github/langchain
1
0
Fork 0
mirror of https://github.com/hwchase17/langchain.git synced 2026-06-09 18:50:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
15,776 Commits 1,163 Branches 1,270 Tags
e3a781cc266466e340f7bdd88a88c8639f9050f4
Commit Graph

33 Commits

Author SHA1 Message Date
dependabot[bot]
e3a781cc26 chore: bump python-dotenv from 1.1.1 to 1.2.2 in /libs/partners/chroma (#36926) 
Bumps [python-dotenv](https://github.com/theskumar/python-dotenv) from
1.1.1 to 1.2.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/theskumar/python-dotenv/releases">python-dotenv's
releases</a>.</em></p>
<blockquote>
<h2>v1.2.2</h2>
<h3>Added</h3>
<ul>
<li>Support for Python 3.14, including the free-threaded (3.14t) build.
(#)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>The <code>dotenv run</code> command now forwards flags directly to
the specified command by <a
href="https://github.com/bbc2"><code>@​bbc2</code></a> in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/607">theskumar/python-dotenv#607</a></li>
<li>Improved documentation clarity regarding override behavior and the
reference page.</li>
<li>Updated PyPy support to version 3.11.</li>
<li>Documentation for FIFO file support.</li>
<li>Support for Python 3.9.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Improved <code>set_key</code> and <code>unset_key</code> behavior
when interacting with symlinks by <a
href="https://github.com/bbc2"><code>@​bbc2</code></a> in <a
href="790c5c0299">#790c5</a></li>
<li>Corrected the license specifier and added missing Python 3.14
classifiers in package metadata by <a
href="https://github.com/JYOuyang"><code>@​JYOuyang</code></a> in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/590">theskumar/python-dotenv#590</a></li>
</ul>
<h3>Breaking Changes</h3>
<ul>
<li>
<p><code>dotenv.set_key</code> and <code>dotenv.unset_key</code> used to
follow symlinks in some
situations. This is no longer the case. For that behavior to be restored
in
all cases, <code>follow_symlinks=True</code> should be used.</p>
</li>
<li>
<p>In the CLI, <code>set</code> and <code>unset</code> used to follow
symlinks in some situations. This
is no longer the case.</p>
</li>
<li>
<p><code>dotenv.set_key</code>, <code>dotenv.unset_key</code> and the
CLI commands <code>set</code> and <code>unset</code>
used to reset the file mode of the modified .env file to
<code>0o600</code> in some
situations. This is no longer the case: The original mode of the file is
now
preserved. Is the file needed to be created or wasn't a regular file,
mode
<code>0o600</code> is used.</p>
</li>
</ul>
<h3>Misc</h3>
<ul>
<li>skip 000 permission tests for root user by <a
href="https://github.com/burnout-projects"><code>@​burnout-projects</code></a>
in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/561">theskumar/python-dotenv#561</a></li>
<li>Bump actions/checkout from 5 to 6 in the github-actions group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/593">theskumar/python-dotenv#593</a></li>
<li>Add Windows testing to CI by <a
href="https://github.com/bbc2"><code>@​bbc2</code></a> in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/604">theskumar/python-dotenv#604</a></li>
<li>Improve workflow efficiency with best practices by <a
href="https://github.com/theskumar"><code>@​theskumar</code></a> in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/609">theskumar/python-dotenv#609</a></li>
<li>Remove the use of <code>sh</code> in tests by <a
href="https://github.com/bbc2"><code>@​bbc2</code></a> in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/612">theskumar/python-dotenv#612</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/JYOuyang"><code>@​JYOuyang</code></a>
made their first contribution in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/590">theskumar/python-dotenv#590</a></li>
<li><a
href="https://github.com/burnout-projects"><code>@​burnout-projects</code></a>
made their first contribution in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/561">theskumar/python-dotenv#561</a></li>
<li><a
href="https://github.com/cpackham-atlnz"><code>@​cpackham-atlnz</code></a>
made their first contribution in <a
href="https://redirect.github.com/theskumar/python-dotenv/pull/597">theskumar/python-dotenv#597</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2">https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2</a></p>
<h2>v1.2.1</h2>
<h2>What's Changed</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md">python-dotenv's
changelog</a>.</em></p>
<blockquote>
<h2>[1.2.2] - 2026-03-01</h2>
<h3>Added</h3>
<ul>
<li>Support for Python 3.14, including the free-threaded (3.14t) build.
(<a
href="https://redirect.github.com/theskumar/python-dotenv/issues/588">#588</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>The <code>dotenv run</code> command now forwards flags directly to
the specified command by [<a
href="https://github.com/bbc2"><code>@​bbc2</code></a>] in <a
href="https://redirect.github.com/theskumar/python-dotenv/issues/607">#607</a></li>
<li>Improved documentation clarity regarding override behavior and the
reference page.</li>
<li>Updated PyPy support to version 3.11.</li>
<li>Documentation for FIFO file support.</li>
<li>Dropped Support for Python 3.9.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Improved <code>set_key</code> and <code>unset_key</code> behavior
when interacting with symlinks by [<a
href="https://github.com/bbc2"><code>@​bbc2</code></a>] in
[790c5c0]</li>
<li>Corrected the license specifier and added missing Python 3.14
classifiers in package metadata by [<a
href="https://github.com/JYOuyang"><code>@​JYOuyang</code></a>] in <a
href="https://redirect.github.com/theskumar/python-dotenv/issues/590">#590</a></li>
</ul>
<h3>Breaking Changes</h3>
<ul>
<li>
<p><code>dotenv.set_key</code> and <code>dotenv.unset_key</code> used to
follow symlinks in some
situations. This is no longer the case. For that behavior to be restored
in
all cases, <code>follow_symlinks=True</code> should be used.</p>
</li>
<li>
<p>In the CLI, <code>set</code> and <code>unset</code> used to follow
symlinks in some situations. This
is no longer the case.</p>
</li>
<li>
<p><code>dotenv.set_key</code>, <code>dotenv.unset_key</code> and the
CLI commands <code>set</code> and <code>unset</code>
used to reset the file mode of the modified .env file to
<code>0o600</code> in some
situations. This is no longer the case: The original mode of the file is
now
preserved. Is the file needed to be created or wasn't a regular file,
mode
<code>0o600</code> is used.</p>
</li>
</ul>
<h2>[1.2.1] - 2025-10-26</h2>
<ul>
<li>Move more config to <code>pyproject.toml</code>, removed
<code>setup.cfg</code></li>
<li>Add support for reading <code>.env</code> from FIFOs (Unix) by [<a
href="https://github.com/sidharth-sudhir"><code>@​sidharth-sudhir</code></a>]
in <a
href="https://redirect.github.com/theskumar/python-dotenv/issues/586">#586</a></li>
</ul>
<h2>[1.2.0] - 2025-10-26</h2>
<ul>
<li>Upgrade build system to use PEP 517 &amp; PEP 518 to use
<code>build</code> and <code>pyproject.toml</code> by [<a
href="https://github.com/EpicWink"><code>@​EpicWink</code></a>] in <a
href="https://redirect.github.com/theskumar/python-dotenv/issues/583">#583</a></li>
<li>Add support for Python 3.14 by [<a
href="https://github.com/23f3001135"><code>@​23f3001135</code></a>] in
<a
href="https://redirect.github.com/theskumar/python-dotenv/issues/579">#579</a></li>
<li>Add support for disabling of <code>load_dotenv()</code> using
<code>PYTHON_DOTENV_DISABLED</code> env var. by [<a
href="https://github.com/matthewfranglen"><code>@​matthewfranglen</code></a>]
in <a
href="https://redirect.github.com/theskumar/python-dotenv/issues/569">#569</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="36004e0e34"><code>36004e0</code></a>
Bump version: 1.2.1 → 1.2.2</li>
<li><a
href="eb202520e5"><code>eb20252</code></a>
docs: update changelog for v1.2.2</li>
<li><a
href="790c5c0299"><code>790c5c0</code></a>
Merge commit from fork</li>
<li><a
href="43340da220"><code>43340da</code></a>
Remove the use of <code>sh</code> in tests (<a
href="https://redirect.github.com/theskumar/python-dotenv/issues/612">#612</a>)</li>
<li><a
href="09d7cee324"><code>09d7cee</code></a>
docs: clarify override behavior and document FIFO support (<a
href="https://redirect.github.com/theskumar/python-dotenv/issues/610">#610</a>)</li>
<li><a
href="c8de2887c0"><code>c8de288</code></a>
ci: improve workflow efficiency with best practices (<a
href="https://redirect.github.com/theskumar/python-dotenv/issues/609">#609</a>)</li>
<li><a
href="7bd9e3dbfe"><code>7bd9e3d</code></a>
Add Windows testing to CI (<a
href="https://redirect.github.com/theskumar/python-dotenv/issues/604">#604</a>)</li>
<li><a
href="1baaf04f33"><code>1baaf04</code></a>
Drop Python 3.9 support and update to PyPy 3.11 (<a
href="https://redirect.github.com/theskumar/python-dotenv/issues/608">#608</a>)</li>
<li><a
href="4a22cf8993"><code>4a22cf8</code></a>
ci: enable testing on Python 3.14t (free-threaded) (<a
href="https://redirect.github.com/theskumar/python-dotenv/issues/588">#588</a>)</li>
<li><a
href="e2e8e776b4"><code>e2e8e77</code></a>
Fix license specifier (<a
href="https://redirect.github.com/theskumar/python-dotenv/issues/597">#597</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/theskumar/python-dotenv/compare/v1.1.1...v1.2.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=python-dotenv&package-manager=uv&previous-version=1.1.1&new-version=1.2.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-21 15:05:43 -04:00
Mason Daugherty
7e81d09f2a chore(deps): bump pytest to 9.0.3 (#36801) 
CVE-2025-71176 (medium severity)

All are dev-only (test dependency group) — no impact on published
packages.

### Why syrupy was also bumped

syrupy 4.x (`<5.0.0`) constrains pytest to `<9.0.0`, blocking the CVE
fix. Widening to `<6.0.0` allows syrupy 5.x which supports pytest 9.x.
 2026-04-15 21:46:40 -06:00
dependabot[bot]
9ab05cb63a chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/partners/chroma (#36781) 
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from
0.6.3 to 0.7.31.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.7.31</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(deps-dev): bump langchain-core from 1.2.23 to 1.2.28 in
/python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2692">langchain-ai/langsmith-sdk#2692</a></li>
<li>chore(deps-dev): bump <code>@​anthropic-ai/sdk</code> from 0.82.0 to
0.84.0 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2684">langchain-ai/langsmith-sdk#2684</a></li>
<li>chore(deps): bump cryptography from 46.0.6 to 46.0.7 in /python by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2693">langchain-ai/langsmith-sdk#2693</a></li>
<li>chore(deps-dev): bump <code>@​anthropic-ai/sdk</code> from 0.84.0 to
0.85.0 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2700">langchain-ai/langsmith-sdk#2700</a></li>
<li>feat(py): Tag OpenAI Agent Python SDK runs with ls_agent_type by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2699">langchain-ai/langsmith-sdk#2699</a></li>
<li>feat(js): Adds ls_agent_type metadata to AI SDK runs by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2701">langchain-ai/langsmith-sdk#2701</a></li>
<li>chore(deps-dev): bump types-tqdm from 4.67.3.20260303 to
4.67.3.20260408 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2710">langchain-ai/langsmith-sdk#2710</a></li>
<li>chore(deps): bump pnpm/action-setup from 5 to 6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2705">langchain-ai/langsmith-sdk#2705</a></li>
<li>chore(deps): bump the py-minor-and-patch group across 1 directory
with 10 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2711">langchain-ai/langsmith-sdk#2711</a></li>
<li>chore(deps-dev): bump <code>@​anthropic-ai/sdk</code> from 0.85.0 to
0.86.0 in /js by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2702">langchain-ai/langsmith-sdk#2702</a></li>
<li>chore(deps): bump actions/github-script from 8 to 9 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2706">langchain-ai/langsmith-sdk#2706</a></li>
<li>chore(deps-dev): bump the js-minor-and-patch group across 1
directory with 7 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2712">langchain-ai/langsmith-sdk#2712</a></li>
<li>chore(deps-dev): bump types-psutil from 7.2.2.20260130 to
7.2.2.20260408 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2709">langchain-ai/langsmith-sdk#2709</a></li>
<li>chore(deps-dev): bump rich from 14.3.3 to 15.0.0 in /python by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2708">langchain-ai/langsmith-sdk#2708</a></li>
<li>feat: Filter kwargs from new token events by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2714">langchain-ai/langsmith-sdk#2714</a></li>
<li>release(py): 0.7.31 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2716">langchain-ai/langsmith-sdk#2716</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31</a></p>
<h2>v0.7.30</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(python): add service feature to sandbox by <a
href="https://github.com/DanielKneipp"><code>@​DanielKneipp</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2665">langchain-ai/langsmith-sdk#2665</a></li>
<li>fix(js): Fix prototype pollution bug in anonymizers by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2690">langchain-ai/langsmith-sdk#2690</a></li>
<li>release(js): 0.5.18 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2691">langchain-ai/langsmith-sdk#2691</a></li>
<li>chore(js/sandbox): suppress warning log by <a
href="https://github.com/hntrl"><code>@​hntrl</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2694">langchain-ai/langsmith-sdk#2694</a></li>
<li>feat(js): Add metadata to Claude Agent SDK JS tracing by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2695">langchain-ai/langsmith-sdk#2695</a></li>
<li>fix(py): Fix run tree memory leak by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2696">langchain-ai/langsmith-sdk#2696</a></li>
<li>release(py): 0.7.30 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2698">langchain-ai/langsmith-sdk#2698</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30</a></p>
<h2>v0.7.29</h2>
<h2>What's Changed</h2>
<ul>
<li>release(js): 0.5.17 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2681">langchain-ai/langsmith-sdk#2681</a></li>
<li>feat(py): Fix race condition around Claude Agent SDK instrumentation
by <a href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2685">langchain-ai/langsmith-sdk#2685</a></li>
<li>release(py): 0.7.29 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2686">langchain-ai/langsmith-sdk#2686</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29">https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29</a></p>
<h2>v0.7.28</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(py): Support subagent tracing in Claude Agents SDK, fix usage
and duplicate messages by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2670">langchain-ai/langsmith-sdk#2670</a></li>
<li>chore(deps-dev): bump the py-minor-and-patch group across 1
directory with 11 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2677">langchain-ai/langsmith-sdk#2677</a></li>
<li>chore(deps-dev): bump the js-minor-and-patch group across 1
directory with 8 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2667">langchain-ai/langsmith-sdk#2667</a></li>
<li>chore(deps): bump pnpm/action-setup from 4 to 5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2658">langchain-ai/langsmith-sdk#2658</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/langchain-ai/langsmith-sdk/commits/v0.7.31">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=langsmith&package-manager=uv&previous-version=0.6.3&new-version=0.7.31)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-15 20:09:10 -06:00
John Kennedy
0f4f3f74c8 chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385) 
## Summary

Bumps `pygments` to `>=2.20.0` across all 21 affected packages to
address [CVE-2026-4539](https://github.com/advisories/GHSA-XXXX) — ReDoS
via inefficient GUID regex in Pygments.

- **Severity:** Low
- **Fixed in:** 2.20.0 (was 2.19.2)
- **Change:** Added `pygments>=2.20.0` to `constraint-dependencies` in
`[tool.uv]` for each package, then ran `uv lock --upgrade-package
pygments` to regenerate lock files.

Closes Dependabot alerts #3435–#3455.

## Release Note
Patch deps

### Test Plan
 - [x] CI Green 🙏

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-30 23:26:59 -04:00
Christophe Bornet
494b760028 fix(chroma): fix Python 3.14 support in langchain-chroma (#36199) 
Latest chromadb version supports Python 3.14 and pydantic 3.12.

Co-authored-by: Mason Daugherty <mason@langchain.dev>
 2026-03-27 15:40:42 -04:00
dependabot[bot]
1122a57f14 chore: bump requests from 2.32.5 to 2.33.0 in /libs/partners/chroma (#36257) 
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [requests](https://github.com/psf/requests) from 2.32.5 to 2.33.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/releases">requests's
releases</a>.</em></p>
<blockquote>
<h2>v2.33.0</h2>
<h2>2.33.0 (2026-03-25)</h2>
<p><strong>Announcements</strong></p>
<ul>
<li>📣 Requests is adding inline types. If you have a typed code base
that uses Requests, please take a look at <a
href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>.
Give it a try, and report any gaps or feedback you may have in the
issue. 📣</li>
</ul>
<p><strong>Security</strong></p>
<ul>
<li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now
extracts contents to a non-deterministic location to prevent malicious
file replacement. This does not affect default usage of Requests, only
applications calling the utility function directly.</li>
</ul>
<p><strong>Improvements</strong></p>
<ul>
<li>Migrated to a PEP 517 build system using setuptools. (<a
href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li>
</ul>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Fixed an issue where an empty netrc entry could cause malformed
authentication to be applied to Requests on Python 3.11+. (<a
href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li>
</ul>
<p><strong>Deprecations</strong></p>
<ul>
<li>Dropped support for Python 3.9 following its end of support. (<a
href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li>
</ul>
<p><strong>Documentation</strong></p>
<ul>
<li>Various typo fixes and doc improvements.</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/M0d3v1"><code>@​M0d3v1</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/6865">psf/requests#6865</a></li>
<li><a href="https://github.com/aminvakil"><code>@​aminvakil</code></a>
made their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/7220">psf/requests#7220</a></li>
<li><a href="https://github.com/E8Price"><code>@​E8Price</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/6960">psf/requests#6960</a></li>
<li><a href="https://github.com/mitre88"><code>@​mitre88</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/7244">psf/requests#7244</a></li>
<li><a href="https://github.com/magsen"><code>@​magsen</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/6553">psf/requests#6553</a></li>
<li><a
href="https://github.com/Rohan5commit"><code>@​Rohan5commit</code></a>
made their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/7227">psf/requests#7227</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25">https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's
changelog</a>.</em></p>
<blockquote>
<h2>2.33.0 (2026-03-25)</h2>
<p><strong>Announcements</strong></p>
<ul>
<li>📣 Requests is adding inline types. If you have a typed code base
that
uses Requests, please take a look at <a
href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>.
Give it a try, and report
any gaps or feedback you may have in the issue. 📣</li>
</ul>
<p><strong>Security</strong></p>
<ul>
<li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now
extracts
contents to a non-deterministic location to prevent malicious file
replacement. This does not affect default usage of Requests, only
applications calling the utility function directly.</li>
</ul>
<p><strong>Improvements</strong></p>
<ul>
<li>Migrated to a PEP 517 build system using setuptools. (<a
href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li>
</ul>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Fixed an issue where an empty netrc entry could cause
malformed authentication to be applied to Requests on
Python 3.11+. (<a
href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li>
</ul>
<p><strong>Deprecations</strong></p>
<ul>
<li>Dropped support for Python 3.9 following its end of support. (<a
href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li>
</ul>
<p><strong>Documentation</strong></p>
<ul>
<li>Various typo fixes and doc improvements.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="bc04dfd6da"><code>bc04dfd</code></a>
v2.33.0</li>
<li><a
href="66d21cb07b"><code>66d21cb</code></a>
Merge commit from fork</li>
<li><a
href="8b9bc8fc0f"><code>8b9bc8f</code></a>
Move badges to top of README (<a
href="https://redirect.github.com/psf/requests/issues/7293">#7293</a>)</li>
<li><a
href="e331a288f3"><code>e331a28</code></a>
Remove unused extraction call (<a
href="https://redirect.github.com/psf/requests/issues/7292">#7292</a>)</li>
<li><a
href="753fd08c5e"><code>753fd08</code></a>
docs: fix FAQ grammar in httplib2 example</li>
<li><a
href="774a0b837a"><code>774a0b8</code></a>
docs(socks): same block as other sections</li>
<li><a
href="9c72a41bec"><code>9c72a41</code></a>
Bump github/codeql-action from 4.33.0 to 4.34.1</li>
<li><a
href="ebf7190679"><code>ebf7190</code></a>
Bump github/codeql-action from 4.32.0 to 4.33.0</li>
<li><a
href="0e4ae38f0c"><code>0e4ae38</code></a>
docs: exclude Response.is_permanent_redirect from API docs (<a
href="https://redirect.github.com/psf/requests/issues/7244">#7244</a>)</li>
<li><a
href="d568f47278"><code>d568f47</code></a>
docs: clarify Quickstart POST example (<a
href="https://redirect.github.com/psf/requests/issues/6960">#6960</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/psf/requests/compare/v2.32.5...v2.33.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=requests&package-manager=uv&previous-version=2.32.5&new-version=2.33.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-25 23:05:41 -04:00
dependabot[bot]
313d353646 chore: bump orjson from 3.11.5 to 3.11.6 in /libs/partners/chroma (#35800) 2026-03-13 21:39:44 -04:00
dependabot[bot]
c05a2fb71b chore(deps): bump langsmith from 0.4.31 to 0.6.3 in /libs/partners/chroma (#35165) 
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from
0.4.31 to 0.6.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's
releases</a>.</em></p>
<blockquote>
<h2>v0.6.1</h2>
<h2>What's Changed</h2>
<ul>
<li>ci: test more bundlers by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2263">langchain-ai/langsmith-sdk#2263</a></li>
<li>feat(python sdk): Add support for setting commit tags when pushing a
prompt by <a href="https://github.com/bees"><code>@​bees</code></a> in
<a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2265">langchain-ai/langsmith-sdk#2265</a></li>
<li>feat: Pass in Cache, rename by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2264">langchain-ai/langsmith-sdk#2264</a></li>
<li>chore: bump sdk by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2268">langchain-ai/langsmith-sdk#2268</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.6.0...v0.6.1">https://github.com/langchain-ai/langsmith-sdk/compare/v0.6.0...v0.6.1</a></p>
<h2>v0.6.0</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(js): bump JS to 0.4.3 by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2253">langchain-ai/langsmith-sdk#2253</a></li>
<li>Revert &quot;feat: add js prompt caching&quot; by <a
href="https://github.com/angus-langchain"><code>@​angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2258">langchain-ai/langsmith-sdk#2258</a></li>
<li>Revert &quot;feat: Replace UUID5 with deterministic UUID7 for
replicas&quot; by <a
href="https://github.com/angus-langchain"><code>@​angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2257">langchain-ai/langsmith-sdk#2257</a></li>
<li>release(js): bump to 0.4.4 by <a
href="https://github.com/dqbd"><code>@​dqbd</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2259">langchain-ai/langsmith-sdk#2259</a></li>
<li>feat: add prompt cache back and setup environment tests by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2260">langchain-ai/langsmith-sdk#2260</a></li>
<li>feat(python): Bump pydantic to v2 by <a
href="https://github.com/angus-langchain"><code>@​angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2248">langchain-ai/langsmith-sdk#2248</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.5.2...v0.6.0">https://github.com/langchain-ai/langsmith-sdk/compare/v0.5.2...v0.6.0</a></p>
<h2>v0.6.0rc0</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(js): Add support for tracing AI SDK 6 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2237">langchain-ai/langsmith-sdk#2237</a></li>
<li>fix(js): Remove default Jestlike timeout by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2243">langchain-ai/langsmith-sdk#2243</a></li>
<li>feat(js): Add support for tracing tool loop agent by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2244">langchain-ai/langsmith-sdk#2244</a></li>
<li>feat: Replace UUID5 with deterministic UUID7 for replicas by <a
href="https://github.com/angus-langchain"><code>@​angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2249">langchain-ai/langsmith-sdk#2249</a></li>
<li>feat: add prompt caching to python sdk by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2246">langchain-ai/langsmith-sdk#2246</a></li>
<li>feat: add js prompt caching by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2251">langchain-ai/langsmith-sdk#2251</a></li>
<li>fix(claude): correctly parse llm and tool inputs in claude agent sdk
by <a
href="https://github.com/angus-langchain"><code>@​angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2255">langchain-ai/langsmith-sdk#2255</a></li>
<li>bump(python): 0.5.2 by <a
href="https://github.com/angus-langchain"><code>@​angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2256">langchain-ai/langsmith-sdk#2256</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.5.1...v0.6.0rc0">https://github.com/langchain-ai/langsmith-sdk/compare/v0.5.1...v0.6.0rc0</a></p>
<h2>v0.5.2</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(js): Add support for tracing AI SDK 6 by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2237">langchain-ai/langsmith-sdk#2237</a></li>
<li>fix(js): Remove default Jestlike timeout by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2243">langchain-ai/langsmith-sdk#2243</a></li>
<li>feat(js): Add support for tracing tool loop agent by <a
href="https://github.com/jacoblee93"><code>@​jacoblee93</code></a> in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2244">langchain-ai/langsmith-sdk#2244</a></li>
<li>feat: Replace UUID5 with deterministic UUID7 for replicas by <a
href="https://github.com/angus-langchain"><code>@​angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2249">langchain-ai/langsmith-sdk#2249</a></li>
<li>feat: add prompt caching to python sdk by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2246">langchain-ai/langsmith-sdk#2246</a></li>
<li>feat: add js prompt caching by <a
href="https://github.com/langchain-infra"><code>@​langchain-infra</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2251">langchain-ai/langsmith-sdk#2251</a></li>
<li>fix(claude): correctly parse llm and tool inputs in claude agent sdk
by <a
href="https://github.com/angus-langchain"><code>@​angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2255">langchain-ai/langsmith-sdk#2255</a></li>
<li>bump(python): 0.5.2 by <a
href="https://github.com/angus-langchain"><code>@​angus-langchain</code></a>
in <a
href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2256">langchain-ai/langsmith-sdk#2256</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.5.1...v0.5.2">https://github.com/langchain-ai/langsmith-sdk/compare/v0.5.1...v0.5.2</a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/langchain-ai/langsmith-sdk/commits">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=langsmith&package-manager=uv&previous-version=0.4.31&new-version=0.6.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-10 20:32:29 -08:00
dependabot[bot]
328bf24a4c chore(deps): bump the uv group across 20 directories with 3 updates (#34941) 
Bumps the uv group with 1 update in the /libs/core directory:
[nbconvert](https://github.com/jupyter/nbconvert).
Bumps the uv group with 3 updates in the /libs/langchain directory:
[nbconvert](https://github.com/jupyter/nbconvert),
[orjson](https://github.com/ijl/orjson) and
[protobuf](https://github.com/protocolbuffers/protobuf).
Bumps the uv group with 2 updates in the /libs/langchain_v1 directory:
[orjson](https://github.com/ijl/orjson) and
[protobuf](https://github.com/protocolbuffers/protobuf).
Bumps the uv group with 1 update in the /libs/model-profiles directory:
[orjson](https://github.com/ijl/orjson).
Bumps the uv group with 1 update in the /libs/partners/anthropic
directory: [orjson](https://github.com/ijl/orjson).
Bumps the uv group with 2 updates in the /libs/partners/chroma
directory: [orjson](https://github.com/ijl/orjson) and
[protobuf](https://github.com/protocolbuffers/protobuf).
Bumps the uv group with 1 update in the /libs/partners/deepseek
directory: [orjson](https://github.com/ijl/orjson).
Bumps the uv group with 1 update in the /libs/partners/exa directory:
[orjson](https://github.com/ijl/orjson).
Bumps the uv group with 1 update in the /libs/partners/fireworks
directory: [orjson](https://github.com/ijl/orjson).
Bumps the uv group with 1 update in the /libs/partners/groq directory:
[orjson](https://github.com/ijl/orjson).
Bumps the uv group with 1 update in the /libs/partners/huggingface
directory: [orjson](https://github.com/ijl/orjson).
Bumps the uv group with 1 update in the /libs/partners/mistralai
directory: [orjson](https://github.com/ijl/orjson).
Bumps the uv group with 1 update in the /libs/partners/nomic directory:
[orjson](https://github.com/ijl/orjson).
Bumps the uv group with 1 update in the /libs/partners/ollama directory:
[orjson](https://github.com/ijl/orjson).
Bumps the uv group with 1 update in the /libs/partners/openai directory:
[orjson](https://github.com/ijl/orjson).
Bumps the uv group with 1 update in the /libs/partners/perplexity
directory: [orjson](https://github.com/ijl/orjson).
Bumps the uv group with 1 update in the /libs/partners/prompty
directory: [orjson](https://github.com/ijl/orjson).
Bumps the uv group with 2 updates in the /libs/partners/qdrant
directory: [orjson](https://github.com/ijl/orjson) and
[protobuf](https://github.com/protocolbuffers/protobuf).
Bumps the uv group with 1 update in the /libs/partners/xai directory:
[orjson](https://github.com/ijl/orjson).
Bumps the uv group with 2 updates in the /libs/text-splitters directory:
[nbconvert](https://github.com/jupyter/nbconvert) and
[orjson](https://github.com/ijl/orjson).

Updates `nbconvert` from 7.16.6 to 7.17.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/jupyter/nbconvert/releases">nbconvert's
releases</a>.</em></p>
<blockquote>
<h2>v7.17.0</h2>
<h2>7.17.0</h2>
<p>(<a
href="https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71">Full
Changelog</a>)</p>
<h3>Enhancements made</h3>
<ul>
<li>Add support for arbitrary browser arguments <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2227">#2227</a>
(<a href="https://github.com/shreve"><code>@​shreve</code></a>, <a
href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
</ul>
<h3>Bugs fixed</h3>
<ul>
<li>Fix QtPNGExporter returning empty bytes on macOS <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2264">#2264</a>
(<a href="https://github.com/h3pdesign"><code>@​h3pdesign</code></a>, <a
href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/QuLogic"><code>@​QuLogic</code></a>)</li>
<li>Fix CVE-2025-53000: Secure Inkscape Windows path (registry first +
block CWD) <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2261">#2261</a>
(<a href="https://github.com/h3pdesign"><code>@​h3pdesign</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>, <a
href="https://github.com/mberlanda"><code>@​mberlanda</code></a>, <a
href="https://github.com/minrk"><code>@​minrk</code></a>, <a
href="https://github.com/salmankadaya"><code>@​salmankadaya</code></a>,
<a
href="https://github.com/th3gowtham"><code>@​th3gowtham</code></a>)</li>
<li>Fix get_export_names and get_exporter default args <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2228">#2228</a>
(<a href="https://github.com/shreve"><code>@​shreve</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
<li>PyPA-Compliant Summary <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2226">#2226</a>
(<a
href="https://github.com/hackowitz-af"><code>@​hackowitz-af</code></a>,
<a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
</ul>
<h3>Maintenance and upkeep improvements</h3>
<ul>
<li>avoid cov environment on free-threaded Pythons <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2267">#2267</a>
(<a href="https://github.com/minrk"><code>@​minrk</code></a>)</li>
<li>update pre-commit, and fix all issues. <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2238">#2238</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
<li>Drop test on 3.9, test on 3.13, 3.14, 3.14t <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2237">#2237</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
<li>Bump the actions group across 1 directory with 2 updates <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2231">#2231</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
<li>Replace <code>@flaky.flaky</code> decorate with pytest marker <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2229">#2229</a>
(<a href="https://github.com/mgorny"><code>@​mgorny</code></a>, <a
href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
<li>update to mermaid 11.10.0 <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2224">#2224</a>
(<a href="https://github.com/bollwyvl"><code>@​bollwyvl</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
<li>Drop support for Python 3.8, fix the CI tests <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2221">#2221</a>
(<a href="https://github.com/shreve"><code>@​shreve</code></a>, <a
href="https://github.com/minrk"><code>@​minrk</code></a>)</li>
</ul>
<h3>Documentation improvements</h3>
<ul>
<li>Use <code>intersphinx_registry</code> <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2232">#2232</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
</ul>
<h3>Contributors to this release</h3>
<p>The following people contributed discussions, new ideas, code and
documentation contributions, and review.
See <a
href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our
definition of contributors</a>.</p>
<p>(<a
href="https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28&amp;to=2026-01-29&amp;type=c">GitHub
contributors page for this release</a>)</p>
<p><a href="https://github.com/bollwyvl"><code>@​bollwyvl</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/Carreau"><code>@​Carreau</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/h3pdesign"><code>@​h3pdesign</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a
href="https://github.com/hackowitz-af"><code>@​hackowitz-af</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/krassowski"><code>@​krassowski</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/mberlanda"><code>@​mberlanda</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/mgorny"><code>@​mgorny</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/minrk"><code>@​minrk</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/MSeal"><code>@​MSeal</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/QuLogic"><code>@​QuLogic</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a
href="https://github.com/salmankadaya"><code>@​salmankadaya</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/shreve"><code>@​shreve</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/th3gowtham"><code>@​th3gowtham</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/jupyter/nbconvert/blob/main/CHANGELOG.md">nbconvert's
changelog</a>.</em></p>
<blockquote>
<h2>7.17.0</h2>
<p>(<a
href="https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71">Full
Changelog</a>)</p>
<h3>Enhancements made</h3>
<ul>
<li>Add support for arbitrary browser arguments <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2227">#2227</a>
(<a href="https://github.com/shreve"><code>@​shreve</code></a>, <a
href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
</ul>
<h3>Bugs fixed</h3>
<ul>
<li>Fix QtPNGExporter returning empty bytes on macOS <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2264">#2264</a>
(<a href="https://github.com/h3pdesign"><code>@​h3pdesign</code></a>, <a
href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/QuLogic"><code>@​QuLogic</code></a>)</li>
<li>Fix CVE-2025-53000: Secure Inkscape Windows path (registry first +
block CWD) <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2261">#2261</a>
(<a href="https://github.com/h3pdesign"><code>@​h3pdesign</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>, <a
href="https://github.com/mberlanda"><code>@​mberlanda</code></a>, <a
href="https://github.com/minrk"><code>@​minrk</code></a>, <a
href="https://github.com/salmankadaya"><code>@​salmankadaya</code></a>,
<a
href="https://github.com/th3gowtham"><code>@​th3gowtham</code></a>)</li>
<li>Fix get_export_names and get_exporter default args <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2228">#2228</a>
(<a href="https://github.com/shreve"><code>@​shreve</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
<li>PyPA-Compliant Summary <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2226">#2226</a>
(<a
href="https://github.com/hackowitz-af"><code>@​hackowitz-af</code></a>,
<a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
</ul>
<h3>Maintenance and upkeep improvements</h3>
<ul>
<li>avoid cov environment on free-threaded Pythons <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2267">#2267</a>
(<a href="https://github.com/minrk"><code>@​minrk</code></a>)</li>
<li>update pre-commit, and fix all issues. <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2238">#2238</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
<li>Drop test on 3.9, test on 3.13, 3.14, 3.14t <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2237">#2237</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
<li>Bump the actions group across 1 directory with 2 updates <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2231">#2231</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
<li>Replace <code>@flaky.flaky</code> decorate with pytest marker <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2229">#2229</a>
(<a href="https://github.com/mgorny"><code>@​mgorny</code></a>, <a
href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
<li>update to mermaid 11.10.0 <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2224">#2224</a>
(<a href="https://github.com/bollwyvl"><code>@​bollwyvl</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
<li>Drop support for Python 3.8, fix the CI tests <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2221">#2221</a>
(<a href="https://github.com/shreve"><code>@​shreve</code></a>, <a
href="https://github.com/minrk"><code>@​minrk</code></a>)</li>
</ul>
<h3>Documentation improvements</h3>
<ul>
<li>Use <code>intersphinx_registry</code> <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2232">#2232</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
</ul>
<h3>Contributors to this release</h3>
<p>The following people contributed discussions, new ideas, code and
documentation contributions, and review.
See <a
href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our
definition of contributors</a>.</p>
<p>(<a
href="https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28&amp;to=2026-01-29&amp;type=c">GitHub
contributors page for this release</a>)</p>
<p><a href="https://github.com/bollwyvl"><code>@​bollwyvl</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/Carreau"><code>@​Carreau</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/h3pdesign"><code>@​h3pdesign</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a
href="https://github.com/hackowitz-af"><code>@​hackowitz-af</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/krassowski"><code>@​krassowski</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/mberlanda"><code>@​mberlanda</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/mgorny"><code>@​mgorny</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/minrk"><code>@​minrk</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/MSeal"><code>@​MSeal</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/QuLogic"><code>@​QuLogic</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a
href="https://github.com/salmankadaya"><code>@​salmankadaya</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/shreve"><code>@​shreve</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/th3gowtham"><code>@​th3gowtham</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)</p>
<!-- raw HTML omitted -->
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="21b35d85b4"><code>21b35d8</code></a>
Publish 7.17.0</li>
<li><a
href="c9ac1d1040"><code>c9ac1d1</code></a>
Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block
CWD)...</li>
<li><a
href="b13276d80a"><code>b13276d</code></a>
avoid cov environment on free-threaded Pythons (<a
href="https://redirect.github.com/jupyter/nbconvert/issues/2267">#2267</a>)</li>
<li><a
href="7c7055fe83"><code>7c7055f</code></a>
[pre-commit.ci] auto fixes from pre-commit.com hooks</li>
<li><a
href="74f3ddd37e"><code>74f3ddd</code></a>
Fix QtPNGExporter returning empty bytes on macOS</li>
<li><a
href="216550b2aa"><code>216550b</code></a>
fix links</li>
<li><a
href="39777ac571"><code>39777ac</code></a>
try to comment fialing test</li>
<li><a
href="7b591ca526"><code>7b591ca</code></a>
ruff-check</li>
<li><a
href="6ec7638a3d"><code>6ec7638</code></a>
parent</li>
<li><a
href="59414b36f9"><code>59414b3</code></a>
fix mypy</li>
<li>Additional commits viewable in <a
href="https://github.com/jupyter/nbconvert/compare/v7.16.6...v7.17.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `nbconvert` from 7.16.6 to 7.17.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/jupyter/nbconvert/releases">nbconvert's
releases</a>.</em></p>
<blockquote>
<h2>v7.17.0</h2>
<h2>7.17.0</h2>
<p>(<a
href="https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71">Full
Changelog</a>)</p>
<h3>Enhancements made</h3>
<ul>
<li>Add support for arbitrary browser arguments <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2227">#2227</a>
(<a href="https://github.com/shreve"><code>@​shreve</code></a>, <a
href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
</ul>
<h3>Bugs fixed</h3>
<ul>
<li>Fix QtPNGExporter returning empty bytes on macOS <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2264">#2264</a>
(<a href="https://github.com/h3pdesign"><code>@​h3pdesign</code></a>, <a
href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/QuLogic"><code>@​QuLogic</code></a>)</li>
<li>Fix CVE-2025-53000: Secure Inkscape Windows path (registry first +
block CWD) <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2261">#2261</a>
(<a href="https://github.com/h3pdesign"><code>@​h3pdesign</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>, <a
href="https://github.com/mberlanda"><code>@​mberlanda</code></a>, <a
href="https://github.com/minrk"><code>@​minrk</code></a>, <a
href="https://github.com/salmankadaya"><code>@​salmankadaya</code></a>,
<a
href="https://github.com/th3gowtham"><code>@​th3gowtham</code></a>)</li>
<li>Fix get_export_names and get_exporter default args <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2228">#2228</a>
(<a href="https://github.com/shreve"><code>@​shreve</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
<li>PyPA-Compliant Summary <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2226">#2226</a>
(<a
href="https://github.com/hackowitz-af"><code>@​hackowitz-af</code></a>,
<a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
</ul>
<h3>Maintenance and upkeep improvements</h3>
<ul>
<li>avoid cov environment on free-threaded Pythons <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2267">#2267</a>
(<a href="https://github.com/minrk"><code>@​minrk</code></a>)</li>
<li>update pre-commit, and fix all issues. <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2238">#2238</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
<li>Drop test on 3.9, test on 3.13, 3.14, 3.14t <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2237">#2237</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
<li>Bump the actions group across 1 directory with 2 updates <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2231">#2231</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
<li>Replace <code>@flaky.flaky</code> decorate with pytest marker <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2229">#2229</a>
(<a href="https://github.com/mgorny"><code>@​mgorny</code></a>, <a
href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
<li>update to mermaid 11.10.0 <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2224">#2224</a>
(<a href="https://github.com/bollwyvl"><code>@​bollwyvl</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
<li>Drop support for Python 3.8, fix the CI tests <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2221">#2221</a>
(<a href="https://github.com/shreve"><code>@​shreve</code></a>, <a
href="https://github.com/minrk"><code>@​minrk</code></a>)</li>
</ul>
<h3>Documentation improvements</h3>
<ul>
<li>Use <code>intersphinx_registry</code> <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2232">#2232</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
</ul>
<h3>Contributors to this release</h3>
<p>The following people contributed discussions, new ideas, code and
documentation contributions, and review.
See <a
href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our
definition of contributors</a>.</p>
<p>(<a
href="https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28&amp;to=2026-01-29&amp;type=c">GitHub
contributors page for this release</a>)</p>
<p><a href="https://github.com/bollwyvl"><code>@​bollwyvl</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/Carreau"><code>@​Carreau</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/h3pdesign"><code>@​h3pdesign</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a
href="https://github.com/hackowitz-af"><code>@​hackowitz-af</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/krassowski"><code>@​krassowski</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/mberlanda"><code>@​mberlanda</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/mgorny"><code>@​mgorny</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/minrk"><code>@​minrk</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/MSeal"><code>@​MSeal</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/QuLogic"><code>@​QuLogic</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a
href="https://github.com/salmankadaya"><code>@​salmankadaya</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/shreve"><code>@​shreve</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/th3gowtham"><code>@​th3gowtham</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/jupyter/nbconvert/blob/main/CHANGELOG.md">nbconvert's
changelog</a>.</em></p>
<blockquote>
<h2>7.17.0</h2>
<p>(<a
href="https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71">Full
Changelog</a>)</p>
<h3>Enhancements made</h3>
<ul>
<li>Add support for arbitrary browser arguments <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2227">#2227</a>
(<a href="https://github.com/shreve"><code>@​shreve</code></a>, <a
href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
</ul>
<h3>Bugs fixed</h3>
<ul>
<li>Fix QtPNGExporter returning empty bytes on macOS <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2264">#2264</a>
(<a href="https://github.com/h3pdesign"><code>@​h3pdesign</code></a>, <a
href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/QuLogic"><code>@​QuLogic</code></a>)</li>
<li>Fix CVE-2025-53000: Secure Inkscape Windows path (registry first +
block CWD) <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2261">#2261</a>
(<a href="https://github.com/h3pdesign"><code>@​h3pdesign</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>, <a
href="https://github.com/mberlanda"><code>@​mberlanda</code></a>, <a
href="https://github.com/minrk"><code>@​minrk</code></a>, <a
href="https://github.com/salmankadaya"><code>@​salmankadaya</code></a>,
<a
href="https://github.com/th3gowtham"><code>@​th3gowtham</code></a>)</li>
<li>Fix get_export_names and get_exporter default args <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2228">#2228</a>
(<a href="https://github.com/shreve"><code>@​shreve</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
<li>PyPA-Compliant Summary <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2226">#2226</a>
(<a
href="https://github.com/hackowitz-af"><code>@​hackowitz-af</code></a>,
<a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
</ul>
<h3>Maintenance and upkeep improvements</h3>
<ul>
<li>avoid cov environment on free-threaded Pythons <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2267">#2267</a>
(<a href="https://github.com/minrk"><code>@​minrk</code></a>)</li>
<li>update pre-commit, and fix all issues. <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2238">#2238</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
<li>Drop test on 3.9, test on 3.13, 3.14, 3.14t <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2237">#2237</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
<li>Bump the actions group across 1 directory with 2 updates <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2231">#2231</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
<li>Replace <code>@flaky.flaky</code> decorate with pytest marker <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2229">#2229</a>
(<a href="https://github.com/mgorny"><code>@​mgorny</code></a>, <a
href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li>
<li>update to mermaid 11.10.0 <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2224">#2224</a>
(<a href="https://github.com/bollwyvl"><code>@​bollwyvl</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
<li>Drop support for Python 3.8, fix the CI tests <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2221">#2221</a>
(<a href="https://github.com/shreve"><code>@​shreve</code></a>, <a
href="https://github.com/minrk"><code>@​minrk</code></a>)</li>
</ul>
<h3>Documentation improvements</h3>
<ul>
<li>Use <code>intersphinx_registry</code> <a
href="https://redirect.github.com/jupyter/nbconvert/pull/2232">#2232</a>
(<a href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a
href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li>
</ul>
<h3>Contributors to this release</h3>
<p>The following people contributed discussions, new ideas, code and
documentation contributions, and review.
See <a
href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our
definition of contributors</a>.</p>
<p>(<a
href="https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28&amp;to=2026-01-29&amp;type=c">GitHub
contributors page for this release</a>)</p>
<p><a href="https://github.com/bollwyvl"><code>@​bollwyvl</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/Carreau"><code>@​Carreau</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/h3pdesign"><code>@​h3pdesign</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a
href="https://github.com/hackowitz-af"><code>@​hackowitz-af</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/krassowski"><code>@​krassowski</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/mberlanda"><code>@​mberlanda</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/mgorny"><code>@​mgorny</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/minrk"><code>@​minrk</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/MSeal"><code>@​MSeal</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/QuLogic"><code>@​QuLogic</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a
href="https://github.com/salmankadaya"><code>@​salmankadaya</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/shreve"><code>@​shreve</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)
| <a href="https://github.com/th3gowtham"><code>@​th3gowtham</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29&amp;type=Issues">activity</a>)</p>
<!-- raw HTML omitted -->
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="21b35d85b4"><code>21b35d8</code></a>
Publish 7.17.0</li>
<li><a
href="c9ac1d1040"><code>c9ac1d1</code></a>
Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block
CWD)...</li>
<li><a
href="b13276d80a"><code>b13276d</code></a>
avoid cov environment on free-threaded Pythons (<a
href="https://redirect.github.com/jupyter/nbconvert/issues/2267">#2267</a>)</li>
<li><a
href="7c7055fe83"><code>7c7055f</code></a>
[pre-commit.ci] auto fixes from pre-commit.com hooks</li>
<li><a
href="74f3ddd37e"><code>74f3ddd</code></a>
Fix QtPNGExporter returning empty bytes on macOS</li>
<li><a
href="216550b2aa"><code>216550b</code></a>
fix links</li>
<li><a
href="39777ac571"><code>39777ac</code></a>
try to comment fialing test</li>
<li><a
href="7b591ca526"><code>7b591ca</code></a>
ruff-check</li>
<li><a
href="6ec7638a3d"><code>6ec7638</code></a>
parent</li>
<li><a
href="59414b36f9"><code>59414b3</code></a>
fix mypy</li>
<li>Additional commits viewable in <a
href="https://github.com/jupyter/nbconvert/compare/v7.16.6...v7.17.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `orjson` from 3.11.3 to 3.11.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ijl/orjson/releases">orjson's
releases</a>.</em></p>
<blockquote>
<h2>3.11.5</h2>
<h3>Changed</h3>
<ul>
<li>Show simple error message instead of traceback when attempting to
build on unsupported Python versions.</li>
</ul>
<h2>3.11.4</h2>
<h3>Changed</h3>
<ul>
<li>ABI compatibility with CPython 3.15 alpha 1.</li>
<li>Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7,
manylinux ppc64le, manylinux s390x.</li>
<li>Build now requires a C compiler.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/ijl/orjson/blob/master/CHANGELOG.md">orjson's
changelog</a>.</em></p>
<blockquote>
<h2>3.11.5 - 2025-12-06</h2>
<h3>Changed</h3>
<ul>
<li>Show simple error message instead of traceback when attempting to
build on unsupported Python versions.</li>
</ul>
<h2>3.11.4 - 2025-10-24</h2>
<h3>Changed</h3>
<ul>
<li>ABI compatibility with CPython 3.15 alpha 1.</li>
<li>Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7,
manylinux ppc64le, manylinux s390x.</li>
<li>Build now requires a C compiler.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fb3eb1f729"><code>fb3eb1f</code></a>
3.11.5</li>
<li><a
href="52688e02c5"><code>52688e0</code></a>
Record contributors in headers</li>
<li><a
href="dc083e87d5"><code>dc083e8</code></a>
Further compatibility and build misc</li>
<li><a
href="18f0186d47"><code>18f0186</code></a>
Compatibility and build misc</li>
<li><a
href="a4fdeb3aff"><code>a4fdeb3</code></a>
3.11.4</li>
<li><a
href="2e80d68afa"><code>2e80d68</code></a>
unlikely to cold_path, remove intrinsics</li>
<li><a
href="27edea92f8"><code>27edea9</code></a>
FFI through crate::ffi, partial non-CPython compatibility</li>
<li><a
href="416a8c9578"><code>416a8c9</code></a>
Unconditionally build yyjson</li>
<li><a
href="c8c1a17dca"><code>c8c1a17</code></a>
edition 2024</li>
<li><a
href="af4179a1fa"><code>af4179a</code></a>
build maintenance, panic_immediate_abort break, test 3.15</li>
<li>See full diff in <a
href="https://github.com/ijl/orjson/compare/3.11.3...3.11.5">compare
view</a></li>
</ul>
</details>
<br />

Updates `protobuf` from 6.32.1 to 6.33.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/protocolbuffers/protobuf/releases">protobuf's
releases</a>.</em></p>
<blockquote>
<h2>Protocol Buffers v34.0-rc1</h2>
<h1>Announcements</h1>
<ul>
<li><strong>This version includes breaking changes to: C++, Objective-C,
PHP, Python.</strong></li>
<li>[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use
equivalent transitive_sources instead (<a
href="0a5c2f6b63</a>)</li>
<li>[C++] Make generator headers private (<a
href="3a2af3510f</a>)</li>
<li>[C++] Add a debug check that the target of CopyFrom is not a
descendant of the source. (<a
href="7a7589823d</a>)</li>
<li>[C++] Add [[nodiscard]] to many APIs. (<a
href="a70115f33f</a>)</li>
<li>[C++] Make the arena-enabled constructors of
<code>RepeatedField</code>, <code>RepeatedPtrField</code>, and
<code>Map</code> private. (<a
href="ef890c3d0c</a>)</li>
<li>[C++] Remove deprecated FieldDescriptor::label() in OSS. Use
is_repeated() or is_required() instead (<a
href="b76faa921f</a>)</li>
<li>[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria
that takes a raw pointer as an argument in favor of the overload that
takes a unique_ptr. Remove macro
PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (<a
href="b115358c64</a>)</li>
<li>[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in
OSS. Use is_repeated() or has_presence() instead (<a
href="68346ec934</a>)</li>
<li>[C++] Remove AddUnusedImportTrackFile() and
ClearUnusedImportTrackFiles(). Remove
PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (<a
href="837a2cd1d6</a>)</li>
<li>[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use
(!is_required() &amp;&amp; !is_repeated()) instead (<a
href="9dbc5d479a</a>)</li>
<li>[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (<a
href="c301c2ca28</a>)</li>
<li>[C++] All entity names have length limit (2afb0dc)</li>
<li>[ObjC] Remove <code>generate_minimal_imports</code> generation
option warning (<a
href="45b1297fda</a>)</li>
<li>[ObjC] Fix nullability annotations on some
<code>GPB*Dictionary</code> types. (<a
href="ea67d6d26a</a>)</li>
<li>[ObjC] Remove <code>-[GPBFieldDescriptor optional]</code> (<a
href="3414dc151e</a>)</li>
<li>[Other] Remove deprecated flag for enabling MSVC support (<a
href="97c979be6e</a>)</li>
<li>[PHP] Remove deprecated PHP APIs (<a
href="9c45014099</a>)</li>
<li>[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use
IsRepeated or isRequired instead. (<a
href="4208121992</a>,
<a
href="cd76e675b1</a>,
<a
href="4208121992</a>)</li>
<li>[PHP] Add PHP typehints for setters and remove redundant GPBUtil
checks (<a
href="https://redirect.github.com/protocolbuffers/protobuf/pull/25296">protocolbuffers/protobuf#25296</a>)
(<a
href="aee03b7892</a>)</li>
<li>[PHP] support default values for editions/proto2 (<a
href="https://redirect.github.com/protocolbuffers/protobuf/pull/25161">protocolbuffers/protobuf#25161</a>)
(<a
href="b01099d563</a>)</li>
<li>[Python] Raise errors in OSS when assign bool to int/enum field in
Python Proto. (<a
href="5b116fe2f1</a>)</li>
<li>[Python] Remove float_format/double_format from python proto
text_format (<a
href="e4854a186e</a>)</li>
<li>[Python] Raise TypeError when convert non-timedelta to Duration, or
convert non-datetime to Timestamp in python proto. (Original code may
raise ArributeError) (<a
href="00aaca1b4d</a>)</li>
<li>[Python] Remove float_precision from python proto json_format (<a
href="f027f1fcd5</a>)</li>
<li>[Python] Remove deprecated FieldDescriptor::label() in OSS. Use
is_repeated() or is_required() instead (<a
href="b76faa921f</a>)</li>
<li>[Python] Remove deprecated FieldDescriptor.label (<a
href="0a8ff55518</a>)</li>
<li>[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts()
(<a
href="c301c2ca28</a>)</li>
<li><a href="https://protobuf.dev/news/">Protobuf News</a> may include
additional announcements or pre-announcements for upcoming changes.</li>
<li><a href="https://protobuf.dev/support/migration/">Migration
Guide</a> may include additional guidance for breaking changes.</li>
</ul>
<h1>Bazel</h1>
<ul>
<li>Fix: cc_toolchain should prefer protoc when prebuilt flag is
flipped. (<a
href="https://redirect.github.com/protocolbuffers/protobuf/issues/25168">#25168</a>)
(<a
href="8c857c3a1c</a>)</li>
<li>Breaking change: Remove deprecated ProtoInfo.transitive_imports. Use
equivalent transitive_sources instead (<a
href="0a5c2f6b63</a>)</li>
<li>Feat(bazel): wire up prebuilt protoc toolchain (<a
href="https://redirect.github.com/protocolbuffers/protobuf/issues/24115">#24115</a>)
(<a
href="cc23698b48</a>)</li>
<li>Migrate <code>proto_descriptor_set</code> (<a
href="https://redirect.github.com/protocolbuffers/protobuf/issues/23369">#23369</a>)
(<a
href="8d4dfdd39a</a>)</li>
</ul>
<h1>Compiler</h1>
<ul>
<li>Ruby codegen: support generation of rbs files (<a
href="https://redirect.github.com/protocolbuffers/protobuf/issues/15633">#15633</a>)
(<a
href="6ebdf851ba</a>)</li>
<li>Avoid collision name problems between a message named
<code>Xyz</code> and a direct sibling enum named <code>XyzView</code>
(<a
href="eba53e8f17</a>)</li>
<li>Generalizing and implementing ValidateFeatureSupport for both
Options and Features during proto parsing (<a
href="ed3c57114d</a>)</li>
<li>Fix a bug with custom features outside of the <code>pb</code>
package. (<a
href="872d3ce7a4</a>)</li>
<li>Fix import option handling when include_imports isn't set. (<a
href="9ef9e80afd</a>)</li>
<li>Fix a bug in STRICT check of namespaced enums to properly check for
'reserved 1 to max' (<a
href="1229d4adba</a>)</li>
<li>Prevent accidental stripping of <code>debug_redact</code> options
via import option. (<a
href="f58b098bff</a>)</li>
</ul>
<h1>C++</h1>
<ul>
<li>Add EnumerateEnumValues function. (<a
href="397d5d99db</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/protocolbuffers/protobuf/commits">compare
view</a></li>
</ul>
</details>
<br />

Updates `orjson` from 3.11.4 to 3.11.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ijl/orjson/releases">orjson's
releases</a>.</em></p>
<blockquote>
<h2>3.11.5</h2>
<h3>Changed</h3>
<ul>
<li>Show simple error message instead of traceback when attempting to
build on unsupported Python versions.</li>
</ul>
<h2>3.11.4</h2>
<h3>Changed</h3>
<ul>
<li>ABI compatibility with CPython 3.15 alpha 1.</li>
<li>Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7,
manylinux ppc64le, manylinux s390x.</li>
<li>Build now requires a C compiler.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/ijl/orjson/blob/master/CHANGELOG.md">orjson's
changelog</a>.</em></p>
<blockquote>
<h2>3.11.5 - 2025-12-06</h2>
<h3>Changed</h3>
<ul>
<li>Show simple error message instead of traceback when attempting to
build on unsupported Python versions.</li>
</ul>
<h2>3.11.4 - 2025-10-24</h2>
<h3>Changed</h3>
<ul>
<li>ABI compatibility with CPython 3.15 alpha 1.</li>
<li>Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7,
manylinux ppc64le, manylinux s390x.</li>
<li>Build now requires a C compiler.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fb3eb1f729"><code>fb3eb1f</code></a>
3.11.5</li>
<li><a
href="52688e02c5"><code>52688e0</code></a>
Record contributors in headers</li>
<li><a
href="dc083e87d5"><code>dc083e8</code></a>
Further compatibility and build misc</li>
<li><a
href="18f0186d47"><code>18f0186</code></a>
Compatibility and build misc</li>
<li><a
href="a4fdeb3aff"><code>a4fdeb3</code></a>
3.11.4</li>
<li><a
href="2e80d68afa"><code>2e80d68</code></a>
unlikely to cold_path, remove intrinsics</li>
<li><a
href="27edea92f8"><code>27edea9</code></a>
FFI through crate::ffi, partial non-CPython compatibility</li>
<li><a
href="416a8c9578"><code>416a8c9</code></a>
Unconditionally build yyjson</li>
<li><a
href="c8c1a17dca"><code>c8c1a17</code></a>
edition 2024</li>
<li><a
href="af4179a1fa"><code>af4179a</code></a>
build maintenance, panic_immediate_abort break, test 3.15</li>
<li>See full diff in <a
href="https://github.com/ijl/orjson/compare/3.11.3...3.11.5">compare
view</a></li>
</ul>
</details>
<br />

Updates `protobuf` from 6.33.1 to 6.33.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/protocolbuffers/protobuf/releases">protobuf's
releases</a>.</em></p>
<blockquote>
<h2>Protocol Buffers v34.0-rc1</h2>
<h1>Announcements</h1>
<ul>
<li><strong>This version includes breaking changes to: C++, Objective-C,
PHP, Python.</strong></li>
<li>[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use
equivalent transitive_sources instead (<a
href="0a5c2f6b63</a>)</li>
<li>[C++] Make generator headers private (<a
href="3a2af3510f</a>)</li>
<li>[C++] Add a debug check that the target of CopyFrom is not a
descendant of the source. (<a
href="7a7589823d</a>)</li>
<li>[C++] Add [[nodiscard]] to many APIs. (<a
href="a70115f33f</a>)</li>
<li>[C++] Make the arena-enabled constructors of
<code>RepeatedField</code>, <code>RepeatedPtrField</code>, and
<code>Map</code> private. (<a
href="ef890c3d0c</a>)</li>
<li>[C++] Remove deprecated FieldDescriptor::label() in OSS. Use
is_repeated() or is_required() instead (<a
href="b76faa921f</a>)</li>
<li>[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria
that takes a raw pointer as an argument in favor of the overload that
takes a unique_ptr. Remove macro
PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (<a
href="b115358c64</a>)</li>
<li>[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in
OSS. Use is_repeated() or has_presence() instead (<a
href="68346ec934</a>)</li>
<li>[C++] Remove AddUnusedImportTrackFile() and
ClearUnusedImportTrackFiles(). Remove
PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (<a
href="837a2cd1d6</a>)</li>
<li>[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use
(!is_required() &amp;&amp; !is_repeated()) instead (<a
href="9dbc5d479a</a>)</li>
<li>[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (<a
href="c301c2ca28</a>)</li>
<li>[C++] All entity names have length limit (2afb0dc)</li>
<li>[ObjC] Remove <code>generate_minimal_imports</code> generation
option warning (<a
href="45b1297fda</a>)</li>
<li>[ObjC] Fix nullability annotations on some
<code>GPB*Dictionary</code> types. (<a
href="ea67d6d26a</a>)</li>
<li>[ObjC] Remove <code>-[GPBFieldDescriptor optional]</code> (<a
href="3414dc151e</a>)</li>
<li>[Other] Remove deprecated flag for enabling MSVC support (<a
href="97c979be6e</a>)</li>
<li>[PHP] Remove deprecated PHP APIs (<a
href="9c45014099</a>)</li>
<li>[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use
IsRepeated or isRequired instead. (<a
href="4208121992</a>,
<a
href="cd76e675b1</a>,
<a
href="4208121992</a>)</li>
<li>[PHP] Add PHP typehints for setters and remove redundant GPBUtil
checks (<a
href="https://redirect.github.com/protocolbuffers/protobuf/pull/25296">protocolbuffers/protobuf#25296</a>)
(<a
href="aee03b7892</a>)</li>
<li>[PHP] support default values for editions/proto2 (<a
href="https://redirect.github.com/protocolbuffers/protobuf/pull/25161">protocolbuffers/protobuf#25161</a>)
(<a
href="b01099d563</a>)</li>
<li>[Python] Raise errors in OSS when assign bool to int/enum field in
Python Proto. (<a
href="5b116fe2f1</a>)</li>
<li>[Python] Remove float_format/double_format from python proto
text_format (<a
href="e4854a186e</a>)</li>
<li>[Python] Raise TypeError when convert non-timedelta to Duration, or
convert non-datetime to Timestamp in python proto. (Original code may
raise ArributeError) (<a
href="00aaca1b4d</a>)</li>
<li>[Python] Remove float_precision from python proto json_format (<a
href="f027f1fcd5</a>)</li>
<li>[Python] Remove deprecated FieldDescriptor::label() in OSS. Use
is_repeated() or is_required() instead (<a
href="b76faa921f</a>)</li>
<li>[Python] Remove deprecated FieldDescriptor.label (<a
href="0a8ff55518</a>)</li>
<li>[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts()
(<a
href="c301c2ca28</a>)</li>
<li><a href="https://protobuf.dev/news/">Protobuf News</a> may include
additional announcements or pre-announcements for upcoming changes.</li>
<li><a href="https://protobuf.dev/support/migration/">Migration
Guide</a> may include additional guidance for breaking changes.</li>
</ul>
<h1>Bazel</h1>
<ul>
<li>Fix: cc_toolchain should prefer protoc when prebuilt flag is
flipped. (<a
href="https://redirect.github.com/protocolbuffers/protobuf/issues/25168">#25168</a>)
(<a
href="8c857c3a1c</a>)</li>
<li>Breaking change: Remove deprecated ProtoInfo.transitive_imports. Use
equivalent transitive_sources instead (<a
href="0a5c2f6b63</a>)</li>
<li>Feat(bazel): wire up prebuilt protoc toolchain (<a
href="https://redirect.github.com/protocolbuffers/protobuf/issues/24115">#24115</a>)
(<a
href="cc23698b48">...

_Description has been truncated_

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: ccurme <chester.curme@gmail.com>
 2026-02-01 11:56:31 -08:00
John Kennedy
c5834cc028 chore: upgrade urllib3 to 2.6.3 (#34940) 2026-01-31 16:30:17 -05:00
dependabot[bot]
89e1594196 chore(deps): bump the uv group across 5 directories with 5 updates (#34785) 
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-16 22:28:13 -05:00
dependabot[bot]
3356d05557 chore(deps): bump the uv group across 3 directories with 1 update (#34741) 
Bumps the uv group with 1 update in the /libs/langchain directory:
[filelock](https://github.com/tox-dev/py-filelock).
Bumps the uv group with 1 update in the /libs/text-splitters directory:
[filelock](https://github.com/tox-dev/py-filelock).
Bumps the uv group with 1 update in the /libs/partners/chroma directory:
[filelock](https://github.com/tox-dev/py-filelock).

Updates `filelock` from 3.19.1 to 3.20.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tox-dev/py-filelock/releases">filelock's
releases</a>.</em></p>
<blockquote>
<h2>3.20.3</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>Fix TOCTOU symlink vulnerability in SoftFileLock by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/465">tox-dev/filelock#465</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3">https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3</a></p>
<h2>3.20.2</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>Support Unix systems without O_NOFOLLOW by <a
href="https://github.com/mwilliamson"><code>@​mwilliamson</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/463">tox-dev/filelock#463</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a
href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a>[bot]
in <a
href="https://redirect.github.com/tox-dev/filelock/pull/464">tox-dev/filelock#464</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/mwilliamson"><code>@​mwilliamson</code></a>
made their first contribution in <a
href="https://redirect.github.com/tox-dev/filelock/pull/463">tox-dev/filelock#463</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2">https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2</a></p>
<h2>3.20.1</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>CVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file
creation by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/461">tox-dev/filelock#461</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1">https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1</a></p>
<h2>3.20.0</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>Add tox.toml to sdist by <a
href="https://github.com/mtelka"><code>@​mtelka</code></a> in <a
href="https://redirect.github.com/tox-dev/filelock/pull/436">tox-dev/filelock#436</a></li>
<li>Update docs with example by <a
href="https://github.com/znichollscr"><code>@​znichollscr</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/438">tox-dev/filelock#438</a></li>
<li>Add 3.14 support and drop 3.9 by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/448">tox-dev/filelock#448</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/mtelka"><code>@​mtelka</code></a> made
their first contribution in <a
href="https://redirect.github.com/tox-dev/filelock/pull/436">tox-dev/filelock#436</a></li>
<li><a
href="https://github.com/znichollscr"><code>@​znichollscr</code></a>
made their first contribution in <a
href="https://redirect.github.com/tox-dev/filelock/pull/438">tox-dev/filelock#438</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.19.1...3.20.0">https://github.com/tox-dev/filelock/compare/3.19.1...3.20.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="41b42dd2c7"><code>41b42dd</code></a>
Fix TOCTOU symlink vulnerability in SoftFileLock (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/465">#465</a>)</li>
<li><a
href="f2e7d4046b"><code>f2e7d40</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/464">#464</a>)</li>
<li><a
href="50888548eb"><code>5088854</code></a>
Support Unix systems without O_NOFOLLOW (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/463">#463</a>)</li>
<li><a
href="377f62251d"><code>377f622</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/460">#460</a>)</li>
<li><a
href="4724d7f8c3"><code>4724d7f</code></a>
Fix TOCTOU symlink vulnerability in lock file creation (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/461">#461</a>)</li>
<li><a
href="cb69414a23"><code>cb69414</code></a>
Bump actions/upload-artifact from 5 to 6 (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/459">#459</a>)</li>
<li><a
href="0769294f14"><code>0769294</code></a>
Bump actions/download-artifact from 6 to 7 (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/458">#458</a>)</li>
<li><a
href="414193a188"><code>414193a</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/457">#457</a>)</li>
<li><a
href="1456797beb"><code>1456797</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/456">#456</a>)</li>
<li><a
href="8d6bf90af3"><code>8d6bf90</code></a>
Bump actions/checkout from 5 to 6 (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/455">#455</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tox-dev/py-filelock/compare/3.19.1...3.20.3">compare
view</a></li>
</ul>
</details>
<br />

Updates `filelock` from 3.19.1 to 3.20.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tox-dev/py-filelock/releases">filelock's
releases</a>.</em></p>
<blockquote>
<h2>3.20.3</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>Fix TOCTOU symlink vulnerability in SoftFileLock by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/465">tox-dev/filelock#465</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3">https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3</a></p>
<h2>3.20.2</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>Support Unix systems without O_NOFOLLOW by <a
href="https://github.com/mwilliamson"><code>@​mwilliamson</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/463">tox-dev/filelock#463</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a
href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a>[bot]
in <a
href="https://redirect.github.com/tox-dev/filelock/pull/464">tox-dev/filelock#464</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/mwilliamson"><code>@​mwilliamson</code></a>
made their first contribution in <a
href="https://redirect.github.com/tox-dev/filelock/pull/463">tox-dev/filelock#463</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2">https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2</a></p>
<h2>3.20.1</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>CVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file
creation by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/461">tox-dev/filelock#461</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1">https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1</a></p>
<h2>3.20.0</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>Add tox.toml to sdist by <a
href="https://github.com/mtelka"><code>@​mtelka</code></a> in <a
href="https://redirect.github.com/tox-dev/filelock/pull/436">tox-dev/filelock#436</a></li>
<li>Update docs with example by <a
href="https://github.com/znichollscr"><code>@​znichollscr</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/438">tox-dev/filelock#438</a></li>
<li>Add 3.14 support and drop 3.9 by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/448">tox-dev/filelock#448</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/mtelka"><code>@​mtelka</code></a> made
their first contribution in <a
href="https://redirect.github.com/tox-dev/filelock/pull/436">tox-dev/filelock#436</a></li>
<li><a
href="https://github.com/znichollscr"><code>@​znichollscr</code></a>
made their first contribution in <a
href="https://redirect.github.com/tox-dev/filelock/pull/438">tox-dev/filelock#438</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.19.1...3.20.0">https://github.com/tox-dev/filelock/compare/3.19.1...3.20.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="41b42dd2c7"><code>41b42dd</code></a>
Fix TOCTOU symlink vulnerability in SoftFileLock (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/465">#465</a>)</li>
<li><a
href="f2e7d4046b"><code>f2e7d40</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/464">#464</a>)</li>
<li><a
href="50888548eb"><code>5088854</code></a>
Support Unix systems without O_NOFOLLOW (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/463">#463</a>)</li>
<li><a
href="377f62251d"><code>377f622</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/460">#460</a>)</li>
<li><a
href="4724d7f8c3"><code>4724d7f</code></a>
Fix TOCTOU symlink vulnerability in lock file creation (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/461">#461</a>)</li>
<li><a
href="cb69414a23"><code>cb69414</code></a>
Bump actions/upload-artifact from 5 to 6 (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/459">#459</a>)</li>
<li><a
href="0769294f14"><code>0769294</code></a>
Bump actions/download-artifact from 6 to 7 (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/458">#458</a>)</li>
<li><a
href="414193a188"><code>414193a</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/457">#457</a>)</li>
<li><a
href="1456797beb"><code>1456797</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/456">#456</a>)</li>
<li><a
href="8d6bf90af3"><code>8d6bf90</code></a>
Bump actions/checkout from 5 to 6 (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/455">#455</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tox-dev/py-filelock/compare/3.19.1...3.20.3">compare
view</a></li>
</ul>
</details>
<br />

Updates `filelock` from 3.19.1 to 3.20.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tox-dev/py-filelock/releases">filelock's
releases</a>.</em></p>
<blockquote>
<h2>3.20.3</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>Fix TOCTOU symlink vulnerability in SoftFileLock by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/465">tox-dev/filelock#465</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3">https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3</a></p>
<h2>3.20.2</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>Support Unix systems without O_NOFOLLOW by <a
href="https://github.com/mwilliamson"><code>@​mwilliamson</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/463">tox-dev/filelock#463</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a
href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a>[bot]
in <a
href="https://redirect.github.com/tox-dev/filelock/pull/464">tox-dev/filelock#464</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/mwilliamson"><code>@​mwilliamson</code></a>
made their first contribution in <a
href="https://redirect.github.com/tox-dev/filelock/pull/463">tox-dev/filelock#463</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2">https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2</a></p>
<h2>3.20.1</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>CVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file
creation by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/461">tox-dev/filelock#461</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1">https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1</a></p>
<h2>3.20.0</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>Add tox.toml to sdist by <a
href="https://github.com/mtelka"><code>@​mtelka</code></a> in <a
href="https://redirect.github.com/tox-dev/filelock/pull/436">tox-dev/filelock#436</a></li>
<li>Update docs with example by <a
href="https://github.com/znichollscr"><code>@​znichollscr</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/438">tox-dev/filelock#438</a></li>
<li>Add 3.14 support and drop 3.9 by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/448">tox-dev/filelock#448</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/mtelka"><code>@​mtelka</code></a> made
their first contribution in <a
href="https://redirect.github.com/tox-dev/filelock/pull/436">tox-dev/filelock#436</a></li>
<li><a
href="https://github.com/znichollscr"><code>@​znichollscr</code></a>
made their first contribution in <a
href="https://redirect.github.com/tox-dev/filelock/pull/438">tox-dev/filelock#438</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.19.1...3.20.0">https://github.com/tox-dev/filelock/compare/3.19.1...3.20.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="41b42dd2c7"><code>41b42dd</code></a>
Fix TOCTOU symlink vulnerability in SoftFileLock (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/465">#465</a>)</li>
<li><a
href="f2e7d4046b"><code>f2e7d40</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/464">#464</a>)</li>
<li><a
href="50888548eb"><code>5088854</code></a>
Support Unix systems without O_NOFOLLOW (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/463">#463</a>)</li>
<li><a
href="377f62251d"><code>377f622</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/460">#460</a>)</li>
<li><a
href="4724d7f8c3"><code>4724d7f</code></a>
Fix TOCTOU symlink vulnerability in lock file creation (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/461">#461</a>)</li>
<li><a
href="cb69414a23"><code>cb69414</code></a>
Bump actions/upload-artifact from 5 to 6 (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/459">#459</a>)</li>
<li><a
href="0769294f14"><code>0769294</code></a>
Bump actions/download-artifact from 6 to 7 (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/458">#458</a>)</li>
<li><a
href="414193a188"><code>414193a</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/457">#457</a>)</li>
<li><a
href="1456797beb"><code>1456797</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/456">#456</a>)</li>
<li><a
href="8d6bf90af3"><code>8d6bf90</code></a>
Bump actions/checkout from 5 to 6 (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/455">#455</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tox-dev/py-filelock/compare/3.19.1...3.20.3">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-13 15:59:08 -05:00
ccurme
bc232e6d03 release(chroma): 1.1 (#34316) 2025-12-12 11:20:47 -05:00
itaismith
be32382d92 feat(chroma): Add Search API (#34273) 2025-12-12 11:14:47 -05:00
Sydney Runkle
78c10f8790 chore: update core dep in lockfiles (#34216) 2025-12-04 15:30:42 -05:00
Mason Daugherty
f1fca4f46f release(chroma): 1.0.0 (#33569) 2025-10-17 11:16:24 -04:00
Mason Daugherty
31eeb50ce0 chore: drop UP045 (#33362) 
Python 3.9 EOL
 2025-10-08 21:17:53 -04:00
Mason Daugherty
86cf3fad4d release(chroma): 1.0.0a1 (#33227) 2025-10-02 19:04:14 -04:00
Christophe Bornet
eaf8dce7c2 chore: bump ruff version to 0.13 (#33043) 
Co-authored-by: Mason Daugherty <mason@langchain.dev>
 2025-09-25 12:27:39 -04:00
Mason Daugherty
781db9d892 chore: update pyproject.toml files, remove codespell (#33028) 
- Removes Codespell from deps, docs, and `Makefile`s
- Python version requirements in all `pyproject.toml` files now use the
`~=` (compatible release) specifier
- All dependency groups and main dependencies now use explicit lower and
upper bounds, reducing potential for breaking changes
 2025-09-20 22:09:33 -04:00
Mason Daugherty
bd765753ca release(chroma): 0.2.6 (#32901) 2025-09-11 15:52:19 -04:00
Mason Daugherty
3d08b6bd11 chore: adress pytest-asyncio deprecation warnings + other nits (#32696) 
amongst some linting imcompatible rules
 2025-08-26 15:51:38 -04:00
ccurme
e41e6ec6aa release(chroma): 0.2.5 (#32183) 2025-07-22 15:24:03 -04:00
Mason Daugherty
4d9eefecab fix: bump lockfiles (#31923) 
* bump lockfiles after upgrading ruff
* resolve resulting linting fixes
 2025-07-08 13:27:55 -04:00
ccurme
14c561e15d infra: relax types-requests version range (#31504) 2025-06-05 18:57:08 +00:00
ccurme
6bbc12b7f7 chroma: release 0.2.4 (#31252) 2025-05-15 15:58:29 -04:00
Jai Radhakrishnan
aa4890c136 partners: update deps for langchain-chroma (#31251) 
Updates dependencies to Chroma to integrate the major release of Chroma
with improved performance, and to fix issues users have been seeing
using the latest chroma docker image with langchain-chroma

https://github.com/langchain-ai/langchain/issues/31047#issuecomment-2850790841
Updates chromadb dependency to >=1.0.9

This also removes the dependency of chroma-hnswlib, meaning it can run
against python 3.13 runners for tests as well.

Tested this by pulling the latest Chroma docker image, running
langchain-chroma using client mode
```
httpClient = chromadb.HttpClient(host="localhost", port=8000)

vector_store = Chroma(
    client=httpClient,
    collection_name="test",
    embedding_function=embeddings,
)
```
 2025-05-15 15:55:15 -04:00
Sydney Runkle
7e926520d5 packaging: remove Python upper bound for langchain and co libs (#31025) 
Follow up to https://github.com/langchain-ai/langsmith-sdk/pull/1696,
I've bumped the `langsmith` version where applicable in `uv.lock`.

Type checking problems here because deps have been updated in
`pyproject.toml` and `uv lock` hasn't been run - we should enforce that
in the future - goes with the other dependabot todos :).
 2025-04-28 14:44:28 -04:00
Sydney Runkle
cf2697ec53 chroma: release 0.2.3 (#30860) 2025-04-15 14:11:23 -04:00
Sydney Runkle
4556b81b1d Clean up numpy dependencies and speed up 3.13 CI with numpy>=2.1.0 (#30714) 
Generally, this PR is CI performance focused + aims to clean up some
dependencies at the same time.

1. Unpins upper bounds for `numpy` in all `pyproject.toml` files where
`numpy` is specified
2. Requires `numpy >= 2.1.0` for Python 3.13 and `numpy > v1.26.0` for
Python 3.12, plus a `numpy` min version bump for `chroma`
3. Speeds up CI by minutes - linting on Python 3.13, installing `numpy <
2.1.0` was taking [~3
minutes](https://github.com/langchain-ai/langchain/actions/runs/14316342925/job/40123305868?pr=30713),
now the entire env setup takes a few seconds
4. Deleted the `numpy` test dependency from partners where that was not
used, specifically `huggingface`, `voyageai`, `xai`, and `nomic`.

It's a bit unfortunate that `langchain-community` depends on `numpy`, we
might want to try to fix that in the future...

Closes https://github.com/langchain-ai/langchain/issues/26026
Fixes https://github.com/langchain-ai/langchain/issues/30555
 2025-04-08 09:45:07 -04:00
Erick Friis
1a225fad03 multiple: fix uv path deps (#29790) 
file:// format wasn't working with updates - it doesn't install as an
editable dep

move to tool.uv.sources with path= instead
 2025-02-13 21:32:34 +00:00
ccurme
16fb1f5371 chroma[patch]: release 0.2.2 (#29769) 
Resolves https://github.com/langchain-ai/langchain/issues/29765
 2025-02-13 02:39:16 +00:00
ccurme
d172984c91 infra: migrate to uv (#29566) 2025-02-06 13:36:26 -05:00