mirror of
https://github.com/hwchase17/langchain.git
synced 2026-06-09 18:50:33 +00:00
f5569e333db0d787b636299ec4b0597c57474166
15888 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
dependabot[bot]
|
3919f3b098 |
chore: update lxml requirement from <7.0,>=4.9.3 to >=6.1.0,<7.0 in /libs/text-splitters (#37126)
Updates the requirements on [lxml](https://github.com/lxml/lxml) to permit the latest version. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/lxml/lxml/blob/master/CHANGES.txt">lxml's changelog</a>.</em></p> <blockquote> <h1>6.1.0 (2026-04-17)</h1> <p>This release fixes a possible external entity injection (XXE) vulnerability in <code>iterparse()</code> and the <code>ETCompatXMLParser</code>.</p> <h2>Features added</h2> <ul> <li> <p>GH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes in <code>lxml.html.defs</code>. This allows <code>lxml_html_clean</code> to pass them through. Patch by oomsveta.</p> </li> <li> <p>The default chunk size for reading from file-likes in <code>iterparse()</code> is now configurable with a new <code>chunk_size</code> argument.</p> </li> </ul> <h2>Bugs fixed</h2> <ul> <li>LP#2146291: The <code>resolve_entities</code> option was still set to <code>True</code> for <code>iterparse</code> and <code>ETCompatXMLParser</code>, allowing for external entity injection (XXE) when using these parsers without setting this option explicitly. The default was now changed to <code>'internal'</code> only (as for the normal XML and HTML parsers since lxml 5.0). Issue found by Sihao Qiu as CVE-2026-41066.</li> </ul> <h1>6.0.4 (2026-04-12)</h1> <h2>Bugs fixed</h2> <ul> <li>LP#2148019: Spurious MemoryError during namespace cleanup.</li> </ul> <h1>6.0.3 (2026-04-09)</h1> <h2>Bugs fixed</h2> <ul> <li> <p>Several out of memory error cases now raise <code>MemoryError</code> that were not handled before.</p> </li> <li> <p>Slicing with large step values (outside of <code>+/- sys.maxsize</code>) could trigger undefined C behaviour.</p> </li> <li> <p>LP#2125399: Some failing tests were fixed or disabled in PyPy.</p> </li> <li> <p>LP#2138421: Memory leak in error cases when setting the <code>public_id</code> or <code>system_url</code> of a document.</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
bf715fac07 |
chore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (#37129)
Bumps [types-pyyaml](https://github.com/python/typeshed) from 6.0.12.20250915 to 6.0.12.20260408. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/python/typeshed/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
dc740fcddd |
chore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/langchain (#37130)
Bumps [types-pyyaml](https://github.com/python/typeshed) from 6.0.12.20250915 to 6.0.12.20260408. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/python/typeshed/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
0f1c2b2902 |
chore: bump types-pytz from 2026.1.1.20260304 to 2026.1.1.20260408 in /libs/langchain (#37131)
Bumps [types-pytz](https://github.com/python/typeshed) from 2026.1.1.20260304 to 2026.1.1.20260408. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/python/typeshed/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
f2d0878d23 |
chore: bump actions/github-script from 8.0.0 to 9.0.0 (#37121)
Bumps [actions/github-script](https://github.com/actions/github-script) from 8.0.0 to 9.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/github-script/releases">actions/github-script's releases</a>.</em></p> <blockquote> <h2>v9.0.0</h2> <p><strong>New features:</strong></p> <ul> <li><strong><code>getOctokit</code> factory function</strong> — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See <a href="https://github.com/actions/github-script#creating-additional-clients-with-getoctokit">Creating additional clients with <code>getOctokit</code></a> for details and examples.</li> <li><strong>Orchestration ID in user-agent</strong> — The <code>ACTIONS_ORCHESTRATION_ID</code> environment variable is automatically appended to the user-agent string for request tracing.</li> </ul> <p><strong>Breaking changes:</strong></p> <ul> <li><strong><code>require('@actions/github')</code> no longer works in scripts.</strong> The upgrade to <code>@actions/github</code> v9 (ESM-only) means <code>require('@actions/github')</code> will fail at runtime. If you previously used patterns like <code>const { getOctokit } = require('@actions/github')</code> to create secondary clients, use the new injected <code>getOctokit</code> function instead — it's available directly in the script context with no imports needed.</li> <li><code>getOctokit</code> is now an injected function parameter. Scripts that declare <code>const getOctokit = ...</code> or <code>let getOctokit = ...</code> will get a <code>SyntaxError</code> because JavaScript does not allow <code>const</code>/<code>let</code> redeclaration of function parameters. Use the injected <code>getOctokit</code> directly, or use <code>var getOctokit = ...</code> if you need to redeclare it.</li> <li>If your script accesses other <code>@actions/github</code> internals beyond the standard <code>github</code>/<code>octokit</code> client, you may need to update those references for v9 compatibility.</li> </ul> <h2>What's Changed</h2> <ul> <li>Add ACTIONS_ORCHESTRATION_ID to user-agent string by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/695">actions/github-script#695</a></li> <li>ci: use deployment: false for integration test environments by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/712">actions/github-script#712</a></li> <li>feat!: add getOctokit to script context, upgrade <code>@actions/github</code> v9, <code>@octokit/core</code> v7, and related packages by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/700">actions/github-script#700</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Copilot"><code>@Copilot</code></a> made their first contribution in <a href="https://redirect.github.com/actions/github-script/pull/695">actions/github-script#695</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/github-script/compare/v8.0.0...v9.0.0">https://github.com/actions/github-script/compare/v8.0.0...v9.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
5c27249e27 |
chore: bump the minor-and-patch group with 5 updates (#37119)
Bumps the minor-and-patch group with 5 updates: | Package | From | To | | --- | --- | --- | | [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `3.0.0` | `3.1.1` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `8.1.0` | `8.1.1` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` | | [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `1.13.0` | `1.14.0` | | [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `6.0.0` | `6.1.0` | Updates `actions/create-github-app-token` from 3.0.0 to 3.1.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/create-github-app-token/releases">actions/create-github-app-token's releases</a>.</em></p> <blockquote> <h2>v3.1.1</h2> <h2><a href="https://github.com/actions/create-github-app-token/compare/v3.1.0...v3.1.1">3.1.1</a> (2026-04-11)</h2> <h3>Bug Fixes</h3> <ul> <li>improve error message when app identifier is empty (<a href="https://redirect.github.com/actions/create-github-app-token/issues/362">#362</a>) (<a href=" |
||
|
dependabot[bot]
|
2f79e0e3ca |
chore: bump mikefarah/yq from 17f66dc6c6a177fafd8b71a6abea6d6340aa1e16 to cb9793555487aafb501e1a9d85c28b812aeadfab (#37120)
Bumps [mikefarah/yq](https://github.com/mikefarah/yq) from 17f66dc6c6a177fafd8b71a6abea6d6340aa1e16 to cb9793555487aafb501e1a9d85c28b812aeadfab. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/mikefarah/yq/blob/master/release_notes.txt">mikefarah/yq's changelog</a>.</em></p> <blockquote> <p>4.53.2:</p> <ul> <li>Fixing release process</li> </ul> <p>4.53.1:</p> <ul> <li>Releases and tags now signed and immutable!</li> <li>Add system(command; args) operator (disabled by default) (<a href="https://redirect.github.com/mikefarah/yq/issues/2640">#2640</a>)</li> <li>TOML encoder: prefer readable table sections over inline tables (<a href="https://redirect.github.com/mikefarah/yq/issues/2649">#2649</a>)</li> <li>Fix TOML encoder to quote keys containing special characters (<a href="https://redirect.github.com/mikefarah/yq/issues/2648">#2648</a>)</li> <li>Add string slicing support (<a href="https://redirect.github.com/mikefarah/yq/issues/2639">#2639</a>)</li> <li>Fix findInArray misuse on MappingNodes in equality and contains (<a href="https://redirect.github.com/mikefarah/yq/issues/2645">#2645</a>) Thanks <a href="https://github.com/jandubois"><code>@jandubois</code></a>!</li> <li>Fix panic on negative slice indices that underflow after adjustment (<a href="https://redirect.github.com/mikefarah/yq/issues/2646">#2646</a>) Thanks <a href="https://github.com/jandubois"><code>@jandubois</code></a>!</li> <li>Fix stack overflow from circular alias in traverse (<a href="https://redirect.github.com/mikefarah/yq/issues/2647">#2647</a>) Thanks <a href="https://github.com/jandubois"><code>@jandubois</code></a>!</li> <li>Fix panic and OOM in repeatString for large repeat counts (<a href="https://redirect.github.com/mikefarah/yq/issues/2644">#2644</a>) Thanks <a href="https://github.com/jandubois"><code>@jandubois</code></a>!</li> <li>Bumped dependencies</li> </ul> <p>4.52.5:</p> <ul> <li>Fix: reset TOML decoder state between files (<a href="https://redirect.github.com/mikefarah/yq/issues/2634">#2634</a>) thanks <a href="https://github.com/terminalchai"><code>@terminalchai</code></a></li> <li>Fix: preserve original filename when using --front-matter (<a href="https://redirect.github.com/mikefarah/yq/issues/2613">#2613</a>) thanks <a href="https://github.com/cobyfrombrooklyn-bot"><code>@cobyfrombrooklyn-bot</code></a></li> <li>Fix typo in filename (<a href="https://redirect.github.com/mikefarah/yq/issues/2611">#2611</a>) thanks <a href="https://github.com/alexandear"><code>@alexandear</code></a></li> <li>Bumped dependencies</li> </ul> <p>4.52.4:</p> <ul> <li>Dropping windows/arm - no longer supported in cross-compile</li> </ul> <p>4.52.3:</p> <ul> <li>Fixing comments in TOML arrays (<a href="https://redirect.github.com/mikefarah/yq/issues/2592">#2592</a>)</li> <li>Bumped dependencies</li> </ul> <p>4.52.2:</p> <ul> <li>Fixed bad instructions file breaking go-install (<a href="https://redirect.github.com/mikefarah/yq/issues/2587">#2587</a>) Thanks <a href="https://github.com/theyoprst"><code>@theyoprst</code></a></li> <li>Fixed TOML table scope after comments (<a href="https://redirect.github.com/mikefarah/yq/issues/2588">#2588</a>) Thanks <a href="https://github.com/tomers"><code>@tomers</code></a></li> <li>Multiply uses a readonly context (<a href="https://redirect.github.com/mikefarah/yq/issues/2558">#2558</a>)</li> <li>Fixed merge globbing wildcards in keys (<a href="https://redirect.github.com/mikefarah/yq/issues/2564">#2564</a>)</li> <li>Fixing TOML subarray parsing issue (<a href="https://redirect.github.com/mikefarah/yq/issues/2581">#2581</a>)</li> </ul> <p>4.52.1:</p> <ul> <li> <p>TOML encoder support - you can now roundtrip! <a href="https://redirect.github.com/mikefarah/yq/issues/1364">#1364</a></p> </li> <li> <p>Parent now supports negative indices, and added a 'root' command for referencing the top level document</p> </li> <li> <p>Fixed scalar encoding for HCL</p> </li> <li> <p>Add --yaml-compact-seq-indent / -c flag for compact sequence indentation (<a href="https://redirect.github.com/mikefarah/yq/issues/2583">#2583</a>) Thanks <a href="https://github.com/jfenal"><code>@jfenal</code></a></p> </li> <li> <p>Add symlink check to file rename util (<a href="https://redirect.github.com/mikefarah/yq/issues/2576">#2576</a>) Thanks <a href="https://github.com/Elias-elastisys"><code>@Elias-elastisys</code></a></p> </li> <li> <p>Powershell fixed default command used for __completeNoDesc alias (<a href="https://redirect.github.com/mikefarah/yq/issues/2568">#2568</a>) Thanks <a href="https://github.com/teejaded"><code>@teejaded</code></a></p> </li> <li> <p>Unwrap scalars in shell output mode. (<a href="https://redirect.github.com/mikefarah/yq/issues/2548">#2548</a>) Thanks <a href="https://github.com/flintwinters"><code>@flintwinters</code></a></p> </li> <li> <p>Added K8S KYAML output format support (<a href="https://redirect.github.com/mikefarah/yq/issues/2560">#2560</a>) Thanks <a href="https://github.com/robbat2"><code>@robbat2</code></a></p> </li> <li> <p>Bumped dependencies</p> </li> <li> <p>Special shout out to <a href="https://github.com/ccoVeille"><code>@ccoVeille</code></a> for reviewing my PRs!</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
langchain-model-profile-bot[bot]
|
fb3ba38ad6 |
chore(model-profiles): refresh model profile data (#37122)
Automated refresh of model profile data for all in-monorepo partner integrations via `langchain-profiles refresh`. 🤖 Generated by the `refresh_model_profiles` workflow. Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com> |
||
Mason Daugherty
|
cc5a5371a9 | release(fireworks): 1.2.1 (#37113) langchain-fireworks==1.2.1 | ||
Sydney Runkle
|
b339f65e7e |
release(langchain): 1.2.17 (#37110)
Bumps `langchain` from 1.2.16 → 1.2.17. Picks up: - `respond` decision added to HITL middleware (#37095) > This PR was opened with AI-agent assistance.langchain==1.2.17 |
||
murugand23
|
04e7a55f0b |
fix(fireworks): translate canonical multimodal content blocks for chat completions (#37090)
## Summary
`langchain_fireworks._convert_message_to_dict` ships LangChain canonical
v0/v1 multimodal content blocks (e.g. `{"type": "image", "base64": ...,
"mime_type": ...}`) on the wire unchanged. Fireworks' OpenAI-compatible
chat completions API rejects the unknown `base64`/`mime_type` keys and
the list shape on roles that expect a string, returning HTTP 422 — so
any image upload, including via tools that return image content blocks,
fails for Kimi K2.6 and other Fireworks vision models.
This change mirrors
`langchain_openai.chat_models.base._format_message_content`:
- Walk `content` blocks.
- Drop block types the chat-completions wire doesn't carry (`tool_use`,
`thinking`, `reasoning_content`, `function_call`,
`code_interpreter_call`).
- Detect v0/v1 multimodal data blocks via
`langchain_core.messages.is_data_content_block`, and translate them via
`convert_to_openai_data_block(..., api="chat/completions")`.
- Strings and non-list content pass through unchanged.
Applied in the `ChatMessage`, `HumanMessage`, `SystemMessage`, and
`ToolMessage` paths of `_convert_message_to_dict`. `AIMessage` already
routes through `_convert_from_v1_to_chat_completions` for v1 output and
assistant content is text-only on the way out, so it is left untouched.
## Why this approach
Fireworks is OpenAI-compatible. The canonical → OpenAI translator
already exists in `langchain_core.messages.block_translators.openai` and
is the same one `langchain-openai` uses. Reusing it (rather than
inventing a Fireworks-specific translator) gives:
- v0 (`source_type`-based) and v1 (`base64`/`url`-based) data block
coverage for free.
- Consistent behavior with `langchain-openai` for image, file, and any
future canonical data block.
- A small, focused diff (≈30 lines of new code, plus tests).
## Test plan
- [x] `make test` passes (64/64 unit tests, including 9 new ones for the
new helper and translation paths).
- [x] `make lint` passes (ruff check, ruff format, mypy, lint_imports).
- [ ] End-to-end: image upload to a Kimi K2.6 (Fireworks) agent
translates to `{"type": "image_url", "image_url": {"url":
"data:image/png;base64,..."}}` on the wire and the model returns a
coherent description (validated locally against
`langchain-fireworks==1.0.0` site-packages with the same patch).
---------
Co-authored-by: murugand23 <murugand23@users.noreply.github.com>
Co-authored-by: Mason Daugherty <github@mdrxy.com>
|
||
|
Mason Daugherty
|
a1f336fdc7 |
fix(core): preserve structured inputs on tool runs in tracers (#37108)
Tool runs in `_TracerCore._create_tool_run` were discarding the
structured `inputs` dict that `BaseTool.run` passes to `on_tool_start`,
replacing it with `{"input": str(filtered_tool_input)}`. Consequently,
every multi-arg tool (e.g. ones in `deepagents` like `execute`,
`edit_file`, `write_file`, `grep`, ...) appeared in LangSmith with a
stringified, escaped dump of its arguments — multi-line bash commands
rendered with `\n` and were effectively unreadable. Chain runs already
preserved dicts via `_get_chain_inputs`; tool runs are now symmetric.
## Changes
- Preserve `inputs` when it is already a `dict` in the `original` /
`original+chat` branch of `_TracerCore._create_tool_run`, falling back
to `{"input": input_str}` only when no structured payload was provided
- Add regression tests in the sync and async base-tracer suites that
pass a structured `inputs` to `on_tool_start` and assert the dict
survives onto the resulting `Run`
## Breaking change
Custom `BaseTracer` subclasses that parsed `Run.inputs["input"]` as a
stringified dict for tool runs will need to read the structured fields
directly. The shape now matches what `on_tool_start(inputs=...)` has
always received — introduced alongside `_schema_format` in the
`astream_events` work — and what `streaming_events` consumers already
see.
|
||
|
Sydney Runkle
|
ba56ac6f03 |
feat(langchain): add respond decision to HITL middleware (#37095)
Extends `HumanInTheLoopMiddleware` with a new `respond` decision type
for "ask user" style tools — tools whose real implementation is the
human's response. The interrupt is raised with the tool call as usual;
the resume payload becomes the body of a synthetic `ToolMessage` with
`status="success"`, and the tool itself is not executed.
This complements `reject` (which produces a synthetic `ToolMessage` with
`status="error"`) by enabling the symmetric success path: a reviewer can
answer on the tool's behalf without invoking it.
## Changes
- New `RespondDecision` `TypedDict` with a required `message: str`
field; added to the `Decision` union.
- `"respond"` added to the `DecisionType` literal.
- `_process_decision` handles `"respond"` by emitting a `ToolMessage`
with `status="success"` and preserving the original tool call on the
`AIMessage` so provider-required tool-call/tool-message pairing is
maintained.
- The `True` shortcut in `interrupt_on` now expands to `["approve",
"edit", "reject", "respond"]`, so existing callers that opted into "all
decisions" pick up the new capability without code changes. The `reject`
decision already permits a reviewer to inject arbitrary `ToolMessage`
content, so `respond` extends the same trust model — not a new
capability class.
## Example
```python
from langchain.agents.middleware import HumanInTheLoopMiddleware
middleware = HumanInTheLoopMiddleware(
interrupt_on={"ask_user": {"allowed_decisions": ["respond"]}}
)
# Resume payload: {"decisions": [{"type": "respond", "message": "blue"}]}
# → synthetic ToolMessage(content="blue", status="success") for `ask_user`.
```
---
*Implementation drafted with AI-agent assistance.*
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
||
|
dependabot[bot]
|
b6b836ae5a |
chore: bump notebook from 7.4.5 to 7.5.6 in /libs/langchain (#37104)
Bumps [notebook](https://github.com/jupyter/notebook) from 7.4.5 to 7.5.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jupyter/notebook/releases">notebook's releases</a>.</em></p> <blockquote> <h2>v7.5.6</h2> <h2>7.5.6</h2> <p>(<a href="https://github.com/jupyter/notebook/compare/@jupyter-notebook/application-extension@7.5.5...2e642f0cb10be314ba5d97d709cffe41bf992d9e">Full Changelog</a>)</p> <h3>Security patches</h3> <ul> <li>CVE-2026-42557 <a href="https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-mqcg-5x36-vfcg">https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-mqcg-5x36-vfcg</a></li> <li>CVE-2026-40171 <a href="https://github.com/jupyter/notebook/security/advisories/GHSA-rch3-82jr-f9w9">https://github.com/jupyter/notebook/security/advisories/GHSA-rch3-82jr-f9w9</a></li> </ul> <h3>Maintenance and upkeep improvements</h3> <ul> <li>Update to JupyterLab v4.5.7 <a href="https://redirect.github.com/jupyter/notebook/pull/7902">#7902</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> </ul> <h3>Documentation improvements</h3> <ul> <li>docs: Fix broken links in troubleshooting and migration docs <a href="https://redirect.github.com/jupyter/notebook/pull/7824">#7824</a> (<a href="https://github.com/RamiNoodle733"><code>@RamiNoodle733</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter/notebook/graphs/contributors?from=2026-03-11&to=2026-04-30&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/jtpio"><code>@jtpio</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3Ajtpio+updated%3A2026-03-11..2026-04-30&type=Issues">activity</a>) | <a href="https://github.com/RamiNoodle733"><code>@RamiNoodle733</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3ARamiNoodle733+updated%3A2026-03-11..2026-04-30&type=Issues">activity</a>)</p> <h2>v7.5.5</h2> <h2>7.5.5</h2> <p>(<a href="https://github.com/jupyter/notebook/compare/@jupyter-notebook/application-extension@7.5.4...4f8438b0c67dc4f010bf8cd052da4f16e2ed3828">Full Changelog</a>)</p> <h3>Maintenance and upkeep improvements</h3> <ul> <li>Update to JupyterLab v4.5.6 <a href="https://redirect.github.com/jupyter/notebook/pull/7861">#7861</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> <li>[7.5.x] Drop Python 3.9 on CI <a href="https://redirect.github.com/jupyter/notebook/pull/7860">#7860</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> <li>Fix check links <a href="https://redirect.github.com/jupyter/notebook/pull/7857">#7857</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter/notebook/graphs/contributors?from=2026-02-24&to=2026-03-11&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/jtpio"><code>@jtpio</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3Ajtpio+updated%3A2026-02-24..2026-03-11&type=Issues">activity</a>)</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jupyter/notebook/blob/@jupyter-notebook/tree@7.5.6/CHANGELOG.md">notebook's changelog</a>.</em></p> <blockquote> <h2>7.5.6</h2> <p>(<a href="https://github.com/jupyter/notebook/compare/@jupyter-notebook/application-extension@7.5.5...2e642f0cb10be314ba5d97d709cffe41bf992d9e">Full Changelog</a>)</p> <h3>Maintenance and upkeep improvements</h3> <ul> <li>Update to JupyterLab v4.5.7 <a href="https://redirect.github.com/jupyter/notebook/pull/7902">#7902</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> </ul> <h3>Documentation improvements</h3> <ul> <li>docs: Fix broken links in troubleshooting and migration docs <a href="https://redirect.github.com/jupyter/notebook/pull/7824">#7824</a> (<a href="https://github.com/RamiNoodle733"><code>@RamiNoodle733</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter/notebook/graphs/contributors?from=2026-03-11&to=2026-04-30&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/jtpio"><code>@jtpio</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3Ajtpio+updated%3A2026-03-11..2026-04-30&type=Issues">activity</a>) | <a href="https://github.com/RamiNoodle733"><code>@RamiNoodle733</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3ARamiNoodle733+updated%3A2026-03-11..2026-04-30&type=Issues">activity</a>)</p> <!-- raw HTML omitted --> <h2>7.5.5</h2> <p>(<a href="https://github.com/jupyter/notebook/compare/@jupyter-notebook/application-extension@7.5.4...4f8438b0c67dc4f010bf8cd052da4f16e2ed3828">Full Changelog</a>)</p> <h3>Maintenance and upkeep improvements</h3> <ul> <li>Update to JupyterLab v4.5.6 <a href="https://redirect.github.com/jupyter/notebook/pull/7861">#7861</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> <li>[7.5.x] Drop Python 3.9 on CI <a href="https://redirect.github.com/jupyter/notebook/pull/7860">#7860</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> <li>Fix check links <a href="https://redirect.github.com/jupyter/notebook/pull/7857">#7857</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter/notebook/graphs/contributors?from=2026-02-24&to=2026-03-11&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/jtpio"><code>@jtpio</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3Ajtpio+updated%3A2026-02-24..2026-03-11&type=Issues">activity</a>)</p> <h2>7.5.4</h2> <p>(<a href="https://github.com/jupyter/notebook/compare/@jupyter-notebook/application-extension@7.5.3...e5d8418b706fcefd4208bb61c22399dd3123555b">Full Changelog</a>)</p> <h3>Maintenance and upkeep improvements</h3> <ul> <li>Update to JupyterLab v4.5.5 <a href="https://redirect.github.com/jupyter/notebook/pull/7842">#7842</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> <li>Fix PyO3 CI failure with Python 3.15 <a href="https://redirect.github.com/jupyter/notebook/pull/7836">#7836</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
3d9687499e |
chore: bump notebook from 7.4.7 to 7.5.6 in /libs/text-splitters (#37105)
Bumps [notebook](https://github.com/jupyter/notebook) from 7.4.7 to 7.5.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jupyter/notebook/releases">notebook's releases</a>.</em></p> <blockquote> <h2>v7.5.6</h2> <h2>7.5.6</h2> <p>(<a href="https://github.com/jupyter/notebook/compare/@jupyter-notebook/application-extension@7.5.5...2e642f0cb10be314ba5d97d709cffe41bf992d9e">Full Changelog</a>)</p> <h3>Security patches</h3> <ul> <li>CVE-2026-42557 <a href="https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-mqcg-5x36-vfcg">https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-mqcg-5x36-vfcg</a></li> <li>CVE-2026-40171 <a href="https://github.com/jupyter/notebook/security/advisories/GHSA-rch3-82jr-f9w9">https://github.com/jupyter/notebook/security/advisories/GHSA-rch3-82jr-f9w9</a></li> </ul> <h3>Maintenance and upkeep improvements</h3> <ul> <li>Update to JupyterLab v4.5.7 <a href="https://redirect.github.com/jupyter/notebook/pull/7902">#7902</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> </ul> <h3>Documentation improvements</h3> <ul> <li>docs: Fix broken links in troubleshooting and migration docs <a href="https://redirect.github.com/jupyter/notebook/pull/7824">#7824</a> (<a href="https://github.com/RamiNoodle733"><code>@RamiNoodle733</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter/notebook/graphs/contributors?from=2026-03-11&to=2026-04-30&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/jtpio"><code>@jtpio</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3Ajtpio+updated%3A2026-03-11..2026-04-30&type=Issues">activity</a>) | <a href="https://github.com/RamiNoodle733"><code>@RamiNoodle733</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3ARamiNoodle733+updated%3A2026-03-11..2026-04-30&type=Issues">activity</a>)</p> <h2>v7.5.5</h2> <h2>7.5.5</h2> <p>(<a href="https://github.com/jupyter/notebook/compare/@jupyter-notebook/application-extension@7.5.4...4f8438b0c67dc4f010bf8cd052da4f16e2ed3828">Full Changelog</a>)</p> <h3>Maintenance and upkeep improvements</h3> <ul> <li>Update to JupyterLab v4.5.6 <a href="https://redirect.github.com/jupyter/notebook/pull/7861">#7861</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> <li>[7.5.x] Drop Python 3.9 on CI <a href="https://redirect.github.com/jupyter/notebook/pull/7860">#7860</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> <li>Fix check links <a href="https://redirect.github.com/jupyter/notebook/pull/7857">#7857</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter/notebook/graphs/contributors?from=2026-02-24&to=2026-03-11&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/jtpio"><code>@jtpio</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3Ajtpio+updated%3A2026-02-24..2026-03-11&type=Issues">activity</a>)</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jupyter/notebook/blob/@jupyter-notebook/tree@7.5.6/CHANGELOG.md">notebook's changelog</a>.</em></p> <blockquote> <h2>7.5.6</h2> <p>(<a href="https://github.com/jupyter/notebook/compare/@jupyter-notebook/application-extension@7.5.5...2e642f0cb10be314ba5d97d709cffe41bf992d9e">Full Changelog</a>)</p> <h3>Maintenance and upkeep improvements</h3> <ul> <li>Update to JupyterLab v4.5.7 <a href="https://redirect.github.com/jupyter/notebook/pull/7902">#7902</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> </ul> <h3>Documentation improvements</h3> <ul> <li>docs: Fix broken links in troubleshooting and migration docs <a href="https://redirect.github.com/jupyter/notebook/pull/7824">#7824</a> (<a href="https://github.com/RamiNoodle733"><code>@RamiNoodle733</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter/notebook/graphs/contributors?from=2026-03-11&to=2026-04-30&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/jtpio"><code>@jtpio</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3Ajtpio+updated%3A2026-03-11..2026-04-30&type=Issues">activity</a>) | <a href="https://github.com/RamiNoodle733"><code>@RamiNoodle733</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3ARamiNoodle733+updated%3A2026-03-11..2026-04-30&type=Issues">activity</a>)</p> <!-- raw HTML omitted --> <h2>7.5.5</h2> <p>(<a href="https://github.com/jupyter/notebook/compare/@jupyter-notebook/application-extension@7.5.4...4f8438b0c67dc4f010bf8cd052da4f16e2ed3828">Full Changelog</a>)</p> <h3>Maintenance and upkeep improvements</h3> <ul> <li>Update to JupyterLab v4.5.6 <a href="https://redirect.github.com/jupyter/notebook/pull/7861">#7861</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> <li>[7.5.x] Drop Python 3.9 on CI <a href="https://redirect.github.com/jupyter/notebook/pull/7860">#7860</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> <li>Fix check links <a href="https://redirect.github.com/jupyter/notebook/pull/7857">#7857</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> </ul> <h3>Contributors to this release</h3> <p>The following people contributed discussions, new ideas, code and documentation contributions, and review. See <a href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our definition of contributors</a>.</p> <p>(<a href="https://github.com/jupyter/notebook/graphs/contributors?from=2026-02-24&to=2026-03-11&type=c">GitHub contributors page for this release</a>)</p> <p><a href="https://github.com/jtpio"><code>@jtpio</code></a> (<a href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3Ajtpio+updated%3A2026-02-24..2026-03-11&type=Issues">activity</a>)</p> <h2>7.5.4</h2> <p>(<a href="https://github.com/jupyter/notebook/compare/@jupyter-notebook/application-extension@7.5.3...e5d8418b706fcefd4208bb61c22399dd3123555b">Full Changelog</a>)</p> <h3>Maintenance and upkeep improvements</h3> <ul> <li>Update to JupyterLab v4.5.5 <a href="https://redirect.github.com/jupyter/notebook/pull/7842">#7842</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> <li>Fix PyO3 CI failure with Python 3.15 <a href="https://redirect.github.com/jupyter/notebook/pull/7836">#7836</a> (<a href="https://github.com/jtpio"><code>@jtpio</code></a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
5ac6224fa0 |
chore: bump aiohttp from 3.13.4 to 3.13.5 in /libs/partners/fireworks (#37106)
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langchain/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
90caeefd1e |
chore: bump requests from 2.33.0 to 2.33.1 in /libs/partners/fireworks (#37107)
Bumps [requests](https://github.com/psf/requests) from 2.33.0 to 2.33.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.33.1</h2> <h2>2.33.1 (2026-03-30)</h2> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (<a href="https://redirect.github.com/psf/requests/issues/7305">#7305</a>)</li> <li>Fixed Content-Type header parsing for malformed values. (<a href="https://redirect.github.com/psf/requests/issues/7309">#7309</a>)</li> <li>Improved error consistency for malformed header values. (<a href="https://redirect.github.com/psf/requests/issues/7308">#7308</a>)</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/ferdnyc"><code>@ferdnyc</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7277">psf/requests#7277</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30">https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.33.1 (2026-03-30)</h2> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (<a href="https://redirect.github.com/psf/requests/issues/7305">#7305</a>)</li> <li>Fixed Content-Type header parsing for malformed values. (<a href="https://redirect.github.com/psf/requests/issues/7309">#7309</a>)</li> <li>Improved error consistency for malformed header values. (<a href="https://redirect.github.com/psf/requests/issues/7308">#7308</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Mason Daugherty
|
38553c3f2d | release(perplexity): 1.2.0 (#37091) langchain-perplexity==1.2.0 | ||
James Liounis
|
28f5448dd4 |
feat(perplexity): add PerplexityEmbeddings (#37082)
## Description This PR adds a new `PerplexityEmbeddings` class to the `langchain-perplexity` partner package, providing first-class support for the Perplexity Embeddings API alongside the existing `ChatPerplexity`, `PerplexitySearchRetriever`, and `PerplexitySearchResults` integrations. ### What was added - `langchain_perplexity/embeddings.py` — `PerplexityEmbeddings` class implementing `langchain_core.embeddings.Embeddings` with sync (`embed_documents`, `embed_query`) and async (`aembed_documents`, `aembed_query`) methods. Defaults to model `pplx-embed-v1-4b` and reuses the existing `_utils.initialize_client` helper for API key resolution (`PPLX_API_KEY` / `PERPLEXITY_API_KEY`). - `__init__.py` exports `PerplexityEmbeddings` and adds it to `__all__`. - Unit tests under `tests/unit_tests/test_embeddings.py` covering sync/async paths with mocked clients (no network). - Integration tests under `tests/integration_tests/test_embeddings.py`, gated on `PPLX_API_KEY` (matches the pattern in `test_search_api.py`). - README updated to advertise the new component. ### Why LangChain users already get chat, search, and tool wrappers from `langchain-perplexity`, but had to drop down to the raw Perplexity SDK to use embeddings. This closes that gap. ### References - Perplexity Embeddings docs: https://docs.perplexity.ai/docs/embeddings - Perplexity Embeddings API reference: https://docs.perplexity.ai/api-reference/embeddings-post ### Issue Closes #36726 ## Testing - `cd libs/partners/perplexity && make lint` — passes (ruff, format, mypy). - `cd libs/partners/perplexity && make test` — all unit tests pass (59 passed, 1 skipped). - Integration tests will run in CI with secrets; they exercise real `embed_documents` / `embed_query` / async variants against the live API and assert vector dimensionality consistency. --------- Co-authored-by: Claude Agent <agent@anthropic.com> Co-authored-by: Mason Daugherty <github@mdrxy.com> |
||
|
Sydney Runkle
|
90b0047270 | release(langchain): 1.2.16 (#37085) langchain==1.2.16 | ||
open-swe[bot]
|
ba897ffa7e |
chore(docs): update x handle references (#37081)
## Description Updates package metadata and README badges so LangChain social links point to the new `@langchain_oss` X handle. This was completed with AI-agent assistance. ## Test Plan - [ ] Validate README badges and package metadata links point to `https://x.com/langchain_oss` _Opened collaboratively by Mason Daugherty and open-swe._ --------- Co-authored-by: open-swe[bot] <open-swe@users.noreply.github.com> Co-authored-by: Mason Daugherty <61371264+mdrxy@users.noreply.github.com> |
||
|
langchain-model-profile-bot[bot]
|
6b4bea7d5d |
chore(model-profiles): refresh model profile data (#37074)
Automated refresh of model profile data for all in-monorepo partner integrations via `langchain-profiles refresh`. 🤖 Generated by the `refresh_model_profiles` workflow. Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com> |
||
ccurme
|
666dc16b00 | release(standard-tests): 1.1.7 (#37067) langchain-tests==1.1.7 | ||
|
open-swe[bot]
|
97ac1d34d0 | fix(anthropic): guard httpx finalizers (#37064) | ||
|
Mason Daugherty
|
dfb8a6184c | release(anthropic): 1.4.2 (#37061) langchain-anthropic==1.4.2 | ||
|
Mason Daugherty
|
7a4594b682 |
fix(anthropic): restore cache_control on non-direct subclasses (#37057)
Closes #37042 --- `AnthropicPromptCachingMiddleware` was unconditionally setting top-level `cache_control` in `model_settings` for any `ChatAnthropic` subclass. That field is direct-Anthropic-API only — `ChatAnthropicBedrock` (which subclasses `ChatAnthropic` and passed the existing `isinstance` gate) errored with `cache_control: Extra inputs are not permitted`. Investigating that surfaced a related regression: PR #35967 also deleted the block-level `cache_control` injection in `_get_request_payload`, which silently disabled caching entirely for non-direct subclasses (Bedrock had been falling back to in-block breakpoints). This restores both paths. ## Changes - Add `_is_direct_anthropic_llm_type` predicate that allowlists `_llm_type == "anthropic-chat"`. Both the middleware's `_supports_automatic_caching` and the new branch in `ChatAnthropic._get_request_payload` route through it, so any subclass that overrides `_llm_type` (Bedrock today, future direct-API variants tomorrow) is treated as non-direct by default. Replaces the prior substring-matching denylist on `"bedrock"`/`"vertex"`. - Restore `_collect_code_execution_tool_ids`, `_is_code_execution_related_block`, and a new `_apply_cache_control_to_last_eligible_block` helper in `chat_models`. For non-direct subclasses, `_get_request_payload` now pops `cache_control` from kwargs and walks messages newest-to-oldest, attaching the breakpoint to the last block that isn't `code_execution`-related (Anthropic forbids breakpoints on those). - Emit `UserWarning` when `cache_control` is requested but every candidate block is `code_execution`-related — previously a silent drop. - `AnthropicPromptCachingMiddleware._apply_caching` now sets the top-level `cache_control` only when `_supports_automatic_caching(request.model)`. System-message and tool-definition breakpoints continue to apply for all `ChatAnthropic` subclasses, since those are accepted by every transport. - Note: `ChatAnthropicVertex` does not subclass `ChatAnthropic` (it lives in `langchain-google-vertexai` and ships its own `_get_request_payload`), so the chat-models changes here only affect Bedrock. The middleware-side gate covers Vertex implicitly via the `isinstance(request.model, ChatAnthropic)` check that already excludes it. |
||
|
Mason Daugherty
|
37be34be82 |
fix(core): make removal optional in warn_deprecated (#37056)
Drop the `NotImplementedError` branch in `warn_deprecated` so callers can pass `pending=False` without specifying a `removal` version. The previous behavior contradicted the docstring (which claimed an empty default would auto-compute a removal version) — no such computation existed; the function just raised a placeholder "Need to determine which default deprecation schedule to use" error. |
||
|
langchain-model-profile-bot[bot]
|
5790244b95 |
chore(model-profiles): refresh model profile data (#37051)
Automated refresh of model profile data for all in-monorepo partner integrations via `langchain-profiles refresh`. 🤖 Generated by the `refresh_model_profiles` workflow. Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com> |
||
Deepak Bhagat
|
cd80a805b2 |
fix(text-splitters): remove invalid and duplicate separators in Kotlin, Rust, and Haskell (#37039)
## Summary Fixes four issues in `get_separators_for_language()` in `character.py`: - **Kotlin**: removed `"\ncase "` — `case` is not a Kotlin keyword. Kotlin uses `when` expressions (already present in the list). This was copied from Java/Swift. - **Rust**: removed duplicate `"\nconst "` — appeared twice, once under function definitions and again under control flow statements. - **Haskell**: removed duplicate `"\n:: "` — appeared under function definitions and again under type declarations. - **Haskell**: removed duplicate `"\ndata "` — appeared under type declarations and again under record field declarations. All four are dead separators that never match or produce redundant splits. ## Issue Closes #37038 ## Types of changes - [x] Bug fix ## Checklist - [x] I have read the CONTRIBUTING doc - [x] Lint and unit tests pass locally with my changes |
||
Dayna Blackwell
|
3b9750f0a4 |
fix(text-splitters): remove incorrect C# and Elixir separator keywords (#37037)
## Summary Removes two incorrect separators from `get_separators_for_language()` in `RecursiveCharacterTextSplitter`: - **C#**: `"\nimplements "` is a Java keyword. C# uses `:` for interface implementation. This separator never matches valid C# source code. - **Elixir**: `"\nwhile "` does not exist in Elixir. The language uses recursion and `Enum.reduce_while/3` instead of while loops. Both are dead separators that silently degrade chunking quality by occupying positions in the separator priority list without contributing useful split points. ## Tests Added two targeted tests: - `test_csharp_separators_no_java_keywords`: verifies `"\nimplements "` is not in the C# separator list - `test_elixir_separators_no_while`: verifies `"\nwhile "` is not in the Elixir separator list Existing `test_csharp_code_splitter` continues to pass (no change to expected output since `implements` never matched valid C# code). Full suite: 129 passed, 0 failed. Fixes #37030 |
||
|
Sydney Runkle
|
3b945d02d9 |
perf(langchain): stop inlining agent state into tool-dispatch Sends (#36960)
## Summary
Stop inlining the full agent state into every tool-dispatch `Send` in
`create_agent`. Dispatch with the bare list form `Send("tools",
[tool_call])` and let `ToolNode` hydrate `ToolRuntime.state` from graph
channels at tool-execution time.
**Depends on**
[langchain-ai/langgraph#7594](https://github.com/langchain-ai/langgraph/pull/7594)
which teaches `ToolNode` to read channel state via `CONFIG_KEY_READ`
when given a bare tool-call list. `uv.lock` pins that branch for CI
while the langgraph PR is in flight — this pin will be reverted to a
published `langgraph` version before merge.
## What was happening
Before this change, every pending tool call produced a `Send` whose
payload was:
```python
ToolCallWithContext(
__type="tool_call_with_context",
tool_call=tool_call,
state=state, # ← the FULL agent state dict, including messages list
)
```
For any agent that runs many turns, `state["messages"]` grows linearly
with the conversation. Every super-step that dispatches tools serializes
that whole list into every `Send`, and those Sends live forever in the
checkpointer's `__pregel_tasks` writes. The result is **O(N²)
`__pregel_tasks` storage** across a run.
## What changed
- `libs/langchain_v1/langchain/agents/factory.py`:
- `_make_model_to_tools_edge` now returns `Send("tools", [tool_call])` —
no inlined state.
- Drops the `ToolCallWithContext` import.
- `libs/langchain_v1/pyproject.toml` + `libs/langchain_v1/uv.lock`:
- Temporary `[tool.uv.sources]` pin on `langgraph`,
`langgraph-prebuilt`, `langgraph-checkpoint` to the companion PR branch
so CI exercises both changes end-to-end. Revert after langgraph release.
## Why it's safe
- Same snapshot semantics as before. `Send` is emitted at the end of the
model super-step and consumed at the start of the tools super-step;
channels by that point reflect every write from the model super-step
(including the new AIMessage). Parallel tool tasks all see the same
values since sibling writes don't land until end-of-super-step.
- Legacy `ToolCallWithContext` input path is preserved in `ToolNode` —
no-op for any external caller still constructing it by hand.
## Test plan
- [x] `tests/unit_tests/agents/` — **738 passed, 2 skipped, 1 xfailed**
- [x] `ruff check .` / `ruff format .` — clean
- [x] `mypy langchain/agents/factory.py` — clean
- [x] Before/after benchmark (below)
## Benchmark
Script runs `create_agent` with a mock `GenericFakeChatModel` and two
tools (`write_file`, `edit_file`). Each of the N turns dispatches 2 tool
calls. After the run, the `InMemorySaver` is inspected for bytes stored
under `__pregel_tasks` — the channel that carries the tool-dispatch
`Send` payloads.
| N | TASKS before | TASKS after | ratio |
|---:|---:|---:|---:|
| 5 | 87.6 KB | **4.7 KB** | **18.6× smaller** |
| 10 | 335 KB | **9.4 KB** | **35.7× smaller** |
| 25 | 2.05 MB | **23.7 KB** | **86.5× smaller** |
| 50 | 8.14 MB | **47.6 KB** | **171× smaller** |
| 100 | 32.5 MB | **95.3 KB** | **341× smaller** |
| 200 | 130 MB | **192 KB** | **677× smaller** |
| 500 | 815 MB | **482 KB** | **1,691× smaller** |
**Growth shape:**
- **Before:** per-Send bytes scale with current `messages` length (full
state is inlined), so total TASKS across N turns = Σ(2 × k) for k=1..N ≈
O(N²).
- **After:** per-Send bytes are constant — just the `tool_call` dict.
Total TASKS is O(#dispatches), completely independent of conversation
length. In this bench with ~2 dispatches/turn: **940–964 bytes per turn
across N=5..500, essentially flat.**
An agent that makes 100 tool calls in a single turn pays the same TASKS
cost as one that makes 100 across 50 turns — which is the semantically
correct behavior.
Note: the `messages` channel is unchanged by this PR — it's still the
dominant storage term (growing O(N²) via `add_messages`). TASKS was a
second, compounding cost sitting on top of it; at N=100 it added 40% on
top of `messages`, at N=500 it added 67%. After the fix, TASKS is a
rounding error regardless of N.
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
||
Lauren Hirata Singh
|
aac258eaaa |
chore(docs): update comment for chatopenai (#37034)
Fixes DOC-526 |
||
|
langchain-model-profile-bot[bot]
|
83718b1129 |
chore(model-profiles): refresh model profile data (#37015)
Automated refresh of model profile data for all in-monorepo partner integrations via `langchain-profiles refresh`. 🤖 Generated by the `refresh_model_profiles` workflow. Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com> |
||
Sharvil Saxena
|
78546e9242 | fix(core): validate batch_size in _batch and _abatch to prevent infinite loop (#36663) | ||
Kanav Bansal
|
4613a4d951 | docs(langchain): correct import paths in agent middleware docstrings (#36987) | ||
|
langchain-model-profile-bot[bot]
|
d44833ce34 |
chore(model-profiles): refresh model profile data (#37005)
Automated refresh of model profile data for all in-monorepo partner integrations via `langchain-profiles refresh`. 🤖 Generated by the `refresh_model_profiles` workflow. Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com> |
||
|
Mason Daugherty
|
87ba30f097 |
ci(infra): label release jobs, resolve package name in run title (#36998)
Polish the manual release workflow (`_release.yml`) so the Actions UI is readable at a glance — job display names, a run title that reflects the actual published package, and a broader partner matrix for the core-compat sanity check. ## Changes - Add `name:` labels to each job (`📦 Build distribution`, `📝 Generate release notes`, `🧪 Publish to TestPyPI`, `✅ Pre-release checks`, `🔄 Test prior partners against new core`, `🚀 Publish to PyPI`, `🏷️ Tag GitHub release`). Job IDs are unchanged, so all `needs:` references still resolve. - Rewrite `run-name` to resolve the dropdown value to the actual PyPI package name — e.g. `core` → `langchain-core`, `openai` → `langchain-openai`, with explicit remaps for the three that don't follow `langchain-{name}` (`langchain` → `langchain-classic`, `langchain_v1` → `langchain`, `standard-tests` → `langchain-tests`). `workflow_call` callers passing full `libs/...` paths and manual overrides are returned verbatim. - Simplify `test-dependents` label to `🐍 Test dependent: ${{ matrix.package.path }} (Python ${{ matrix.python-version }})`.langchain-openai==1.2.1 |
||
|
Mason Daugherty
|
56d6e89be0 | hotfix: bump min core versions (#36996) | ||
|
Mason Daugherty
|
a70e7ab80e | release(openai): 1.2.1 (#36995) | ||
|
Mason Daugherty
|
5a37cd5537 | fix(openai): add gpt-5.5 pro to Responses API check (#36994) | ||
Nick Hollon
|
c4498ccaf9 | chore(core): mark stream_v2/astream_v2 as beta (#36992) | ||
|
Nick Hollon
|
fa0f0d8efa | release(core): 1.3.2 (#36990) langchain-core==1.3.2 | ||
|
Nick Hollon
|
9ce72eba9f | feat(core): add content-block-centric streaming (v2) (#36834) | ||
|
Nick Hollon
|
889a45b664 |
ci(infra): overlay local langchain-* installs for external partners (#36989)
we want to be able to test against the branch we run against when we are testing external partner packages (aws, google) so overally the changes on top of the external partners when we install the dependencies Co-authored-by: Mason Daugherty <mason@langchain.dev> |
||
|
Nick Hollon
|
ffaac42bf9 |
ci(infra): add pytest-xdist to partner test groups (#36988)
|
||
|
langchain-model-profile-bot[bot]
|
cc2feb1aea |
chore(model-profiles): refresh model profile data (#36982)
Automated refresh of model profile data for all in-monorepo partner integrations via `langchain-profiles refresh`. 🤖 Generated by the `refresh_model_profiles` workflow. Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com> |
||
|
Mason Daugherty
|
3dd0ad958e | release(fireworks): 1.2.0 (#36978) langchain-fireworks==1.2.0 | ||
|
Mason Daugherty
|
7b09eb7bda |
fix(fireworks): honor max_retries (#36973)
`ChatFireworks.max_retries` silently did nothing. The old code assigned the value to a `ChatCompletionV2` sub-object rather than the base client, and the pinned Fireworks SDK (0.13.0–0.19.20) never honors its own `_max_retries` attribute on the base client either. Since the Stainless-generated 1.x SDK that does implement retries is still pre-release (1.0.1a63 at time of writing), retry responsibility is ported to the LangChain side until the pin can be bumped. |
||
|
Mason Daugherty
|
d30ef8a8aa |
feat(fireworks): populate usage_metadata on streaming (#36977)
Populate `usage_metadata` on streaming responses. Newer Fireworks models (e.g. Kimi K2 slugs) require an explicit `stream_options.include_usage=True` opt-in and return token counts in a final empty-`choices` chunk; the chunk was previously `continue`-d past, so streaming usage silently came back as `None`. |
||
|
Mason Daugherty
|
2715a7499a |
fix(fireworks): swap undeployed Kimi K2 slug in integration tests (#36975)
Replace `accounts/fireworks/models/kimi-k2-instruct-0905` with `accounts/fireworks/models/kimi-k2p6` across the Fireworks integration tests. Fireworks appears to have pulled the 0905 slug from serverless (returns 404 `NOT_FOUND` despite still appearing "Ready" in their UI); `kimi-k2p6` is the current deployed successor and supports the same capabilities used by these tests (tool calls, streaming, structured output). |