Commit Graph

93 Commits

Author SHA1 Message Date
Mason Daugherty
879cad0676 release(openai): 1.3.2 (#38130) 2026-06-13 01:34:56 -04:00
Mason Daugherty
9e6f58ba46 hotfix(openai): switch version (#38123) 2026-06-12 22:21:34 -04:00
Mason Daugherty
8180a09dd7 release(openai): 1.4.0 (#38120) 2026-06-12 21:52:20 -04:00
Mason Daugherty
63cc1f4e7d docs: refresh README installation and resources (#38119)
README installation examples now use `uv add` consistently, matching the
repo's `uv`-based Python workflow. The top-level README also gets a
cleaner quickstart and resource section with current links for docs,
community, learning, and contribution guidance.

## Changes
- Replaced `pip install` snippets with `uv add` across package quick
install docs, including the Hugging Face extras and
`sentence-transformers` upgrade examples.
- Updated the top-level quickstart to show only `uv add langchain` and
refreshed the example model to `openai:gpt-5.5`.
- Pointed the LangGraph orchestration link at the LangGraph GitHub
repository.
- Consolidated top-level documentation and additional-resource links
under a single `Resources` section covering docs, ecosystem overview,
API reference, discussions, Academy, contributing, and the Code of
Conduct.
- Added LangChain Academy and Code of Conduct links to package README
resource sections.
2026-06-12 17:38:22 -04:00
Mason Daugherty
86ce95afc2 test(core,langchain): update tests for explicit deserialization allowlists (#38118)
Core serialization tests now opt into the object allowlists they rely on
instead of assuming default deserialization permits core objects.
Compatibility tests that intentionally exercise deprecated runnable
streaming and history APIs also suppress the expected deprecation
warnings so they can keep covering those legacy paths cleanly.

## Changes
- Updated serialization and prompt round-trip tests to pass
`allowed_objects="core"` or targeted allowlists when loading
`AIMessage`, prompt templates, structured prompts, runnable maps, and
related core objects.
- Adjusted secret-injection regression coverage to keep testing
`secrets_from_env=True` behavior while explicitly allowing core
deserialization paths.
- Tightened prompt deserialization rejection tests so attribute-access
payloads are loaded only through the specific prompt-template allowlist
needed to reach validation.
- Added module-level warning filters around legacy runnable
compatibility coverage for `astream_log`,
`astream_events(version="v1")`, and `RunnableWithMessageHistory`.
- Bumped the `langchain` package's minimum `langgraph` dependency from
`1.2.4` to `1.2.5`.

## Testing
- Updated unit tests across core serialization, prompt, fake chat model,
runnable history, and runnable event coverage.
2026-06-12 16:49:14 -04:00
Mason Daugherty
4108c0738c release(core): 1.4.7 (#38111)
Bumps `langchain-core` to `1.4.7` for the next patch release and updates
downstream minimum `langchain-core` requirements so package locks
resolve against the new core version.

This also refreshes the runnable snapshots that embed `lc_versions`
metadata so the version consistency check continues to validate
checked-in artifacts.

Validated with `python libs/core/scripts/check_version.py`, `uv lock
--check` across package lockfiles, and the core runnable tests that own
the updated snapshots with local LangSmith tracing env disabled.
2026-06-12 14:54:25 -04:00
Nick Hollon
3bfb6a33e7 release(langchain): 1.3.9 (#38104) 2026-06-12 12:50:23 -04:00
Mason Daugherty
f6d63bc9f3 release(langchain): 1.3.8 (#38096) 2026-06-12 00:17:58 -04:00
Mason Daugherty
05cc55f1bc release(core): 1.4.6 (#38061) 2026-06-11 02:58:40 -04:00
Christophe Bornet
1de100f278 chore(infra): bump mypy to 2.1 and unify type-check config across the monorepo (#36470)
Originally a narrow bump of mypy to `1.20` in four packages. Expanded to
get the whole monorepo onto a single, current mypy and a consistent
type-check configuration, so contributors no longer hit different mypy
versions and divergent behavior depending on which package they touch.

### What changed

- **Unified the mypy pin to `>=2.1.0,<2.2.0`** in every mypy-using
package (6 libs + 14 partners), replacing the previously scattered pins
(`1.10`/`1.17`/`1.18`/`1.19`/`1.20`, with assorted upper bounds).
- **Unified the `[tool.mypy]` base per tier:**
- libs: `plugins = ["pydantic.mypy"]`, `strict = true`,
`enable_error_code = "deprecated"`, `warn_unreachable = true`
  - partners: `disallow_untyped_defs = true`
- Normalized style (`disallow_untyped_defs = "True"` string → bool,
quote/key consistency).
- **Fixed the 20 real errors** mypy 2.1 surfaces: `redundant-cast` from
improved narrowing (`core`, `langchain-classic`), a `var-annotated` for
`_LOGGED`, a return-type widening in `langchain-groq`'s
`_convert_from_v1_to_groq` (it can legitimately return a bare `str`),
and stale `type-arg`/`unused-ignore` in `langchain-model-profiles`
tests.

### Deliberate non-uniformity (documented inline in the relevant
`pyproject.toml`s)

Going fully byte-identical would surface ~196 additional errors that are
*not* real bugs, so two settings are kept package-appropriate:

- **`warn_unreachable`** is enabled on every strict lib **except
`core`**, where it false-flags intentional defensive code — including
the SSRF / IP-policy guards in `_security/` — as unreachable.
- **`pydantic.mypy` plugin** is used only on `anthropic` and
`perplexity` (their code is authored against it and reports ~99/~132
errors without it). It is *not* added to the other partners, where it
only flags the public alias constructor API (e.g. `ChatGroq(model=...)`)
in tests rather than finding bugs.
- **`ollama`** is left on its `ty` type checker; it does not use mypy.

---------

Co-authored-by: Mason Daugherty <github@mdrxy.com>
2026-06-11 00:24:59 -04:00
Mason Daugherty
904abb18b6 release(model-profiles): 0.0.6 (#38057) 2026-06-10 23:04:24 -04:00
Mason Daugherty
43880362d8 feat(standard-tests): validate tool call chunks during streaming (#34707)
As a LangChain user streaming a tool-calling model, I expect each
streamed chunk to expose structured `tool_call_chunk` content blocks so
I can render or process tool calls live, instead of waiting for the
final aggregated message.

This adds `tool_call_streaming` to `ModelProfile` and uses it in the
standard chat-model tool-calling tests. When a model profile opts in,
`test_tool_calling` and `test_tool_calling_async` now validate that at
least one streamed chunk includes a `tool_call_chunk` block via
`content_blocks`, while preserving the existing final-message
validation.

This keeps the contract profile-gated so providers can opt in once their
streaming chunk shape is verified. This PR opts in the providers
verified by smoke testing with straightforward profile coverage: OpenAI,
Anthropic, Fireworks, HuggingFace, OpenRouter, DeepSeek, and xAI. The
generated profile artifacts are refreshed so runtime profiles expose the
new capability flag.

Perplexity Responses also passed the smoke test, but its current profile
data is for the `sonar` family while the Responses smoke path used a
routed model string. That profile strategy is left as follow-up.
MistralAI currently streams `.tool_call_chunks`, but its content-block
translator exposes a complete `tool_call` block instead of
`tool_call_chunk`, so it also stays out of this flag until that
integration is fixed.
2026-06-10 22:29:02 -04:00
Mason Daugherty
8ac91e3f5f hotfix(core): bump lockfile(s) (#38032) 2026-06-10 17:05:23 -04:00
Mason Daugherty
3d3a4c27cc release(langchain): 1.3.7 (#38024) 2026-06-10 14:17:49 -04:00
Mason Daugherty
e16386d3b2 release(langchain): 1.3.6 (#38001) 2026-06-09 20:50:17 -04:00
Mason Daugherty
90b2f94583 release(langchain): 1.3.5 (#37998) 2026-06-09 19:54:27 -04:00
Mason Daugherty
c0103c3d2c hotfix(openai): min core dep (#37990) 2026-06-09 16:32:08 -04:00
dependabot[bot]
cfdbd799d6 chore: bump idna from 3.11 to 3.15 in /libs/model-profiles (#37538)
Bumps [idna](https://github.com/kjd/idna) from 3.11 to 3.15.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/kjd/idna/blob/master/HISTORY.md">idna's
changelog</a>.</em></p>
<blockquote>
<h2>3.15 (2026-05-12)</h2>
<ul>
<li>Enforce DNS-length cap on individual labels early in
<code>check_label</code>,
short-circuiting contextual-rule processing for oversized input
while staying compatible with UTS 46 usage.</li>
<li>Tidy core helpers: hoist bidi category sets to module-level
frozensets (avoiding per-codepoint list construction), simplify
length checks, and reuse the shared <code>_unicode_dots_re</code> from
<code>idna.core</code> in the codec module.</li>
<li>Use <code>raise ... from err</code> for proper exception chaining
and
switch internal string formatting to f-strings.</li>
<li>Allow <code>flit_core</code> 4.x in the build backend.</li>
<li>Expand the ruff lint set (flake8-bugbear, flake8-simplify,
pyupgrade, perflint) and apply the surfaced fixes; pin lint CI
to Python 3.14.</li>
<li>Add Dependabot configuration for GitHub Actions.</li>
<li>Convert README and HISTORY from reStructuredText to Markdown.</li>
<li>Reference CVE-2026-45409 for the 3.14 advisory in place of the
initial GHSA identifier.</li>
</ul>
<p>Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for
contributions to this release.</p>
<h2>3.14 (2026-05-10)</h2>
<ul>
<li>Removed opportunity to process long inputs into quadratic
time by rejecting oversize inputs up-front. Closes a bypass
of the CVE-2024-3651 mitigation. [CVE-2026-45409]</li>
</ul>
<p>Thanks to Stan Ulbrych for reporting the issue.</p>
<h2>3.13 (2026-04-22)</h2>
<ul>
<li>Correct classification error for codepoint U+A7F1</li>
</ul>
<h2>3.12 (2026-04-21)</h2>
<ul>
<li>Update to Unicode 17.0.0.</li>
<li>Issue a deprecation warning for the transitional argument.</li>
<li>Added lazy-loading to provide some performance improvements.</li>
<li>Removed vestiges of code related to Python 2 support, including
segmentation of data structures specific to Jython.</li>
</ul>
<p>Thanks to Rodrigo Nogueira for contributions to this release.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="af30a092e1"><code>af30a09</code></a>
Release 3.15</li>
<li><a
href="30314d4628"><code>30314d4</code></a>
Pre-release 3.15rc0</li>
<li><a
href="05d4b219aa"><code>05d4b21</code></a>
Merge pull request <a
href="https://redirect.github.com/kjd/idna/issues/237">#237</a> from
kjd/convert-docs-to-markdown</li>
<li><a
href="2987fdba19"><code>2987fdb</code></a>
Convert README and HISTORY from reStructuredText to Markdown</li>
<li><a
href="59fa8002d5"><code>59fa800</code></a>
Merge pull request <a
href="https://redirect.github.com/kjd/idna/issues/236">#236</a> from
kjd/dependabot/github_actions/actions-f3e34333ea</li>
<li><a
href="def69834ce"><code>def6983</code></a>
Merge branch 'master' into
dependabot/github_actions/actions-f3e34333ea</li>
<li><a
href="bbd8004a79"><code>bbd8004</code></a>
Merge pull request <a
href="https://redirect.github.com/kjd/idna/issues/234">#234</a> from
StanFromIreland/patch-1</li>
<li><a
href="edd07c0502"><code>edd07c0</code></a>
Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions
group</li>
<li><a
href="5557db030c"><code>5557db0</code></a>
Merge branch 'master' into patch-1</li>
<li><a
href="f11746cf49"><code>f11746c</code></a>
Merge pull request <a
href="https://redirect.github.com/kjd/idna/issues/235">#235</a> from
StanFromIreland/patch-2</li>
<li>Additional commits viewable in <a
href="https://github.com/kjd/idna/compare/v3.11...v3.15">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=idna&package-manager=uv&previous-version=3.11&new-version=3.15)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-19 14:34:04 -05:00
dependabot[bot]
6120400329 chore: bump the minor-and-patch group across 3 directories with 15 updates (#37515)
Bumps the minor-and-patch group with 10 updates in the
/libs/model-profiles directory:

| Package | From | To |
| --- | --- | --- |
| [pytest-cov](https://github.com/pytest-dev/pytest-cov) | `7.0.0` |
`7.1.0` |
| [syrupy](https://github.com/syrupy-project/syrupy) | `5.1.0` | `5.2.0`
|
| [ruff](https://github.com/astral-sh/ruff) | `0.15.5` | `0.15.13` |
| [openai](https://github.com/openai/openai-python) | `2.26.0` |
`2.37.0` |
| [tiktoken](https://github.com/openai/tiktoken) | `0.12.0` | `0.13.0` |
| [pydantic](https://github.com/pydantic/pydantic) | `2.12.3` | `2.13.4`
|
| [requests](https://github.com/psf/requests) | `2.33.0` | `2.34.2` |
| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.8.0` |
`0.8.5` |
| [tenacity](https://github.com/jd/tenacity) | `9.1.2` | `9.1.4` |
| [uuid-utils](https://github.com/aminalaee/uuid-utils) | `0.12.0` |
`0.15.0` |

Bumps the minor-and-patch group with 7 updates in the
/libs/standard-tests directory:

| Package | From | To |
| --- | --- | --- |
| [syrupy](https://github.com/syrupy-project/syrupy) | `5.1.0` | `5.2.0`
|
| [ruff](https://github.com/astral-sh/ruff) | `0.15.5` | `0.15.13` |
| [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.4`
|
| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.8.0` |
`0.8.5` |
| [tenacity](https://github.com/jd/tenacity) | `9.1.2` | `9.1.4` |
| [uuid-utils](https://github.com/aminalaee/uuid-utils) | `0.12.0` |
`0.15.0` |
| [langchain-protocol](https://github.com/langchain-ai/agent-protocol) |
`0.0.14` | `0.0.15` |

Bumps the minor-and-patch group with 10 updates in the
/libs/text-splitters directory:

| Package | From | To |
| --- | --- | --- |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.5` | `0.15.13` |
| [tiktoken](https://github.com/openai/tiktoken) | `0.12.0` | `0.13.0` |
| [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.4`
|
| [types-requests](https://github.com/python/typeshed) |
`2.32.4.20260107` | `2.33.0.20260518` |
| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.8.0` |
`0.8.5` |
| [tenacity](https://github.com/jd/tenacity) | `9.1.2` | `9.1.4` |
| [uuid-utils](https://github.com/aminalaee/uuid-utils) | `0.12.0` |
`0.15.0` |
| [spacy](https://github.com/explosion/spaCy) | `3.8.13` | `3.8.14` |
| [transformers](https://github.com/huggingface/transformers) | `5.3.0`
| `5.8.1` |
|
[sentence-transformers](https://github.com/huggingface/sentence-transformers)
| `5.3.0` | `5.5.0` |


Updates `pytest-cov` from 7.0.0 to 7.1.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst">pytest-cov's
changelog</a>.</em></p>
<blockquote>
<h2>7.1.0 (2026-03-21)</h2>
<ul>
<li>
<p>Fixed total coverage computation to always be consistent, regardless
of reporting settings.
Previously some reports could produce different total counts, and
consequently can make --cov-fail-under behave different depending on
reporting options.
See <code>[#641](https://github.com/pytest-dev/pytest-cov/issues/641)
&lt;https://github.com/pytest-dev/pytest-cov/issues/641&gt;</code>_.</p>
</li>
<li>
<p>Improve handling of ResourceWarning from sqlite3.</p>
<p>The plugin adds warning filter for sqlite3
<code>ResourceWarning</code> unclosed database (since 6.2.0).
It checks if there is already existing plugin for this message by
comparing filter regular expression.
When filter is specified on command line the message is escaped and does
not match an expected message.
A check for an escaped regular expression is added to handle this
case.</p>
<p>With this fix one can suppress <code>ResourceWarning</code> from
sqlite3 from command line::</p>
<p>pytest -W &quot;ignore:unclosed database in &lt;sqlite3.Connection
object at:ResourceWarning&quot; ...</p>
</li>
<li>
<p>Various improvements to documentation.
Contributed by Art Pelling in
<code>[#718](https://github.com/pytest-dev/pytest-cov/issues/718)
&lt;https://github.com/pytest-dev/pytest-cov/pull/718&gt;</code>_ and
&quot;vivodi&quot; in
<code>[#738](https://github.com/pytest-dev/pytest-cov/issues/738)
&lt;https://github.com/pytest-dev/pytest-cov/pull/738&gt;</code><em>.
Also closed
<code>[#736](https://github.com/pytest-dev/pytest-cov/issues/736)
&lt;https://github.com/pytest-dev/pytest-cov/issues/736&gt;</code></em>.</p>
</li>
<li>
<p>Fixed some assertions in tests.
Contributed by in Markéta Machová in
<code>[#722](https://github.com/pytest-dev/pytest-cov/issues/722)
&lt;https://github.com/pytest-dev/pytest-cov/pull/722&gt;</code>_.</p>
</li>
<li>
<p>Removed unnecessary coverage configuration copying (meant as a backup
because reporting commands had configuration side-effects before
coverage 5.0).</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="66c8a526b1"><code>66c8a52</code></a>
Bump version: 7.0.0 → 7.1.0</li>
<li><a
href="f707662478"><code>f707662</code></a>
Make the examples use pypy 3.11.</li>
<li><a
href="6049a78478"><code>6049a78</code></a>
Make context test use the old ctracer (seems the new sysmon tracer
behaves di...</li>
<li><a
href="8ebf20bbbc"><code>8ebf20b</code></a>
Update changelog.</li>
<li><a
href="861d30e60d"><code>861d30e</code></a>
Remove the backup context manager - shouldn't be needed since coverage
5.0, ...</li>
<li><a
href="fd4c956014"><code>fd4c956</code></a>
Pass the precision on the nulled total (seems that there's some caching
goion...</li>
<li><a
href="78c9c4ecb0"><code>78c9c4e</code></a>
Only run the 3.9 on older deps.</li>
<li><a
href="4849a922e8"><code>4849a92</code></a>
Punctuation.</li>
<li><a
href="197c35e2f3"><code>197c35e</code></a>
Update changelog and hopefully I don't forget to publish release again
:))</li>
<li><a
href="14dc1c92d4"><code>14dc1c9</code></a>
Update examples to use 3.11 and make the adhoc layout example look a bit
more...</li>
<li>Additional commits viewable in <a
href="https://github.com/pytest-dev/pytest-cov/compare/v7.0.0...v7.1.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `syrupy` from 5.1.0 to 5.2.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/syrupy-project/syrupy/releases">syrupy's
releases</a>.</em></p>
<blockquote>
<h2>v5.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(deps): update actions/checkout action to v6.0.2 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1065">syrupy-project/syrupy#1065</a></li>
<li>chore(deps): update actions/setup-python action to v6.2.0 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1066">syrupy-project/syrupy#1066</a></li>
<li>chore(deps): update dependency ruff to v0.14.14 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1067">syrupy-project/syrupy#1067</a></li>
<li>chore(deps): update dependency coverage to v7.13.2 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1068">syrupy-project/syrupy#1068</a></li>
<li>chore: migrate to uv, close <a
href="https://redirect.github.com/syrupy-project/syrupy/issues/1019">#1019</a>
by <a href="https://github.com/noahnu"><code>@​noahnu</code></a> in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1049">syrupy-project/syrupy#1049</a></li>
<li>chore(deps): update dependency coverage to v7.13.2 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1069">syrupy-project/syrupy#1069</a></li>
<li>chore(deps): update dependency debugpy to v1.8.19 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1070">syrupy-project/syrupy#1070</a></li>
<li>chore(deps): update dependency mypy to v1.19.1 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1071">syrupy-project/syrupy#1071</a></li>
<li>chore(deps): update dependency ruff to v0.14.14 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1072">syrupy-project/syrupy#1072</a></li>
<li>chore(deps): update python docker tag to v3.14.3 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1073">syrupy-project/syrupy#1073</a></li>
<li>chore(deps): update astral-sh/setup-uv action to v7.3.1 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1076">syrupy-project/syrupy#1076</a></li>
<li>chore: update lock file by <a
href="https://github.com/noahnu"><code>@​noahnu</code></a> in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1077">syrupy-project/syrupy#1077</a></li>
<li>chore(deps): update benchmark-action/github-action-benchmark action
to v1.21.0 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1078">syrupy-project/syrupy#1078</a></li>
<li>chore(deps): update astral-sh/setup-uv action to v7.5.0 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1080">syrupy-project/syrupy#1080</a></li>
<li>fix(<a
href="https://redirect.github.com/syrupy-project/syrupy/issues/1081">#1081</a>):
Handle unicode line-endings correctly when serializing by <a
href="https://github.com/DRMacIver"><code>@​DRMacIver</code></a> in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1082">syrupy-project/syrupy#1082</a></li>
<li>docs: add DRMacIver as a contributor for bug by <a
href="https://github.com/allcontributors"><code>@​allcontributors</code></a>[bot]
in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1083">syrupy-project/syrupy#1083</a></li>
<li>chore: update lockfile by <a
href="https://github.com/noahnu"><code>@​noahnu</code></a> in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1086">syrupy-project/syrupy#1086</a></li>
<li>chore: migrate off semantic-release to trusted publishing by <a
href="https://github.com/noahnu"><code>@​noahnu</code></a> in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1093">syrupy-project/syrupy#1093</a></li>
<li>chore: set name/email by <a
href="https://github.com/noahnu"><code>@​noahnu</code></a> in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1094">syrupy-project/syrupy#1094</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/DRMacIver"><code>@​DRMacIver</code></a>
made their first contribution in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1082">syrupy-project/syrupy#1082</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/syrupy-project/syrupy/compare/v5.1.0...v5.2.0">https://github.com/syrupy-project/syrupy/compare/v5.1.0...v5.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/syrupy-project/syrupy/blob/main/CHANGELOG.md">syrupy's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/syrupy-project/syrupy/releases/tag/v5.2.0">v5.2.0</a>
(2026-05-16)</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(deps): update actions/checkout action to v6.0.2 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1065">syrupy-project/syrupy#1065</a></li>
<li>chore(deps): update actions/setup-python action to v6.2.0 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1066">syrupy-project/syrupy#1066</a></li>
<li>chore(deps): update dependency ruff to v0.14.14 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1067">syrupy-project/syrupy#1067</a></li>
<li>chore(deps): update dependency coverage to v7.13.2 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1068">syrupy-project/syrupy#1068</a></li>
<li>chore: migrate to uv, close <a
href="https://redirect.github.com/syrupy-project/syrupy/issues/1019">#1019</a>
by <a href="https://github.com/noahnu"><code>@​noahnu</code></a> in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1049">syrupy-project/syrupy#1049</a></li>
<li>chore(deps): update dependency coverage to v7.13.2 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1069">syrupy-project/syrupy#1069</a></li>
<li>chore(deps): update dependency debugpy to v1.8.19 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1070">syrupy-project/syrupy#1070</a></li>
<li>chore(deps): update dependency mypy to v1.19.1 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1071">syrupy-project/syrupy#1071</a></li>
<li>chore(deps): update dependency ruff to v0.14.14 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1072">syrupy-project/syrupy#1072</a></li>
<li>chore(deps): update python docker tag to v3.14.3 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1073">syrupy-project/syrupy#1073</a></li>
<li>chore(deps): update astral-sh/setup-uv action to v7.3.1 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1076">syrupy-project/syrupy#1076</a></li>
<li>chore: update lock file by <a
href="https://github.com/noahnu"><code>@​noahnu</code></a> in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1077">syrupy-project/syrupy#1077</a></li>
<li>chore(deps): update benchmark-action/github-action-benchmark action
to v1.21.0 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1078">syrupy-project/syrupy#1078</a></li>
<li>chore(deps): update astral-sh/setup-uv action to v7.5.0 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1080">syrupy-project/syrupy#1080</a></li>
<li>fix(<a
href="https://redirect.github.com/syrupy-project/syrupy/issues/1081">#1081</a>):
Handle unicode line-endings correctly when serializing by <a
href="https://github.com/DRMacIver"><code>@​DRMacIver</code></a> in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1082">syrupy-project/syrupy#1082</a></li>
<li>docs: add DRMacIver as a contributor for bug by <a
href="https://github.com/allcontributors"><code>@​allcontributors</code></a>[bot]
in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1083">syrupy-project/syrupy#1083</a></li>
<li>chore: update lockfile by <a
href="https://github.com/noahnu"><code>@​noahnu</code></a> in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1086">syrupy-project/syrupy#1086</a></li>
<li>chore: migrate off semantic-release to trusted publishing by <a
href="https://github.com/noahnu"><code>@​noahnu</code></a> in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1093">syrupy-project/syrupy#1093</a></li>
<li>chore: set name/email by <a
href="https://github.com/noahnu"><code>@​noahnu</code></a> in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1094">syrupy-project/syrupy#1094</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/DRMacIver"><code>@​DRMacIver</code></a>
made their first contribution in <a
href="https://redirect.github.com/syrupy-project/syrupy/pull/1082">syrupy-project/syrupy#1082</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/syrupy-project/syrupy/compare/v5.1.0...v5.2.0">https://github.com/syrupy-project/syrupy/compare/v5.1.0...v5.2.0</a></p>
<h2><a
href="https://github.com/syrupy-project/syrupy/compare/v5.1.1...v5.1.2">5.1.2</a>
(2026-04-06)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>build configuration (<a
href="https://redirect.github.com/syrupy-project/syrupy/issues/1086">#1086</a>)
(<a
href="a997e3e643">a997e3e</a>)</li>
</ul>
<h2><a
href="https://github.com/syrupy-project/syrupy/compare/v5.1.0...v5.1.1">5.1.1</a>
(2026-04-06)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong><a
href="https://redirect.github.com/syrupy-project/syrupy/issues/1081">#1081</a>:</strong>
Handle unicode line-endings correctly when serializing (<a
href="https://redirect.github.com/syrupy-project/syrupy/issues/1082">#1082</a>)
(<a
href="04f4cc8e21">04f4cc8</a>),
closes <a
href="https://redirect.github.com/syrupy-project/syrupy/issues/1081">#1081</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c6bc988ee6"><code>c6bc988</code></a>
chore: push on correct branch</li>
<li><a
href="659f456bfe"><code>659f456</code></a>
chore: add id-token write</li>
<li><a
href="6401bc28aa"><code>6401bc2</code></a>
chore: set name/email (<a
href="https://redirect.github.com/syrupy-project/syrupy/issues/1094">#1094</a>)</li>
<li><a
href="f1e3f0bac9"><code>f1e3f0b</code></a>
chore: migrate off semantic-release to trusted publishing (<a
href="https://redirect.github.com/syrupy-project/syrupy/issues/1093">#1093</a>)</li>
<li><a
href="8ff4d46fe1"><code>8ff4d46</code></a>
chore(release): 5.1.2 [skip ci]</li>
<li><a
href="a997e3e643"><code>a997e3e</code></a>
fix: build configuration (<a
href="https://redirect.github.com/syrupy-project/syrupy/issues/1086">#1086</a>)</li>
<li><a
href="561c94a136"><code>561c94a</code></a>
chore(release): 5.1.1 [skip ci]</li>
<li><a
href="dfdba17b3c"><code>dfdba17</code></a>
docs: add DRMacIver as a contributor for bug (<a
href="https://redirect.github.com/syrupy-project/syrupy/issues/1083">#1083</a>)</li>
<li><a
href="04f4cc8e21"><code>04f4cc8</code></a>
fix(<a
href="https://redirect.github.com/syrupy-project/syrupy/issues/1081">#1081</a>):
Handle unicode line-endings correctly when serializing (<a
href="https://redirect.github.com/syrupy-project/syrupy/issues/1082">#1082</a>)</li>
<li><a
href="34f9b27e69"><code>34f9b27</code></a>
chore(deps): update astral-sh/setup-uv action to v7.5.0 (<a
href="https://redirect.github.com/syrupy-project/syrupy/issues/1080">#1080</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/syrupy-project/syrupy/compare/v5.1.0...v5.2.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `ruff` from 0.15.5 to 0.15.13
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/releases">ruff's
releases</a>.</em></p>
<blockquote>
<h2>0.15.13</h2>
<h2>Release Notes</h2>
<p>Released on 2026-05-14.</p>
<h3>Preview features</h3>
<ul>
<li>Add a rule to flag lazy imports that are eagerly evaluated (<a
href="https://redirect.github.com/astral-sh/ruff/pull/25016">#25016</a>)</li>
<li>[<code>pylint</code>] Standardize diagnostic message
(<code>PLR0914</code>, <code>PLR0917</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24996">#24996</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>Fix <code>F811</code> false positive for class methods (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24933">#24933</a>)</li>
<li>Fix setting selection for multi-folder workspace (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24819">#24819</a>)</li>
<li>[<code>eradicate</code>] Fix false positive for lines with leading
whitespace (<code>ERA001</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/25122">#25122</a>)</li>
<li>[<code>flake8-pyi</code>] Fix false positive for f-string debug
specifier (<code>PYI016</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24098">#24098</a>)</li>
</ul>
<h3>Rule changes</h3>
<ul>
<li>Always include panic payload in panic diagnostic message (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24873">#24873</a>)</li>
<li>Restrict <code>PYI034</code> for in-place operations to enclosing
class (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24511">#24511</a>)</li>
<li>Improve error message for parameters that are declared
<code>global</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24902">#24902</a>)</li>
<li>Update known stdlib (<a
href="https://redirect.github.com/astral-sh/ruff/pull/25103">#25103</a>)</li>
</ul>
<h3>Performance</h3>
<ul>
<li>[<code>isort</code>] Avoid constructing <code>glob::Pattern</code>s
for literal known modules (<a
href="https://redirect.github.com/astral-sh/ruff/pull/25123">#25123</a>)</li>
</ul>
<h3>CLI</h3>
<ul>
<li>Add TOML examples to <code>--config</code> help text (<a
href="https://redirect.github.com/astral-sh/ruff/pull/25013">#25013</a>)</li>
<li>Colorize ruff check 'All checks passed' (<a
href="https://redirect.github.com/astral-sh/ruff/pull/25085">#25085</a>)</li>
</ul>
<h3>Configuration</h3>
<ul>
<li>Increase max allowed value of <code>line-length</code> setting (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24962">#24962</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Add <code>D203</code> to rules that conflict with the formatter (<a
href="https://redirect.github.com/astral-sh/ruff/pull/25044">#25044</a>)</li>
<li>Clarify <code>COM819</code> and formatter interaction (<a
href="https://redirect.github.com/astral-sh/ruff/pull/25045">#25045</a>)</li>
<li>Clarify that <code>NotImplemented</code> is a value, not an
exception (<code>F901</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/25054">#25054</a>)</li>
<li>Update number of lint rules supported (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24942">#24942</a>)</li>
</ul>
<h3>Other changes</h3>
<ul>
<li>Simplify the playground's markdown template (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24924">#24924</a>)</li>
</ul>
<h3>Contributors</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md">ruff's
changelog</a>.</em></p>
<blockquote>
<h2>0.15.13</h2>
<p>Released on 2026-05-14.</p>
<h3>Preview features</h3>
<ul>
<li>Add a rule to flag lazy imports that are eagerly evaluated (<a
href="https://redirect.github.com/astral-sh/ruff/pull/25016">#25016</a>)</li>
<li>[<code>pylint</code>] Standardize diagnostic message
(<code>PLR0914</code>, <code>PLR0917</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24996">#24996</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>Fix <code>F811</code> false positive for class methods (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24933">#24933</a>)</li>
<li>Fix setting selection for multi-folder workspace (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24819">#24819</a>)</li>
<li>[<code>eradicate</code>] Fix false positive for lines with leading
whitespace (<code>ERA001</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/25122">#25122</a>)</li>
<li>[<code>flake8-pyi</code>] Fix false positive for f-string debug
specifier (<code>PYI016</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24098">#24098</a>)</li>
</ul>
<h3>Rule changes</h3>
<ul>
<li>Always include panic payload in panic diagnostic message (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24873">#24873</a>)</li>
<li>Restrict <code>PYI034</code> for in-place operations to enclosing
class (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24511">#24511</a>)</li>
<li>Improve error message for parameters that are declared
<code>global</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24902">#24902</a>)</li>
<li>Update known stdlib (<a
href="https://redirect.github.com/astral-sh/ruff/pull/25103">#25103</a>)</li>
</ul>
<h3>Performance</h3>
<ul>
<li>[<code>isort</code>] Avoid constructing <code>glob::Pattern</code>s
for literal known modules (<a
href="https://redirect.github.com/astral-sh/ruff/pull/25123">#25123</a>)</li>
</ul>
<h3>CLI</h3>
<ul>
<li>Add TOML examples to <code>--config</code> help text (<a
href="https://redirect.github.com/astral-sh/ruff/pull/25013">#25013</a>)</li>
<li>Colorize ruff check 'All checks passed' (<a
href="https://redirect.github.com/astral-sh/ruff/pull/25085">#25085</a>)</li>
</ul>
<h3>Configuration</h3>
<ul>
<li>Increase max allowed value of <code>line-length</code> setting (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24962">#24962</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Add <code>D203</code> to rules that conflict with the formatter (<a
href="https://redirect.github.com/astral-sh/ruff/pull/25044">#25044</a>)</li>
<li>Clarify <code>COM819</code> and formatter interaction (<a
href="https://redirect.github.com/astral-sh/ruff/pull/25045">#25045</a>)</li>
<li>Clarify that <code>NotImplemented</code> is a value, not an
exception (<code>F901</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/25054">#25054</a>)</li>
<li>Update number of lint rules supported (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24942">#24942</a>)</li>
</ul>
<h3>Other changes</h3>
<ul>
<li>Simplify the playground's markdown template (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24924">#24924</a>)</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a
href="https://github.com/MichaReiser"><code>@​MichaReiser</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2afb467ce3"><code>2afb467</code></a>
Bump 0.15.13 (<a
href="https://redirect.github.com/astral-sh/ruff/issues/25157">#25157</a>)</li>
<li><a
href="300879600f"><code>3008796</code></a>
[ty] classify TypeVar semantic tokens as type parameters (<a
href="https://redirect.github.com/astral-sh/ruff/issues/24891">#24891</a>)</li>
<li><a
href="79470e3187"><code>79470e3</code></a>
[<code>isort</code>] Avoid constructing <code>glob::Pattern</code>s for
literal known modules (<a
href="https://redirect.github.com/astral-sh/ruff/issues/25123">#25123</a>)</li>
<li><a
href="2522549901"><code>2522549</code></a>
Remove shellcheck from prek (<a
href="https://redirect.github.com/astral-sh/ruff/issues/25154">#25154</a>)</li>
<li><a
href="7db7170020"><code>7db7170</code></a>
[ty] Support TypedDict key completions in incomplete, anonymous contexts
(<a
href="https://redirect.github.com/astral-sh/ruff/issues/25">#25</a>...</li>
<li><a
href="bb3dd535f1"><code>bb3dd53</code></a>
[ty] Run full iteration analysis on narrowed typevars (<a
href="https://redirect.github.com/astral-sh/ruff/issues/25143">#25143</a>)</li>
<li><a
href="828cdb7732"><code>828cdb7</code></a>
[ty] Isolate file-watching test environment (<a
href="https://redirect.github.com/astral-sh/ruff/issues/25151">#25151</a>)</li>
<li><a
href="89e1d8670e"><code>89e1d86</code></a>
[ty] Preserve TypedDict keys through dict unpacking (<a
href="https://redirect.github.com/astral-sh/ruff/issues/24523">#24523</a>)</li>
<li><a
href="86f3064d6f"><code>86f3064</code></a>
[ty] Avoid accessing <code>args[0]</code> for <code>static_assert</code>
(<a
href="https://redirect.github.com/astral-sh/ruff/issues/25149">#25149</a>)</li>
<li><a
href="ed819f947d"><code>ed819f9</code></a>
[ty] Treat custom enum <code>__new__</code> values as dynamic (<a
href="https://redirect.github.com/astral-sh/ruff/issues/25136">#25136</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/astral-sh/ruff/compare/0.15.5...0.15.13">compare
view</a></li>
</ul>
</details>
<br />

Updates `openai` from 2.26.0 to 2.37.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/openai/openai-python/releases">openai's
releases</a>.</em></p>
<blockquote>
<h2>v2.37.0</h2>
<h2>2.37.0 (2026-05-13)</h2>
<p>Full Changelog: <a
href="https://github.com/openai/openai-python/compare/v2.36.0...v2.37.0">v2.36.0...v2.37.0</a></p>
<h3>Features</h3>
<ul>
<li><strong>api:</strong> add service_tier parameter to responses
compact method (<a
href="625827c550">625827c</a>)</li>
<li><strong>internal/types:</strong> support eagerly validating pydantic
iterators (<a
href="7e527bc927">7e527bc</a>)</li>
<li>Remove unnecessary client_id when using workload identity provider
for auth (<a
href="c39ea8d12a">c39ea8d</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><strong>client:</strong> add missing f-string prefix in file type
error message (<a
href="c85ebd935c">c85ebd9</a>)</li>
</ul>
<h2>v2.36.0</h2>
<h2>2.36.0 (2026-05-07)</h2>
<p>Full Changelog: <a
href="https://github.com/openai/openai-python/compare/v2.35.1...v2.36.0">v2.35.1...v2.36.0</a></p>
<h3>Features</h3>
<ul>
<li><strong>api:</strong> manual updates (<a
href="13c639cc7d">13c639c</a>)</li>
<li><strong>api:</strong> realtime 2 (<a
href="8fe0ab87e6">8fe0ab8</a>)</li>
</ul>
<h2>v2.35.1</h2>
<h2>2.35.1 (2026-05-06)</h2>
<p>Full Changelog: <a
href="https://github.com/openai/openai-python/compare/v2.35.0...v2.35.1">v2.35.0...v2.35.1</a></p>
<h3>Bug Fixes</h3>
<ul>
<li><strong>api:</strong> fix imagegen <code>size</code> enum regression
(<a
href="44846536bc">4484653</a>)</li>
</ul>
<h2>v2.35.0</h2>
<h2>2.35.0 (2026-05-06)</h2>
<p>Full Changelog: <a
href="https://github.com/openai/openai-python/compare/v2.34.0...v2.35.0">v2.34.0...v2.35.0</a></p>
<h3>Features</h3>
<ul>
<li><strong>api:</strong> update image 2 (<a
href="0ba55d7569">0ba55d7</a>)</li>
<li><strong>api:</strong> manual updates (<a
href="72bf67acbc">72bf67a</a>)</li>
</ul>
<h3>Chores</h3>
<ul>
<li>remove legacy python cli (<a
href="32f36e447d">32f36e4</a>)</li>
<li>rename legacy python cli entrypoint (<a
href="a3b182d6d2">a3b182d</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/openai/openai-python/blob/main/CHANGELOG.md">openai's
changelog</a>.</em></p>
<blockquote>
<h2>2.37.0 (2026-05-13)</h2>
<p>Full Changelog: <a
href="https://github.com/openai/openai-python/compare/v2.36.0...v2.37.0">v2.36.0...v2.37.0</a></p>
<h3>Features</h3>
<ul>
<li><strong>api:</strong> add service_tier parameter to responses
compact method (<a
href="625827c550">625827c</a>)</li>
<li><strong>internal/types:</strong> support eagerly validating pydantic
iterators (<a
href="7e527bc927">7e527bc</a>)</li>
<li>Remove unnecessary client_id when using workload identity provider
for auth (<a
href="c39ea8d12a">c39ea8d</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><strong>client:</strong> add missing f-string prefix in file type
error message (<a
href="c85ebd935c">c85ebd9</a>)</li>
</ul>
<h2>2.36.0 (2026-05-07)</h2>
<p>Full Changelog: <a
href="https://github.com/openai/openai-python/compare/v2.35.1...v2.36.0">v2.35.1...v2.36.0</a></p>
<h3>Features</h3>
<ul>
<li><strong>api:</strong> manual updates (<a
href="13c639cc7d">13c639c</a>)</li>
<li><strong>api:</strong> realtime 2 (<a
href="8fe0ab87e6">8fe0ab8</a>)</li>
</ul>
<h2>2.35.1 (2026-05-06)</h2>
<p>Full Changelog: <a
href="https://github.com/openai/openai-python/compare/v2.35.0...v2.35.1">v2.35.0...v2.35.1</a></p>
<h3>Bug Fixes</h3>
<ul>
<li><strong>api:</strong> fix imagegen <code>size</code> enum regression
(<a
href="44846536bc">4484653</a>)</li>
</ul>
<h2>2.35.0 (2026-05-06)</h2>
<p>Full Changelog: <a
href="https://github.com/openai/openai-python/compare/v2.34.0...v2.35.0">v2.34.0...v2.35.0</a></p>
<h3>Features</h3>
<ul>
<li><strong>api:</strong> update image 2 (<a
href="0ba55d7569">0ba55d7</a>)</li>
<li><strong>api:</strong> manual updates (<a
href="72bf67acbc">72bf67a</a>)</li>
</ul>
<h3>Chores</h3>
<ul>
<li>remove legacy python cli (<a
href="32f36e447d">32f36e4</a>)</li>
<li>rename legacy python cli entrypoint (<a
href="a3b182d6d2">a3b182d</a>)</li>
</ul>
<h3>Documentation</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="658be644f4"><code>658be64</code></a>
Merge pull request <a
href="https://redirect.github.com/openai/openai-python/issues/3213">#3213</a>
from openai/release-please--branches--main--changes-...</li>
<li><a
href="8a7cac34cb"><code>8a7cac3</code></a>
release: 2.37.0</li>
<li><a
href="9b4bf8edba"><code>9b4bf8e</code></a>
Merge pull request <a
href="https://redirect.github.com/openai/openai-python/issues/1903">#1903</a>
from stainless-sdks/dev/jtian/remove-unnecessary-params</li>
<li><a
href="c39ea8d12a"><code>c39ea8d</code></a>
feat: Remove unnecessary client_id when using workload identity provider
for ...</li>
<li><a
href="7e527bc927"><code>7e527bc</code></a>
feat(internal/types): support eagerly validating pydantic iterators</li>
<li><a
href="625827c550"><code>625827c</code></a>
feat(api): add service_tier parameter to responses compact method</li>
<li><a
href="c85ebd935c"><code>c85ebd9</code></a>
fix(client): add missing f-string prefix in file type error message</li>
<li><a
href="38d75d74a5"><code>38d75d7</code></a>
Merge pull request <a
href="https://redirect.github.com/openai/openai-python/issues/3205">#3205</a>
from openai/release-please--branches--main--changes-...</li>
<li><a
href="ff683ffbeb"><code>ff683ff</code></a>
release: 2.36.0</li>
<li><a
href="8fe0ab87e6"><code>8fe0ab8</code></a>
feat(api): realtime 2</li>
<li>Additional commits viewable in <a
href="https://github.com/openai/openai-python/compare/v2.26.0...v2.37.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `tiktoken` from 0.12.0 to 0.13.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/openai/tiktoken/blob/main/CHANGELOG.md">tiktoken's
changelog</a>.</em></p>
<blockquote>
<h2>[v0.13.0]</h2>
<ul>
<li>Update fancy-regex for significantly increased performance</li>
<li>Branch byte pair encoding to fix performance on unusual input</li>
<li>Fix AttributeError caused by incomplete redaction of experimental
code</li>
<li>Update version of <code>pyo3</code></li>
<li>Update version of optional dependency <code>blobfile</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fa8b65d062"><code>fa8b65d</code></a>
Partial sync of codebase (<a
href="https://redirect.github.com/openai/tiktoken/issues/543">#543</a>)</li>
<li><a
href="dcb39287a1"><code>dcb3928</code></a>
[codex] Pin GitHub Actions workflow references (<a
href="https://redirect.github.com/openai/tiktoken/issues/515">#515</a>)</li>
<li><a
href="6ec8149812"><code>6ec8149</code></a>
Partial sync of codebase (<a
href="https://redirect.github.com/openai/tiktoken/issues/495">#495</a>)</li>
<li><a
href="6ad70b2d03"><code>6ad70b2</code></a>
Upgrade GitHub Actions for Node 24 compatibility (<a
href="https://redirect.github.com/openai/tiktoken/issues/472">#472</a>)</li>
<li>See full diff in <a
href="https://github.com/openai/tiktoken/compare/0.12.0...0.13.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `pydantic` from 2.12.3 to 2.13.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pydantic/pydantic/releases">pydantic's
releases</a>.</em></p>
<blockquote>
<h2>v2.13.4 2026-05-06</h2>
<h2>v2.13.4 (2026-05-06)</h2>
<h3>What's Changed</h3>
<h4>Packaging</h4>
<ul>
<li>Bump libc from 0.2.155 to 0.2.185 by <a
href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a
href="https://redirect.github.com/pydantic/pydantic/pull/13109">#13109</a></li>
<li>Adapt <code>pydantic-core</code> linker flags on macOS by <a
href="https://github.com/washingtoneg"><code>@​washingtoneg</code></a>
and <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a
href="https://redirect.github.com/pydantic/pydantic/pull/13147">#13147</a></li>
</ul>
<h4>Fixes</h4>
<ul>
<li>Preserve <code>RootModel</code> core metadata by <a
href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a
href="https://redirect.github.com/pydantic/pydantic/pull/13129">#13129</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4">https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4</a></p>
<h2>v2.13.3 2026-04-20</h2>
<h2>v2.13.3 (2026-04-20)</h2>
<h3>What's Changed</h3>
<h4>Fixes</h4>
<ul>
<li>Handle <code>AttributeError</code> subclasses with
<code>from_attributes</code> by <a
href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a
href="https://redirect.github.com/pydantic/pydantic/pull/13096">#13096</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pydantic/pydantic/compare/v2.13.2...v2.13.3">https://github.com/pydantic/pydantic/compare/v2.13.2...v2.13.3</a></p>
<h2>v2.13.2 2026-04-17</h2>
<h2>v2.13.2 (2026-04-17)</h2>
<h3>What's Changed</h3>
<h4>Fixes</h4>
<ul>
<li>Fix <code>ValidationInfo.field_name</code> missing with
<code>model_validate_json()</code> by <a
href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a
href="https://redirect.github.com/pydantic/pydantic/pull/13084">#13084</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2">https://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2</a></p>
<h2>v2.13.1 2026-04-15</h2>
<h2>v2.13.1 (2026-04-15)</h2>
<h3>What's Changed</h3>
<h4>Fixes</h4>
<ul>
<li>Fix <code>ValidationInfo.data</code> missing with
<code>model_validate_json()</code> by <a
href="https://github.com/davidhewitt"><code>@​davidhewitt</code></a> in
<a
href="https://redirect.github.com/pydantic/pydantic/pull/13079">#13079</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1">https://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1</a></p>
<h2>v2.13.0 2026-04-13</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pydantic/pydantic/blob/v2.13.4/HISTORY.md">pydantic's
changelog</a>.</em></p>
<blockquote>
<h2>v2.13.4 (2026-05-06)</h2>
<p><a
href="https://github.com/pydantic/pydantic/releases/tag/v2.13.4">GitHub
release</a></p>
<h3>What's Changed</h3>
<h4>Packaging</h4>
<ul>
<li>Bump libc from 0.2.155 to 0.2.185 by <a
href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a
href="https://redirect.github.com/pydantic/pydantic/pull/13109">#13109</a></li>
<li>Adapt <code>pydantic-core</code> linker flags on macOS by <a
href="https://github.com/washingtoneg"><code>@​washingtoneg</code></a>
and <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a
href="https://redirect.github.com/pydantic/pydantic/pull/13147">#13147</a></li>
</ul>
<h4>Fixes</h4>
<ul>
<li>Preserve <code>RootModel</code> core metadata by <a
href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a
href="https://redirect.github.com/pydantic/pydantic/pull/13129">#13129</a></li>
</ul>
<h2>v2.13.3 (2026-04-20)</h2>
<p><a
href="https://github.com/pydantic/pydantic/releases/tag/v2.13.3">GitHub
release</a></p>
<h3>What's Changed</h3>
<h4>Fixes</h4>
<ul>
<li>Handle <code>AttributeError</code> subclasses with
<code>from_attributes</code> by <a
href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a
href="https://redirect.github.com/pydantic/pydantic/pull/13096">#13096</a></li>
</ul>
<h2>v2.13.2 (2026-04-17)</h2>
<p><a
href="https://github.com/pydantic/pydantic/releases/tag/v2.13.2">GitHub
release</a></p>
<h3>What's Changed</h3>
<h4>Fixes</h4>
<ul>
<li>Fix <code>ValidationInfo.field_name</code> missing with
<code>model_validate_json()</code> by <a
href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a
href="https://redirect.github.com/pydantic/pydantic/pull/13084">#13084</a></li>
</ul>
<h2>v2.13.1 (2026-04-15)</h2>
<p><a
href="https://github.com/pydantic/pydantic/releases/tag/v2.13.1">GitHub
release</a></p>
<h3>What's Changed</h3>
<h4>Fixes</h4>
<ul>
<li>Fix <code>ValidationInfo.data</code> missing with
<code>model_validate_json()</code> by <a
href="https://github.com/davidhewitt"><code>@​davidhewitt</code></a> in
<a
href="https://redirect.github.com/pydantic/pydantic/pull/13079">#13079</a></li>
</ul>
<h2>v2.13.0 (2026-04-13)</h2>
<p><a
href="https://github.com/pydantic/pydantic/releases/tag/v2.13.0">GitHub
release</a></p>
<p>The highlights of the v2.13 release are available in the <a
href="https://pydantic.dev/articles/pydantic-v2-13-release">blog
post</a>.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cf67d4b319"><code>cf67d4b</code></a>
Fix linting</li>
<li><a
href="f0d8a214a5"><code>f0d8a21</code></a>
Prepare release v2.13.4</li>
<li><a
href="5e3fe1d41a"><code>5e3fe1d</code></a>
Check for pydantic tag pattern in CI</li>
<li><a
href="7f9edcc2a1"><code>7f9edcc</code></a>
Document tagging conventions</li>
<li><a
href="b46a0c9b8a"><code>b46a0c9</code></a>
Adapt <code>pydantic-core</code> linker flags on macOS</li>
<li><a
href="50629c851e"><code>50629c8</code></a>
Update to PyPy 7.3.22</li>
<li><a
href="8522ebb71e"><code>8522ebb</code></a>
Preserve <code>RootModel</code> core metadata</li>
<li><a
href="a37f3aff09"><code>a37f3af</code></a>
Adapt <code>MISSING</code> sentinel test to work with unreleased
<code>typing_extensions</code> ver...</li>
<li><a
href="909259a9df"><code>909259a</code></a>
Remove Logfire example in documentation</li>
<li><a
href="2c4174c366"><code>2c4174c</code></a>
Bump libc from 0.2.155 to 0.2.185</li>
<li>Additional commits viewable in <a
href="https://github.com/pydantic/pydantic/compare/v2.12.3...v2.13.4">compare
view</a></li>
</ul>
</details>
<br />

Updates `requests` from 2.33.0 to 2.34.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/releases">requests's
releases</a>.</em></p>
<blockquote>
<h2>v2.34.2</h2>
<h2>2.34.2 (2026-05-14)</h2>
<ul>
<li>Moved <code>headers</code> input type back to <code>Mapping</code>
to avoid invariance issues with <code>MutableMapping</code> and inferred
dict types. Users calling <code>Request.headers.update()</code> may need
to narrow typing in their code. (<a
href="https://redirect.github.com/psf/requests/issues/7441">#7441</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14">https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14</a></p>
<h2>v2.34.1</h2>
<h2>2.34.1 (2026-05-13)</h2>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Widened <code>json</code> input type from <code>dict</code> and
<code>list</code> to <code>Mapping</code>
and <code>Sequence</code>. (<a
href="https://redirect.github.com/psf/requests/issues/7436">#7436</a>)</li>
<li>Changed <code>headers</code> input type to MutableMapping and
removed <code>None</code> from
<code>Request.headers</code> typing to improve handling for users. (<a
href="https://redirect.github.com/psf/requests/issues/7431">#7431</a>)</li>
<li><code>Response.reason</code> moved from <code>str | None</code> to
<code>str</code> to improve handling
for users. (<a
href="https://redirect.github.com/psf/requests/issues/7437">#7437</a>)</li>
<li>Fixed a bug where some bodies with custom <code>__getattr__</code>
implementations
weren't being properly detected as Iterables. (<a
href="https://redirect.github.com/psf/requests/issues/7433">#7433</a>)</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/k223kim"><code>@​k223kim</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/7433">psf/requests#7433</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13">https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13</a></p>
<h2>v2.34.0</h2>
<h2>2.34.0 (2026-05-11)</h2>
<p><strong>Announcements</strong></p>
<ul>
<li>
<p>Requests 2.34.0 introduces inline types, replacing those provided by
typeshed. Public API types should be fully compatible with mypy,
pyright,
and ty. <strong>We believe types are comprehensive but if you find
issues, please
report them to the <a
href="https://redirect.github.com/psf/requests/issues/7271">pinned
tracking issue</a>.</strong></p>
<p>Special thanks to <a
href="https://github.com/bastimeyer"><code>@​bastimeyer</code></a>, <a
href="https://github.com/cthoyt"><code>@​cthoyt</code></a>, <a
href="https://github.com/edgarrmondragon"><code>@​edgarrmondragon</code></a>,
and <a href="https://github.com/srittau"><code>@​srittau</code></a> for
helping review and test the types ahead of the release. (<a
href="https://redirect.github.com/psf/requests/issues/7272">#7272</a>)</p>
</li>
</ul>
<p><strong>Improvements</strong></p>
<ul>
<li>Digest Auth hashing algorithms have added
<code>usedforsecurity=False</code> to clarify
security considerations. (<a
href="https://redirect.github.com/psf/requests/issues/7310">#7310</a>)</li>
<li>Requests added support for Python 3.15 based on beta1. Downstream
projects
should be able to start testing prior to its release in October. (<a
href="https://redirect.github.com/psf/requests/issues/7422">#7422</a>)</li>
<li>Requests added support for Python 3.14t. (<a
href="https://redirect.github.com/psf/requests/issues/7419">#7419</a>)</li>
</ul>
<p><strong>Bugfixes</strong></p>
<ul>
<li><code>Response.history</code> no longer contains a reference to
itself, preventing
accidental looping when traversing the history list. (<a
href="https://redirect.github.com/psf/requests/issues/7328">#7328</a>)</li>
<li>Requests no longer performs greedy matching on no_proxy domains.
The</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's
changelog</a>.</em></p>
<blockquote>
<h2>2.34.2 (2026-05-14)</h2>
<ul>
<li>Moved <code>headers</code> input type back to <code>Mapping</code>
to avoid invariance issues
with <code>MutableMapping</code> and inferred dict types. Users calling
<code>Request.headers.update()</code> may need to narrow typing in their
code. (<a
href="https://redirect.github.com/psf/requests/issues/7441">#7441</a>)</li>
</ul>
<h2>2.34.1 (2026-05-13)</h2>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Widened <code>json</code> input type from <code>dict</code> and
<code>list</code> to <code>Mapping</code>
and <code>Sequence</code>. (<a
href="https://redirect.github.com/psf/requests/issues/7436">#7436</a>)</li>
<li>Changed <code>headers</code> input type to MutableMapping and
removed <code>None</code> from
<code>Request.headers</code> typing to improve handling for users. (<a
href="https://redirect.github.com/psf/requests/issues/7431">#7431</a>)</li>
<li><code>Response.reason</code> moved from <code>str | None</code> to
<code>str</code> to improve handling
for users. (<a
href="https://redirect.github.com/psf/requests/issues/7437">#7437</a>)</li>
<li>Fixed a bug where some bodies with custom <code>__getattr__</code>
implementations
weren't being properly detected as Iterables. (<a
href="https://redirect.github.com/psf/requests/issues/7433">#7433</a>)</li>
</ul>
<h2>2.34.0 (2026-05-11)</h2>
<p><strong>Announcements</strong></p>
<ul>
<li>
<p>Requests 2.34.0 introduces inline types, replacing those provided by
typeshed. Public API types should be fully compatible with mypy,
pyright,
and ty. We believe types are comprehensive but if you find issues,
please
report them to the pinned tracking issue.</p>
<p>Special thanks to <a
href="https://github.com/bastimeyer"><code>@​bastimeyer</code></a>, <a
href="https://github.com/cthoyt"><code>@​cthoyt</code></a>, <a
href="https://github.com/edgarrmondragon"><code>@​edgarrmondragon</code></a>,
and <a href="https://github.com/srittau"><code>@​srittau</code></a> for
helping review and test the types ahead of the release. (<a
href="https://redirect.github.com/psf/requests/issues/7272">#7272</a>)</p>
</li>
</ul>
<p><strong>Improvements</strong></p>
<ul>
<li>Digest Auth hashing algorithms have added
<code>usedforsecurity=False</code> to clarify
security considerations. (<a
href="https://redirect.github.com/psf/requests/issues/7310">#7310</a>)</li>
<li>Requests added support for Python 3.15 based on beta1. Downstream
projects
should be able to start testing prior to its release in October. (<a
href="https://redirect.github.com/psf/requests/issues/7422">#7422</a>)</li>
<li>Requests added support for Python 3.14t. (<a
href="https://redirect.github.com/psf/requests/issues/7419">#7419</a>)</li>
</ul>
<p><strong>Bugfixes</strong></p>
<ul>
<li><code>Response.history</code> no longer contains a reference to
itself, preventing
accidental looping when traversing the history list. (<a
href="https://redirect.github.com/psf/requests/issues/7328">#7328</a>)</li>
<li>Requests no longer performs greedy matching on no_proxy domains. The
proxy_bypass implementation has been updated with CPython's fix from
bpo-39057. (<a
href="https://redirect.github.com/psf/requests/issues/7427">#7427</a>)</li>
<li>Requests no longer incorrectly strips duplicate leading slashes in
URI paths. This should address user issues with specific presigned
URLs. Note the full fix requires urllib3 2.7.0+. (<a
href="https://redirect.github.com/psf/requests/issues/7315">#7315</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6e83187b8f"><code>6e83187</code></a>
v2.34.2</li>
<li><a
href="84d10f0be8"><code>84d10f0</code></a>
Move Request.headers back to Mapping (<a
href="https://redirect.github.com/psf/requests/issues/7441">#7441</a>)</li>
<li><a
href="b7b549b545"><code>b7b549b</code></a>
v2.34.1</li>
<li><a
href="e511bc7277"><code>e511bc7</code></a>
Fix mutability issues with headers input types (<a
href="https://redirect.github.com/psf/requests/issues/7431">#7431</a>)</li>
<li><a
href="5691f59613"><code>5691f59</code></a>
Update JsonType containers to read-based collections (<a
href="https://redirect.github.com/psf/requests/issues/7436">#7436</a>)</li>
<li><a
href="2144213c30"><code>2144213</code></a>
Constrain Response.reason to str (<a
href="https://redirect.github.com/psf/requests/issues/7437">#7437</a>)</li>
<li><a
href="6404f345e5"><code>6404f34</code></a>
Fix <code>prepare_body</code> stream detection for
<code>__getattr__</code>-based file wrappers (<a
href="https://redirect.github.com/psf/requests/issues/7">#7</a>...</li>
<li><a
href="0b401c76b6"><code>0b401c7</code></a>
v2.34.0</li>
<li><a
href="86b378d3f6"><code>86b378d</code></a>
Align Session.get parameters with requests.get (<a
href="https://redirect.github.com/psf/requests/issues/7429">#7429</a>)</li>
<li><a
href="a4f9a5999b"><code>a4f9a59</code></a>
Port bpo-39057 to Requests (<a
href="https://redirect.github.com/psf/requests/issues/7427">#7427</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/psf/requests/compare/v2.33.0...v2.34.2">compare
view</a></li>
</ul>
</details>
<br />

Updates `langsmith` from 0.8.0 to 0.8.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.8.5</h2>
<h2>What's Changed</h2>
<ul>
<li>release(js): 0.7.0 by <a
href="https://github.com/ramon-langchain"><code>@​ramon-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2890">langchain-ai/langsmith-sdk#2890</a></li>
<li>fix(js): add alias for <code>experimental/sandbox</code> to appease
broad peer dep range within <code>deepagents</code> by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2893">langchain-ai/langsmith-sdk#2893</a></li>
<li>feat(js): allow disabling multipart streaming via env variable by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2900">langchain-ai/langsmith-sdk#2900</a></li>
<li>feat(python): add Client.close() to release session [closes
LSDK-183] by <a
href="https://github.com/open-swe"><code>@​open-swe</code></a>[bot] in
<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2866">langchain-ai/langsmith-sdk#2866</a></li>
<li>feat(sandbox): forward client default headers on exec WebSocket by
<a href="https://github.com/open-swe"><code>@​open-swe</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2899">langchain-ai/langsmith-sdk#2899</a></li>
<li>release(js): 0.7.1 by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2902">langchain-ai/langsmith-sdk#2902</a></li>
<li>release(py): 0.8.5 by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2903">langchain-ai/langsmith-sdk#2903</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.4...v0.8.5">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.4...v0.8.5</a></p>
<h2>v0.8.4</h2>
<h2>What's Changed</h2>
<ul>
<li>release(js): 0.6.3 by <a
href="https://github.com/vishnu-ssuresh"><code>@​vishnu-ssuresh</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2864">langchain-ai/langsmith-sdk#2864</a></li>
<li>chore(deps): bump python-multipart from 0.0.26 to 0.0.27 in /python
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2859">langchain-ai/langsmith-sdk#2859</a></li>
<li>chore(deps-dev): bump <code>@​anthropic-ai/sdk</code> from 0.91.1 to
0.92.0 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2858">langchain-ai/langsmith-sdk#2858</a></li>
<li>chore(deps): bump postcss from 8.5.8 to 8.5.14 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2857">langchain-ai/langsmith-sdk#2857</a></li>
<li>chore(deps): bump hono from 4.12.15 to 4.12.18 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2860">langchain-ai/langsmith-sdk#2860</a></li>
<li>chore(deps-dev): bump langchain-core from 1.3.2 to 1.3.3 in /python
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2867">langchain-ai/langsmith-sdk#2867</a></li>
<li>chore(deps-dev): bump <code>@​anthropic-ai/sdk</code> from 0.92.0 to
0.93.0 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2869">langchain-ai/langsmith-sdk#2869</a></li>
<li>chore(deps): bump urllib3 from 2.6.3 to 2.7.0 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2873">langchain-ai/langsmith-sdk#2873</a></li>
<li>chore(deps): bump the py-minor-and-patch group across 1 directory
with 12 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2876">langchain-ai/langsmith-sdk#2876</a></li>
<li>chore(deps-dev): bump the js-minor-and-patch group across 1
directory with 16 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2877">langchain-ai/langsmith-sdk#2877</a></li>
<li>chore(deps): bump the py-minor-and-patch group across 1 directory
with 11 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2879">langchain-ai/langsmith-sdk#2879</a></li>
<li>chore(deps): bump the npm_and_yarn group across 2 directories with 2
updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2868">langchain-ai/langsmith-sdk#2868</a></li>
<li>chore(deps-dev): bump <code>@​anthropic-ai/sdk</code> from 0.93.0 to
0.94.0 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2878">langchain-ai/langsmith-sdk#2878</a></li>
<li>sdk(js): rename experimental/sandbox -&gt; sandbox (breaking) by <a
href="https://github.com/DanielKneipp"><code>@​DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2885">langchain-ai/langsmith-sdk#2885</a></li>
<li>sdk(py): drop sandbox alpha/experimental warnings by <a
href="https://github.com/DanielKneipp"><code>@​DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2884">langchain-ai/langsmith-sdk#2884</a></li>
<li>feat(sandbox): make snapshot optional and add TS options overload by
<a
href="https://github.com/ramon-langchain"><code>@​ramon-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2887">langchain-ai/langsmith-sdk#2887</a></li>
<li>release(py): 0.8.4 by <a
href="https://github.com/ramon-langchain"><code>@​ramon-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2889">langchain-ai/langsmith-sdk#2889</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.3...v0.8.4">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.3...v0.8.4</a></p>
<h2>v0.8.3</h2>
<h2>What's Changed</h2>
<ul>
<li>fix(js): prevent sending [object Object] as span attribute when
dealing with nested objects, send full langsmith.usage_m...

_Description has been truncated_

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Mason Daugherty <mason@langchain.dev>
Co-authored-by: Mason Daugherty <github@mdrxy.com>
2026-05-18 22:23:25 -05:00
Mason Daugherty
abd9d4ce31 ci(infra): harden Dependabot version-bound preservation (#37510)
Dependabot has been stripping upper/lower bounds from internal
`langchain-*` deps in partner `pyproject.toml` files (e.g. #37288
reduced `langchain-core>=1.3.2,<2.0.0` to bare `langchain-core`). Locks
down the config so bumps preserve existing specifiers, and restores the
bounds it already mangled across the monorepo.

## Changes
- Add `versioning-strategy: increase` to every `uv` ecosystem block in
`.github/dependabot.yml` so future bumps move the lower bound in place
instead of rewriting the constraint.
- Ignore workspace-internal packages (`langchain-core`, `langchain`,
`langchain-classic`, `langchain-text-splitters`, `langchain-tests`,
`langchain-model-profiles`) on every `uv` block — these are editable
installs from local paths and their published constraints are
hand-curated for release, not Dependabot's to bump.
- Restore stripped bounds across all `libs/` packages — runtime
`dependencies` and every dep group (`test`, `dev`, `test_integration`,
`typing`, `lint`) — to `>=1.4.0,<2.0.0` for `langchain-core` and
`>=1.0.0,<2.0.0` for the other internal packages.
2026-05-18 17:24:19 -05:00
Mason Daugherty
c7daed8c0f hotfix: bump lockfiles (#37508) 2026-05-18 16:18:26 -05:00
dependabot[bot]
a57eccecbd chore: bump langsmith from 0.7.31 to 0.8.0 in /libs/model-profiles (#37382)
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from
0.7.31 to 0.8.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.8.0</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(js,py): JS 0.6.0, Py 0.8.0 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2831">langchain-ai/langsmith-sdk#2831</a></li>
<li>release(js): 0.6.0 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2832">langchain-ai/langsmith-sdk#2832</a></li>
<li>release(py): 0.8.0 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2833">langchain-ai/langsmith-sdk#2833</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.38...v0.8.0">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.38...v0.8.0</a></p>
<h2>v0.7.38</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(js): add tracing of opencode by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2776">langchain-ai/langsmith-sdk#2776</a></li>
<li>chore(js): Remove types/uuid by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2814">langchain-ai/langsmith-sdk#2814</a></li>
<li>docs(sandbox): document default idle TTL of 10 minutes by <a
href="https://github.com/DanielKneipp"><code>@​DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2788">langchain-ai/langsmith-sdk#2788</a></li>
<li>ci(py): Bump pytest timeout to 2m by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2815">langchain-ai/langsmith-sdk#2815</a></li>
<li>chore(deps-dev): bump the js-minor-and-patch group across 1
directory with 4 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2803">langchain-ai/langsmith-sdk#2803</a></li>
<li>chore(deps): update sphinx-autobuild requirement from &gt;=2024 to
&gt;=2024.10.3 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2809">langchain-ai/langsmith-sdk#2809</a></li>
<li>chore(deps): update myst-nb requirement from &gt;=1.1.1 to
&gt;=1.4.0 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2810">langchain-ai/langsmith-sdk#2810</a></li>
<li>chore(deps-dev): bump types-pyyaml from 6.0.12.20250915 to
6.0.12.20260408 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2812">langchain-ai/langsmith-sdk#2812</a></li>
<li>chore(deps-dev): bump <code>@​langchain/openai</code> from 0.5.18 to
0.6.17 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2806">langchain-ai/langsmith-sdk#2806</a></li>
<li>chore(deps): bump the py-minor-and-patch group across 1 directory
with 18 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2808">langchain-ai/langsmith-sdk#2808</a></li>
<li>feat(py): Adds strands OTEL exporter by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2817">langchain-ai/langsmith-sdk#2817</a></li>
<li>chore(js): Switch to oxfmt and oxlint by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2819">langchain-ai/langsmith-sdk#2819</a></li>
<li>fix(py): fix RunTree ValidationError when inputs or outputs is a
Pydantic BaseModel by <a
href="https://github.com/QuentinBrosse"><code>@​QuentinBrosse</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2820">langchain-ai/langsmith-sdk#2820</a></li>
<li>chore: add apac support by <a
href="https://github.com/joaquin-borggio-lc"><code>@​joaquin-borggio-lc</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2821">langchain-ai/langsmith-sdk#2821</a></li>
<li>fix(js): Pull Claude Agent SDK subagent runs from transcript, add
tool span for subagents, merge message blocks by id by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2816">langchain-ai/langsmith-sdk#2816</a></li>
<li>release(js): 0.5.26 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2824">langchain-ai/langsmith-sdk#2824</a></li>
<li>release(py): 0.7.38 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2825">langchain-ai/langsmith-sdk#2825</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.37...v0.7.38">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.37...v0.7.38</a></p>
<h2>v0.7.37</h2>
<h2>What's Changed</h2>
<ul>
<li>perf(js): Offload serialize to worker thread at flush time by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2781">langchain-ai/langsmith-sdk#2781</a></li>
<li>release(js): 0.5.24 by <a
href="https://github.com/emil-lc"><code>@​emil-lc</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2790">langchain-ai/langsmith-sdk#2790</a></li>
<li>chore(js): Fix perf test flagging by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2792">langchain-ai/langsmith-sdk#2792</a></li>
<li>feat(js,python): Adds hub model config and provider to schemas by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2793">langchain-ai/langsmith-sdk#2793</a></li>
<li>fix(js): minor test improvements by <a
href="https://github.com/christian-bromann"><code>@​christian-bromann</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2429">langchain-ai/langsmith-sdk#2429</a></li>
<li>fix(js): Include auth headers on info requests by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2800">langchain-ai/langsmith-sdk#2800</a></li>
<li>release(js): 0.5.25 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2801">langchain-ai/langsmith-sdk#2801</a></li>
<li>fix(python): flush both tracing_queue and compressed_traces in
flush() by <a
href="https://github.com/angus-langchain"><code>@​angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2796">langchain-ai/langsmith-sdk#2796</a></li>
<li>chore(deps): bump postcss from 8.5.8 to 8.5.10 in
/js/internal/environment_tests/test-exports-vite in the npm_and_yarn
group across 1 directory by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2791">langchain-ai/langsmith-sdk#2791</a></li>
<li>chore(deps-dev): bump google-adk from 1.10.0 to 1.28.1 in /python by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2794">langchain-ai/langsmith-sdk#2794</a></li>
<li>fix(python): flush pending traces during Client.cleanup() by <a
href="https://github.com/angus-langchain"><code>@​angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2799">langchain-ai/langsmith-sdk#2799</a></li>
<li>fix(py): Fix concurrency for multiple Claude Agent SDK sessions by
<a href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in
<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2795">langchain-ai/langsmith-sdk#2795</a></li>
<li>release(py): 0.7.37 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2802">langchain-ai/langsmith-sdk#2802</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.36...v0.7.37">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.36...v0.7.37</a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cf01c873d5"><code>cf01c87</code></a>
release(py): 0.8.0 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2833">#2833</a>)</li>
<li><a
href="fd049c8464"><code>fd049c8</code></a>
release(js): 0.6.0 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2832">#2832</a>)</li>
<li><a
href="092a8866c4"><code>092a886</code></a>
feat(js,py): JS 0.6.0, Py 0.8.0 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2831">#2831</a>)</li>
<li><a
href="ff180c0423"><code>ff180c0</code></a>
release(py): 0.7.38 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2825">#2825</a>)</li>
<li><a
href="d9de3ca801"><code>d9de3ca</code></a>
release(js): 0.5.26 (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2824">#2824</a>)</li>
<li><a
href="1428394831"><code>1428394</code></a>
fix(js): Pull Claude Agent SDK subagent runs from transcript, add tool
span f...</li>
<li><a
href="838e957d80"><code>838e957</code></a>
chore: add apac support (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2821">#2821</a>)</li>
<li><a
href="003f22a768"><code>003f22a</code></a>
fix(py): fix RunTree ValidationError when inputs or outputs is a
Pydantic Bas...</li>
<li><a
href="8f5ef27c2d"><code>8f5ef27</code></a>
chore(js): Switch to oxfmt and oxlint (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2819">#2819</a>)</li>
<li><a
href="9873633c9f"><code>9873633</code></a>
feat(py): Adds strands OTEL exporter (<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2817">#2817</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.31...v0.8.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=langsmith&package-manager=uv&previous-version=0.7.31&new-version=0.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-15 17:23:01 -07:00
dependabot[bot]
83f3aaaa7a chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/model-profiles (#37325)
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.6.3 to 2.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/releases">urllib3's
releases</a>.</em></p>
<blockquote>
<h2>2.7.0</h2>
<h2>🚀 urllib3 is fundraising for HTTP/2 support</h2>
<p><a
href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3
is raising ~$40,000 USD</a> to release HTTP/2 support and ensure
long-term sustainable maintenance of the project after a sharp decline
in financial support. If your company or organization uses Python and
would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and
thousands of other projects <a
href="https://opencollective.com/urllib3">please consider contributing
financially</a> to ensure HTTP/2 support is developed sustainably and
maintained for the long-haul.</p>
<p>Thank you for your support.</p>
<h2>Security</h2>
<p>Addressed high-severity security issues. Impact was limited to
specific use cases detailed in the accompanying advisories; overall user
exposure was estimated to be marginal.</p>
<ul>
<li>
<p>Decompression-bomb safeguards of the streaming API were bypassed:</p>
<ol>
<li>When <code>HTTPResponse.drain_conn()</code> was called after the
response had been read and decompressed partially. (Reported by <a
href="https://github.com/Cycloctane"><code>@​Cycloctane</code></a>)</li>
<li>During the second <code>HTTPResponse.read(amt=N)</code> or
<code>HTTPResponse.stream(amt=N)</code> call when the response was
decompressed using the official <a
href="https://pypi.org/project/brotli/">Brotli</a> library. (Reported by
<a
href="https://github.com/kimkou2024"><code>@​kimkou2024</code></a>)</li>
</ol>
<p>See GHSA-mf9v-mfxr-j63j for details.</p>
</li>
<li>
<p>HTTP pools created using
<code>ProxyManager.connection_from_url</code> did not strip sensitive
headers specified in <code>Retry.remove_headers_on_redirect</code> when
redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by <a
href="https://github.com/christos-spearbit"><code>@​christos-spearbit</code></a>)</p>
</li>
</ul>
<h2>Deprecations and Removals</h2>
<ul>
<li>Used <code>FutureWarning</code> instead of
<code>DeprecationWarning</code> for better visibility of existing
deprecation notices. Rescheduled the removal of deprecated features to
version 3.0. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3763">urllib3/urllib3#3763</a>)</li>
<li>Removed support for end-of-life Python 3.9. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3720">urllib3/urllib3#3720</a>)</li>
<li>Removed support for end-of-life PyPy3.10. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4979">urllib3/urllib3#4979</a>)</li>
<li>Bumped the minimum supported pyOpenSSL version to 19.0.0. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3777">urllib3/urllib3#3777</a>)</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>Fixed a bug where <code>HTTPResponse.read(amt=None)</code> was
ignoring decompressed data buffered from previous partial reads. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3636">urllib3/urllib3#3636</a>)</li>
<li>Fixed a bug where <code>HTTPResponse.read()</code> could cache only
part of the response after a partial read when
<code>cache_content=True</code>. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4967">urllib3/urllib3#4967</a>)</li>
<li>Fixed <code>HTTPResponse.stream()</code> and
<code>HTTPResponse.read_chunked()</code> to handle <code>amt=0</code>.
(<a
href="https://redirect.github.com/urllib3/urllib3/issues/3793">urllib3/urllib3#3793</a>)</li>
<li>Updated <code>_TYPE_BODY</code> type alias to include missing
<code>Iterable[str]</code>, matching the documented and runtime behavior
of chunked request bodies. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3798">urllib3/urllib3#3798</a>)</li>
<li>Fixed <code>LocationParseError</code> when paths resembling
schemeless URIs were passed to
<code>HTTPConnectionPool.urlopen()</code>. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3352">urllib3/urllib3#3352</a>)</li>
<li>Fixed <code>BaseHTTPResponse.readinto()</code> type annotation to
accept <code>memoryview</code> in addition to <code>bytearray</code>,
matching the <code>io.RawIOBase.readinto</code> contract and enabling
use with <code>io.BufferedReader</code> without type errors. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3764">urllib3/urllib3#3764</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's
changelog</a>.</em></p>
<blockquote>
<h1>2.7.0 (2026-05-07)</h1>
<h2>Security</h2>
<p>Addressed high-severity security issues.
Impact was limited to specific use cases detailed in the accompanying
advisories; overall user exposure was estimated to be marginal.</p>
<ul>
<li>
<p>Decompression-bomb safeguards of the streaming API were bypassed:</p>
<ol>
<li>When <code>HTTPResponse.drain_conn()</code> was called after the
response had been
read and decompressed partially.</li>
<li>During the second <code>HTTPResponse.read(amt=N)</code> or
<code>HTTPResponse.stream(amt=N)</code> call when the response was
decompressed
using the official <code>Brotli
&lt;https://pypi.org/project/brotli/&gt;</code>__ library.</li>
</ol>
<p>See <code>GHSA-mf9v-mfxr-j63j
&lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j&gt;</code>__
for details.</p>
</li>
<li>
<p>HTTP pools created using
<code>ProxyManager.connection_from_url</code> did not strip
sensitive headers specified in
<code>Retry.remove_headers_on_redirect</code> when
redirecting to a different host.
(<code>GHSA-qccp-gfcp-xxvc
&lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc&gt;</code>__)</p>
</li>
</ul>
<h2>Deprecations and Removals</h2>
<ul>
<li>Used <code>FutureWarning</code> instead of
<code>DeprecationWarning</code> for better
visibility of existing deprecation notices. Rescheduled the removal of
deprecated features to version 3.0.
(<code>[#3763](https://github.com/urllib3/urllib3/issues/3763)
&lt;https://github.com/urllib3/urllib3/issues/3763&gt;</code>__)</li>
<li>Removed support for end-of-life Python 3.9.
(<code>[#3720](https://github.com/urllib3/urllib3/issues/3720)
&lt;https://github.com/urllib3/urllib3/issues/3720&gt;</code>__)</li>
<li>Removed support for end-of-life PyPy3.10.
(<code>[#4979](https://github.com/urllib3/urllib3/issues/4979)
&lt;https://github.com/urllib3/urllib3/issues/4979&gt;</code>__)</li>
<li>Bumped the minimum supported pyOpenSSL version to 19.0.0.
(<code>[#3777](https://github.com/urllib3/urllib3/issues/3777)
&lt;https://github.com/urllib3/urllib3/issues/3777&gt;</code>__)</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>Fixed a bug where <code>HTTPResponse.read(amt=None)</code> was
ignoring decompressed
data buffered from previous partial reads.
(<code>[#3636](https://github.com/urllib3/urllib3/issues/3636)
&lt;https://github.com/urllib3/urllib3/issues/3636&gt;</code>__)</li>
<li>Fixed a bug where <code>HTTPResponse.read()</code> could cache only
part of the
response after a partial read when <code>cache_content=True</code>.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9a950b92d9"><code>9a950b9</code></a>
Release 2.7.0</li>
<li><a
href="5ec0de499b"><code>5ec0de4</code></a>
Merge commit from fork</li>
<li><a
href="2bdcc44d1e"><code>2bdcc44</code></a>
Merge commit from fork</li>
<li><a
href="f45b0df09d"><code>f45b0df</code></a>
Fix a misleading example for <code>ProxyManager</code> (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4970">#4970</a>)</li>
<li><a
href="577193ca02"><code>577193c</code></a>
Switch to nightly PyPy3.11 in CI for now (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4984">#4984</a>)</li>
<li><a
href="e90af45bb0"><code>e90af45</code></a>
Avoid infinite loop in <code>HTTPResponse.read_chunked</code> when
<code>amt=0</code> (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4974">#4974</a>)</li>
<li><a
href="67ed74fdae"><code>67ed74f</code></a>
Bump dev dependencies (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4972">#4972</a>)</li>
<li><a
href="3abd481097"><code>3abd481</code></a>
Upgrade mypy to version 1.20.2 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4978">#4978</a>)</li>
<li><a
href="2b8725dfca"><code>2b8725d</code></a>
Drop support for EOL PyPy3.10 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4979">#4979</a>)</li>
<li><a
href="2944b2a0a6"><code>2944b2a</code></a>
Upgrade <code>setup-chrome</code> and <code>setup-firefox</code> to fix
warnings (<a
href="https://redirect.github.com/urllib3/urllib3/issues/4973">#4973</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=uv&previous-version=2.6.3&new-version=2.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-11 11:18:05 -07:00
dependabot[bot]
fa4e609b61 chore: bump langchain-core from 1.3.2 to 1.3.3 in /libs/model-profiles (#37254)
Bumps [langchain-core](https://github.com/langchain-ai/langchain) from
1.3.2 to 1.3.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langchain/releases">langchain-core's
releases</a>.</em></p>
<blockquote>
<h2>langchain-core==1.3.3</h2>
<p>Changes since langchain-core==1.3.2</p>
<p>release(core): 1.3.3 (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37198">#37198</a>)
fix(core): set deprecation <code>since</code> to 1.3.3 to match release
(<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37200">#37200</a>)
fix(core, langchain): harden <code>load()</code> against untrusted
manifests (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37197">#37197</a>)
chore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37109">#37109</a>)
chore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in
/libs/core (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37129">#37129</a>)
fix(core): preserve structured <code>inputs</code> on tool runs in
tracers (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37108">#37108</a>)
release(perplexity): 1.2.0 (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37091">#37091</a>)
chore(docs): update x handle references (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37081">#37081</a>)
fix(core): make <code>removal</code> optional in
<code>warn_deprecated</code> (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37056">#37056</a>)
fix(core): validate batch_size in _batch and _abatch to prevent infinite
loop (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/36663">#36663</a>)
chore(core): mark stream_v2/astream_v2 as beta (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/36992">#36992</a>)</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5039dfec1f"><code>5039dfe</code></a>
release(core): 1.3.3 (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37198">#37198</a>)</li>
<li><a
href="55a7707837"><code>55a7707</code></a>
fix(core): set deprecation <code>since</code> to 1.3.3 to match release
(<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37200">#37200</a>)</li>
<li><a
href="c979c6187b"><code>c979c61</code></a>
fix(core, langchain): harden <code>load()</code> against untrusted
manifests (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37197">#37197</a>)</li>
<li><a
href="d7031101da"><code>d703110</code></a>
docs: update README.md (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37190">#37190</a>)</li>
<li><a
href="4d50a2a68b"><code>4d50a2a</code></a>
ci(infra): run pre-release checks before TestPyPI publish (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37194">#37194</a>)</li>
<li><a
href="9bd730e199"><code>9bd730e</code></a>
fix(fireworks): require <code>api_key</code> in
<code>FireworksEmbeddings</code> (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37193">#37193</a>)</li>
<li><a
href="f475f4191f"><code>f475f41</code></a>
release(mistralai): 1.1.4 (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37191">#37191</a>)</li>
<li><a
href="7dbff48aff"><code>7dbff48</code></a>
fix(mistralai): strip non-wire keys from <code>ToolMessage</code> (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37188">#37188</a>)</li>
<li><a
href="913816c440"><code>913816c</code></a>
release(fireworks): 1.3.1 (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/37189">#37189</a>)</li>
<li><a
href="4498d3dc84"><code>4498d3d</code></a>
fix(fireworks): strip non-wire keys from <code>ToolMessage</code> text
content blocks (#...</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langchain/compare/langchain-core==1.3.2...langchain-core==1.3.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=langchain-core&package-manager=uv&previous-version=1.3.2&new-version=1.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-09 12:26:16 -04:00
dependabot[bot]
46a6cb1c90 chore: bump types-toml from 0.10.8.20240310 to 0.10.8.20260408 in /libs/model-profiles (#37124)
Bumps [types-toml](https://github.com/python/typeshed) from
0.10.8.20240310 to 0.10.8.20260408.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/python/typeshed/commits">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=types-toml&package-manager=uv&previous-version=0.10.8.20240310&new-version=0.10.8.20260408)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-01 10:13:02 -04:00
Mason Daugherty
cc5a5371a9 release(fireworks): 1.2.1 (#37113) 2026-04-30 17:49:16 -04:00
Mason Daugherty
38553c3f2d release(perplexity): 1.2.0 (#37091) 2026-04-29 17:54:27 -04:00
open-swe[bot]
ba897ffa7e chore(docs): update x handle references (#37081)
## Description
Updates package metadata and README badges so LangChain social links
point to the new `@langchain_oss` X handle. This was completed with
AI-agent assistance.

## Test Plan
- [ ] Validate README badges and package metadata links point to
`https://x.com/langchain_oss`

_Opened collaboratively by Mason Daugherty and open-swe._

---------

Co-authored-by: open-swe[bot] <open-swe@users.noreply.github.com>
Co-authored-by: Mason Daugherty <61371264+mdrxy@users.noreply.github.com>
2026-04-29 13:56:09 -04:00
Mason Daugherty
7a4594b682 fix(anthropic): restore cache_control on non-direct subclasses (#37057)
Closes #37042

---

`AnthropicPromptCachingMiddleware` was unconditionally setting top-level
`cache_control` in `model_settings` for any `ChatAnthropic` subclass.
That field is direct-Anthropic-API only — `ChatAnthropicBedrock` (which
subclasses `ChatAnthropic` and passed the existing `isinstance` gate)
errored with `cache_control: Extra inputs are not permitted`.
Investigating that surfaced a related regression: PR #35967 also deleted
the block-level `cache_control` injection in `_get_request_payload`,
which silently disabled caching entirely for non-direct subclasses
(Bedrock had been falling back to in-block breakpoints). This restores
both paths.

## Changes
- Add `_is_direct_anthropic_llm_type` predicate that allowlists
`_llm_type == "anthropic-chat"`. Both the middleware's
`_supports_automatic_caching` and the new branch in
`ChatAnthropic._get_request_payload` route through it, so any subclass
that overrides `_llm_type` (Bedrock today, future direct-API variants
tomorrow) is treated as non-direct by default. Replaces the prior
substring-matching denylist on `"bedrock"`/`"vertex"`.
- Restore `_collect_code_execution_tool_ids`,
`_is_code_execution_related_block`, and a new
`_apply_cache_control_to_last_eligible_block` helper in `chat_models`.
For non-direct subclasses, `_get_request_payload` now pops
`cache_control` from kwargs and walks messages newest-to-oldest,
attaching the breakpoint to the last block that isn't
`code_execution`-related (Anthropic forbids breakpoints on those).
- Emit `UserWarning` when `cache_control` is requested but every
candidate block is `code_execution`-related — previously a silent drop.
- `AnthropicPromptCachingMiddleware._apply_caching` now sets the
top-level `cache_control` only when
`_supports_automatic_caching(request.model)`. System-message and
tool-definition breakpoints continue to apply for all `ChatAnthropic`
subclasses, since those are accepted by every transport.
- Note: `ChatAnthropicVertex` does not subclass `ChatAnthropic` (it
lives in `langchain-google-vertexai` and ships its own
`_get_request_payload`), so the chat-models changes here only affect
Bedrock. The middleware-side gate covers Vertex implicitly via the
`isinstance(request.model, ChatAnthropic)` check that already excludes
it.
2026-04-28 16:41:22 -04:00
Mason Daugherty
a70e7ab80e release(openai): 1.2.1 (#36995) 2026-04-24 15:04:36 -04:00
Nick Hollon
9ce72eba9f feat(core): add content-block-centric streaming (v2) (#36834) 2026-04-24 11:36:17 -04:00
Mason Daugherty
7b09eb7bda fix(fireworks): honor max_retries (#36973)
`ChatFireworks.max_retries` silently did nothing. The old code assigned
the value to a `ChatCompletionV2` sub-object rather than the base
client, and the pinned Fireworks SDK (0.13.0–0.19.20) never honors its
own `_max_retries` attribute on the base client either. Since the
Stainless-generated 1.x SDK that does implement retries is still
pre-release (1.0.1a63 at time of writing), retry responsibility is
ported to the LangChain side until the pin can be bumped.
2026-04-23 16:40:54 -04:00
Mason Daugherty
bb77a4229f release(openai): 1.2.0 (#36961) 2026-04-22 20:34:21 -04:00
dependabot[bot]
e85c418cfa chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/model-profiles (#36798)
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from
0.6.3 to 0.7.31.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.7.31</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(deps-dev): bump langchain-core from 1.2.23 to 1.2.28 in
/python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2692">langchain-ai/langsmith-sdk#2692</a></li>
<li>chore(deps-dev): bump <code>@​anthropic-ai/sdk</code> from 0.82.0 to
0.84.0 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2684">langchain-ai/langsmith-sdk#2684</a></li>
<li>chore(deps): bump cryptography from 46.0.6 to 46.0.7 in /python by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2693">langchain-ai/langsmith-sdk#2693</a></li>
<li>chore(deps-dev): bump <code>@​anthropic-ai/sdk</code> from 0.84.0 to
0.85.0 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2700">langchain-ai/langsmith-sdk#2700</a></li>
<li>feat(py): Tag OpenAI Agent Python SDK runs with ls_agent_type by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2699">langchain-ai/langsmith-sdk#2699</a></li>
<li>feat(js): Adds ls_agent_type metadata to AI SDK runs by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2701">langchain-ai/langsmith-sdk#2701</a></li>
<li>chore(deps-dev): bump types-tqdm from 4.67.3.20260303 to
4.67.3.20260408 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2710">langchain-ai/langsmith-sdk#2710</a></li>
<li>chore(deps): bump pnpm/action-setup from 5 to 6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2705">langchain-ai/langsmith-sdk#2705</a></li>
<li>chore(deps): bump the py-minor-and-patch group across 1 directory
with 10 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2711">langchain-ai/langsmith-sdk#2711</a></li>
<li>chore(deps-dev): bump <code>@​anthropic-ai/sdk</code> from 0.85.0 to
0.86.0 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2702">langchain-ai/langsmith-sdk#2702</a></li>
<li>chore(deps): bump actions/github-script from 8 to 9 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2706">langchain-ai/langsmith-sdk#2706</a></li>
<li>chore(deps-dev): bump the js-minor-and-patch group across 1
directory with 7 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2712">langchain-ai/langsmith-sdk#2712</a></li>
<li>chore(deps-dev): bump types-psutil from 7.2.2.20260130 to
7.2.2.20260408 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2709">langchain-ai/langsmith-sdk#2709</a></li>
<li>chore(deps-dev): bump rich from 14.3.3 to 15.0.0 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2708">langchain-ai/langsmith-sdk#2708</a></li>
<li>feat: Filter kwargs from new token events by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2714">langchain-ai/langsmith-sdk#2714</a></li>
<li>release(py): 0.7.31 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2716">langchain-ai/langsmith-sdk#2716</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31</a></p>
<h2>v0.7.30</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(python): add service feature to sandbox by <a
href="https://github.com/DanielKneipp"><code>@​DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2665">langchain-ai/langsmith-sdk#2665</a></li>
<li>fix(js): Fix prototype pollution bug in anonymizers by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2690">langchain-ai/langsmith-sdk#2690</a></li>
<li>release(js): 0.5.18 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2691">langchain-ai/langsmith-sdk#2691</a></li>
<li>chore(js/sandbox): suppress warning log by <a
href="https://github.com/hntrl"><code>@​hntrl</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2694">langchain-ai/langsmith-sdk#2694</a></li>
<li>feat(js): Add metadata to Claude Agent SDK JS tracing by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2695">langchain-ai/langsmith-sdk#2695</a></li>
<li>fix(py): Fix run tree memory leak by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2696">langchain-ai/langsmith-sdk#2696</a></li>
<li>release(py): 0.7.30 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2698">langchain-ai/langsmith-sdk#2698</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30</a></p>
<h2>v0.7.29</h2>
<h2>What's Changed</h2>
<ul>
<li>release(js): 0.5.17 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2681">langchain-ai/langsmith-sdk#2681</a></li>
<li>feat(py): Fix race condition around Claude Agent SDK instrumentation
by <a href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2685">langchain-ai/langsmith-sdk#2685</a></li>
<li>release(py): 0.7.29 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2686">langchain-ai/langsmith-sdk#2686</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29</a></p>
<h2>v0.7.28</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(py): Support subagent tracing in Claude Agents SDK, fix usage
and duplicate messages by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2670">langchain-ai/langsmith-sdk#2670</a></li>
<li>chore(deps-dev): bump the py-minor-and-patch group across 1
directory with 11 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2677">langchain-ai/langsmith-sdk#2677</a></li>
<li>chore(deps-dev): bump the js-minor-and-patch group across 1
directory with 8 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2667">langchain-ai/langsmith-sdk#2667</a></li>
<li>chore(deps): bump pnpm/action-setup from 4 to 5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2658">langchain-ai/langsmith-sdk#2658</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/langchain-ai/langsmith-sdk/commits/v0.7.31">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-15 23:09:56 -06:00
Mason Daugherty
7e81d09f2a chore(deps): bump pytest to 9.0.3 (#36801)
CVE-2025-71176 (medium severity)

All are dev-only (test dependency group) — no impact on published
packages.

### Why syrupy was also bumped

syrupy 4.x (`<5.0.0`) constrains pytest to `<9.0.0`, blocking the CVE
fix. Widening to `<6.0.0` allows syrupy 5.x which supports pytest 9.x.
2026-04-15 21:46:40 -06:00
dependabot[bot]
db149ff291 chore: bump pytest from 9.0.2 to 9.0.3 in /libs/model-profiles (#36716)
Bumps [pytest](https://github.com/pytest-dev/pytest) from 9.0.2 to
9.0.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pytest-dev/pytest/releases">pytest's
releases</a>.</em></p>
<blockquote>
<h2>9.0.3</h2>
<h1>pytest 9.0.3 (2026-04-07)</h1>
<h2>Bug fixes</h2>
<ul>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/12444">#12444</a>:
Fixed <code>pytest.approx</code> which now correctly takes into account
<code>~collections.abc.Mapping</code> keys order to compare them.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13634">#13634</a>:
Blocking a <code>conftest.py</code> file using the <code>-p no:</code>
option is now explicitly disallowed.</p>
<p>Previously this resulted in an internal assertion failure during
plugin loading.</p>
<p>Pytest now raises a clear <code>UsageError</code> explaining that
conftest files are not plugins and cannot be disabled via
<code>-p</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13734">#13734</a>:
Fixed crash when a test raises an exceptiongroup with
<code>__tracebackhide__ = True</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14195">#14195</a>:
Fixed an issue where non-string messages passed to <!-- raw HTML omitted
-->unittest.TestCase.subTest()<!-- raw HTML omitted --> were not
printed.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14343">#14343</a>:
Fixed use of insecure temporary directory (CVE-2025-71176).</p>
</li>
</ul>
<h2>Improved documentation</h2>
<ul>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13388">#13388</a>:
Clarified documentation for <code>-p</code> vs
<code>PYTEST_PLUGINS</code> plugin loading and fixed an incorrect
<code>-p</code> example.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13731">#13731</a>:
Clarified that capture fixtures (e.g. <code>capsys</code> and
<code>capfd</code>) take precedence over the <code>-s</code> /
<code>--capture=no</code> command-line options in <code>Accessing
captured output from a test function
&lt;accessing-captured-output&gt;</code>.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14088">#14088</a>:
Clarified that the default <code>pytest_collection</code> hook sets
<code>session.items</code> before it calls
<code>pytest_collection_finish</code>, not after.</li>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/14255">#14255</a>:
TOML integer log levels must be quoted: Updating reference
documentation.</li>
</ul>
<h2>Contributor-facing changes</h2>
<ul>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/12689">#12689</a>:
The test reports are now published to Codecov from GitHub Actions.
The test statistics is visible <a
href="https://app.codecov.io/gh/pytest-dev/pytest/tests">on the web
interface</a>.</p>
<p>-- by <code>aleguy02</code></p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a7d58d7a21"><code>a7d58d7</code></a>
Prepare release version 9.0.3</li>
<li><a
href="089d98199c"><code>089d981</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14366">#14366</a>
from bluetech/revert-14193-backport</li>
<li><a
href="8127eaf4ab"><code>8127eaf</code></a>
Revert &quot;Fix: assertrepr_compare respects dict insertion order (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14050">#14050</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14193">#14193</a>)&quot;</li>
<li><a
href="99a7e6029e"><code>99a7e60</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14363">#14363</a>
from pytest-dev/patchback/backports/9.0.x/95d8423bd...</li>
<li><a
href="ddee02a578"><code>ddee02a</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14343">#14343</a>
from bluetech/cve-2025-71176-simple</li>
<li><a
href="74eac6916f"><code>74eac69</code></a>
doc: Update training info (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14298">#14298</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14301">#14301</a>)</li>
<li><a
href="f92dee777c"><code>f92dee7</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14267">#14267</a>
from pytest-dev/patchback/backports/9.0.x/d6fa26c62...</li>
<li><a
href="7ee58acc87"><code>7ee58ac</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/12378">#12378</a>
from Pierre-Sassoulas/fix-implicit-str-concat-and-d...</li>
<li><a
href="37da870d37"><code>37da870</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/14259">#14259</a>
from mitre88/patch-4 (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14268">#14268</a>)</li>
<li><a
href="c34bfa3b7a"><code>c34bfa3</code></a>
Add explanation for string context diffs (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14257">#14257</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/14266">#14266</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pytest&package-manager=uv&previous-version=9.0.2&new-version=9.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-14 10:20:07 -07:00
Mason Daugherty
555bdfbade chore: add comment explaining pygments>=2.20.0 (#36570) 2026-04-06 15:07:07 -04:00
Mason Daugherty
0a1d290ac2 release(core): 1.2.26 (#36511) 2026-04-03 19:27:36 -04:00
John Kennedy
0f4f3f74c8 chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385)
## Summary

Bumps `pygments` to `>=2.20.0` across all 21 affected packages to
address [CVE-2026-4539](https://github.com/advisories/GHSA-XXXX) — ReDoS
via inefficient GUID regex in Pygments.

- **Severity:** Low
- **Fixed in:** 2.20.0 (was 2.19.2)
- **Change:** Added `pygments>=2.20.0` to `constraint-dependencies` in
`[tool.uv]` for each package, then ran `uv lock --upgrade-package
pygments` to regenerate lock files.

Closes Dependabot alerts #3435–#3455.

## Release Note
Patch deps

### Test Plan
 - [x] CI Green 🙏

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-30 23:26:59 -04:00
dependabot[bot]
106070de92 chore: bump requests from 2.32.5 to 2.33.0 in /libs/model-profiles (#36240)
Bumps [requests](https://github.com/psf/requests) from 2.32.5 to 2.33.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/releases">requests's
releases</a>.</em></p>
<blockquote>
<h2>v2.33.0</h2>
<h2>2.33.0 (2026-03-25)</h2>
<p><strong>Announcements</strong></p>
<ul>
<li>📣 Requests is adding inline types. If you have a typed code base
that uses Requests, please take a look at <a
href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>.
Give it a try, and report any gaps or feedback you may have in the
issue. 📣</li>
</ul>
<p><strong>Security</strong></p>
<ul>
<li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now
extracts contents to a non-deterministic location to prevent malicious
file replacement. This does not affect default usage of Requests, only
applications calling the utility function directly.</li>
</ul>
<p><strong>Improvements</strong></p>
<ul>
<li>Migrated to a PEP 517 build system using setuptools. (<a
href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li>
</ul>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Fixed an issue where an empty netrc entry could cause malformed
authentication to be applied to Requests on Python 3.11+. (<a
href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li>
</ul>
<p><strong>Deprecations</strong></p>
<ul>
<li>Dropped support for Python 3.9 following its end of support. (<a
href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li>
</ul>
<p><strong>Documentation</strong></p>
<ul>
<li>Various typo fixes and doc improvements.</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/M0d3v1"><code>@​M0d3v1</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/6865">psf/requests#6865</a></li>
<li><a href="https://github.com/aminvakil"><code>@​aminvakil</code></a>
made their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/7220">psf/requests#7220</a></li>
<li><a href="https://github.com/E8Price"><code>@​E8Price</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/6960">psf/requests#6960</a></li>
<li><a href="https://github.com/mitre88"><code>@​mitre88</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/7244">psf/requests#7244</a></li>
<li><a href="https://github.com/magsen"><code>@​magsen</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/6553">psf/requests#6553</a></li>
<li><a
href="https://github.com/Rohan5commit"><code>@​Rohan5commit</code></a>
made their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/7227">psf/requests#7227</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25">https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's
changelog</a>.</em></p>
<blockquote>
<h2>2.33.0 (2026-03-25)</h2>
<p><strong>Announcements</strong></p>
<ul>
<li>📣 Requests is adding inline types. If you have a typed code base
that
uses Requests, please take a look at <a
href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>.
Give it a try, and report
any gaps or feedback you may have in the issue. 📣</li>
</ul>
<p><strong>Security</strong></p>
<ul>
<li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now
extracts
contents to a non-deterministic location to prevent malicious file
replacement. This does not affect default usage of Requests, only
applications calling the utility function directly.</li>
</ul>
<p><strong>Improvements</strong></p>
<ul>
<li>Migrated to a PEP 517 build system using setuptools. (<a
href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li>
</ul>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Fixed an issue where an empty netrc entry could cause
malformed authentication to be applied to Requests on
Python 3.11+. (<a
href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li>
</ul>
<p><strong>Deprecations</strong></p>
<ul>
<li>Dropped support for Python 3.9 following its end of support. (<a
href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li>
</ul>
<p><strong>Documentation</strong></p>
<ul>
<li>Various typo fixes and doc improvements.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="bc04dfd6da"><code>bc04dfd</code></a>
v2.33.0</li>
<li><a
href="66d21cb07b"><code>66d21cb</code></a>
Merge commit from fork</li>
<li><a
href="8b9bc8fc0f"><code>8b9bc8f</code></a>
Move badges to top of README (<a
href="https://redirect.github.com/psf/requests/issues/7293">#7293</a>)</li>
<li><a
href="e331a288f3"><code>e331a28</code></a>
Remove unused extraction call (<a
href="https://redirect.github.com/psf/requests/issues/7292">#7292</a>)</li>
<li><a
href="753fd08c5e"><code>753fd08</code></a>
docs: fix FAQ grammar in httplib2 example</li>
<li><a
href="774a0b837a"><code>774a0b8</code></a>
docs(socks): same block as other sections</li>
<li><a
href="9c72a41bec"><code>9c72a41</code></a>
Bump github/codeql-action from 4.33.0 to 4.34.1</li>
<li><a
href="ebf7190679"><code>ebf7190</code></a>
Bump github/codeql-action from 4.32.0 to 4.33.0</li>
<li><a
href="0e4ae38f0c"><code>0e4ae38</code></a>
docs: exclude Response.is_permanent_redirect from API docs (<a
href="https://redirect.github.com/psf/requests/issues/7244">#7244</a>)</li>
<li><a
href="d568f47278"><code>d568f47</code></a>
docs: clarify Quickstart POST example (<a
href="https://redirect.github.com/psf/requests/issues/6960">#6960</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/psf/requests/compare/v2.32.5...v2.33.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=requests&package-manager=uv&previous-version=2.32.5&new-version=2.33.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-26 22:32:47 -07:00
Mason Daugherty
1778b082ec chore(partners): bump langchain-core min to 1.2.21 (#36183)
Bump the minimum `langchain-core` dependency to `>=1.2.21` across all 14
partner packages in the monorepo. Aligns partner lower bounds with the
latest core release so consumers pick up recent fixes (notably the
`ModelProfile` schema drift fix from core 1.2.21).
2026-03-23 19:39:35 -04:00
Mason Daugherty
2f64d80cc6 fix(core,model-profiles): add missing ModelProfile fields, warn on schema drift (#36129)
PR #35788 added 7 new fields to the `langchain-profiles` CLI output
(`name`, `status`, `release_date`, `last_updated`, `open_weights`,
`attachment`, `temperature`) but didn't update `ModelProfile` in
`langchain-core`. Partner packages like `langchain-aws` that set
`extra="forbid"` on their Pydantic models hit `extra_forbidden`
validation errors when Pydantic encountered undeclared TypedDict keys at
construction time. This adds the missing fields, makes `ModelProfile`
forward-compatible, provides a base-class hook so partners can stop
duplicating model-profile validator boilerplate, migrates all in-repo
partners to the new hook, and adds runtime + CI-time warnings for schema
drift.

## Changes

### `langchain-core`
- Add `__pydantic_config__ = ConfigDict(extra="allow")` to
`ModelProfile` so unknown profile keys pass Pydantic validation even on
models with `extra="forbid"` — forward-compatibility for when the CLI
schema evolves ahead of core
- Declare the 7 missing fields on `ModelProfile`: `name`, `status`,
`release_date`, `last_updated`, `open_weights` (metadata) and
`attachment`, `temperature` (capabilities)
- Add `_warn_unknown_profile_keys()` in `model_profile.py` — emits a
`UserWarning` when a profile dict contains keys not in `ModelProfile`,
suggesting a core upgrade. Wrapped in a bare `except` so introspection
failures never crash model construction
- Add `BaseChatModel._resolve_model_profile()` hook that returns `None`
by default. Partners can override this single method instead of
redefining the full `_set_model_profile` validator — the base validator
calls it automatically
- Add `BaseChatModel._check_profile_keys` as a separate
`model_validator` that calls `_warn_unknown_profile_keys`. Uses a
distinct method name so partner overrides of `_set_model_profile` don't
inadvertently suppress the check

### `langchain-profiles` CLI
- Add `_warn_undeclared_profile_keys()` to the CLI (`cli.py`), called
after merging augmentations in `refresh()` — warns at profile-generation
time (not just runtime) when emitted keys aren't declared in
`ModelProfile`. Gracefully skips if `langchain-core` isn't installed
- Add guard test
`test_model_data_to_profile_keys_subset_of_model_profile` in
model-profiles — feeds a fully-populated model dict to
`_model_data_to_profile()` and asserts every emitted key exists in
`ModelProfile.__annotations__`. CI fails before any release if someone
adds a CLI field without updating the TypedDict

### Partner packages
- Migrate all 10 in-repo partners to the `_resolve_model_profile()`
hook, replacing duplicated `@model_validator` / `_set_model_profile`
overrides: anthropic, deepseek, fireworks, groq, huggingface, mistralai,
openai (base + azure), openrouter, perplexity, xai
- Anthropic retains custom logic (context-1m beta → `max_input_tokens`
override); all others reduce to a one-liner
- Add `pr_lint.yml` scope for the new `model-profiles` package
2026-03-23 00:44:27 -04:00
Mason Daugherty
faadc1f3ce ci: suppress pytest streaming output in CI (#36092)
Reduce CI log noise by suppressing pytest's per-test dot/verbose
streaming output. The `_test.yml` workflow now passes `PYTEST_EXTRA=-q`
to `make test`, which overrides the default verbosity with quiet mode —
failures still print in full, but the thousands of `.......` progress
lines are gone. Local `make test` is unaffected since `PYTEST_EXTRA`
defaults empty.

## Changes
- Add `PYTEST_EXTRA ?=` variable to all 21 package Makefiles and inject
it into each `test` target's pytest invocation
- Pass `PYTEST_EXTRA=-q` in `_test.yml` for both the main test step and
the min-version retest step
2026-03-18 21:24:47 -04:00
Mason Daugherty
07fa576de1 ci: avoid unnecessary dep installs in lint targets (#36046)
CI lint jobs use `uv run --all-groups` for all tools, but ruff doesn't
need dependency resolution — only mypy does. By splitting into
`UV_RUN_LINT` (ruff) and `UV_RUN_TYPE` (mypy), the CI-facing targets run
ruff with `--group lint` only, giving fast-fail feedback before mypy
triggers the full environment sync.

For packages where source code only conditionally imports heavy deps
(text-splitters, huggingface), `lint_package` also overrides
`UV_RUN_TYPE` to `--group lint --group typing`, skipping the ~3.5GB
`test_integration` download entirely. `lint_tests` keeps `--all-groups`
since test code legitimately imports those deps.

Additionally, `lint_imports.sh` was inconsistently wired — most packages
had the script but weren't calling it.

## Changes

**Makefile optimization**
- Introduce `UV_RUN_LINT` and `UV_RUN_TYPE` Make variables, both
defaulting to `uv run --all-groups`. For `lint_package` and
`lint_tests`, `UV_RUN_LINT` is overridden to `uv run --group lint` so
ruff runs instantly without syncing heavy deps
- For `text-splitters` and `huggingface`, override `UV_RUN_TYPE` on
`lint_package` to `uv run --group lint --group typing` — mypy runs
without downloading torch, CUDA, spacy, etc.

**mypy config for lean groups**
- Add `transformers` and `transformers.*` to `ignore_missing_imports` in
`text-splitters` pyproject.toml (conditional `try/except` import, same
treatment as existing `konlpy`/`nltk` entries)
- Add `torch`, `torch.*`, `langchain_community`, `langchain_community.*`
to `ignore_missing_imports` in `huggingface` pyproject.toml
- Add dual `# type: ignore[unreachable, unused-ignore]` in
`text-splitters/base.py` to handle the `PreTrainedTokenizerBase`
isinstance check that behaves differently depending on whether
transformers is installed

**lint_imports.sh consistency**
- Add `./scripts/lint_imports.sh` to the lint recipe in every package
that wasn't calling it (standard-tests, model-profiles, all 15
partners), and create the script for the two packages missing it
entirely (`model-profiles`, `openrouter`)
- Update all `lint_imports.sh` scripts to allow `from langchain.agents`
and `from langchain.tools` imports (legitimate v1 middleware
dependencies used by `langchain-anthropic` and `langchain-openai`)
2026-03-17 21:23:29 -04:00
Mason Daugherty
32db242227 fix(model-profiles): use posix-compatible substitution in makefile (#35957)
The `refresh_model_profiles` CI workflow has been failing daily since
the `refresh-profiles` Makefile target was added. `make` runs recipes
with `/bin/sh`, which is dash on Ubuntu CI runners — and
`${var//pattern/replacement}` is a bash-only construct that dash rejects
with `Bad substitution`.

## Changes
- Replace bash-ism `$${partner//-/_}` with POSIX-compatible `$$(echo
"$${partner}" | tr '-' '_')` in the `refresh-profiles` target's
`data_dir` construction
2026-03-16 10:50:33 -04:00
dependabot[bot]
0157621224 chore: bump orjson from 3.11.5 to 3.11.6 in /libs/model-profiles (#35857) 2026-03-14 13:06:45 -04:00
Mason Daugherty
5d9568b5f5 feat(model-profiles): new fields + Makefile target (#35788)
Extract additional fields from models.dev into `_model_data_to_profile`:
`name`, `status`, `release_date`, `last_updated`, `open_weights`,
`attachment`, `temperature`

Move the model profile refresh logic from an inline bash script in the
GitHub Actions workflow into a `make refresh-profiles` target in
`libs/model-profiles/Makefile`. This makes it runnable locally with a
single command and keeps the provider map in one place instead of
duplicated between CI and developer docs.
2026-03-12 13:56:25 +00:00
dependabot[bot]
5e4a4cd5f8 chore: bump langgraph from 1.0.8 to 1.0.10rc1 in /libs/model-profiles (#35611)
Bumps [langgraph](https://github.com/langchain-ai/langgraph) from 1.0.8
to 1.0.10rc1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langgraph/releases">langgraph's
releases</a>.</em></p>
<blockquote>
<h2>langgraph==1.0.10rc1</h2>
<p>Changes since 1.0.9</p>
<ul>
<li>release: Candidate (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6947">#6947</a>)</li>
<li>Merge commit from fork</li>
<li>chore: add tests to confirm expected subgraph persistence behavior
(<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6943">#6943</a>)</li>
<li>fix(langgraph): correct ParentCommand bubbling when checkpoint_ns
includes numeric task segments (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6864">#6864</a>)</li>
<li>chore: add <code>make type</code> target for type checking (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6748">#6748</a>)</li>
</ul>
<h2>langgraph==1.0.9</h2>
<p>Changes since 1.0.8</p>
<ul>
<li>release: langgraph + prebuilt (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6875">#6875</a>)</li>
<li>fix: sequential interrupt handling w/ functional API (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6863">#6863</a>)</li>
<li>chore: state_updated_at sort by (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6857">#6857</a>)</li>
<li>chore: bump orjson (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6852">#6852</a>)</li>
<li>chore: conformance testing (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6842">#6842</a>)</li>
<li>chore(deps): bump the all-dependencies group in /libs/langgraph with
6 updates (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6815">#6815</a>)</li>
<li>chore(deps): bump protobuf from 6.33.4 to 6.33.5 in /libs/langgraph
(<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6833">#6833</a>)</li>
<li>chore(deps): bump cryptography from 46.0.3 to 46.0.5 in
/libs/langgraph (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6837">#6837</a>)</li>
<li>chore(deps): bump nbconvert from 7.16.6 to 7.17.0 in /libs/langgraph
(<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6832">#6832</a>)</li>
<li>chore: server runtime type (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6774">#6774</a>)</li>
<li>refactor: replace bare except with BaseException in AsyncQueue (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6765">#6765</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a04ec5d6f0"><code>a04ec5d</code></a>
release: Candidate (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6947">#6947</a>)</li>
<li><a
href="50df7d423a"><code>50df7d4</code></a>
Merge commit from fork</li>
<li><a
href="c4a4a46473"><code>c4a4a46</code></a>
chore: add tests to confirm expected subgraph persistence behavior (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6943">#6943</a>)</li>
<li><a
href="f178eb821e"><code>f178eb8</code></a>
fix(langgraph): correct ParentCommand bubbling when checkpoint_ns
includes nu...</li>
<li><a
href="48167d7fec"><code>48167d7</code></a>
chore(deps): bump the all-dependencies group in /libs/cli with 2 updates
(<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6920">#6920</a>)</li>
<li><a
href="806878a421"><code>806878a</code></a>
chore(deps): bump the all-dependencies group in
/libs/checkpoint-postgres wit...</li>
<li><a
href="8087e6a42c"><code>8087e6a</code></a>
docs(sdk-py): update auth docstrings to default-deny pattern (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6933">#6933</a>)</li>
<li><a
href="8fbdb14487"><code>8fbdb14</code></a>
release(sdk-py): 0.3.9 (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6932">#6932</a>)</li>
<li><a
href="5093802f31"><code>5093802</code></a>
chore(deps): bump the all-dependencies group in /libs/checkpoint with 2
updat...</li>
<li><a
href="b89ef60b91"><code>b89ef60</code></a>
feat(sdk-py): add extract parameter to threads.search() (<a
href="https://redirect.github.com/langchain-ai/langgraph/issues/6880">#6880</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langgraph/compare/1.0.8...1.0.10rc1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=langgraph&package-manager=uv&previous-version=1.0.8&new-version=1.0.10rc1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-06 16:11:41 -08:00
dependabot[bot]
86aaa8ab15 chore: bump the minor-and-patch group across 3 directories with 3 updates (#35589)
Bumps the minor-and-patch group with 1 update in the
/libs/model-profiles directory:
[ruff](https://github.com/astral-sh/ruff).
Bumps the minor-and-patch group with 2 updates in the
/libs/standard-tests directory:
[langchain-core](https://github.com/langchain-ai/langchain) and
[ruff](https://github.com/astral-sh/ruff).
Bumps the minor-and-patch group with 3 updates in the
/libs/text-splitters directory:
[langchain-core](https://github.com/langchain-ai/langchain),
[ruff](https://github.com/astral-sh/ruff) and
[transformers](https://github.com/huggingface/transformers).

Updates `ruff` from 0.15.4 to 0.15.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/releases">ruff's
releases</a>.</em></p>
<blockquote>
<h2>0.15.5</h2>
<h2>Release Notes</h2>
<p>Released on 2026-03-05.</p>
<h3>Preview features</h3>
<ul>
<li>Discover Markdown files by default in preview mode (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23434">#23434</a>)</li>
<li>[<code>perflint</code>] Extend <code>PERF102</code> to
comprehensions and generators (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23473">#23473</a>)</li>
<li>[<code>refurb</code>] Fix <code>FURB101</code> and
<code>FURB103</code> false positives when I/O variable is used later (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23542">#23542</a>)</li>
<li>[<code>ruff</code>] Add fix for
<code>none-not-at-end-of-union</code> (<code>RUF036</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/22829">#22829</a>)</li>
<li>[<code>ruff</code>] Fix false positive for <code>re.split</code>
with empty string pattern (<code>RUF055</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23634">#23634</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>[<code>fastapi</code>] Handle callable class dependencies with
<code>__call__</code> method (<code>FAST003</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23553">#23553</a>)</li>
<li>[<code>pydocstyle</code>] Fix numpy section ordering
(<code>D420</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23685">#23685</a>)</li>
<li>[<code>pyflakes</code>] Fix false positive for names shadowing
re-exports (<code>F811</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23356">#23356</a>)</li>
<li>[<code>pyupgrade</code>] Avoid inserting redundant <code>None</code>
elements in <code>UP045</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23459">#23459</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Document extension mapping for Markdown code formatting (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23574">#23574</a>)</li>
<li>Update default Python version examples (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23605">#23605</a>)</li>
</ul>
<h3>Other changes</h3>
<ul>
<li>Publish releases to Astral mirror (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23616">#23616</a>)</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a
href="https://github.com/amyreese"><code>@​amyreese</code></a></li>
<li><a
href="https://github.com/stakeswky"><code>@​stakeswky</code></a></li>
<li><a
href="https://github.com/chirizxc"><code>@​chirizxc</code></a></li>
<li><a
href="https://github.com/anishgirianish"><code>@​anishgirianish</code></a></li>
<li><a href="https://github.com/bxff"><code>@​bxff</code></a></li>
<li><a href="https://github.com/zsol"><code>@​zsol</code></a></li>
<li><a
href="https://github.com/charliermarsh"><code>@​charliermarsh</code></a></li>
<li><a href="https://github.com/ntBre"><code>@​ntBre</code></a></li>
<li><a
href="https://github.com/kar-ganap"><code>@​kar-ganap</code></a></li>
</ul>
<h2>Install ruff 0.15.5</h2>
<h3>Install prebuilt binaries via shell script</h3>
<pre lang="sh"><code>curl --proto '=https' --tlsv1.2 -LsSf
https://github.com/astral-sh/ruff/releases/download/0.15.5/ruff-installer.sh
| sh
</code></pre>
<h3>Install prebuilt binaries via powershell script</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md">ruff's
changelog</a>.</em></p>
<blockquote>
<h2>0.15.5</h2>
<p>Released on 2026-03-05.</p>
<h3>Preview features</h3>
<ul>
<li>Discover Markdown files by default in preview mode (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23434">#23434</a>)</li>
<li>[<code>perflint</code>] Extend <code>PERF102</code> to
comprehensions and generators (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23473">#23473</a>)</li>
<li>[<code>refurb</code>] Fix <code>FURB101</code> and
<code>FURB103</code> false positives when I/O variable is used later (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23542">#23542</a>)</li>
<li>[<code>ruff</code>] Add fix for
<code>none-not-at-end-of-union</code> (<code>RUF036</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/22829">#22829</a>)</li>
<li>[<code>ruff</code>] Fix false positive for <code>re.split</code>
with empty string pattern (<code>RUF055</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23634">#23634</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>[<code>fastapi</code>] Handle callable class dependencies with
<code>__call__</code> method (<code>FAST003</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23553">#23553</a>)</li>
<li>[<code>pydocstyle</code>] Fix numpy section ordering
(<code>D420</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23685">#23685</a>)</li>
<li>[<code>pyflakes</code>] Fix false positive for names shadowing
re-exports (<code>F811</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23356">#23356</a>)</li>
<li>[<code>pyupgrade</code>] Avoid inserting redundant <code>None</code>
elements in <code>UP045</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23459">#23459</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Document extension mapping for Markdown code formatting (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23574">#23574</a>)</li>
<li>Update default Python version examples (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23605">#23605</a>)</li>
</ul>
<h3>Other changes</h3>
<ul>
<li>Publish releases to Astral mirror (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23616">#23616</a>)</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a
href="https://github.com/amyreese"><code>@​amyreese</code></a></li>
<li><a
href="https://github.com/stakeswky"><code>@​stakeswky</code></a></li>
<li><a
href="https://github.com/chirizxc"><code>@​chirizxc</code></a></li>
<li><a
href="https://github.com/anishgirianish"><code>@​anishgirianish</code></a></li>
<li><a href="https://github.com/bxff"><code>@​bxff</code></a></li>
<li><a href="https://github.com/zsol"><code>@​zsol</code></a></li>
<li><a
href="https://github.com/charliermarsh"><code>@​charliermarsh</code></a></li>
<li><a href="https://github.com/ntBre"><code>@​ntBre</code></a></li>
<li><a
href="https://github.com/kar-ganap"><code>@​kar-ganap</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5e4a3d9c3b"><code>5e4a3d9</code></a>
Bump 0.15.5 (<a
href="https://redirect.github.com/astral-sh/ruff/issues/23743">#23743</a>)</li>
<li><a
href="69c23cc5a3"><code>69c23cc</code></a>
[ty] Render all changed diagnostics in conformance.py (<a
href="https://redirect.github.com/astral-sh/ruff/issues/23613">#23613</a>)</li>
<li><a
href="4926bd5820"><code>4926bd5</code></a>
[ty] Split deferred checks out of <code>types/infer/builder.rs</code>
(<a
href="https://redirect.github.com/astral-sh/ruff/issues/23740">#23740</a>)</li>
<li><a
href="9a70f5eb2f"><code>9a70f5e</code></a>
Discover markdown files by default in preview mode (<a
href="https://redirect.github.com/astral-sh/ruff/issues/23434">#23434</a>)</li>
<li><a
href="3dc78b0a84"><code>3dc78b0</code></a>
[ty] Use <code>HasOptionalDefinition</code> for <code>except</code>
handlers (<a
href="https://redirect.github.com/astral-sh/ruff/issues/23739">#23739</a>)</li>
<li><a
href="a6a5e8d10b"><code>a6a5e8d</code></a>
[ty] Fix precedence of <code>all</code> selector in TOML configurations
(<a
href="https://redirect.github.com/astral-sh/ruff/issues/23723">#23723</a>)</li>
<li><a
href="2a5384b0b6"><code>2a5384b</code></a>
[ty] Make <code>all</code> selector case sensitive (<a
href="https://redirect.github.com/astral-sh/ruff/issues/23713">#23713</a>)</li>
<li><a
href="db77d7b2ae"><code>db77d7b</code></a>
[ty] Add a diagnostic if a <code>TypeVar</code> is used to specialize a
<code>ParamSpec</code>, or ...</li>
<li><a
href="db2849068f"><code>db28490</code></a>
[ty] Override home directory in ty tests (<a
href="https://redirect.github.com/astral-sh/ruff/issues/23724">#23724</a>)</li>
<li><a
href="5f0fd91a23"><code>5f0fd91</code></a>
[ty] More type-variable default validation (<a
href="https://redirect.github.com/astral-sh/ruff/issues/23639">#23639</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/astral-sh/ruff/compare/0.15.4...0.15.5">compare
view</a></li>
</ul>
</details>
<br />

Updates `langchain-core` from 1.2.16 to 1.2.17
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langchain/releases">langchain-core's
releases</a>.</em></p>
<blockquote>
<h2>langchain-core==1.2.17</h2>
<p>Changes since langchain-core==1.2.16</p>
<p>release(core): 1.2.17 (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/35527">#35527</a>)
fix(core): extract usage metadata from serialized tracer message outputs
(<a
href="https://redirect.github.com/langchain-ai/langchain/issues/35526">#35526</a>)
chore: bump the langchain-deps group across 3 directories with 7 updates
(<a
href="https://redirect.github.com/langchain-ai/langchain/issues/35513">#35513</a>)
chore: bump the langchain-deps group across 3 directories with 14
updates (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/35441">#35441</a>)</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cdf140e77d"><code>cdf140e</code></a>
release(core): 1.2.17 (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/35527">#35527</a>)</li>
<li><a
href="61fd90a2f3"><code>61fd90a</code></a>
fix(core): extract usage metadata from serialized tracer message outputs
(<a
href="https://redirect.github.com/langchain-ai/langchain/issues/35">#35</a>...</li>
<li><a
href="d2c86df128"><code>d2c86df</code></a>
fix(huggingface): switch integration test provider to together (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/35525">#35525</a>)</li>
<li><a
href="da092cf093"><code>da092cf</code></a>
Change logo width in README.md</li>
<li><a
href="ac9295761a"><code>ac92957</code></a>
fix(huggingface): resolve huggingface-hub 1.x compat (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/35524">#35524</a>)</li>
<li><a
href="357fbdd40c"><code>357fbdd</code></a>
Update heading in README to reflect platform focus</li>
<li><a
href="a0bc522887"><code>a0bc522</code></a>
Swap logo images for light and dark themes</li>
<li><a
href="8450b51d2c"><code>8450b51</code></a>
Add files via upload</li>
<li><a
href="cf518216f7"><code>cf51821</code></a>
Add files via upload</li>
<li><a
href="6d39b72892"><code>6d39b72</code></a>
fix(huggingface): bump transformers and sentence-transformers lower
bounds (#...</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langchain/compare/langchain-core==1.2.16...langchain-core==1.2.17">compare
view</a></li>
</ul>
</details>
<br />

Updates `ruff` from 0.15.4 to 0.15.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/releases">ruff's
releases</a>.</em></p>
<blockquote>
<h2>0.15.5</h2>
<h2>Release Notes</h2>
<p>Released on 2026-03-05.</p>
<h3>Preview features</h3>
<ul>
<li>Discover Markdown files by default in preview mode (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23434">#23434</a>)</li>
<li>[<code>perflint</code>] Extend <code>PERF102</code> to
comprehensions and generators (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23473">#23473</a>)</li>
<li>[<code>refurb</code>] Fix <code>FURB101</code> and
<code>FURB103</code> false positives when I/O variable is used later (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23542">#23542</a>)</li>
<li>[<code>ruff</code>] Add fix for
<code>none-not-at-end-of-union</code> (<code>RUF036</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/22829">#22829</a>)</li>
<li>[<code>ruff</code>] Fix false positive for <code>re.split</code>
with empty string pattern (<code>RUF055</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23634">#23634</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>[<code>fastapi</code>] Handle callable class dependencies with
<code>__call__</code> method (<code>FAST003</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23553">#23553</a>)</li>
<li>[<code>pydocstyle</code>] Fix numpy section ordering
(<code>D420</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23685">#23685</a>)</li>
<li>[<code>pyflakes</code>] Fix false positive for names shadowing
re-exports (<code>F811</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23356">#23356</a>)</li>
<li>[<code>pyupgrade</code>] Avoid inserting redundant <code>None</code>
elements in <code>UP045</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23459">#23459</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Document extension mapping for Markdown code formatting (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23574">#23574</a>)</li>
<li>Update default Python version examples (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23605">#23605</a>)</li>
</ul>
<h3>Other changes</h3>
<ul>
<li>Publish releases to Astral mirror (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23616">#23616</a>)</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a
href="https://github.com/amyreese"><code>@​amyreese</code></a></li>
<li><a
href="https://github.com/stakeswky"><code>@​stakeswky</code></a></li>
<li><a
href="https://github.com/chirizxc"><code>@​chirizxc</code></a></li>
<li><a
href="https://github.com/anishgirianish"><code>@​anishgirianish</code></a></li>
<li><a href="https://github.com/bxff"><code>@​bxff</code></a></li>
<li><a href="https://github.com/zsol"><code>@​zsol</code></a></li>
<li><a
href="https://github.com/charliermarsh"><code>@​charliermarsh</code></a></li>
<li><a href="https://github.com/ntBre"><code>@​ntBre</code></a></li>
<li><a
href="https://github.com/kar-ganap"><code>@​kar-ganap</code></a></li>
</ul>
<h2>Install ruff 0.15.5</h2>
<h3>Install prebuilt binaries via shell script</h3>
<pre lang="sh"><code>curl --proto '=https' --tlsv1.2 -LsSf
https://github.com/astral-sh/ruff/releases/download/0.15.5/ruff-installer.sh
| sh
</code></pre>
<h3>Install prebuilt binaries via powershell script</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md">ruff's
changelog</a>.</em></p>
<blockquote>
<h2>0.15.5</h2>
<p>Released on 2026-03-05.</p>
<h3>Preview features</h3>
<ul>
<li>Discover Markdown files by default in preview mode (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23434">#23434</a>)</li>
<li>[<code>perflint</code>] Extend <code>PERF102</code> to
comprehensions and generators (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23473">#23473</a>)</li>
<li>[<code>refurb</code>] Fix <code>FURB101</code> and
<code>FURB103</code> false positives when I/O variable is used later (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23542">#23542</a>)</li>
<li>[<code>ruff</code>] Add fix for
<code>none-not-at-end-of-union</code> (<code>RUF036</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/22829">#22829</a>)</li>
<li>[<code>ruff</code>] Fix false positive for <code>re.split</code>
with empty string pattern (<code>RUF055</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23634">#23634</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>[<code>fastapi</code>] Handle callable class dependencies with
<code>__call__</code> method (<code>FAST003</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23553">#23553</a>)</li>
<li>[<code>pydocstyle</code>] Fix numpy section ordering
(<code>D420</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23685">#23685</a>)</li>
<li>[<code>pyflakes</code>] Fix false positive for names shadowing
re-exports (<code>F811</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23356">#23356</a>)</li>
<li>[<code>pyupgrade</code>] Avoid inserting redundant <code>None</code>
elements in <code>UP045</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23459">#23459</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Document extension mapping for Markdown code formatting (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23574">#23574</a>)</li>
<li>Update default Python version examples (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23605">#23605</a>)</li>
</ul>
<h3>Other changes</h3>
<ul>
<li>Publish releases to Astral mirror (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23616">#23616</a>)</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a
href="https://github.com/amyreese"><code>@​amyreese</code></a></li>
<li><a
href="https://github.com/stakeswky"><code>@​stakeswky</code></a></li>
<li><a
href="https://github.com/chirizxc"><code>@​chirizxc</code></a></li>
<li><a
href="https://github.com/anishgirianish"><code>@​anishgirianish</code></a></li>
<li><a href="https://github.com/bxff"><code>@​bxff</code></a></li>
<li><a href="https://github.com/zsol"><code>@​zsol</code></a></li>
<li><a
href="https://github.com/charliermarsh"><code>@​charliermarsh</code></a></li>
<li><a href="https://github.com/ntBre"><code>@​ntBre</code></a></li>
<li><a
href="https://github.com/kar-ganap"><code>@​kar-ganap</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5e4a3d9c3b"><code>5e4a3d9</code></a>
Bump 0.15.5 (<a
href="https://redirect.github.com/astral-sh/ruff/issues/23743">#23743</a>)</li>
<li><a
href="69c23cc5a3"><code>69c23cc</code></a>
[ty] Render all changed diagnostics in conformance.py (<a
href="https://redirect.github.com/astral-sh/ruff/issues/23613">#23613</a>)</li>
<li><a
href="4926bd5820"><code>4926bd5</code></a>
[ty] Split deferred checks out of <code>types/infer/builder.rs</code>
(<a
href="https://redirect.github.com/astral-sh/ruff/issues/23740">#23740</a>)</li>
<li><a
href="9a70f5eb2f"><code>9a70f5e</code></a>
Discover markdown files by default in preview mode (<a
href="https://redirect.github.com/astral-sh/ruff/issues/23434">#23434</a>)</li>
<li><a
href="3dc78b0a84"><code>3dc78b0</code></a>
[ty] Use <code>HasOptionalDefinition</code> for <code>except</code>
handlers (<a
href="https://redirect.github.com/astral-sh/ruff/issues/23739">#23739</a>)</li>
<li><a
href="a6a5e8d10b"><code>a6a5e8d</code></a>
[ty] Fix precedence of <code>all</code> selector in TOML configurations
(<a
href="https://redirect.github.com/astral-sh/ruff/issues/23723">#23723</a>)</li>
<li><a
href="2a5384b0b6"><code>2a5384b</code></a>
[ty] Make <code>all</code> selector case sensitive (<a
href="https://redirect.github.com/astral-sh/ruff/issues/23713">#23713</a>)</li>
<li><a
href="db77d7b2ae"><code>db77d7b</code></a>
[ty] Add a diagnostic if a <code>TypeVar</code> is used to specialize a
<code>ParamSpec</code>, or ...</li>
<li><a
href="db2849068f"><code>db28490</code></a>
[ty] Override home directory in ty tests (<a
href="https://redirect.github.com/astral-sh/ruff/issues/23724">#23724</a>)</li>
<li><a
href="5f0fd91a23"><code>5f0fd91</code></a>
[ty] More type-variable default validation (<a
href="https://redirect.github.com/astral-sh/ruff/issues/23639">#23639</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/astral-sh/ruff/compare/0.15.4...0.15.5">compare
view</a></li>
</ul>
</details>
<br />

Updates `langchain-core` from 1.2.16 to 1.2.17
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langchain/releases">langchain-core's
releases</a>.</em></p>
<blockquote>
<h2>langchain-core==1.2.17</h2>
<p>Changes since langchain-core==1.2.16</p>
<p>release(core): 1.2.17 (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/35527">#35527</a>)
fix(core): extract usage metadata from serialized tracer message outputs
(<a
href="https://redirect.github.com/langchain-ai/langchain/issues/35526">#35526</a>)
chore: bump the langchain-deps group across 3 directories with 7 updates
(<a
href="https://redirect.github.com/langchain-ai/langchain/issues/35513">#35513</a>)
chore: bump the langchain-deps group across 3 directories with 14
updates (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/35441">#35441</a>)</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cdf140e77d"><code>cdf140e</code></a>
release(core): 1.2.17 (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/35527">#35527</a>)</li>
<li><a
href="61fd90a2f3"><code>61fd90a</code></a>
fix(core): extract usage metadata from serialized tracer message outputs
(<a
href="https://redirect.github.com/langchain-ai/langchain/issues/35">#35</a>...</li>
<li><a
href="d2c86df128"><code>d2c86df</code></a>
fix(huggingface): switch integration test provider to together (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/35525">#35525</a>)</li>
<li><a
href="da092cf093"><code>da092cf</code></a>
Change logo width in README.md</li>
<li><a
href="ac9295761a"><code>ac92957</code></a>
fix(huggingface): resolve huggingface-hub 1.x compat (<a
href="https://redirect.github.com/langchain-ai/langchain/issues/35524">#35524</a>)</li>
<li><a
href="357fbdd40c"><code>357fbdd</code></a>
Update heading in README to reflect platform focus</li>
<li><a
href="a0bc522887"><code>a0bc522</code></a>
Swap logo images for light and dark themes</li>
<li><a
href="8450b51d2c"><code>8450b51</code></a>
Add files via upload</li>
<li><a
href="cf518216f7"><code>cf51821</code></a>
Add files via upload</li>
<li><a
href="6d39b72892"><code>6d39b72</code></a>
fix(huggingface): bump transformers and sentence-transformers lower
bounds (#...</li>
<li>Additional commits viewable in <a
href="https://github.com/langchain-ai/langchain/compare/langchain-core==1.2.16...langchain-core==1.2.17">compare
view</a></li>
</ul>
</details>
<br />

Updates `ruff` from 0.15.4 to 0.15.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/releases">ruff's
releases</a>.</em></p>
<blockquote>
<h2>0.15.5</h2>
<h2>Release Notes</h2>
<p>Released on 2026-03-05.</p>
<h3>Preview features</h3>
<ul>
<li>Discover Markdown files by default in preview mode (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23434">#23434</a>)</li>
<li>[<code>perflint</code>] Extend <code>PERF102</code> to
comprehensions and generators (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23473">#23473</a>)</li>
<li>[<code>refurb</code>] Fix <code>FURB101</code> and
<code>FURB103</code> false positives when I/O variable is used later (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23542">#23542</a>)</li>
<li>[<code>ruff</code>] Add fix for
<code>none-not-at-end-of-union</code> (<code>RUF036</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/22829">#22829</a>)</li>
<li>[<code>ruff</code>] Fix false positive for <code>re.split</code>
with empty string pattern (<code>RUF055</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23634">#23634</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>[<code>fastapi</code>] Handle callable class dependencies with
<code>__call__</code> method (<code>FAST003</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23553">#23553</a>)</li>
<li>[<code>pydocstyle</code>] Fix numpy section ordering
(<code>D420</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23685">#23685</a>)</li>
<li>[<code>pyflakes</code>] Fix false positive for names shadowing
re-exports (<code>F811</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23356">#23356</a>)</li>
<li>[<code>pyupgrade</code>] Avoid inserting redundant <code>None</code>
elements in <code>UP045</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23459">#23459</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Document extension mapping for Markdown code formatting (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23574">#23574</a>)</li>
<li>Update default Python version examples (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23605">#23605</a>)</li>
</ul>
<h3>Other changes</h3>
<ul>
<li>Publish releases to Astral mirror (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23616">#23616</a>)</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a
href="https://github.com/amyreese"><code>@​amyreese</code></a></li>
<li><a
href="https://github.com/stakeswky"><code>@​stakeswky</code></a></li>
<li><a
href="https://github.com/chirizxc"><code>@​chirizxc</code></a></li>
<li><a
href="https://github.com/anishgirianish"><code>@​anishgirianish</code></a></li>
<li><a href="https://github.com/bxff"><code>@​bxff</code></a></li>
<li><a href="https://github.com/zsol"><code>@​zsol</code></a></li>
<li><a
href="https://github.com/charliermarsh"><code>@​charliermarsh</code></a></li>
<li><a href="https://github.com/ntBre"><code>@​ntBre</code></a></li>
<li><a
href="https://github.com/kar-ganap"><code>@​kar-ganap</code></a></li>
</ul>
<h2>Install ruff 0.15.5</h2>
<h3>Install prebuilt binaries via shell script</h3>
<pre lang="sh"><code>curl --proto '=https' --tlsv1.2 -LsSf
https://github.com/astral-sh/ruff/releases/download/0.15.5/ruff-installer.sh
| sh
</code></pre>
<h3>Install prebuilt binaries via powershell script</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md">ruff's
changelog</a>.</em></p>
<blockquote>
<h2>0.15.5</h2>
<p>Released on 2026-03-05.</p>
<h3>Preview features</h3>
<ul>
<li>Discover Markdown files by default in preview mode (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23434">#23434</a>)</li>
<li>[<code>perflint</code>] Extend <code>PERF102</code> to
comprehensions and generators (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23473">#23473</a>)</li>
<li>[<code>refurb</code>] Fix <code>FURB101</code> and
<code>FURB103</code> false positives when I/O variable is used later (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23542">#23542</a>)</li>
<li>[<code>ruff</code>] Add fix for
<code>none-not-at-end-of-union</code> (<code>RUF036</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/22829">#22829</a>)</li>
<li>[<code>ruff</code>] Fix false positive for <code>re.split</code>
with empty string pattern (<code>RUF055</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23634">#23634</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>[<code>fastapi</code>] Handle callable class dependencies with
<code>__call__</code> method (<code>FAST003</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23553">#23553</a>)</li>
<li>[<code>pydocstyle</code>] Fix numpy section ordering
(<code>D420</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23685">#23685</a>)</li>
<li>[<code>pyflakes</code>] Fix false positive for names shadowing
re-exports (<code>F811</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23356">#23356</a>)</li>
<li>[<code>pyupgrade</code>] Avoid inserting redundant <code>None</code>
elements in <code>UP045</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23459">#23459</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Document extension mapping for Markdown code formatting (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23574">#23574</a>)</li>
<li>Update default Python version examples (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23605">#23605</a>)</li>
</ul>
<h3>Other changes</h3>
<ul>
<li>Publish releases to Astral mirror (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23616">#23616</a>)</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a
href="https://github.com/amyreese"><code>@​amyreese</code></a></li>
<li><a
href="https://github.com/stakeswky"><code>@​stakeswky</code></a></li>
<li><a
href="https://github.com/chirizxc"><code>@​chirizxc</code></a></li>
<li><a
href="https://github.com/anishgirianish"><code>@​anishgirianish</code></a></li>
<li><a href="https://github.com/bxff"><code>@​bxff</code></a></li>
<li><a href="https://github.com/zsol"><code>@​zsol</code></a></li>
<li><a
href="https://github.com/charliermarsh"><code>@​charliermarsh</code></a></li>
<li><a href="https://github.com/ntBre"><code>@​ntBre</code></a></li>
<li><a
href="https://github.com/kar-ganap"><code>@​kar-ganap</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5e4a3d9c3b"><code>5e4a3d9</code></a>
Bump 0.15.5 (<a
href="https://redirect.github.com/astral-sh/ruff/issues/23743">#23743</a>)</li>
<li><a
href="69c23cc5a3"><code>69c23cc</code></a>
[ty] Render all changed diagnostics in conformance.py (<a
href="https://redirect.github.com/astral-sh/ruff/issues/23613">#23613</a>)</li>
<li><a
href="4926bd5820"><code>4926bd5</code></a>
[ty] Split deferred checks out of <code>types/infer/builder.rs</code>
(<a
href="https://redirect.github.com/astral-sh/ruff/issues/23740">#23740</a>)</li>
<li><a
href="9a70f5eb2f"><code>9a70f5e</code></a>
Discover markdown files by default in preview mode (<a
href="https://redirect.github.com/astral-sh/ruff/issues/23434">#23434</a>)</li>
<li><a
href="3dc78b0a84"><code>3dc78b0</code></a>
[ty] Use <code>HasOptionalDefinition</code> for <code>except</code>
handlers (<a
href="https://redirect.github.com/astral-sh/ruff/issues/23739">#23739</a>)</li>
<li><a
href="a6a5e8d10b"><code>a6a5e8d</code></a>
[ty] Fix precedence of <code>all</code> selector in TOML configurations
(<a
href="https://redirect.github.com/astral-sh/ruff/issues/23723">#23723</a>)</li>
<li><a
href="2a5384b0b6"><code>2a5384b</code></a>
[ty] Make <code>all</code> selector case sensitive (<a
href="https://redirect.github.com/astral-sh/ruff/issues/23713">#23713</a>)</li>
<li><a
href="db77d7b2ae"><code>db77d7b</code></a>
[ty] Add a diagnostic if a <code>TypeVar</code> is used to specialize a
<code>ParamSpec</code>, or ...</li>
<li><a
href="db2849068f"><code>db28490</code></a>
[ty] Override home directory in ty tests (<a
href="https://redirect.github.com/astral-sh/ruff/issues/23724">#23724</a>)</li>
<li><a
href="5f0fd91a23"><code>5f0fd91</code></a>
[ty] More type-variable default validation (<a
href="https://redirect.github.com/astral-sh/ruff/issues/23639">#23639</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/astral-sh/ruff/compare/0.15.4...0.15.5">compare
view</a></li>
</ul>
</details>
<br />

Updates `transformers` from 5.2.0 to 5.3.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="aad13b87ed"><code>aad13b8</code></a>
v5.3.0</li>
<li><a
href="f6c63a6115"><code>f6c63a6</code></a>
protect imports (<a
href="https://redirect.github.com/huggingface/transformers/issues/44437">#44437</a>)</li>
<li><a
href="fd6bc380c8"><code>fd6bc38</code></a>
[vllm + v5 fix] handle TokenizersBackend fallback properly for v5 (<a
href="https://redirect.github.com/huggingface/transformers/issues/44255">#44255</a>)</li>
<li><a
href="30c480166a"><code>30c4801</code></a>
Fix CLI NameError: name 'TypeAdapter' is not defined (<a
href="https://redirect.github.com/huggingface/transformers/issues/44256">#44256</a>)</li>
<li><a
href="ee4c22078f"><code>ee4c220</code></a>
Enforce min length in some generate tests (<a
href="https://redirect.github.com/huggingface/transformers/issues/44401">#44401</a>)</li>
<li><a
href="a4f3df01aa"><code>a4f3df0</code></a>
[tiny] Add olmo_hybrid to tokenizer auto-mapping (<a
href="https://redirect.github.com/huggingface/transformers/issues/44416">#44416</a>)</li>
<li><a
href="1313588227"><code>1313588</code></a>
Update PR template (<a
href="https://redirect.github.com/huggingface/transformers/issues/44415">#44415</a>)</li>
<li><a
href="7235d44257"><code>7235d44</code></a>
Add eurobert (<a
href="https://redirect.github.com/huggingface/transformers/issues/39455">#39455</a>)</li>
<li><a
href="f60c4e9423"><code>f60c4e9</code></a>
Add Qwen3.5 support for sequence classification (<a
href="https://redirect.github.com/huggingface/transformers/issues/44406">#44406</a>)</li>
<li><a
href="fa7f4b68df"><code>fa7f4b6</code></a>
update the expected output for qwen2_5_vl w/ pytorch 2.10 XPU (<a
href="https://redirect.github.com/huggingface/transformers/issues/44426">#44426</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/huggingface/transformers/compare/v5.2.0...v5.3.0">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-06 07:34:52 +00:00
Mason Daugherty
673737f356 chore: add note to release workflow (#35583) 2026-03-05 22:09:40 +00:00