Ernesto Revilla
d74b0cacfa
fix(core): backport path-traversal fix to v0.3 (CVE-2026-34070, GHSA-qh6h-p6c9-ff54) ( #37233 )
2026-05-07 10:58:34 -04:00
Eugene Yurtsev
56bcb093ff
Revert "x"
...
This reverts commit 763b30e8b2 .
2026-05-07 10:51:43 -04:00
Eugene Yurtsev
763b30e8b2
x
2026-05-07 10:49:22 -04:00
Nick Hollon
8242df0742
release(langchain): 0.3.29 ( #37212 )
2026-05-05 16:57:53 -04:00
Nick Hollon
6efe96bea6
fix(langchain): restrict deserialization in langchain.storage._lc_store ( #37209 )
2026-05-05 16:29:40 -04:00
Nick Hollon
bba04da32b
release(core): 0.3.85 ( #37205 )
2026-05-05 16:20:00 -04:00
Nick Hollon
083b199cb1
fix(core, langchain): harden load() against untrusted manifests ( #37201 )
2026-05-05 20:12:03 +00:00
Eugene Yurtsev
2517da67dc
release(core): 0.3.84 ( #36616 )
...
release 0.3.84
2026-04-08 15:10:33 -04:00
Eugene Yurtsev
6bab0ba3c1
fix(core): sanitize prompts more ( #36613 )
...
add more sanitization to prompts
2026-04-08 14:32:25 -04:00
Eugene Yurtsev
4fe869f1c3
fix(langchain): bump minimum langchain-core to 0.3.73 ( #35608 )
...
The within-batch deduplication fix (langchain-core 0.3.73, #32273 )
changed `num_skipped` counting in the indexing API. Tests in
`libs/langchain` were updated to expect the new behavior, but the
minimum version was left at 0.3.72, causing [pre-release checks to
fail](https://github.com/langchain-ai/langchain/actions/runs/22783515938/job/66097466123 ).
Created with [Deep Agents
CLI](https://docs.langchain.com/oss/python/deepagents/cli/overview ).
2026-03-06 22:38:05 +00:00
Eugene Yurtsev
8d9ecb18a1
release(langchain): 0.3.28 ( #35607 )
...
Patch release for langchain 0.3.28.
Created with [Deep Agents
CLI](https://docs.langchain.com/oss/python/deepagents/cli/overview ).
2026-03-06 16:52:45 -05:00
Eugene Yurtsev
b0add1f989
fix(langchain): backport patch ReDoS vulnerability in MRKL and ReAct action regex (CVE-2024-58340) ( #35603 )
...
Backport of #35598 to the v0.3 branch. Patches the ReDoS vulnerability
in MRKL and ReAct agent action regex patterns (CVE-2024-58340).
Created with [Deep Agents
CLI](https://docs.langchain.com/oss/python/deepagents/cli/overview ).
2026-03-06 16:22:23 -05:00
Mason Daugherty
c0e2f08f78
release(core): 0.3.83 ( #34733 )
2026-01-12 20:16:58 -05:00
Angus Jelinek
4dab5fafc0
feat(core,langchain,text-splitters): (v0.3) use uuid7 for run ids ( #34732 )
...
Backports #34172
---------
Co-authored-by: William FH <13333726+hinthornw@users.noreply.github.com >
Co-authored-by: Sydney Runkle <54324534+sydney-runkle@users.noreply.github.com >
Co-authored-by: Mason Daugherty <github@mdrxy.com >
2026-01-12 20:09:58 -05:00
Mason Daugherty
e6dde2b99c
release(core): 0.3.82 ( #34688 )
2026-01-09 13:30:14 -05:00
Mason Daugherty
126a337082
fix(core): defer persisting traces for iterator inputs ( #34687 )
...
Backport of #34416
2026-01-09 13:17:27 -05:00
Mason Daugherty
13c13c4bac
feat(core): add usage_metadata to metadata in LangChainTracer ( #34686 )
...
Backport of #34414
2026-01-09 13:08:51 -05:00
Mason Daugherty
6dc06da1bb
release(core): 0.3.81 ( #34459 )
2025-12-22 18:42:31 -06:00
Mason Daugherty
d9ec4c5cc7
fix(core): serialization patch ( #34458 )
...
Backport of https://github.com/langchain-ai/langchain/pull/34455
2025-12-22 18:41:31 -06:00
Eugene Yurtsev
640d85c60f
release(core): 0.3.80 ( #34039 )
...
Release 0.3.80
2025-11-19 16:53:03 -05:00
Eugene Yurtsev
fa7789d6c2
fix(core): fix validation for input variables in f-string templates, restrict functionality supported by jinja2, mustache templates ( #34038 )
...
* Fix validation for input variables in f-string templates
* Restrict functionality of features supported by jinja2 and mustache
templates
2025-11-19 16:52:32 -05:00
ccurme
b93d2f7f3a
release(core): 0.3.79 ( #33401 )
2025-10-09 16:59:16 -04:00
ccurme
a763ebe86c
release(anthropic): 0.3.22 ( #33394 )
2025-10-09 14:29:38 -04:00
ccurme
5fa1094451
fix(anthropic,standard-tests): carry over updates to v0.3 ( #33393 )
...
Cherry pick of https://github.com/langchain-ai/langchain/pull/33390 and
https://github.com/langchain-ai/langchain/pull/33391 .
2025-10-09 14:25:34 -04:00
Anika
dd4de696b8
fix(core): handle parent/child mustache vars ( #33346 )
...
Description:
currently mustache_schema("{{x.y}} {{x}}") will error. pr fixes
Issue: na
**Dependencies:**na
---------
Co-authored-by: Mason Daugherty <github@mdrxy.com >
2025-10-09 08:52:10 -07:00
Mason Daugherty
5459ff1ee3
chore: cap lib upper bounds, run sync ( #33320 )
2025-10-06 17:39:01 -04:00
ccurme
f95669aa0a
release(openai): 0.3.35 ( #33299 )
2025-10-06 10:51:01 -04:00
ccurme
3a465d635b
feat(openai): enable stream_usage when using default base URL and client ( #33296 )
2025-10-06 10:22:36 -04:00
ccurme
0b51de4cab
release(core): 0.3.78 ( #33253 )
2025-10-03 12:40:15 -04:00
ccurme
5904cbea89
feat(core): add optional include_id param to convert_to_openai_messages function ( #33248 )
2025-10-03 11:37:16 -04:00
Mason Daugherty
e16feb93b9
release(ollama): 0.3.10 ( #33210 )
2025-10-02 11:35:24 -04:00
Mason Daugherty
2bb57d45d2
fix(ollama): exclude None parameters from options dictionary ( #33208 ) ( #33209 )
...
fix #33206
2025-10-02 11:32:21 -04:00
ccurme
d7cce2f469
feat(langchain_v1): update messages namespace ( #33207 )
2025-10-02 10:35:00 -04:00
Mason Daugherty
48b77752d0
release(ollama): 0.3.9 ( #33200 )
2025-10-01 22:31:20 -04:00
Mason Daugherty
6f2d16e6be
refactor(ollama): simplify options handling ( #33199 )
...
Fixes #32744
Don't restrict options; the client accepts any dict
2025-10-01 21:58:12 -04:00
Mason Daugherty
a9eda18e1e
refactor(ollama): clean up tests ( #33198 )
2025-10-01 21:52:01 -04:00
Mason Daugherty
a89c549cb0
feat(ollama): add basic auth support ( #32328 )
...
support for URL authentication in the format
`https://user:password@host:port ` for all LangChain Ollama clients.
Related to #32327 and #25055
2025-10-01 20:46:37 -04:00
Sydney Runkle
a336afaecd
feat(langchain): use decorators for jumps instead ( #33179 )
...
The old `before_model_jump_to` classvar approach was quite clunky, this
is nicer imo and easier to document. Also moving from `jump_to` to
`can_jump_to` which is more idiomatic.
Before:
```py
class MyMiddleware(AgentMiddleware):
before_model_jump_to: ClassVar[list[JumpTo]] = ["end"]
def before_model(state, runtime) -> dict[str, Any]:
return {"jump_to": "end"}
```
After
```py
class MyMiddleware(AgentMiddleware):
@hook_config(can_jump_to=["end"])
def before_model(state, runtime) -> dict[str, Any]:
return {"jump_to": "end"}
```
2025-10-01 16:49:27 -07:00
Sydney Runkle
a10e880c00
feat(langchain_v1): add async support for create_agent ( #33175 )
...
This makes branching **much** more simple internally and helps greatly
w/ type safety for users. It just allows for one signature on hooks
instead of multiple.
Opened after https://github.com/langchain-ai/langchain/pull/33164
ballooned more than expected, w/ branching for:
* sync vs async
* runtime vs no runtime (this is self imposed)
**This also removes support for nodes w/o `runtime` in the signature.**
We can always go back and add support for nodes w/o `runtime`.
I think @christian-bromann's idea to re-export `runtime` from
langchain's agents might make sense due to the abundance of imports
here.
Check out the value of the change based on this diff:
https://github.com/langchain-ai/langchain/pull/33176
2025-10-01 19:15:39 +00:00
Eugene Yurtsev
7b5e839be3
chore(langchain_v1): use list[str] for modifyModelRequest ( #33166 )
...
Update model request to return tools by name. This will decrease the
odds of misusing the API.
We'll need to extend the type for built-in tools later.
2025-10-01 14:46:19 -04:00
ccurme
740842485c
fix(openai): bump min core version ( #33188 )
...
Required for new tests added in
https://github.com/langchain-ai/langchain/pull/32541 and
https://github.com/langchain-ai/langchain/pull/33183 .
2025-10-01 11:01:15 -04:00
noeliecherrier
08bb74f148
fix(mistralai): handle HTTP errors in async embed documents ( #33187 )
...
The async embed function does not properly handle HTTP errors.
For instance with large batches, Mistral AI returns `Too many inputs in
request, split into more batches.` in a 400 error.
This leads to a KeyError in `response.json()["data"]` l.288
This PR fixes the issue by:
- calling `response.raise_for_status()` before returning
- adding a retry similarly to what is done in the synchronous
counterpart `embed_documents`
I also added an integration test, but willing to move it to unit tests
if more relevant.
2025-10-01 10:57:47 -04:00
ccurme
7d78ed9b53
release(standard-tests): 0.3.22 ( #33186 )
2025-10-01 10:39:17 -04:00
ccurme
7ccff656eb
release(core): 0.3.77 ( #33185 )
2025-10-01 10:24:07 -04:00
ccurme
002d623f2d
feat: (core, standard-tests) support PDF inputs in ToolMessages ( #33183 )
2025-10-01 10:16:16 -04:00
Mohammad Mohtashim
34f8031bd9
feat(langchain): Using Structured Response as Key in Output Schema for Middleware Agent ( #33159 )
...
- **Description:** Changing the key from `response` to
`structured_response` for middleware agent to keep it sync with agent
without middleware. This a breaking change.
- **Issue:** #33154
2025-10-01 03:24:59 +00:00
Mason Daugherty
3e970506ba
chore(core): remove runnable section from README.md ( #33171 )
2025-09-30 17:15:31 -04:00
ccurme
aac69839a9
release(openai): 0.3.34 ( #33169 )
2025-09-30 16:48:39 -04:00
ccurme
64141072a3
feat(openai): support openai sdk 2.0 ( #33168 )
2025-09-30 16:34:00 -04:00
Mason Daugherty
0795be2a04
docs(core): remove non-existent param from as_tool docstring ( #33165 )
2025-09-30 19:43:34 +00:00