bot]	a544f03955	chore: bump requests from 2.32.5 to 2.33.0 in /libs/partners/huggingface (#36252 ) Bumps [requests](https://github.com/psf/requests) from 2.32.5 to 2.33.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.33.0</h2> <h2>2.33.0 (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at <a href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>. Give it a try, and report any gaps or feedback you may have in the issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul> <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517 build system using setuptools. (<a href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (<a href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for Python 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/M0d3v1"><code>@M0d3v1</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6865">psf/requests#6865</a></li> <li><a href="https://github.com/aminvakil"><code>@aminvakil</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7220">psf/requests#7220</a></li> <li><a href="https://github.com/E8Price"><code>@E8Price</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6960">psf/requests#6960</a></li> <li><a href="https://github.com/mitre88"><code>@mitre88</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7244">psf/requests#7244</a></li> <li><a href="https://github.com/magsen"><code>@magsen</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6553">psf/requests#6553</a></li> <li><a href="https://github.com/Rohan5commit"><code>@Rohan5commit</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7227">psf/requests#7227</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25">https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.33.0 (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at <a href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>. Give it a try, and report any gaps or feedback you may have in the issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul> <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517 build system using setuptools. (<a href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (<a href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for Python 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`bc04dfd6da`"><code>bc04dfd</code></a> v2.33.0</li> <li><a href="`66d21cb07b`"><code>66d21cb</code></a> Merge commit from fork</li> <li><a href="`8b9bc8fc0f`"><code>8b9bc8f</code></a> Move badges to top of README (<a href="https://redirect.github.com/psf/requests/issues/7293">#7293</a>)</li> <li><a href="`e331a288f3`"><code>e331a28</code></a> Remove unused extraction call (<a href="https://redirect.github.com/psf/requests/issues/7292">#7292</a>)</li> <li><a href="`753fd08c5e`"><code>753fd08</code></a> docs: fix FAQ grammar in httplib2 example</li> <li><a href="`774a0b837a`"><code>774a0b8</code></a> docs(socks): same block as other sections</li> <li><a href="`9c72a41bec`"><code>9c72a41</code></a> Bump github/codeql-action from 4.33.0 to 4.34.1</li> <li><a href="`ebf7190679`"><code>ebf7190</code></a> Bump github/codeql-action from 4.32.0 to 4.33.0</li> <li><a href="`0e4ae38f0c`"><code>0e4ae38</code></a> docs: exclude Response.is_permanent_redirect from API docs (<a href="https://redirect.github.com/psf/requests/issues/7244">#7244</a>)</li> <li><a href="`d568f47278`"><code>d568f47</code></a> docs: clarify Quickstart POST example (<a href="https://redirect.github.com/psf/requests/issues/6960">#6960</a>)</li> <li>Additional commits viewable in <a href="https://github.com/psf/requests/compare/v2.32.5...v2.33.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=requests&package-manager=uv&previous-version=2.32.5&new-version=2.33.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langchain/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-03-25 23:03:08 -04:00
Mason Daugherty	1778b082ec	chore(partners): bump `langchain-core` min to `1.2.21` (#36183 ) Bump the minimum `langchain-core` dependency to `>=1.2.21` across all 14 partner packages in the monorepo. Aligns partner lower bounds with the latest core release so consumers pick up recent fixes (notably the `ModelProfile` schema drift fix from core 1.2.21).	2026-03-23 19:39:35 -04:00
Mason Daugherty	2f64d80cc6	fix(core,model-profiles): add missing `ModelProfile` fields, warn on schema drift (#36129 ) PR #35788 added 7 new fields to the `langchain-profiles` CLI output (`name`, `status`, `release_date`, `last_updated`, `open_weights`, `attachment`, `temperature`) but didn't update `ModelProfile` in `langchain-core`. Partner packages like `langchain-aws` that set `extra="forbid"` on their Pydantic models hit `extra_forbidden` validation errors when Pydantic encountered undeclared TypedDict keys at construction time. This adds the missing fields, makes `ModelProfile` forward-compatible, provides a base-class hook so partners can stop duplicating model-profile validator boilerplate, migrates all in-repo partners to the new hook, and adds runtime + CI-time warnings for schema drift. ## Changes ### `langchain-core` - Add `__pydantic_config__ = ConfigDict(extra="allow")` to `ModelProfile` so unknown profile keys pass Pydantic validation even on models with `extra="forbid"` — forward-compatibility for when the CLI schema evolves ahead of core - Declare the 7 missing fields on `ModelProfile`: `name`, `status`, `release_date`, `last_updated`, `open_weights` (metadata) and `attachment`, `temperature` (capabilities) - Add `_warn_unknown_profile_keys()` in `model_profile.py` — emits a `UserWarning` when a profile dict contains keys not in `ModelProfile`, suggesting a core upgrade. Wrapped in a bare `except` so introspection failures never crash model construction - Add `BaseChatModel._resolve_model_profile()` hook that returns `None` by default. Partners can override this single method instead of redefining the full `_set_model_profile` validator — the base validator calls it automatically - Add `BaseChatModel._check_profile_keys` as a separate `model_validator` that calls `_warn_unknown_profile_keys`. Uses a distinct method name so partner overrides of `_set_model_profile` don't inadvertently suppress the check ### `langchain-profiles` CLI - Add `_warn_undeclared_profile_keys()` to the CLI (`cli.py`), called after merging augmentations in `refresh()` — warns at profile-generation time (not just runtime) when emitted keys aren't declared in `ModelProfile`. Gracefully skips if `langchain-core` isn't installed - Add guard test `test_model_data_to_profile_keys_subset_of_model_profile` in model-profiles — feeds a fully-populated model dict to `_model_data_to_profile()` and asserts every emitted key exists in `ModelProfile.__annotations__`. CI fails before any release if someone adds a CLI field without updating the TypedDict ### Partner packages - Migrate all 10 in-repo partners to the `_resolve_model_profile()` hook, replacing duplicated `@model_validator` / `_set_model_profile` overrides: anthropic, deepseek, fireworks, groq, huggingface, mistralai, openai (base + azure), openrouter, perplexity, xai - Anthropic retains custom logic (context-1m beta → `max_input_tokens` override); all others reduce to a one-liner - Add `pr_lint.yml` scope for the new `model-profiles` package	2026-03-23 00:44:27 -04:00
Mason Daugherty	faadc1f3ce	ci: suppress pytest streaming output in CI (#36092 ) Reduce CI log noise by suppressing pytest's per-test dot/verbose streaming output. The `_test.yml` workflow now passes `PYTEST_EXTRA=-q` to `make test`, which overrides the default verbosity with quiet mode — failures still print in full, but the thousands of `.......` progress lines are gone. Local `make test` is unaffected since `PYTEST_EXTRA` defaults empty. ## Changes - Add `PYTEST_EXTRA ?=` variable to all 21 package Makefiles and inject it into each `test` target's pytest invocation - Pass `PYTEST_EXTRA=-q` in `_test.yml` for both the main test step and the min-version retest step	2026-03-18 21:24:47 -04:00
Mason Daugherty	07fa576de1	ci: avoid unnecessary dep installs in lint targets (#36046 ) CI lint jobs use `uv run --all-groups` for all tools, but ruff doesn't need dependency resolution — only mypy does. By splitting into `UV_RUN_LINT` (ruff) and `UV_RUN_TYPE` (mypy), the CI-facing targets run ruff with `--group lint` only, giving fast-fail feedback before mypy triggers the full environment sync. For packages where source code only conditionally imports heavy deps (text-splitters, huggingface), `lint_package` also overrides `UV_RUN_TYPE` to `--group lint --group typing`, skipping the ~3.5GB `test_integration` download entirely. `lint_tests` keeps `--all-groups` since test code legitimately imports those deps. Additionally, `lint_imports.sh` was inconsistently wired — most packages had the script but weren't calling it. ## Changes Makefile optimization - Introduce `UV_RUN_LINT` and `UV_RUN_TYPE` Make variables, both defaulting to `uv run --all-groups`. For `lint_package` and `lint_tests`, `UV_RUN_LINT` is overridden to `uv run --group lint` so ruff runs instantly without syncing heavy deps - For `text-splitters` and `huggingface`, override `UV_RUN_TYPE` on `lint_package` to `uv run --group lint --group typing` — mypy runs without downloading torch, CUDA, spacy, etc. mypy config for lean groups - Add `transformers` and `transformers.` to `ignore_missing_imports` in `text-splitters` pyproject.toml (conditional `try/except` import, same treatment as existing `konlpy`/`nltk` entries) - Add `torch`, `torch.`, `langchain_community`, `langchain_community.` to `ignore_missing_imports` in `huggingface` pyproject.toml - Add dual `# type: ignore[unreachable, unused-ignore]` in `text-splitters/base.py` to handle the `PreTrainedTokenizerBase` isinstance check that behaves differently depending on whether transformers is installed lint_imports.sh consistency* - Add `./scripts/lint_imports.sh` to the lint recipe in every package that wasn't calling it (standard-tests, model-profiles, all 15 partners), and create the script for the two packages missing it entirely (`model-profiles`, `openrouter`) - Update all `lint_imports.sh` scripts to allow `from langchain.agents` and `from langchain.tools` imports (legitimate v1 middleware dependencies used by `langchain-anthropic` and `langchain-openai`)	2026-03-17 21:23:29 -04:00
dependabot[bot]	4a632cf6a9	chore: bump orjson from 3.11.5 to 3.11.6 in /libs/partners/huggingface (#35861 )	2026-03-14 13:21:19 -04:00
Mason Daugherty	5d9568b5f5	feat(model-profiles): new fields + `Makefile` target (#35788 ) Extract additional fields from models.dev into `_model_data_to_profile`: `name`, `status`, `release_date`, `last_updated`, `open_weights`, `attachment`, `temperature` Move the model profile refresh logic from an inline bash script in the GitHub Actions workflow into a `make refresh-profiles` target in `libs/model-profiles/Makefile`. This makes it runnable locally with a single command and keeps the provider map in one place instead of duplicated between CI and developer docs.	2026-03-12 13:56:25 +00:00
dependabot[bot]	2a71c1a43f	chore: bump tornado from 6.5.2 to 6.5.5 in /libs/partners/huggingface (#35776 ) Bumps [tornado](https://github.com/tornadoweb/tornado) from 6.5.2 to 6.5.5. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst">tornado's changelog</a>.</em></p> <blockquote> <h1>Release notes</h1> <p>.. toctree:: :maxdepth: 2</p> <p>releases/v6.5.5 releases/v6.5.4 releases/v6.5.3 releases/v6.5.2 releases/v6.5.1 releases/v6.5.0 releases/v6.4.2 releases/v6.4.1 releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1 releases/v3.2.0 releases/v3.1.1</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`7d6465056c`"><code>7d64650</code></a> Merge pull request <a href="https://redirect.github.com/tornadoweb/tornado/issues/3586">#3586</a> from bdarnell/update-cibw</li> <li><a href="`d05d59b808`"><code>d05d59b</code></a> build: Bump cibuildwheel to 3.4.0</li> <li><a href="`c2f46732b0`"><code>c2f4673</code></a> Merge pull request <a href="https://redirect.github.com/tornadoweb/tornado/issues/3585">#3585</a> from bdarnell/release-655</li> <li><a href="`e5f1aa4b6f`"><code>e5f1aa4</code></a> Release notes and version bump for v6.5.5</li> <li><a href="`78a046f99f`"><code>78a046f</code></a> httputil: Add CRLF to _FORBIDDEN_HEADER_CHARS_RE</li> <li><a href="`24a2d96ea1`"><code>24a2d96</code></a> web: Validate characters in all cookie attributes.</li> <li><a href="`119a195e29`"><code>119a195</code></a> httputil: Add limits on multipart form data parsing</li> <li><a href="`63d4df4eef`"><code>63d4df4</code></a> Merge pull request <a href="https://redirect.github.com/tornadoweb/tornado/issues/3564">#3564</a> from bdarnell/release-654</li> <li><a href="`eadbf9adbe`"><code>eadbf9a</code></a> Release notes and version bump for 6.5.4</li> <li><a href="`bbc2b1429c`"><code>bbc2b14</code></a> Make sure that the in-operator on HTTPHeaders is case insensitive</li> <li>Additional commits viewable in <a href="https://github.com/tornadoweb/tornado/compare/v6.5.2...v6.5.5">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tornado&package-manager=uv&previous-version=6.5.2&new-version=6.5.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langchain/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-03-11 20:42:40 -04:00
Anix Lynch	292d0bda86	docs(huggingface): add [full] install guidance and sentence-transformers>=5.2.0 migration note (#35713 )	2026-03-10 10:54:06 -04:00
dependabot[bot]	576ee9d409	chore: bump langgraph from 1.0.8 to 1.0.10rc1 in /libs/partners/huggingface (#35613 ) Bumps [langgraph](https://github.com/langchain-ai/langgraph) from 1.0.8 to 1.0.10rc1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langgraph/releases">langgraph's releases</a>.</em></p> <blockquote> <h2>langgraph==1.0.10rc1</h2> <p>Changes since 1.0.9</p> <ul> <li>release: Candidate (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6947">#6947</a>)</li> <li>Merge commit from fork</li> <li>chore: add tests to confirm expected subgraph persistence behavior (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6943">#6943</a>)</li> <li>fix(langgraph): correct ParentCommand bubbling when checkpoint_ns includes numeric task segments (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6864">#6864</a>)</li> <li>chore: add <code>make type</code> target for type checking (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6748">#6748</a>)</li> </ul> <h2>langgraph==1.0.9</h2> <p>Changes since 1.0.8</p> <ul> <li>release: langgraph + prebuilt (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6875">#6875</a>)</li> <li>fix: sequential interrupt handling w/ functional API (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6863">#6863</a>)</li> <li>chore: state_updated_at sort by (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6857">#6857</a>)</li> <li>chore: bump orjson (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6852">#6852</a>)</li> <li>chore: conformance testing (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6842">#6842</a>)</li> <li>chore(deps): bump the all-dependencies group in /libs/langgraph with 6 updates (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6815">#6815</a>)</li> <li>chore(deps): bump protobuf from 6.33.4 to 6.33.5 in /libs/langgraph (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6833">#6833</a>)</li> <li>chore(deps): bump cryptography from 46.0.3 to 46.0.5 in /libs/langgraph (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6837">#6837</a>)</li> <li>chore(deps): bump nbconvert from 7.16.6 to 7.17.0 in /libs/langgraph (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6832">#6832</a>)</li> <li>chore: server runtime type (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6774">#6774</a>)</li> <li>refactor: replace bare except with BaseException in AsyncQueue (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6765">#6765</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`a04ec5d6f0`"><code>a04ec5d</code></a> release: Candidate (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6947">#6947</a>)</li> <li><a href="`50df7d423a`"><code>50df7d4</code></a> Merge commit from fork</li> <li><a href="`c4a4a46473`"><code>c4a4a46</code></a> chore: add tests to confirm expected subgraph persistence behavior (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6943">#6943</a>)</li> <li><a href="`f178eb821e`"><code>f178eb8</code></a> fix(langgraph): correct ParentCommand bubbling when checkpoint_ns includes nu...</li> <li><a href="`48167d7fec`"><code>48167d7</code></a> chore(deps): bump the all-dependencies group in /libs/cli with 2 updates (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6920">#6920</a>)</li> <li><a href="`806878a421`"><code>806878a</code></a> chore(deps): bump the all-dependencies group in /libs/checkpoint-postgres wit...</li> <li><a href="`8087e6a42c`"><code>8087e6a</code></a> docs(sdk-py): update auth docstrings to default-deny pattern (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6933">#6933</a>)</li> <li><a href="`8fbdb14487`"><code>8fbdb14</code></a> release(sdk-py): 0.3.9 (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6932">#6932</a>)</li> <li><a href="`5093802f31`"><code>5093802</code></a> chore(deps): bump the all-dependencies group in /libs/checkpoint with 2 updat...</li> <li><a href="`b89ef60b91`"><code>b89ef60</code></a> feat(sdk-py): add extract parameter to threads.search() (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6880">#6880</a>)</li> <li>Additional commits viewable in <a href="https://github.com/langchain-ai/langgraph/compare/1.0.8...1.0.10rc1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=langgraph&package-manager=uv&previous-version=1.0.8&new-version=1.0.10rc1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langchain/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-03-06 16:12:14 -08:00
Mason Daugherty	d2c86df128	fix(huggingface): switch integration test provider to together (#35525 ) Switch the `TestHuggingFaceEndpoint` serverless inference provider from `sambanova` to `together` for `Llama-3.3-70B-Instruct`. Sambanova doesn't support `tool_choice: "any"` (needed by `test_structured_few_shot_examples` and `test_unicode_tool_call_integration`) and doesn't return `usage_metadata` in streaming responses.	2026-03-02 13:40:58 -05:00
Mason Daugherty	ac9295761a	fix(huggingface): resolve huggingface-hub 1.x compat (#35524 ) - Switch `TestHuggingFaceEndpoint` from `Llama-4-Maverick` + `fireworks-ai` to `Llama-3.3-70B-Instruct` + `sambanova` — Maverick is no longer routed to Fireworks in hub 1.x - Switch `test_stream_usage` provider from `nebius` to `scaleway` for `gemma-3-27b-it` — same provider routing change	2026-03-02 12:29:05 -05:00
Mason Daugherty	6d39b72892	fix(huggingface): bump transformers and sentence-transformers lower bounds (#35522 ) Bump `transformers` and `sentence-transformers` lower bounds in `langchain-huggingface` to resolve a dependency conflict with `huggingface-hub` 1.x. The existing constraints allowed `huggingface-hub>=0.33.4,<2.0.0` (so hub 1.x is valid), but `transformers` 4.x requires `huggingface-hub<1.0` — causing the pre-release CI job to fail when `uv pip install --force-reinstall` resolved hub to 1.5.0 while leaving `transformers` at 4.56.2. Breaking change for users on transformers 4.x or sentence-transformers<5.2.0 who install langchain-huggingface[full].	2026-03-02 10:45:06 -05:00
dependabot[bot]	dac22ced14	chore: bump langgraph-checkpoint from 3.0.0 to 4.0.0 in /libs/partners/huggingface (#35447 ) Bumps [langgraph-checkpoint](https://github.com/langchain-ai/langgraph) from 3.0.0 to 4.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langgraph/releases">langgraph-checkpoint's releases</a>.</em></p> <blockquote> <h2>langgraph-checkpoint==4.0.0</h2> <p>Changes since checkpoint==3.0.1</p> <ul> <li>fix: flip default on base cache (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6677">#6677</a>)</li> <li>fix(checkpoint): InMemorySaver context managers should return self in… (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6529">#6529</a>)</li> <li>fix: docstring for serializer protocol (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6525">#6525</a>)</li> <li>chore: clean up some refs (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6487">#6487</a>)</li> <li>chore: add <code>pyproject.toml</code> links (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6364">#6364</a>)</li> </ul> <h2>langgraph-checkpoint-postgres==3.0.4</h2> <p>Changes since checkpointpostgres==3.0.3</p> <ul> <li>chore: Omit lock when using connection pool (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6734">#6734</a>)</li> <li>chore(deps): upgrade dependencies with <code>uv lock --upgrade</code> (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6671">#6671</a>)</li> <li>chore: update twitter URLs (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6683">#6683</a>)</li> </ul> <h2>langgraph-checkpoint-postgres==3.0.3</h2> <p>Changes since checkpointpostgres==3.0.2</p> <ul> <li>fix: flip default on base cache (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6677">#6677</a>)</li> <li>docs: storage nits (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6651">#6651</a>)</li> </ul> <h2>langgraph-checkpoint-sqlite==3.0.3</h2> <p>Changes since checkpointsqlite==3.0.2</p> <ul> <li>fix: aiosqlite's breaking change (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6699">#6699</a>)</li> <li>chore(deps): upgrade dependencies with <code>uv lock --upgrade</code> (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6671">#6671</a>)</li> <li>chore: update twitter URLs (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6683">#6683</a>)</li> </ul> <h2>langgraph-checkpoint-postgres==3.0.2</h2> <p>Changes since checkpointpostgres==3.0.1</p> <ul> <li>release(checkpoint-postgres): 3.0.1 (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6568">#6568</a>)</li> <li>chore: pgqs (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6567">#6567</a>)</li> <li>fix(checkpoint-postgres): ensure vector extension is created only if not exists (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6154">#6154</a>)</li> <li>fix(checkpoint-postgres): Replace f-string SQL formatting with parameterized queries in migration statements (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6328">#6328</a>)</li> <li>chore: add <code>pyproject.toml</code> links (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6364">#6364</a>)</li> <li>docs: add license files for checkpoint-sqlite and checkpoint-postgres (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6392">#6392</a>)</li> </ul> <h2>langgraph-checkpoint-sqlite==3.0.2</h2> <p>Changes since checkpointsqlite==3.0.1</p> <ul> <li>fix: flip default on base cache (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6677">#6677</a>)</li> <li>docs: storage nits (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6651">#6651</a>)</li> </ul> <h2>checkpoint==3.0.1</h2> <p>Changes since checkpoint==3.0.0</p> <ul> <li>chore: update ormsgpack minbound and add OPT_REPLACE_SURROGATES (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6395">#6395</a>)</li> <li>fix(checkpoint): update checkpoint interface specification in README (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6386">#6386</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`f91d79d0c8`"><code>f91d79d</code></a> fix: flip default on base cache (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6677">#6677</a>)</li> <li><a href="`cb2faa7dda`"><code>cb2faa7</code></a> fix(prebuilt): support generic type arguments for ToolRuntime injection (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6509">#6509</a>)</li> <li><a href="`a5827c5c61`"><code>a5827c5</code></a> fix: change default recursion limit (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6676">#6676</a>)</li> <li><a href="`5212369bd0`"><code>5212369</code></a> feat(sdk-py): add end-time to crons client (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6674">#6674</a>)</li> <li><a href="`7045a23148`"><code>7045a23</code></a> fix: add <code>state</code> attribute to <code>ToolCallRequest</code> overrides (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6668">#6668</a>)</li> <li><a href="`728db10b1f`"><code>728db10</code></a> fix: suppress unintended deprecation warning (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6669">#6669</a>)</li> <li><a href="`454af21896`"><code>454af21</code></a> feat(sdk-py): cron.on_run_completed support (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6662">#6662</a>)</li> <li><a href="`b4630d8452`"><code>b4630d8</code></a> chore: delete docs (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6488">#6488</a>)</li> <li><a href="`311465bbf7`"><code>311465b</code></a> fix: sanitize namespace for deeply nested graph jumps (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6665">#6665</a>)</li> <li><a href="`8ccead9560`"><code>8ccead9</code></a> docs: x-refs and explainer in tool node docs (<a href="https://redirect.github.com/langchain-ai/langgraph/issues/6653">#6653</a>)</li> <li>Additional commits viewable in <a href="https://github.com/langchain-ai/langgraph/compare/checkpoint==3.0.0...checkpoint==4.0.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=langgraph-checkpoint&package-manager=uv&previous-version=3.0.0&new-version=4.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langchain/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mason Daugherty <mason@langchain.dev>	2026-03-01 11:37:09 -05:00
Mason Daugherty	70192690b1	fix(model-profiles): sort generated profiles by model ID for stable diffs (#35344 ) - Sort model profiles alphabetically by model ID (the top-level `_PROFILES` dictionary keys, e.g. `claude-3-5-haiku-20241022`, `gpt-4o-mini`) before writing `_profiles.py`, so that regenerating profiles only shows actual data changes in diffs — not random reordering from the models.dev API response order - Regenerate all 10 partner profile files with the new sorted ordering	2026-02-19 23:11:22 -05:00
Mason Daugherty	82ae4fb6fa	chore: bump model profiles (#35294 )	2026-02-17 20:22:07 -05:00
ccurme	8f859bd91f	release(huggingface): 1.2.1 (#35182 )	2026-02-12 12:10:23 -05:00
Mohammad Mohtashim	f89e30eb13	chore(huggingface): version bump for huggingface-hub and transformers deps (#35061 )	2026-02-11 16:34:18 -05:00
dependabot[bot]	cad0025216	chore(deps): bump pillow from 11.3.0 to 12.1.1 in /libs/partners/huggingface (#35179 )	2026-02-11 12:51:58 -05:00
dependabot[bot]	7ec96bbee5	chore(deps): bump langsmith from 0.4.32rc0 to 0.6.3 in /libs/partners/huggingface (#35152 ) Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from 0.4.32rc0 to 0.6.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's releases</a>.</em></p> <blockquote> <h2>v0.6.1</h2> <h2>What's Changed</h2> <ul> <li>ci: test more bundlers by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2263">langchain-ai/langsmith-sdk#2263</a></li> <li>feat(python sdk): Add support for setting commit tags when pushing a prompt by <a href="https://github.com/bees"><code>@bees</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2265">langchain-ai/langsmith-sdk#2265</a></li> <li>feat: Pass in Cache, rename by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2264">langchain-ai/langsmith-sdk#2264</a></li> <li>chore: bump sdk by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2268">langchain-ai/langsmith-sdk#2268</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.6.0...v0.6.1">https://github.com/langchain-ai/langsmith-sdk/compare/v0.6.0...v0.6.1</a></p> <h2>v0.6.0</h2> <h2>What's Changed</h2> <ul> <li>chore(js): bump JS to 0.4.3 by <a href="https://github.com/dqbd"><code>@dqbd</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2253">langchain-ai/langsmith-sdk#2253</a></li> <li>Revert "feat: add js prompt caching" by <a href="https://github.com/angus-langchain"><code>@angus-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2258">langchain-ai/langsmith-sdk#2258</a></li> <li>Revert "feat: Replace UUID5 with deterministic UUID7 for replicas" by <a href="https://github.com/angus-langchain"><code>@angus-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2257">langchain-ai/langsmith-sdk#2257</a></li> <li>release(js): bump to 0.4.4 by <a href="https://github.com/dqbd"><code>@dqbd</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2259">langchain-ai/langsmith-sdk#2259</a></li> <li>feat: add prompt cache back and setup environment tests by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2260">langchain-ai/langsmith-sdk#2260</a></li> <li>feat(python): Bump pydantic to v2 by <a href="https://github.com/angus-langchain"><code>@angus-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2248">langchain-ai/langsmith-sdk#2248</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.5.2...v0.6.0">https://github.com/langchain-ai/langsmith-sdk/compare/v0.5.2...v0.6.0</a></p> <h2>v0.6.0rc0</h2> <h2>What's Changed</h2> <ul> <li>feat(js): Add support for tracing AI SDK 6 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2237">langchain-ai/langsmith-sdk#2237</a></li> <li>fix(js): Remove default Jestlike timeout by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2243">langchain-ai/langsmith-sdk#2243</a></li> <li>feat(js): Add support for tracing tool loop agent by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2244">langchain-ai/langsmith-sdk#2244</a></li> <li>feat: Replace UUID5 with deterministic UUID7 for replicas by <a href="https://github.com/angus-langchain"><code>@angus-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2249">langchain-ai/langsmith-sdk#2249</a></li> <li>feat: add prompt caching to python sdk by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2246">langchain-ai/langsmith-sdk#2246</a></li> <li>feat: add js prompt caching by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2251">langchain-ai/langsmith-sdk#2251</a></li> <li>fix(claude): correctly parse llm and tool inputs in claude agent sdk by <a href="https://github.com/angus-langchain"><code>@angus-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2255">langchain-ai/langsmith-sdk#2255</a></li> <li>bump(python): 0.5.2 by <a href="https://github.com/angus-langchain"><code>@angus-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2256">langchain-ai/langsmith-sdk#2256</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.5.1...v0.6.0rc0">https://github.com/langchain-ai/langsmith-sdk/compare/v0.5.1...v0.6.0rc0</a></p> <h2>v0.5.2</h2> <h2>What's Changed</h2> <ul> <li>feat(js): Add support for tracing AI SDK 6 by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2237">langchain-ai/langsmith-sdk#2237</a></li> <li>fix(js): Remove default Jestlike timeout by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2243">langchain-ai/langsmith-sdk#2243</a></li> <li>feat(js): Add support for tracing tool loop agent by <a href="https://github.com/jacoblee93"><code>@jacoblee93</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2244">langchain-ai/langsmith-sdk#2244</a></li> <li>feat: Replace UUID5 with deterministic UUID7 for replicas by <a href="https://github.com/angus-langchain"><code>@angus-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2249">langchain-ai/langsmith-sdk#2249</a></li> <li>feat: add prompt caching to python sdk by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2246">langchain-ai/langsmith-sdk#2246</a></li> <li>feat: add js prompt caching by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2251">langchain-ai/langsmith-sdk#2251</a></li> <li>fix(claude): correctly parse llm and tool inputs in claude agent sdk by <a href="https://github.com/angus-langchain"><code>@angus-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2255">langchain-ai/langsmith-sdk#2255</a></li> <li>bump(python): 0.5.2 by <a href="https://github.com/angus-langchain"><code>@angus-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2256">langchain-ai/langsmith-sdk#2256</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.5.1...v0.5.2">https://github.com/langchain-ai/langsmith-sdk/compare/v0.5.1...v0.5.2</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/langchain-ai/langsmith-sdk/commits">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=langsmith&package-manager=uv&previous-version=0.4.32rc0&new-version=0.6.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langchain/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-10 20:29:15 -08:00
Mason Daugherty	4ca586b322	feat(model-profiles): add `text_inputs` and `text_outputs` (#35084 ) - Add `text_inputs` and `text_outputs` fields to `ModelProfile` - Regenerate `_profiles.py` for all providers ## Why models.dev data includes `'text'` as both an input and output modality, but we didn't capture it. models.dev broadly contains models without text input (Whisper/ASR) and without text output (image generators, TTS). Without this, downstream consumers can't filter on model text support (e.g. preventing users from passing text input to an audio-only model). --- We'd need to also run for Google, AWS and cut releases for all to propagate	2026-02-09 14:50:09 -05:00
Mason Daugherty	1bb366315f	chore: add `make type` target (#35015 )	2026-02-04 16:16:52 -05:00
Mason Daugherty	8e4c433541	revert: "chore: add typing target in `Makefile`" (#35013 ) Reverts langchain-ai/langchain#35012	2026-02-04 15:53:29 -05:00
Mason Daugherty	88fa71a166	chore: add typing target in `Makefile` (#35012 )	2026-02-04 15:51:56 -05:00
Mason Daugherty	5c018f5cd1	chore: enrich `pyproject.toml` files (#34980 )	2026-02-02 13:07:05 -05:00
dependabot[bot]	328bf24a4c	chore(deps): bump the uv group across 20 directories with 3 updates (#34941 ) Bumps the uv group with 1 update in the /libs/core directory: [nbconvert](https://github.com/jupyter/nbconvert). Bumps the uv group with 3 updates in the /libs/langchain directory: [nbconvert](https://github.com/jupyter/nbconvert), [orjson](https://github.com/ijl/orjson) and [protobuf](https://github.com/protocolbuffers/protobuf). Bumps the uv group with 2 updates in the /libs/langchain_v1 directory: [orjson](https://github.com/ijl/orjson) and [protobuf](https://github.com/protocolbuffers/protobuf). Bumps the uv group with 1 update in the /libs/model-profiles directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/anthropic directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 2 updates in the /libs/partners/chroma directory: [orjson](https://github.com/ijl/orjson) and [protobuf](https://github.com/protocolbuffers/protobuf). Bumps the uv group with 1 update in the /libs/partners/deepseek directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/exa directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/fireworks directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/groq directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/huggingface directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/mistralai directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/nomic directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/ollama directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/openai directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/perplexity directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 1 update in the /libs/partners/prompty directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 2 updates in the /libs/partners/qdrant directory: [orjson](https://github.com/ijl/orjson) and [protobuf](https://github.com/protocolbuffers/protobuf). Bumps the uv group with 1 update in the /libs/partners/xai directory: [orjson](https://github.com/ijl/orjson). Bumps the uv group with 2 updates in the /libs/text-splitters directory: [nbconvert](https://github.com/jupyter/nbconvert) and [orjson](https://github.com/ijl/orjson). Updates `nbconvert` from 7.16.6 to 7.17.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jupyter/nbconvert/releases">nbconvert's releases</a>.</em></p> <blockquote> <h2>v7.17.0</h2> <h2>7.17.0</h2> <p>(<a href="https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71">Full Changelog</a>)</p> <h3>Enhancements made</h3> <ul> <li>Add support for arbitrary browser arguments <a href="https://redirect.github.com/jupyter/nbconvert/pull/2227">#2227</a> (<a href="https://github.com/shreve"><code>@shreve</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> </ul> <h3>Bugs fixed</h3> <ul> <li>Fix QtPNGExporter returning empty bytes on macOS <a href="https://redirect.github.com/jupyter/nbconvert/pull/2264">#2264</a> (<a href="https://github.com/h3pdesign"><code>@h3pdesign</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/QuLogic"><code>@QuLogic</code></a>)</li> <li>Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) <a href="https://redirect.github.com/jupyter/nbconvert/pull/2261">#2261</a> (<a href="https://github.com/h3pdesign"><code>@h3pdesign</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/mberlanda"><code>@mberlanda</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>, <a href="https://github.com/salmankadaya"><code>@salmankadaya</code></a>, <a href="https://github.com/th3gowtham"><code>@th3gowtham</code></a>)</li> <li>Fix get_export_names and get_exporter default args <a href="https://redirect.github.com/jupyter/nbconvert/pull/2228">#2228</a> (<a href="https://github.com/shreve"><code>@shreve</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>PyPA-Compliant Summary <a href="https://redirect.github.com/jupyter/nbconvert/pull/2226">#2226</a> (<a href="https://github.com/hackowitz-af"><code>@hackowitz-af</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> </ul> <h3>Maintenance and upkeep improvements</h3> <ul> <li>avoid cov environment on free-threaded Pythons <a href="https://redirect.github.com/jupyter/nbconvert/pull/2267">#2267</a> (<a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>update pre-commit, and fix all issues. <a href="https://redirect.github.com/jupyter/nbconvert/pull/2238">#2238</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Drop test on 3.9, test on 3.13, 3.14, 3.14t <a href="https://redirect.github.com/jupyter/nbconvert/pull/2237">#2237</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Bump the actions group across 1 directory with 2 updates <a href="https://redirect.github.com/jupyter/nbconvert/pull/2231">#2231</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Replace <code>@flaky.flaky</code> decorate with pytest marker <a href="https://redirect.github.com/jupyter/nbconvert/pull/2229">#2229</a> (<a href="https://github.com/mgorny"><code>@mgorny</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>update to mermaid 11.10.0 <a href="https://redirect.github.com/jupyter/nbconvert/pull/2224">#2224</a> (<a href="https://github.com/bollwyvl"><code>@bollwyvl</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Drop support for Python 3.8, fix the CI tests <a href="https://redirect.github.com/jupyter/nbconvert/pull/2221">#2221</a> (<a href="https://github.com/shreve"><code>@shreve</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> </ul> <h3>Documentation improvements</h3> <ul> <li>Use <code>intersphinx_registry</code> <a href="https://redirect.github.com/jupyter/nbconvert/pull/2232">#2232</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28&to=2026-01-29&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/bollwyvl"><code>@bollwyvl</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/Carreau"><code>@Carreau</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/h3pdesign"><code>@h3pdesign</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/hackowitz-af"><code>@hackowitz-af</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/krassowski"><code>@krassowski</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/mberlanda"><code>@mberlanda</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/mgorny"><code>@mgorny</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/minrk"><code>@minrk</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/MSeal"><code>@MSeal</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/QuLogic"><code>@QuLogic</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/salmankadaya"><code>@salmankadaya</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/shreve"><code>@shreve</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/th3gowtham"><code>@th3gowtham</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>)</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jupyter/nbconvert/blob/main/CHANGELOG.md">nbconvert's changelog</a>.</em></p> <blockquote> <h2>7.17.0</h2> <p>(<a href="https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71">Full Changelog</a>)</p> <h3>Enhancements made</h3> <ul> <li>Add support for arbitrary browser arguments <a href="https://redirect.github.com/jupyter/nbconvert/pull/2227">#2227</a> (<a href="https://github.com/shreve"><code>@shreve</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> </ul> <h3>Bugs fixed</h3> <ul> <li>Fix QtPNGExporter returning empty bytes on macOS <a href="https://redirect.github.com/jupyter/nbconvert/pull/2264">#2264</a> (<a href="https://github.com/h3pdesign"><code>@h3pdesign</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/QuLogic"><code>@QuLogic</code></a>)</li> <li>Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) <a href="https://redirect.github.com/jupyter/nbconvert/pull/2261">#2261</a> (<a href="https://github.com/h3pdesign"><code>@h3pdesign</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/mberlanda"><code>@mberlanda</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>, <a href="https://github.com/salmankadaya"><code>@salmankadaya</code></a>, <a href="https://github.com/th3gowtham"><code>@th3gowtham</code></a>)</li> <li>Fix get_export_names and get_exporter default args <a href="https://redirect.github.com/jupyter/nbconvert/pull/2228">#2228</a> (<a href="https://github.com/shreve"><code>@shreve</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>PyPA-Compliant Summary <a href="https://redirect.github.com/jupyter/nbconvert/pull/2226">#2226</a> (<a href="https://github.com/hackowitz-af"><code>@hackowitz-af</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> </ul> <h3>Maintenance and upkeep improvements</h3> <ul> <li>avoid cov environment on free-threaded Pythons <a href="https://redirect.github.com/jupyter/nbconvert/pull/2267">#2267</a> (<a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>update pre-commit, and fix all issues. <a href="https://redirect.github.com/jupyter/nbconvert/pull/2238">#2238</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Drop test on 3.9, test on 3.13, 3.14, 3.14t <a href="https://redirect.github.com/jupyter/nbconvert/pull/2237">#2237</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Bump the actions group across 1 directory with 2 updates <a href="https://redirect.github.com/jupyter/nbconvert/pull/2231">#2231</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Replace <code>@flaky.flaky</code> decorate with pytest marker <a href="https://redirect.github.com/jupyter/nbconvert/pull/2229">#2229</a> (<a href="https://github.com/mgorny"><code>@mgorny</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>update to mermaid 11.10.0 <a href="https://redirect.github.com/jupyter/nbconvert/pull/2224">#2224</a> (<a href="https://github.com/bollwyvl"><code>@bollwyvl</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Drop support for Python 3.8, fix the CI tests <a href="https://redirect.github.com/jupyter/nbconvert/pull/2221">#2221</a> (<a href="https://github.com/shreve"><code>@shreve</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> </ul> <h3>Documentation improvements</h3> <ul> <li>Use <code>intersphinx_registry</code> <a href="https://redirect.github.com/jupyter/nbconvert/pull/2232">#2232</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28&to=2026-01-29&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/bollwyvl"><code>@bollwyvl</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/Carreau"><code>@Carreau</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/h3pdesign"><code>@h3pdesign</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/hackowitz-af"><code>@hackowitz-af</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/krassowski"><code>@krassowski</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/mberlanda"><code>@mberlanda</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/mgorny"><code>@mgorny</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/minrk"><code>@minrk</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/MSeal"><code>@MSeal</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/QuLogic"><code>@QuLogic</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/salmankadaya"><code>@salmankadaya</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/shreve"><code>@shreve</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/th3gowtham"><code>@th3gowtham</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>)</p> <!-- raw HTML omitted --> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`21b35d85b4`"><code>21b35d8</code></a> Publish 7.17.0</li> <li><a href="`c9ac1d1040`"><code>c9ac1d1</code></a> Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD)...</li> <li><a href="`b13276d80a`"><code>b13276d</code></a> avoid cov environment on free-threaded Pythons (<a href="https://redirect.github.com/jupyter/nbconvert/issues/2267">#2267</a>)</li> <li><a href="`7c7055fe83`"><code>7c7055f</code></a> [pre-commit.ci] auto fixes from pre-commit.com hooks</li> <li><a href="`74f3ddd37e`"><code>74f3ddd</code></a> Fix QtPNGExporter returning empty bytes on macOS</li> <li><a href="`216550b2aa`"><code>216550b</code></a> fix links</li> <li><a href="`39777ac571`"><code>39777ac</code></a> try to comment fialing test</li> <li><a href="`7b591ca526`"><code>7b591ca</code></a> ruff-check</li> <li><a href="`6ec7638a3d`"><code>6ec7638</code></a> parent</li> <li><a href="`59414b36f9`"><code>59414b3</code></a> fix mypy</li> <li>Additional commits viewable in <a href="https://github.com/jupyter/nbconvert/compare/v7.16.6...v7.17.0">compare view</a></li> </ul> </details> <br /> Updates `nbconvert` from 7.16.6 to 7.17.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jupyter/nbconvert/releases">nbconvert's releases</a>.</em></p> <blockquote> <h2>v7.17.0</h2> <h2>7.17.0</h2> <p>(<a href="https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71">Full Changelog</a>)</p> <h3>Enhancements made</h3> <ul> <li>Add support for arbitrary browser arguments <a href="https://redirect.github.com/jupyter/nbconvert/pull/2227">#2227</a> (<a href="https://github.com/shreve"><code>@shreve</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> </ul> <h3>Bugs fixed</h3> <ul> <li>Fix QtPNGExporter returning empty bytes on macOS <a href="https://redirect.github.com/jupyter/nbconvert/pull/2264">#2264</a> (<a href="https://github.com/h3pdesign"><code>@h3pdesign</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/QuLogic"><code>@QuLogic</code></a>)</li> <li>Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) <a href="https://redirect.github.com/jupyter/nbconvert/pull/2261">#2261</a> (<a href="https://github.com/h3pdesign"><code>@h3pdesign</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/mberlanda"><code>@mberlanda</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>, <a href="https://github.com/salmankadaya"><code>@salmankadaya</code></a>, <a href="https://github.com/th3gowtham"><code>@th3gowtham</code></a>)</li> <li>Fix get_export_names and get_exporter default args <a href="https://redirect.github.com/jupyter/nbconvert/pull/2228">#2228</a> (<a href="https://github.com/shreve"><code>@shreve</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>PyPA-Compliant Summary <a href="https://redirect.github.com/jupyter/nbconvert/pull/2226">#2226</a> (<a href="https://github.com/hackowitz-af"><code>@hackowitz-af</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> </ul> <h3>Maintenance and upkeep improvements</h3> <ul> <li>avoid cov environment on free-threaded Pythons <a href="https://redirect.github.com/jupyter/nbconvert/pull/2267">#2267</a> (<a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>update pre-commit, and fix all issues. <a href="https://redirect.github.com/jupyter/nbconvert/pull/2238">#2238</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Drop test on 3.9, test on 3.13, 3.14, 3.14t <a href="https://redirect.github.com/jupyter/nbconvert/pull/2237">#2237</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Bump the actions group across 1 directory with 2 updates <a href="https://redirect.github.com/jupyter/nbconvert/pull/2231">#2231</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Replace <code>@flaky.flaky</code> decorate with pytest marker <a href="https://redirect.github.com/jupyter/nbconvert/pull/2229">#2229</a> (<a href="https://github.com/mgorny"><code>@mgorny</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>update to mermaid 11.10.0 <a href="https://redirect.github.com/jupyter/nbconvert/pull/2224">#2224</a> (<a href="https://github.com/bollwyvl"><code>@bollwyvl</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Drop support for Python 3.8, fix the CI tests <a href="https://redirect.github.com/jupyter/nbconvert/pull/2221">#2221</a> (<a href="https://github.com/shreve"><code>@shreve</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> </ul> <h3>Documentation improvements</h3> <ul> <li>Use <code>intersphinx_registry</code> <a href="https://redirect.github.com/jupyter/nbconvert/pull/2232">#2232</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28&to=2026-01-29&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/bollwyvl"><code>@bollwyvl</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/Carreau"><code>@Carreau</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/h3pdesign"><code>@h3pdesign</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/hackowitz-af"><code>@hackowitz-af</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/krassowski"><code>@krassowski</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/mberlanda"><code>@mberlanda</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/mgorny"><code>@mgorny</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/minrk"><code>@minrk</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/MSeal"><code>@MSeal</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/QuLogic"><code>@QuLogic</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/salmankadaya"><code>@salmankadaya</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/shreve"><code>@shreve</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/th3gowtham"><code>@th3gowtham</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>)</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jupyter/nbconvert/blob/main/CHANGELOG.md">nbconvert's changelog</a>.</em></p> <blockquote> <h2>7.17.0</h2> <p>(<a href="https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71">Full Changelog</a>)</p> <h3>Enhancements made</h3> <ul> <li>Add support for arbitrary browser arguments <a href="https://redirect.github.com/jupyter/nbconvert/pull/2227">#2227</a> (<a href="https://github.com/shreve"><code>@shreve</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> </ul> <h3>Bugs fixed</h3> <ul> <li>Fix QtPNGExporter returning empty bytes on macOS <a href="https://redirect.github.com/jupyter/nbconvert/pull/2264">#2264</a> (<a href="https://github.com/h3pdesign"><code>@h3pdesign</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/QuLogic"><code>@QuLogic</code></a>)</li> <li>Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) <a href="https://redirect.github.com/jupyter/nbconvert/pull/2261">#2261</a> (<a href="https://github.com/h3pdesign"><code>@h3pdesign</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>, <a href="https://github.com/mberlanda"><code>@mberlanda</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>, <a href="https://github.com/salmankadaya"><code>@salmankadaya</code></a>, <a href="https://github.com/th3gowtham"><code>@th3gowtham</code></a>)</li> <li>Fix get_export_names and get_exporter default args <a href="https://redirect.github.com/jupyter/nbconvert/pull/2228">#2228</a> (<a href="https://github.com/shreve"><code>@shreve</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>PyPA-Compliant Summary <a href="https://redirect.github.com/jupyter/nbconvert/pull/2226">#2226</a> (<a href="https://github.com/hackowitz-af"><code>@hackowitz-af</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> </ul> <h3>Maintenance and upkeep improvements</h3> <ul> <li>avoid cov environment on free-threaded Pythons <a href="https://redirect.github.com/jupyter/nbconvert/pull/2267">#2267</a> (<a href="https://github.com/minrk"><code>@minrk</code></a>)</li> <li>update pre-commit, and fix all issues. <a href="https://redirect.github.com/jupyter/nbconvert/pull/2238">#2238</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Drop test on 3.9, test on 3.13, 3.14, 3.14t <a href="https://redirect.github.com/jupyter/nbconvert/pull/2237">#2237</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>Bump the actions group across 1 directory with 2 updates <a href="https://redirect.github.com/jupyter/nbconvert/pull/2231">#2231</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Replace <code>@flaky.flaky</code> decorate with pytest marker <a href="https://redirect.github.com/jupyter/nbconvert/pull/2229">#2229</a> (<a href="https://github.com/mgorny"><code>@mgorny</code></a>, <a href="https://github.com/Carreau"><code>@Carreau</code></a>)</li> <li>update to mermaid 11.10.0 <a href="https://redirect.github.com/jupyter/nbconvert/pull/2224">#2224</a> (<a href="https://github.com/bollwyvl"><code>@bollwyvl</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> <li>Drop support for Python 3.8, fix the CI tests <a href="https://redirect.github.com/jupyter/nbconvert/pull/2221">#2221</a> (<a href="https://github.com/shreve"><code>@shreve</code></a>, <a href="https://github.com/minrk"><code>@minrk</code></a>)</li> </ul> <h3>Documentation improvements</h3> <ul> <li>Use <code>intersphinx_registry</code> <a href="https://redirect.github.com/jupyter/nbconvert/pull/2232">#2232</a> (<a href="https://github.com/Carreau"><code>@Carreau</code></a>, <a href="https://github.com/krassowski"><code>@krassowski</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28&to=2026-01-29&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/bollwyvl"><code>@bollwyvl</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/Carreau"><code>@Carreau</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/h3pdesign"><code>@h3pdesign</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/hackowitz-af"><code>@hackowitz-af</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/krassowski"><code>@krassowski</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/mberlanda"><code>@mberlanda</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/mgorny"><code>@mgorny</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/minrk"><code>@minrk</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/MSeal"><code>@MSeal</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/QuLogic"><code>@QuLogic</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/salmankadaya"><code>@salmankadaya</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/shreve"><code>@shreve</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>) \| <a href="https://github.com/th3gowtham"><code>@th3gowtham</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29&type=Issues">activity</a>)</p> <!-- raw HTML omitted --> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`21b35d85b4`"><code>21b35d8</code></a> Publish 7.17.0</li> <li><a href="`c9ac1d1040`"><code>c9ac1d1</code></a> Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD)...</li> <li><a href="`b13276d80a`"><code>b13276d</code></a> avoid cov environment on free-threaded Pythons (<a href="https://redirect.github.com/jupyter/nbconvert/issues/2267">#2267</a>)</li> <li><a href="`7c7055fe83`"><code>7c7055f</code></a> [pre-commit.ci] auto fixes from pre-commit.com hooks</li> <li><a href="`74f3ddd37e`"><code>74f3ddd</code></a> Fix QtPNGExporter returning empty bytes on macOS</li> <li><a href="`216550b2aa`"><code>216550b</code></a> fix links</li> <li><a href="`39777ac571`"><code>39777ac</code></a> try to comment fialing test</li> <li><a href="`7b591ca526`"><code>7b591ca</code></a> ruff-check</li> <li><a href="`6ec7638a3d`"><code>6ec7638</code></a> parent</li> <li><a href="`59414b36f9`"><code>59414b3</code></a> fix mypy</li> <li>Additional commits viewable in <a href="https://github.com/jupyter/nbconvert/compare/v7.16.6...v7.17.0">compare view</a></li> </ul> </details> <br /> Updates `orjson` from 3.11.3 to 3.11.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ijl/orjson/releases">orjson's releases</a>.</em></p> <blockquote> <h2>3.11.5</h2> <h3>Changed</h3> <ul> <li>Show simple error message instead of traceback when attempting to build on unsupported Python versions.</li> </ul> <h2>3.11.4</h2> <h3>Changed</h3> <ul> <li>ABI compatibility with CPython 3.15 alpha 1.</li> <li>Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7, manylinux ppc64le, manylinux s390x.</li> <li>Build now requires a C compiler.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ijl/orjson/blob/master/CHANGELOG.md">orjson's changelog</a>.</em></p> <blockquote> <h2>3.11.5 - 2025-12-06</h2> <h3>Changed</h3> <ul> <li>Show simple error message instead of traceback when attempting to build on unsupported Python versions.</li> </ul> <h2>3.11.4 - 2025-10-24</h2> <h3>Changed</h3> <ul> <li>ABI compatibility with CPython 3.15 alpha 1.</li> <li>Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7, manylinux ppc64le, manylinux s390x.</li> <li>Build now requires a C compiler.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`fb3eb1f729`"><code>fb3eb1f</code></a> 3.11.5</li> <li><a href="`52688e02c5`"><code>52688e0</code></a> Record contributors in headers</li> <li><a href="`dc083e87d5`"><code>dc083e8</code></a> Further compatibility and build misc</li> <li><a href="`18f0186d47`"><code>18f0186</code></a> Compatibility and build misc</li> <li><a href="`a4fdeb3aff`"><code>a4fdeb3</code></a> 3.11.4</li> <li><a href="`2e80d68afa`"><code>2e80d68</code></a> unlikely to cold_path, remove intrinsics</li> <li><a href="`27edea92f8`"><code>27edea9</code></a> FFI through crate::ffi, partial non-CPython compatibility</li> <li><a href="`416a8c9578`"><code>416a8c9</code></a> Unconditionally build yyjson</li> <li><a href="`c8c1a17dca`"><code>c8c1a17</code></a> edition 2024</li> <li><a href="`af4179a1fa`"><code>af4179a</code></a> build maintenance, panic_immediate_abort break, test 3.15</li> <li>See full diff in <a href="https://github.com/ijl/orjson/compare/3.11.3...3.11.5">compare view</a></li> </ul> </details> <br /> Updates `protobuf` from 6.32.1 to 6.33.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/protocolbuffers/protobuf/releases">protobuf's releases</a>.</em></p> <blockquote> <h2>Protocol Buffers v34.0-rc1</h2> <h1>Announcements</h1> <ul> <li><strong>This version includes breaking changes to: C++, Objective-C, PHP, Python.</strong></li> <li>[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (<a href="`0a5c2f6b63`</a>)</li> <li>[C++] Make generator headers private (<a href="`3a2af3510f`</a>)</li> <li>[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (<a href="`7a7589823d`</a>)</li> <li>[C++] Add [[nodiscard]] to many APIs. (<a href="`a70115f33f`</a>)</li> <li>[C++] Make the arena-enabled constructors of <code>RepeatedField</code>, <code>RepeatedPtrField</code>, and <code>Map</code> private. (<a href="`ef890c3d0c`</a>)</li> <li>[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (<a href="`b76faa921f`</a>)</li> <li>[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (<a href="`b115358c64`</a>)</li> <li>[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (<a href="`68346ec934`</a>)</li> <li>[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (<a href="`837a2cd1d6`</a>)</li> <li>[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() && !is_repeated()) instead (<a href="`9dbc5d479a`</a>)</li> <li>[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (<a href="`c301c2ca28`</a>)</li> <li>[C++] All entity names have length limit (2afb0dc)</li> <li>[ObjC] Remove <code>generate_minimal_imports</code> generation option warning (<a href="`45b1297fda`</a>)</li> <li>[ObjC] Fix nullability annotations on some <code>GPBDictionary</code> types. (<a href="`ea67d6d26a`</a>)</li> <li>[ObjC] Remove <code>-[GPBFieldDescriptor optional]</code> (<a href="`3414dc151e`</a>)</li> <li>[Other] Remove deprecated flag for enabling MSVC support (<a href="`97c979be6e`</a>)</li> <li>[PHP] Remove deprecated PHP APIs (<a href="`9c45014099`</a>)</li> <li>[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (<a href="`4208121992`</a>, <a href="`cd76e675b1`</a>, <a href="`4208121992`</a>)</li> <li>[PHP] Add PHP typehints for setters and remove redundant GPBUtil checks (<a href="https://redirect.github.com/protocolbuffers/protobuf/pull/25296">protocolbuffers/protobuf#25296</a>) (<a href="`aee03b7892`</a>)</li> <li>[PHP] support default values for editions/proto2 (<a href="https://redirect.github.com/protocolbuffers/protobuf/pull/25161">protocolbuffers/protobuf#25161</a>) (<a href="`b01099d563`</a>)</li> <li>[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (<a href="`5b116fe2f1`</a>)</li> <li>[Python] Remove float_format/double_format from python proto text_format (<a href="`e4854a186e`</a>)</li> <li>[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (<a href="`00aaca1b4d`</a>)</li> <li>[Python] Remove float_precision from python proto json_format (<a href="`f027f1fcd5`</a>)</li> <li>[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (<a href="`b76faa921f`</a>)</li> <li>[Python] Remove deprecated FieldDescriptor.label (<a href="`0a8ff55518`</a>)</li> <li>[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (<a href="`c301c2ca28`</a>)</li> <li><a href="https://protobuf.dev/news/">Protobuf News</a> may include additional announcements or pre-announcements for upcoming changes.</li> <li><a href="https://protobuf.dev/support/migration/">Migration Guide</a> may include additional guidance for breaking changes.</li> </ul> <h1>Bazel</h1> <ul> <li>Fix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (<a href="https://redirect.github.com/protocolbuffers/protobuf/issues/25168">#25168</a>) (<a href="`8c857c3a1c`</a>)</li> <li>Breaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (<a href="`0a5c2f6b63`</a>)</li> <li>Feat(bazel): wire up prebuilt protoc toolchain (<a href="https://redirect.github.com/protocolbuffers/protobuf/issues/24115">#24115</a>) (<a href="`cc23698b48`</a>)</li> <li>Migrate <code>proto_descriptor_set</code> (<a href="https://redirect.github.com/protocolbuffers/protobuf/issues/23369">#23369</a>) (<a href="`8d4dfdd39a`</a>)</li> </ul> <h1>Compiler</h1> <ul> <li>Ruby codegen: support generation of rbs files (<a href="https://redirect.github.com/protocolbuffers/protobuf/issues/15633">#15633</a>) (<a href="`6ebdf851ba`</a>)</li> <li>Avoid collision name problems between a message named <code>Xyz</code> and a direct sibling enum named <code>XyzView</code> (<a href="`eba53e8f17`</a>)</li> <li>Generalizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (<a href="`ed3c57114d`</a>)</li> <li>Fix a bug with custom features outside of the <code>pb</code> package. (<a href="`872d3ce7a4`</a>)</li> <li>Fix import option handling when include_imports isn't set. (<a href="`9ef9e80afd`</a>)</li> <li>Fix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (<a href="`1229d4adba`</a>)</li> <li>Prevent accidental stripping of <code>debug_redact</code> options via import option. (<a href="`f58b098bff`</a>)</li> </ul> <h1>C++</h1> <ul> <li>Add EnumerateEnumValues function. (<a href="`397d5d99db`</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/protocolbuffers/protobuf/commits">compare view</a></li> </ul> </details> <br /> Updates `orjson` from 3.11.4 to 3.11.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ijl/orjson/releases">orjson's releases</a>.</em></p> <blockquote> <h2>3.11.5</h2> <h3>Changed</h3> <ul> <li>Show simple error message instead of traceback when attempting to build on unsupported Python versions.</li> </ul> <h2>3.11.4</h2> <h3>Changed</h3> <ul> <li>ABI compatibility with CPython 3.15 alpha 1.</li> <li>Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7, manylinux ppc64le, manylinux s390x.</li> <li>Build now requires a C compiler.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ijl/orjson/blob/master/CHANGELOG.md">orjson's changelog</a>.</em></p> <blockquote> <h2>3.11.5 - 2025-12-06</h2> <h3>Changed</h3> <ul> <li>Show simple error message instead of traceback when attempting to build on unsupported Python versions.</li> </ul> <h2>3.11.4 - 2025-10-24</h2> <h3>Changed</h3> <ul> <li>ABI compatibility with CPython 3.15 alpha 1.</li> <li>Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7, manylinux ppc64le, manylinux s390x.</li> <li>Build now requires a C compiler.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`fb3eb1f729`"><code>fb3eb1f</code></a> 3.11.5</li> <li><a href="`52688e02c5`"><code>52688e0</code></a> Record contributors in headers</li> <li><a href="`dc083e87d5`"><code>dc083e8</code></a> Further compatibility and build misc</li> <li><a href="`18f0186d47`"><code>18f0186</code></a> Compatibility and build misc</li> <li><a href="`a4fdeb3aff`"><code>a4fdeb3</code></a> 3.11.4</li> <li><a href="`2e80d68afa`"><code>2e80d68</code></a> unlikely to cold_path, remove intrinsics</li> <li><a href="`27edea92f8`"><code>27edea9</code></a> FFI through crate::ffi, partial non-CPython compatibility</li> <li><a href="`416a8c9578`"><code>416a8c9</code></a> Unconditionally build yyjson</li> <li><a href="`c8c1a17dca`"><code>c8c1a17</code></a> edition 2024</li> <li><a href="`af4179a1fa`"><code>af4179a</code></a> build maintenance, panic_immediate_abort break, test 3.15</li> <li>See full diff in <a href="https://github.com/ijl/orjson/compare/3.11.3...3.11.5">compare view</a></li> </ul> </details> <br /> Updates `protobuf` from 6.33.1 to 6.33.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/protocolbuffers/protobuf/releases">protobuf's releases</a>.</em></p> <blockquote> <h2>Protocol Buffers v34.0-rc1</h2> <h1>Announcements</h1> <ul> <li><strong>This version includes breaking changes to: C++, Objective-C, PHP, Python.</strong></li> <li>[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (<a href="`0a5c2f6b63`</a>)</li> <li>[C++] Make generator headers private (<a href="`3a2af3510f`</a>)</li> <li>[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (<a href="`7a7589823d`</a>)</li> <li>[C++] Add [[nodiscard]] to many APIs. (<a href="`a70115f33f`</a>)</li> <li>[C++] Make the arena-enabled constructors of <code>RepeatedField</code>, <code>RepeatedPtrField</code>, and <code>Map</code> private. (<a href="`ef890c3d0c`</a>)</li> <li>[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (<a href="`b76faa921f`</a>)</li> <li>[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (<a href="`b115358c64`</a>)</li> <li>[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (<a href="`68346ec934`</a>)</li> <li>[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (<a href="`837a2cd1d6`</a>)</li> <li>[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() && !is_repeated()) instead (<a href="`9dbc5d479a`</a>)</li> <li>[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (<a href="`c301c2ca28`</a>)</li> <li>[C++] All entity names have length limit (2afb0dc)</li> <li>[ObjC] Remove <code>generate_minimal_imports</code> generation option warning (<a href="`45b1297fda`</a>)</li> <li>[ObjC] Fix nullability annotations on some <code>GPBDictionary</code> types. (<a href="`ea67d6d26a`</a>)</li> <li>[ObjC] Remove <code>-[GPBFieldDescriptor optional]</code> (<a href="`3414dc151e`</a>)</li> <li>[Other] Remove deprecated flag for enabling MSVC support (<a href="`97c979be6e`</a>)</li> <li>[PHP] Remove deprecated PHP APIs (<a href="`9c45014099`</a>)</li> <li>[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (<a href="`4208121992`</a>, <a href="`cd76e675b1`</a>, <a href="`4208121992`</a>)</li> <li>[PHP] Add PHP typehints for setters and remove redundant GPBUtil checks (<a href="https://redirect.github.com/protocolbuffers/protobuf/pull/25296">protocolbuffers/protobuf#25296</a>) (<a href="`aee03b7892`</a>)</li> <li>[PHP] support default values for editions/proto2 (<a href="https://redirect.github.com/protocolbuffers/protobuf/pull/25161">protocolbuffers/protobuf#25161</a>) (<a href="`b01099d563`</a>)</li> <li>[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (<a href="`5b116fe2f1`</a>)</li> <li>[Python] Remove float_format/double_format from python proto text_format (<a href="`e4854a186e`</a>)</li> <li>[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (<a href="`00aaca1b4d`</a>)</li> <li>[Python] Remove float_precision from python proto json_format (<a href="`f027f1fcd5`</a>)</li> <li>[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (<a href="`b76faa921f`</a>)</li> <li>[Python] Remove deprecated FieldDescriptor.label (<a href="`0a8ff55518`</a>)</li> <li>[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (<a href="`c301c2ca28`</a>)</li> <li><a href="https://protobuf.dev/news/">Protobuf News</a> may include additional announcements or pre-announcements for upcoming changes.</li> <li><a href="https://protobuf.dev/support/migration/">Migration Guide</a> may include additional guidance for breaking changes.</li> </ul> <h1>Bazel</h1> <ul> <li>Fix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (<a href="https://redirect.github.com/protocolbuffers/protobuf/issues/25168">#25168</a>) (<a href="`8c857c3a1c`</a>)</li> <li>Breaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (<a href="`0a5c2f6b63`</a>)</li> <li>Feat(bazel): wire up prebuilt protoc toolchain (<a href="https://redirect.github.com/protocolbuffers/protobuf/issues/24115">#24115</a>) (<a href="`cc23698b48`">... _Description has been truncated_ Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: ccurme <chester.curme@gmail.com>	2026-02-01 11:56:31 -08:00
John Kennedy	c5834cc028	chore: upgrade urllib3 to 2.6.3 (#34940 )	2026-01-31 16:30:17 -05:00
XXt	689ce96016	docs: add missing module-level docstrings to partner integrations (#34838 ) docs: add missing module-level docstrings to partner integrations Added module-level docstrings to 6 partner integration __init__.py files that were missing documentation:	2026-01-22 12:05:59 -05:00
dependabot[bot]	a84722e2d7	chore(deps): bump the uv group across 8 directories with 6 updates (#34773 ) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langchain/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-01-16 14:33:31 -05:00
Mason Daugherty	3d687ea8fb	chore: update twitter URLs (#34736 )	2026-01-13 01:54:11 -05:00
Mason Daugherty	18c25e9f10	chore: ban relative imports on all packages (#34691 )	2026-01-09 17:02:24 -05:00
Mason Daugherty	2f8af61218	release(huggingface): 1.2.0 (#34335 )	2025-12-12 17:16:38 -05:00
Georgey	16c984ef0a	fix(langchain-classic): fix init_chat_model for HuggingFace models (#33943 )	2025-12-12 11:05:48 -05:00
Paul	bf6a5eb122	fix(huggingface): Helper logic for init_chat_model with HuggingFace backend (#34259 )	2025-12-12 10:05:16 -05:00
Mason Daugherty	ff6e3558d7	docs(fireworks,groq,huggingface,mistralai,ollama,openai): x-ref `convert_to_openai_tool` (#34276 )	2025-12-09 19:51:04 -05:00

1 2 3 4

173 Commits