Commit Graph

9246 Commits

Author SHA1 Message Date
Mason Daugherty
fcaa61636e feat(mistralai): support stop sequences (#38047)
`ChatMistralAI` now supports `stop` sequences.

Previously, a `stop` value passed to the model was silently discarded:
the code carried a stale "not yet supported" note, dropped the parameter
before the request, and logged a warning. Mistral's chat completions API
does accept `stop` (a string or list of strings, up to 4 sequences), so
anyone setting `stop` and expecting generation to halt was getting no
effect.

Now `stop` is a first-class parameter. It can be set on the constructor
(`ChatMistralAI(stop=[...])`) or per call (`model.invoke(prompt,
stop=[...])`) and is forwarded to the API. A per-call value overrides
the instance default, and an empty list is treated as "no stop
sequences" — omitted from the request rather than sent as an empty array
(which the API rejects).

Verified against the live Mistral API: with `stop=["5"]`, "Count from 1
to 10" returns `1 2 3 4 ` instead of the full sequence. The 422
`extra_forbidden` response the API returns for genuinely unknown fields
confirms `stop` is a real schema field, not silently ignored.

This PR also folds in some test hygiene: the base-URL env test uses
`monkeypatch.setenv` so `MISTRAL_BASE_URL=boo` no longer leaks into
later serialization tests, and `test_extra_kwargs` asserts the
intentional unknown-kwarg warning with `pytest.warns`.

## Review notes
- Behavior change worth a careful look: `stop` now reaches the API
instead of being dropped. This changes request payloads for anyone
previously passing `stop`. It is the intended fix, but flagging it
explicitly.
- Coverage: `test_stop_sequence` (integration) exercises the end-to-end
behavior; unit tests cover parameter wiring, per-call-vs-instance
precedence, and the empty-list case.
2026-06-10 20:42:16 -04:00
Mason Daugherty
21eeadf274 test(partners): account for warning behavior in partner tests (#38046)
Partner unit tests now reflect the warning behavior emitted by updated
`langchain-core` serialization and model initialization paths.
Warning-strict runs can stay focused on the behavior under test rather
than expected framework warnings.
2026-06-10 19:50:52 -04:00
Mason Daugherty
007ae66405 test(anthropic): make expected warnings explicit (#38044)
Warning-producing test paths now either exercise the intended Anthropic
model branch or explicitly assert expected warnings. That keeps `make
test` output clean while preserving coverage for backwards-compatible
parameters, deprecated `AnthropicLLM`, and standard structured-output
behavior.
2026-06-10 19:45:37 -04:00
Mason Daugherty
f0a78bf0d7 test(anthropic): make tests robust to gateway base URL (#38043)
Anthropic unit tests now pin the expected API base URL where
serialization and initialization assertions depend on it. That keeps
local gateway settings like `ANTHROPIC_BASE_URL` from changing snapshot
output or default URL assertions during development.
2026-06-10 19:39:50 -04:00
Mason Daugherty
2a11a824ef release(mistralai): 1.1.5 (#38038) 2026-06-10 17:48:09 -04:00
Mason Daugherty
e989c869a4 release(anthropic): 1.4.5 (#38036) 2026-06-10 17:38:01 -04:00
Mason Daugherty
1aa17046de release(langchain-classic): 1.0.8 (#38033) 2026-06-10 17:25:50 -04:00
Mason Daugherty
8ac91e3f5f hotfix(core): bump lockfile(s) (#38032) 2026-06-10 17:05:23 -04:00
Mason Daugherty
2e832c23d4 release(core): 1.4.4 (#38031) 2026-06-10 17:02:02 -04:00
Mason Daugherty
f89f4c5afe fix(core): support content block tokens in callbacks (#34739)
Supersedes #34727
Closes #30703

Related:
* langchain-ai/langchain-google#1460
* langchain-ai/langchain-google#1501

Fixing this at the `langchain-core` callback layer instead of
normalizing inside individual provider integrations, so structured
streaming content is preserved consistently.

---

Models are increasingly streaming structured content blocks instead of
plain text tokens. For example, Gemini 3 can stream text as
content-block lists, and Anthropic/tool-use flows can also produce
non-text message content. Today those values already reach
`on_llm_new_token`, but the callback API still advertises `token: str`,
which makes custom callbacks, tracers, and streaming helpers assume
every streamed value is text.

User story: as a LangChain user building a streaming callback for chat
models with tool calls, reasoning/thinking blocks, or provider-specific
structured content, I need `on_llm_new_token` to accept the same content
shape that chat model chunks can actually emit, so my callback can
observe the stream without providers flattening or dropping non-text
data.

Fixing this in `langchain-core` makes the existing runtime behavior
explicit at the shared callback boundary. Normalizing content blocks
inside each provider would duplicate logic, produce inconsistent
behavior across integrations, and in some cases lose required provider
metadata such as Gemini thought signatures.

## Changes

- Update the callback contract so streamed tokens can be either plain
text or structured content blocks
- Carry structured streamed content through tracing and event/log
streaming paths without forcing provider data into text too early
- Keep built-in text-oriented streaming callbacks working by converting
structured tokens only at the display/queue boundary
- Drop the now-incorrect `cast("str", ...)` on streamed content in
`BaseChatModel` so the producer side matches the widened callback
signature instead of asserting a string it doesn't always have (no
runtime change — `cast` is erased)
- Align Anthropic and Mistral content typing with the structured content
shapes already used by chat model messages
- Update callback tests to reflect that not every streamed value is text

## Compatibility

No runtime behavior change: no producer emits anything it wasn't already
emitting, and widening a parameter type is safe for existing callers and
handlers that pass or receive `str`. The one caveat is downstream code
that subclasses a callback handler or tracer and overrides
`on_llm_new_token` with a `token: str` annotation — under strict type
checking that override is now narrower than the base and will be flagged
as incompatible with the supertype. Such code still runs unchanged; the
fix is to widen the annotation to match.
2026-06-10 16:59:08 -04:00
Christophe Bornet
720dfd3b09 chore(core): improve typing of Runnable __or__ (#34530)
`Runnable.__or__`, `Runnable.__ror__`, and their `RunnableSequence` and
`StructuredPrompt` overrides previously erased composition types: the
right-hand operand was typed `Runnable[Any, Other]`, so piping two
runnables together always produced `RunnableSerializable[Input, Any]`.
Type information was lost at every `|`, which is why chains so often
needed a `chain: Runnable = ...` annotation just to recover usable
inference.

This adds `@overload`s so the `Output` of one step flows into the
`Input` of the next and the composed result carries the real `Output`
type through. `Runnable[int, str] | Runnable[str, float]` now infers
`RunnableSerializable[int, float]` instead of `[int, Any]`.
`coerce_to_runnable` gains overloads so a `Mapping` resolves to
`RunnableParallel` while everything else stays a `Runnable`. As a
knock-on effect, dozens of now-unnecessary `: Runnable` annotations were
dropped from the test suite.

Runtime behavior is unchanged — this is a typing-only change.

## Impact on type-checked code

Most users will simply get better inference. Two changes can require a
small adjustment if you run a type checker (`mypy`, `pyright`):

### Stricter operand matching in `|`

The right-hand side of `|` is now typed `Runnable[Output, Other]` rather
than `Runnable[Any, Other]`, so the right operand's declared **input**
must match the left operand's **output**. This is more accurate, but it
surfaces a common pattern that was previously silent: piping a step that
outputs a plain `dict` into a step whose declared input is a more
specific type (for example a `TypedDict`). It still works at runtime;
the checker now reports an `[operator]` error.

If you hit this, narrow the boundary with a `cast` (or an explicit
annotation):

```python
from typing import Any, cast

from langchain_core.runnables import Runnable

# upstream outputs a dict; downstream declares a narrower input type
chain = cast("Runnable[Any, MyInput]", upstream) | downstream
```

### `list` → `Sequence` on `RunnableEach` / `map()`

`Runnable.map()` and the `invoke` / `ainvoke` methods of `RunnableEach`
now accept `Sequence[Input]` instead of `list[Input]`. Callers are
unaffected — a `list` is a `Sequence`, and tuples or other sequences now
type-check too. The only thing to adjust: if you **subclass**
`RunnableEach` (or `RunnableEachBase`) and override these methods with a
`list[...]` parameter, widen the annotation to `Sequence[...]` so the
override stays compatible with the base signature.

---------

Co-authored-by: Mason Daugherty <github@mdrxy.com>
2026-06-10 16:16:03 -04:00
Christophe Bornet
a063ec26dd chore(core): fix some any generics (#34545)
Co-authored-by: Mason Daugherty <github@mdrxy.com>
2026-06-10 15:32:14 -04:00
Christophe Bornet
3eee4002d9 refactor(langchain): refactor test_create_agent_tool_validation (#34443)
Simplify test for `create_agent` errors.
* Remove duplicate tests
* Test sync and async with common logic

---------

Co-authored-by: Mason Daugherty <github@mdrxy.com>
2026-06-10 14:42:46 -04:00
Mason Daugherty
3d3a4c27cc release(langchain): 1.3.7 (#38024) 2026-06-10 14:17:49 -04:00
Christophe Bornet
7ffe092657 style(langchain): add ruff rules ARG (#34435)
In this order:
* used `@override` when overriding a parent method.
* prefixed param with `_` when the param could be renamed.
* used `*_args, **_kwargs` when it was not possible to rename (eg:
protocol)
* used `_ = some_variable` when the variable name is inspected (in
tools)

---------

Co-authored-by: Mason Daugherty <github@mdrxy.com>
Co-authored-by: Mason Daugherty <mason@langchain.dev>
2026-06-10 14:12:38 -04:00
Alexander Olsen
92ee772761 feat(langchain): add ProviderToolSearchMiddleware (#37969)
[Docs](https://github.com/langchain-ai/docs/pull/4355)

Adds `ProviderToolSearchMiddleware` to let agents defer selected tools
behind OpenAI/Anthropic provider-native tool search while preserving
existing `extras={"defer_loading": True}` behavior. The middleware
validates searchable tool names, injects the provider search tool only
when a tool is deferred, and rejects unsupported providers up front.

Made by [Open SWE](https://openswe.vercel.app)

---------

Co-authored-by: Alexander Olsen <13665641+aolsenjazz@users.noreply.github.com>
Co-authored-by: open-swe[bot] <open-swe@users.noreply.github.com>
Co-authored-by: Mason Daugherty <github@mdrxy.com>
Co-authored-by: Mason Daugherty <mason@langchain.dev>
2026-06-10 14:03:28 -04:00
Christophe Bornet
23ce677870 chore(langchain): activate mypy warn_return_any (#34249)
Co-authored-by: Mason Daugherty <github@mdrxy.com>
2026-06-10 13:53:06 -04:00
langchain-model-profile-bot[bot]
2b4735712c chore(model-profiles): refresh model profile data (#38012)
Automated refresh of model profile data for all in-monorepo partner
integrations via `langchain-profiles refresh`.

🤖 Generated by the `refresh_model_profiles` workflow.

Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>
2026-06-10 10:57:23 -04:00
Mason Daugherty
64ee4d8154 release(groq): 1.1.3 (#38009)
Closes #37996
2026-06-10 04:12:05 +00:00
Mason Daugherty
8bc96308d0 fix(core): accept sequence tool error content (#38005)
`handle_tool_error` callables can now return structured message content
as any valid sequence, not just a mutable `list`. Valid structured
sequences are normalized to the `ToolMessage` content shape at the tool
output boundary, while invalid content still falls back to
stringification.

## Changes
- Widened `ToolExceptionHandlerOutput` from `list[str | dict[str, Any]]`
to `Sequence[MessageContentBlock]` so handlers returning `list[dict[str,
Any]]` or tuple content blocks type-check cleanly.
- Added `_normalize_message_content` to validate structured message
content and convert valid non-string sequences to the `list` shape
expected by `ToolMessage`.
- Preserved existing stringification behavior for invalid structured
content blocks instead of treating failed normalization as `None`.
- Removed the now-unused `_is_message_content_type` helper; output
formatting validates content directly through
`_normalize_message_content`.
2026-06-09 22:35:33 -04:00
Mason Daugherty
0f1b291f42 fix(core): type structured tool error handler output (#38003)
`handle_tool_error` callables can already return structured message
content at runtime, but the public typing only allowed strings. The tool
error handling API now reflects the existing output formatting path,
including clearer docs for how handled errors become
`ToolMessage(status="error")` results.
2026-06-09 21:18:19 -04:00
Mason Daugherty
77bbf8ba39 test(langchain): mark legacy trigger view for 2.0 removal (#38002)
`SummarizationMiddleware._trigger_conditions` is now explicitly marked
as a temporary compatibility view for private consumers. The regression
test is tied to the package major version so the 2.0 release path fails
loudly until the legacy attr and test are removed.
2026-06-09 21:15:36 -04:00
Mason Daugherty
e16386d3b2 release(langchain): 1.3.6 (#38001) 2026-06-09 20:50:17 -04:00
Mason Daugherty
8c5b36c851 fix(langchain): preserve summarization trigger compatibility (#38000)
`SummarizationMiddleware` now uses `_trigger_clauses` as the canonical
internal representation for AND/OR trigger evaluation while keeping
`_trigger_conditions` as a tuple-shaped compatibility view. This keeps
the new dict-style `TriggerClause` behavior intact without breaking
private consumers that still inspect the old tuple-normalized trigger
state.

## Changes
- Added `_trigger_clauses` as the source of truth for summarization
trigger evaluation, profile requirement checks, and compound AND clause
handling.
- Restored `_trigger_conditions` as a legacy compatibility projection
for tuple-expressible triggers, so tuple and single-key dict triggers
remain visible in the previous private shape.
- Avoided misrepresenting compound `TriggerClause` inputs like
`{"tokens": 1000, "messages": 5}` as independent OR-style tuple
conditions.
2026-06-09 20:49:15 -04:00
Mason Daugherty
90b2f94583 release(langchain): 1.3.5 (#37998) 2026-06-09 19:54:27 -04:00
James
05fe08201c feat(langchain): port AND-capable trigger conditions to SummarizationMiddleware (#34576)
Closes #34442

[Docs](https://github.com/langchain-ai/docs/pull/4377)

---

Add parity with LangChain.js trigger semantics for Python
`SummarizationMiddleware`. `trigger` can now express AND conditions
within a single dict-style `TriggerClause` while preserving the existing
tuple and list-of-tuples behavior.

A simple user story: a support agent is helping debug an issue over a
long conversation. One tool call may return a large log snippet, briefly
pushing the token count over a limit, but the conversation is still only
a few messages long and the recent context is valuable. Separately, the
user may send many short follow-up messages that increase message count
without using much context.

With `trigger={"tokens": 4000, "messages": 10}`, both thresholds must be
met at the same time: at least 4,000 tokens and at least 10 messages.
This means 5,000 tokens across only 3 messages does not summarize, and
20 short messages totaling only 1,000 tokens does not summarize either.
Summarization waits until the conversation is large enough by both
measures, making it less likely to discard useful recent context too
early.

## Changes

- Add `TriggerClause` support so `trigger={"tokens": 4000, "messages":
10}` only summarizes when all configured thresholds are met
- Export `TriggerClause` from `langchain.agents.middleware` so users can
import and annotate dict-style trigger clauses from the public
middleware entrypoint
- Normalize tuple and mapping trigger inputs through
`_normalize_trigger`, preserving existing `ContextSize` tuple semantics
as single-condition clauses
- Defensively copy mutable trigger list and dict inputs during
initialization so caller-side mutations do not change the middleware's
stored public configuration after construction
- Keep list inputs as OR semantics across clauses, including mixed lists
like `[{"tokens": 4000, "messages": 10}, ("messages", 50)]`
- Update `_should_summarize` to evaluate AND within each clause and OR
across clauses for `tokens`, `messages`, and `fraction`
- Update the docs and API link map so `TriggerClause` resolves in the
Python middleware docs
- Preserve tuple-trigger compatibility while allowing message-based
`keep` configurations to summarize at least one message when a trigger
fires near the cutoff boundary

AI assistance was used to help draft and refine this contribution.

---------

Co-authored-by: Mason Daugherty <mason@langchain.dev>
Co-authored-by: Mason Daugherty <github@mdrxy.com>
2026-06-09 19:30:39 -04:00
Mason Daugherty
ac18ef5871 docs(core): document multimodal handling in get_buffer_string (#37994)
Clarifies how `get_buffer_string` treats multimodal message content
across output formats. The docs now make the default prefix format's
text-only behavior explicit and point users to XML when they need
structured multimodal block representations.

This behavior may change in future iterations
2026-06-09 17:28:44 -04:00
Mason Daugherty
53f2ad18a0 release(perplexity): 1.4.0 (#37993) 2026-06-09 17:18:28 -04:00
rbuchmayer-pplx
de9502525a feat(perplexity): bind_tools and Responses-API tool round-trip (#37934)
## Summary

Follow-up to #37911 (released in `langchain-perplexity` 1.3.2). That PR
fixed the outbound `ToolMessage` / `AIMessage.tool_calls` serialization;
this one implements **`ChatPerplexity.bind_tools`**, which flips
`has_tool_calling` to `True` and lights up the full `langchain-tests`
standard tool-calling suite — the suite that would have caught #37911 in
the first place.

Verified live against the Perplexity Agent API (`openai/gpt-5.5`,
`use_responses_api=True`): a client-side function-tool round-trip
(invoke + stream) works end-to-end.

## Core change (the `bind_tools` work + the Responses-API follow-up)

- **`bind_tools`** mirrors `langchain-openai`: converts tools via
`convert_to_openai_tool`, normalizes `tool_choice`, and passes
Perplexity built-in tools (`web_search`, etc.) through unchanged.
- **`_to_responses_payload`** now translates tool turns into the
Responses (Agent) API's typed input items: `AIMessage.tool_calls` →
`function_call`, `ToolMessage` → `function_call_output`, and flattens
function tool specs. (The Responses API has no `tool` role, so this
translation is required for round-trips.)

## Changes required to make standard-suite tests pass on the Responses
route

- Streaming: `_convert_responses_stream_event_to_chunk` emits a
`tool_call_chunk` on `response.output_item.done` function calls —
required by `test_tool_calling` (which streams and asserts tool calls).
- `_content_to_text` reduces list-shaped assistant content to text in
the tool-call branch — required by `test_agent_loop` and
`test_tool_message_histories_list_content`.
- `response_metadata["model_name"]` on the Responses route, mirroring
Chat Completions — required by `test_usage_metadata` /
`test_usage_metadata_streaming` (used by `langchain_core` usage
callbacks).

## Tests

- `sonar` standard class marked `has_tool_calling=False` (the family
returns 400 "Tool calling is not supported for this model").
- New `TestPerplexityResponsesStandard` runs the full suite on
`openai/gpt-5.5` + `use_responses_api` with `has_tool_choice=False`:
**35 passed, 13 skipped, 2 xfailed**.
- The 2 xfails (`test_unicode_tool_call_integration`,
`test_structured_few_shot_examples`) hard-code `tool_choice="any"`. The
Responses (Agent) API does not support `tool_choice` (verified: every
form returns HTTP 200 without forcing a call), which `ChatPerplexity`
surfaces as `ValueError` — **existing behavior, unchanged here.**
Softening that to a warning can be a separate change.

`make format lint` clean; unit + standard tests green.

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Mason Daugherty <mason@langchain.dev>
Co-authored-by: Mason Daugherty <github@mdrxy.com>
2026-06-09 17:14:50 -04:00
Mason Daugherty
c0103c3d2c hotfix(openai): min core dep (#37990) 2026-06-09 16:32:08 -04:00
Mason Daugherty
c15cfe21b6 release(core): 1.4.3 (#37991) 2026-06-09 16:27:57 -04:00
Mason Daugherty
c7d01d5270 release(openai): 1.3.0 (#37989) 2026-06-09 16:15:29 -04:00
Nidhi Rajani
0f45b2c285 feat(openai): support apply_patch built-in tool (#37157)
[Docs](https://github.com/langchain-ai/docs/pull/4370)

Fixes #37031

Adds support for OpenAI Responses API `apply_patch` built-in tool.

This PR:
- Adds `apply_patch` to the OpenAI well-known tools list so
`bind_tools([{"type": "apply_patch"}])` works.
- Preserves `apply_patch_call` and `apply_patch_call_output` items when
converting OpenAI Responses API outputs into LangChain
`AIMessage.content`.
- Preserves the same item types in streaming `AIMessageChunk`
conversion.
- Supports round-trip input conversion for `apply_patch_call` and
`apply_patch_call_output`.
- Adds unit tests for core tool passthrough, non-streaming conversion,
streaming conversion, and round-trip input conversion.

## Testing

- `cd libs/core && uv run --group test pytest
tests/unit_tests/utils/test_function_calling.py -k "apply_patch" -vv`
- `cd libs/partners/openai && uv run --group test pytest
tests/unit_tests/chat_models/test_base.py -k "apply_patch" -vv`
- `cd libs/core && uv run --all-groups ruff check
langchain_core/utils/function_calling.py
tests/unit_tests/utils/test_function_calling.py`
- `cd libs/partners/openai && uv run --all-groups ruff check
langchain_openai/chat_models/base.py
tests/unit_tests/chat_models/test_base.py`

---------

Co-authored-by: Mason Daugherty <github@mdrxy.com>
Co-authored-by: Mason Daugherty <mason@langchain.dev>
2026-06-09 16:13:37 -04:00
langchain-model-profile-bot[bot]
7e9c916c7e chore(model-profiles): refresh model profile data (#37973)
Automated refresh of model profile data for all in-monorepo partner
integrations via `langchain-profiles refresh`.

🤖 Generated by the `refresh_model_profiles` workflow.

Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>
2026-06-09 09:59:24 -04:00
Mason Daugherty
e096992984 release(core): 1.4.2 (#37968) 2026-06-08 14:16:11 -04:00
Christophe Bornet
74c23741b0 feat(core): deprecate problematic dict() method (#31685)
`dict()` is a problematic method name as it clashes with the builtin
`dict` used as a type annotation.
This PR replaces it with an `asdict` method (inspired by dataclasses).
It also fixes a few places where `dict` must be replaced by
`builtins.dict` until the `dict()` method is removed.

---------

Co-authored-by: Mason Daugherty <github@mdrxy.com>
2026-06-08 14:11:05 -04:00
Mason Daugherty
f9f11527f6 fix(standard-tests): serialize BytesIO bodies in VCR cassettes (#37963)
The custom VCR serializer pipes the cassette dict through
`yaml.safe_dump`, which raises on stream objects — so any request with
an `io.BytesIO` body (multipart/file-upload endpoints) couldn't be
recorded. A new `_coerce_bytesio` helper walks the cassette and replaces
each `BytesIO` with its raw bytes before dumping.
2026-06-08 11:17:12 -04:00
langchain-model-profile-bot[bot]
4bd3b6ab64 chore(model-profiles): refresh model profile data (#37958)
Automated refresh of model profile data for all in-monorepo partner
integrations via `langchain-profiles refresh`.

🤖 Generated by the `refresh_model_profiles` workflow.

Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>
2026-06-08 10:09:26 -04:00
dependabot[bot]
8fed1dd641 chore: bump pyarrow from 21.0.0 to 23.0.1 in /libs/langchain_v1 (#37930)
Bumps [pyarrow](https://github.com/apache/arrow) from 21.0.0 to 23.0.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/apache/arrow/releases">pyarrow's
releases</a>.</em></p>
<blockquote>
<h2>Apache Arrow 23.0.1</h2>
<p>Release Notes URL: <a
href="https://arrow.apache.org/release/23.0.1.html">https://arrow.apache.org/release/23.0.1.html</a></p>
<h2>Apache Arrow 23.0.1 RC0</h2>
<p>Release Notes: Release Candidate: 23.0.1 RC0</p>
<h2>Apache Arrow 23.0.0</h2>
<p>Release Notes URL: <a
href="https://arrow.apache.org/release/23.0.0.html">https://arrow.apache.org/release/23.0.0.html</a></p>
<h2>Apache Arrow 23.0.0 RC2</h2>
<p>Release Notes: Release Candidate: 23.0.0 RC2</p>
<h2>Apache Arrow 22.0.0</h2>
<p>Release Notes URL: <a
href="https://arrow.apache.org/release/22.0.0.html">https://arrow.apache.org/release/22.0.0.html</a></p>
<h2>Apache Arrow 22.0.0 RC1</h2>
<p>Release Notes: Release Candidate: 22.0.0 RC1</p>
<h2>Apache Arrow 22.0.0 RC0</h2>
<p>Release Notes: Release Candidate: 22.0.0 RC0</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="82a374e5f3"><code>82a374e</code></a>
MINOR: [Release] Update versions for 23.0.1</li>
<li><a
href="c1ae37c4a5"><code>c1ae37c</code></a>
MINOR: [Release] Update .deb/.rpm changelogs for 23.0.1</li>
<li><a
href="8f6e55736f"><code>8f6e557</code></a>
MINOR: [Release] Update CHANGELOG.md for 23.0.1</li>
<li><a
href="4e16a1aeed"><code>4e16a1a</code></a>
<a
href="https://redirect.github.com/apache/arrow/issues/49159">GH-49159</a>:
[C++][Gandiva] Detect overflow in repeat() (<a
href="https://redirect.github.com/apache/arrow/issues/49160">#49160</a>)</li>
<li><a
href="985621dbfc"><code>985621d</code></a>
<a
href="https://redirect.github.com/apache/arrow/issues/48817">GH-48817</a>
[R][C++] Bump C++20 in R build infrastructure (<a
href="https://redirect.github.com/apache/arrow/issues/48819">#48819</a>)</li>
<li><a
href="1bea06ad4e"><code>1bea06a</code></a>
<a
href="https://redirect.github.com/apache/arrow/issues/49024">GH-49024</a>:
[CI] Update Debian version in <code>.env</code> (<a
href="https://redirect.github.com/apache/arrow/issues/49032">#49032</a>)</li>
<li><a
href="147bcd6d8f"><code>147bcd6</code></a>
<a
href="https://redirect.github.com/apache/arrow/issues/49156">GH-49156</a>:
[Python] Require GIL for string comparison (<a
href="https://redirect.github.com/apache/arrow/issues/49161">#49161</a>)</li>
<li><a
href="e4f922b162"><code>e4f922b</code></a>
<a
href="https://redirect.github.com/apache/arrow/issues/49138">GH-49138</a>:
[Packaging][Python] Remove nightly cython install from manylinux
wh...</li>
<li><a
href="f9376e4721"><code>f9376e4</code></a>
<a
href="https://redirect.github.com/apache/arrow/issues/49003">GH-49003</a>:
[C++] Don't consider <code>out_of_range</code> an error in float parsing
(<a
href="https://redirect.github.com/apache/arrow/issues/49095">#49095</a>)</li>
<li><a
href="ab2c0ad6b2"><code>ab2c0ad</code></a>
<a
href="https://redirect.github.com/apache/arrow/issues/49044">GH-49044</a>:
[CI][Python] Fix test_download_tzdata_on_windows by adding
required...</li>
<li>Additional commits viewable in <a
href="https://github.com/apache/arrow/compare/apache-arrow-21.0.0...apache-arrow-23.0.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyarrow&package-manager=uv&previous-version=21.0.0&new-version=23.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: John Kennedy <65985482+jkennedyvz@users.noreply.github.com>
2026-06-07 20:20:00 +00:00
langchain-model-profile-bot[bot]
9fa4d7b6a1 chore(model-profiles): refresh model profile data (#37936)
Automated refresh of model profile data for all in-monorepo partner
integrations via `langchain-profiles refresh`.

🤖 Generated by the `refresh_model_profiles` workflow.

Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>
2026-06-07 16:16:29 -04:00
dependabot[bot]
ad8c0fc4cc chore: bump pyarrow from 22.0.0 to 23.0.1 in /libs/partners/nomic (#37931)
Bumps [pyarrow](https://github.com/apache/arrow) from 22.0.0 to 23.0.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/apache/arrow/releases">pyarrow's
releases</a>.</em></p>
<blockquote>
<h2>Apache Arrow 23.0.1</h2>
<p>Release Notes URL: <a
href="https://arrow.apache.org/release/23.0.1.html">https://arrow.apache.org/release/23.0.1.html</a></p>
<h2>Apache Arrow 23.0.1 RC0</h2>
<p>Release Notes: Release Candidate: 23.0.1 RC0</p>
<h2>Apache Arrow 23.0.0</h2>
<p>Release Notes URL: <a
href="https://arrow.apache.org/release/23.0.0.html">https://arrow.apache.org/release/23.0.0.html</a></p>
<h2>Apache Arrow 23.0.0 RC2</h2>
<p>Release Notes: Release Candidate: 23.0.0 RC2</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="82a374e5f3"><code>82a374e</code></a>
MINOR: [Release] Update versions for 23.0.1</li>
<li><a
href="c1ae37c4a5"><code>c1ae37c</code></a>
MINOR: [Release] Update .deb/.rpm changelogs for 23.0.1</li>
<li><a
href="8f6e55736f"><code>8f6e557</code></a>
MINOR: [Release] Update CHANGELOG.md for 23.0.1</li>
<li><a
href="4e16a1aeed"><code>4e16a1a</code></a>
<a
href="https://redirect.github.com/apache/arrow/issues/49159">GH-49159</a>:
[C++][Gandiva] Detect overflow in repeat() (<a
href="https://redirect.github.com/apache/arrow/issues/49160">#49160</a>)</li>
<li><a
href="985621dbfc"><code>985621d</code></a>
<a
href="https://redirect.github.com/apache/arrow/issues/48817">GH-48817</a>
[R][C++] Bump C++20 in R build infrastructure (<a
href="https://redirect.github.com/apache/arrow/issues/48819">#48819</a>)</li>
<li><a
href="1bea06ad4e"><code>1bea06a</code></a>
<a
href="https://redirect.github.com/apache/arrow/issues/49024">GH-49024</a>:
[CI] Update Debian version in <code>.env</code> (<a
href="https://redirect.github.com/apache/arrow/issues/49032">#49032</a>)</li>
<li><a
href="147bcd6d8f"><code>147bcd6</code></a>
<a
href="https://redirect.github.com/apache/arrow/issues/49156">GH-49156</a>:
[Python] Require GIL for string comparison (<a
href="https://redirect.github.com/apache/arrow/issues/49161">#49161</a>)</li>
<li><a
href="e4f922b162"><code>e4f922b</code></a>
<a
href="https://redirect.github.com/apache/arrow/issues/49138">GH-49138</a>:
[Packaging][Python] Remove nightly cython install from manylinux
wh...</li>
<li><a
href="f9376e4721"><code>f9376e4</code></a>
<a
href="https://redirect.github.com/apache/arrow/issues/49003">GH-49003</a>:
[C++] Don't consider <code>out_of_range</code> an error in float parsing
(<a
href="https://redirect.github.com/apache/arrow/issues/49095">#49095</a>)</li>
<li><a
href="ab2c0ad6b2"><code>ab2c0ad</code></a>
<a
href="https://redirect.github.com/apache/arrow/issues/49044">GH-49044</a>:
[CI][Python] Fix test_download_tzdata_on_windows by adding
required...</li>
<li>Additional commits viewable in <a
href="https://github.com/apache/arrow/compare/apache-arrow-22.0.0...apache-arrow-23.0.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyarrow&package-manager=uv&previous-version=22.0.0&new-version=23.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-07 13:15:04 -07:00
dependabot[bot]
2ef987bf7d chore: bump pyarrow from 21.0.0 to 23.0.1 in /libs/langchain (#37929)
Bumps [pyarrow](https://github.com/apache/arrow) from 21.0.0 to 23.0.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/apache/arrow/releases">pyarrow's
releases</a>.</em></p>
<blockquote>
<h2>Apache Arrow 23.0.1</h2>
<p>Release Notes URL: <a
href="https://arrow.apache.org/release/23.0.1.html">https://arrow.apache.org/release/23.0.1.html</a></p>
<h2>Apache Arrow 23.0.1 RC0</h2>
<p>Release Notes: Release Candidate: 23.0.1 RC0</p>
<h2>Apache Arrow 23.0.0</h2>
<p>Release Notes URL: <a
href="https://arrow.apache.org/release/23.0.0.html">https://arrow.apache.org/release/23.0.0.html</a></p>
<h2>Apache Arrow 23.0.0 RC2</h2>
<p>Release Notes: Release Candidate: 23.0.0 RC2</p>
<h2>Apache Arrow 22.0.0</h2>
<p>Release Notes URL: <a
href="https://arrow.apache.org/release/22.0.0.html">https://arrow.apache.org/release/22.0.0.html</a></p>
<h2>Apache Arrow 22.0.0 RC1</h2>
<p>Release Notes: Release Candidate: 22.0.0 RC1</p>
<h2>Apache Arrow 22.0.0 RC0</h2>
<p>Release Notes: Release Candidate: 22.0.0 RC0</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="82a374e5f3"><code>82a374e</code></a>
MINOR: [Release] Update versions for 23.0.1</li>
<li><a
href="c1ae37c4a5"><code>c1ae37c</code></a>
MINOR: [Release] Update .deb/.rpm changelogs for 23.0.1</li>
<li><a
href="8f6e55736f"><code>8f6e557</code></a>
MINOR: [Release] Update CHANGELOG.md for 23.0.1</li>
<li><a
href="4e16a1aeed"><code>4e16a1a</code></a>
<a
href="https://redirect.github.com/apache/arrow/issues/49159">GH-49159</a>:
[C++][Gandiva] Detect overflow in repeat() (<a
href="https://redirect.github.com/apache/arrow/issues/49160">#49160</a>)</li>
<li><a
href="985621dbfc"><code>985621d</code></a>
<a
href="https://redirect.github.com/apache/arrow/issues/48817">GH-48817</a>
[R][C++] Bump C++20 in R build infrastructure (<a
href="https://redirect.github.com/apache/arrow/issues/48819">#48819</a>)</li>
<li><a
href="1bea06ad4e"><code>1bea06a</code></a>
<a
href="https://redirect.github.com/apache/arrow/issues/49024">GH-49024</a>:
[CI] Update Debian version in <code>.env</code> (<a
href="https://redirect.github.com/apache/arrow/issues/49032">#49032</a>)</li>
<li><a
href="147bcd6d8f"><code>147bcd6</code></a>
<a
href="https://redirect.github.com/apache/arrow/issues/49156">GH-49156</a>:
[Python] Require GIL for string comparison (<a
href="https://redirect.github.com/apache/arrow/issues/49161">#49161</a>)</li>
<li><a
href="e4f922b162"><code>e4f922b</code></a>
<a
href="https://redirect.github.com/apache/arrow/issues/49138">GH-49138</a>:
[Packaging][Python] Remove nightly cython install from manylinux
wh...</li>
<li><a
href="f9376e4721"><code>f9376e4</code></a>
<a
href="https://redirect.github.com/apache/arrow/issues/49003">GH-49003</a>:
[C++] Don't consider <code>out_of_range</code> an error in float parsing
(<a
href="https://redirect.github.com/apache/arrow/issues/49095">#49095</a>)</li>
<li><a
href="ab2c0ad6b2"><code>ab2c0ad</code></a>
<a
href="https://redirect.github.com/apache/arrow/issues/49044">GH-49044</a>:
[CI][Python] Fix test_download_tzdata_on_windows by adding
required...</li>
<li>Additional commits viewable in <a
href="https://github.com/apache/arrow/compare/apache-arrow-21.0.0...apache-arrow-23.0.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyarrow&package-manager=uv&previous-version=21.0.0&new-version=23.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-07 13:14:58 -07:00
Mason Daugherty
cdafe607af release(perplexity): 1.3.2 (#37925) 2026-06-05 15:18:01 -04:00
rbuchmayer-pplx
1be54cc0e1 fix(perplexity): serialize ToolMessage and AIMessage.tool_calls (#37911)
Fixes #37912

`ChatPerplexity._convert_message_to_dict` raises `TypeError` on
`ToolMessage` and drops `AIMessage.tool_calls`, which breaks
tool-message round-trips through `ChatPerplexity` — a client-side
tool-calling loop, or a shared message history across providers via
`RunnableWithFallbacks`.

Repro:

```python
from langchain_perplexity import ChatPerplexity
from langchain_core.messages import ToolMessage

ChatPerplexity(model="sonar")._convert_message_to_dict(
    ToolMessage(content="result", tool_call_id="call_1")
)
# TypeError: Got unknown type content='result' tool_call_id='call_1'
```

An `AIMessage` carrying `tool_calls` also serializes to `{"role":
"assistant", "content": ...}` with the `tool_calls` silently dropped.

This brings the converter to parity with `langchain-openai`: serialize
`tool_calls` / `invalid_tool_calls`, send `content` as `null` when
tool_calls are present, and add a `tool`-role branch for `ToolMessage`.

How I verified: added unit tests for the `ToolMessage` and
`AIMessage.tool_calls` / `invalid_tool_calls` cases; the perplexity
package unit tests, lint, and format all pass.

Scope: translating these to the Responses (Agent) API's `function_call`
/ `function_call_output` input items is a separate follow-up; this PR is
the Chat Completions serialization parity fix.

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Mason Daugherty <mason@langchain.dev>
Co-authored-by: Mason Daugherty <github@mdrxy.com>
2026-06-05 15:14:42 -04:00
Mason Daugherty
a401351e12 release(core): 1.4.1 (#37922) 2026-06-05 10:49:33 -04:00
Mason Daugherty
053c368ba4 fix(core): remove Bedrock prevalidation from load (#37909)
Removes the built-in Bedrock class init validator from `load` so Bedrock
kwargs such as `base_url` and `endpoint_url` are no longer specially
rejected during deserialization.

This keeps provider-specific SSRF policy out of core; callers should
continue to avoid untrusted manifests or use restrictive
`allowed_objects`.

Verified with `make format`, `make lint`, and the focused serialization
load unit tests.

AI-assisted contribution by Open SWE.

Made by [Open SWE](https://openswe.vercel.app)

---------

Co-authored-by: open-swe[bot] <215916821+open-swe[bot]@users.noreply.github.com>
2026-06-05 10:46:57 -04:00
langchain-model-profile-bot[bot]
0993edba86 chore(model-profiles): refresh model profile data (#37916)
Automated refresh of model profile data for all in-monorepo partner
integrations via `langchain-profiles refresh`.

🤖 Generated by the `refresh_model_profiles` workflow.

Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>
2026-06-05 10:37:10 -04:00
dependabot[bot]
6f7c8f5445 chore: bump starlette from 0.49.1 to 1.0.1 in /libs/langchain (#37899)
Bumps [starlette](https://github.com/Kludex/starlette) from 0.49.1 to
1.0.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/Kludex/starlette/releases">starlette's
releases</a>.</em></p>
<blockquote>
<h2>Version 1.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Ignore malformed <code>Host</code> header when constructing
<code>request.url</code> by <a
href="https://github.com/Kludex"><code>@​Kludex</code></a> in <a
href="https://redirect.github.com/Kludex/starlette/pull/3279">Kludex/starlette#3279</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/Kludex/starlette/compare/1.0.0...1.0.1">https://github.com/Kludex/starlette/compare/1.0.0...1.0.1</a></p>
<h2>Version 1.0.0</h2>
<p>Starlette 1.0 is here! 🎉</p>
<p>After nearly eight years since its creation, Starlette has reached
its first stable release.</p>
<p>A special thank you to <a
href="https://github.com/lovelydinosaur"><code>@​lovelydinosaur</code></a>,
the creator of Starlette, Uvicorn, HTTPX and MkDocs, whose work helped
to lay the foundation for the modern async Python ecosystem. 🙏</p>
<p>Thank you to <a
href="https://github.com/adriangb"><code>@​adriangb</code></a>, <a
href="https://github.com/graingert"><code>@​graingert</code></a>, <a
href="https://github.com/agronholm"><code>@​agronholm</code></a>, <a
href="https://github.com/florimondmanca"><code>@​florimondmanca</code></a>,
<a href="https://github.com/aminalaee"><code>@​aminalaee</code></a>, <a
href="https://github.com/tiangolo"><code>@​tiangolo</code></a>, <a
href="https://github.com/alex-oleshkevich"><code>@​alex-oleshkevich</code></a>,
<a href="https://github.com/abersheeran"><code>@​abersheeran</code></a>,
and <a href="https://github.com/uSpike"><code>@​uSpike</code></a> for
helping make Starlette what it is today. And to all my sponsors -
especially <a
href="https://github.com/tiangolo"><code>@​tiangolo</code></a>, <a
href="https://github.com/huggingface"><code>@​huggingface</code></a>,
and <a
href="https://github.com/elevenlabs"><code>@​elevenlabs</code></a> -
thank you for your support!</p>
<p>Thank you to all <a
href="https://github.com/encode/starlette/graphs/contributors">290+
contributors</a> who have shaped Starlette over the years! ❤️</p>
<p>Read more on the <a
href="https://marcelotryle.com/blog/2026/03/22/starlette-10-is-here/">blog
post</a>.</p>
<p>Check out the full release notes at <a
href="https://www.starlette.io/release-notes/#100-march-22-2026">https://www.starlette.io/release-notes/#100-march-22-2026</a></p>
<hr />
<p><strong>Full Changelog</strong>: <a
href="https://github.com/encode/starlette/compare/1.0.0rc1...1.0.0">https://github.com/encode/starlette/compare/1.0.0rc1...1.0.0</a></p>
<h2>Version 1.0.0rc1</h2>
<p>We're ready! 🚀</p>
<p>The first release candidate for Starlette 1.0 is here! After years on
ZeroVer, we're finally making the jump.</p>
<p>This release removes all deprecated features marked for 1.0.0, along
with some last-minute bug fixes.</p>
<p>A special thank you to <a
href="https://github.com/lovelydinosaur"><code>@​lovelydinosaur</code></a>,
the creator of Starlette, Uvicorn, HTTPX and MkDocs, whose work helped
to lay the foundation for the modern async Python ecosystem. 🙏</p>
<p>Thank you to <a
href="https://github.com/adriangb"><code>@​adriangb</code></a>, <a
href="https://github.com/graingert"><code>@​graingert</code></a>, <a
href="https://github.com/agronholm"><code>@​agronholm</code></a>, <a
href="https://github.com/florimondmanca"><code>@​florimondmanca</code></a>,
<a href="https://github.com/aminalaee"><code>@​aminalaee</code></a>, <a
href="https://github.com/tiangolo"><code>@​tiangolo</code></a>, <a
href="https://github.com/alex-oleshkevich"><code>@​alex-oleshkevich</code></a>,
and <a
href="https://github.com/abersheeran"><code>@​abersheeran</code></a> for
helping make Starlette what it is today. And to all my sponsors -
especially <a
href="https://github.com/tiangolo"><code>@​tiangolo</code></a>, <a
href="https://github.com/huggingface"><code>@​huggingface</code></a>,
and <a
href="https://github.com/elevenlabs"><code>@​elevenlabs</code></a> -
thank you for your support!</p>
<p>Thank you to all <a
href="https://github.com/encode/starlette/graphs/contributors">290+
contributors</a> who have shaped Starlette over the years!</p>
<p>Check out the full release notes at <a
href="https://www.starlette.io/release-notes/#100rc1-february-23-2026">https://www.starlette.io/release-notes/#100rc1-february-23-2026</a></p>
<hr />
<p><strong>Full Changelog</strong>: <a
href="https://github.com/Kludex/starlette/compare/0.52.1...1.0.0rc1">https://github.com/Kludex/starlette/compare/0.52.1...1.0.0rc1</a></p>
<h2>Version 0.52.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Only use <code>typing_extensions</code> in older Python versions by
<a href="https://github.com/Kludex"><code>@​Kludex</code></a> in <a
href="https://redirect.github.com/Kludex/starlette/pull/3109">Kludex/starlette#3109</a></li>
</ul>
<hr />
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/Kludex/starlette/blob/main/docs/release-notes.md">starlette's
changelog</a>.</em></p>
<blockquote>
<h2>1.0.1 (May 21, 2026)</h2>
<h4>Fixed</h4>
<ul>
<li>Ignore malformed <code>Host</code> header when constructing
<code>request.url</code> <a
href="https://redirect.github.com/encode/starlette/pull/3279">#3279</a>.</li>
</ul>
<h2>1.0.0 (March 22, 2026)</h2>
<p>Starlette 1.0 is here!</p>
<p>After nearly eight years since its creation, Starlette has reached
its first stable release.
Thank you to everyone who tested the release candidate and reported
issues.</p>
<p>You can read more on the <a
href="https://marcelotryle.com/blog/2026/03/22/starlette-10-is-here/">blog
post</a>.</p>
<h4>Added</h4>
<ul>
<li>Track session access and modification in
<code>SessionMiddleware</code> <a
href="https://redirect.github.com/encode/starlette/pull/3166">#3166</a>.</li>
</ul>
<h4>Fixed</h4>
<ul>
<li>Handle websocket denial responses in <code>StreamingResponse</code>
and <code>FileResponse</code> <a
href="https://redirect.github.com/encode/starlette/pull/3189">#3189</a>.</li>
<li>Use <code>bytearray</code> for field accumulation in
<code>FormParser</code> <a
href="https://redirect.github.com/encode/starlette/pull/3179">#3179</a>.</li>
<li>Move <code>parser.finalize()</code> inside try/except in
<code>MultiPartParser.parse()</code> <a
href="https://redirect.github.com/encode/starlette/pull/3153">#3153</a>.</li>
</ul>
<h2>1.0.0rc1 (February 23, 2026)</h2>
<p>We're ready! I'm thrilled to announce the first release candidate for
Starlette 1.0.</p>
<p>Starlette was created in June 2018 by Tom Christie, and has been on
ZeroVer for years. Today, it's downloaded
almost <a href="https://pypistats.org/packages/starlette">10 million
times a day</a>, serves as the foundation for FastAPI,
and has inspired many other frameworks. In the age of AI, Starlette
continues to play an important role as a
dependency of the Python MCP SDK.</p>
<p>This release focuses on removing deprecated features that were marked
for removal in 1.0.0, along with some
last minute bug fixes. It's a release candidate, so we can gather
feedback from the community before the final
1.0.0 release soon.</p>
<p>A huge thank you to all the contributors who have helped make
Starlette what it is today.
In particular, I'd like to recognize:</p>
<ul>
<li><a href="https://github.com/lovelydinosaur">Kim Christie</a> - The
original creator of Starlette, Uvicorn, and MkDocs, and the
current maintainer of HTTPX. Kim's work helped lay the foundation for
the modern async Python ecosystem.</li>
<li><a href="https://github.com/adriangb">Adrian Garcia Badaracco</a> -
One of the smartest people I know, whom I have the pleasure of working
with at Pydantic.</li>
<li><a href="https://github.com/graingert">Thomas Grainger</a> - My
async teacher, always ready to help with questions.</li>
<li><a href="https://github.com/agronholm">Alex Grönholm</a> - Another
async mentor, always prompt to help with questions.</li>
<li><a href="https://github.com/florimondmanca">Florimond Manca</a> -
Always present in the early days of both Starlette and Uvicorn, and
helped a lot in the ecosystem.</li>
<li><a href="https://github.com/aminalaee">Amin Alaee</a> - Contributed
a lot with file-related PRs.</li>
<li><a href="https://github.com/tiangolo">Sebastián Ramírez</a> -
Maintains FastAPI upstream, and always in contact to help with upstream
issues.</li>
<li><a href="https://github.com/alex-oleshkevich">Alex Oleshkevich</a> -
Helped a lot on templates and many discussions.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="48f8e331b2"><code>48f8e33</code></a>
Version 1.0.1 (<a
href="https://redirect.github.com/Kludex/starlette/issues/3281">#3281</a>)</li>
<li><a
href="f078832be1"><code>f078832</code></a>
Remove Hugging Face sponsor block from docs (<a
href="https://redirect.github.com/Kludex/starlette/issues/3280">#3280</a>)</li>
<li><a
href="472951eba8"><code>472951e</code></a>
chore(deps): bump the github-actions group with 2 updates (<a
href="https://redirect.github.com/Kludex/starlette/issues/3277">#3277</a>)</li>
<li><a
href="764dab0dcf"><code>764dab0</code></a>
Ignore malformed <code>Host</code> header when constructing
<code>request.url</code> (<a
href="https://redirect.github.com/Kludex/starlette/issues/3279">#3279</a>)</li>
<li><a
href="19d08115ce"><code>19d0811</code></a>
Harden GitHub Actions workflows and Dependabot config (<a
href="https://redirect.github.com/Kludex/starlette/issues/3276">#3276</a>)</li>
<li><a
href="01f4637812"><code>01f4637</code></a>
chore(deps): bump idna from 3.10 to 3.15 (<a
href="https://redirect.github.com/Kludex/starlette/issues/3274">#3274</a>)</li>
<li><a
href="b8fa5140d2"><code>b8fa514</code></a>
docs: fix typos in TestClient docs and test_requests comment (<a
href="https://redirect.github.com/Kludex/starlette/issues/3266">#3266</a>)</li>
<li><a
href="e935b6b5d4"><code>e935b6b</code></a>
fix uvicorn domain (<a
href="https://redirect.github.com/Kludex/starlette/issues/3269">#3269</a>)</li>
<li><a
href="96af9521a7"><code>96af952</code></a>
Add 7-day cooldown for dependency resolution via uv exclude-newer (<a
href="https://redirect.github.com/Kludex/starlette/issues/3265">#3265</a>)</li>
<li><a
href="61e385bd6d"><code>61e385b</code></a>
Add zizmor GitHub Actions security analysis workflow (<a
href="https://redirect.github.com/Kludex/starlette/issues/3264">#3264</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/Kludex/starlette/compare/0.49.1...1.0.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=starlette&package-manager=uv&previous-version=0.49.1&new-version=1.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-04 15:52:20 -04:00
Mason Daugherty
586bcd46a1 docs(core): expand and link ModelProfile docstrings (#37904)
Rewrote the `ModelProfile` docstrings to point readers at canonical
docs. The class docstring now explains how profiles are accessed and
where the data comes from, and several terse field docstrings gain a
one-line clarification or a link to the relevant guide.
2026-06-04 15:43:22 -04:00
dependabot[bot]
9eab5237cc chore: bump requests from 2.34.0 to 2.34.2 in /libs/partners/xai (#37903)
Bumps [requests](https://github.com/psf/requests) from 2.34.0 to 2.34.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/releases">requests's
releases</a>.</em></p>
<blockquote>
<h2>v2.34.2</h2>
<h2>2.34.2 (2026-05-14)</h2>
<ul>
<li>Moved <code>headers</code> input type back to <code>Mapping</code>
to avoid invariance issues with <code>MutableMapping</code> and inferred
dict types. Users calling <code>Request.headers.update()</code> may need
to narrow typing in their code. (<a
href="https://redirect.github.com/psf/requests/issues/7441">#7441</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14">https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14</a></p>
<h2>v2.34.1</h2>
<h2>2.34.1 (2026-05-13)</h2>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Widened <code>json</code> input type from <code>dict</code> and
<code>list</code> to <code>Mapping</code>
and <code>Sequence</code>. (<a
href="https://redirect.github.com/psf/requests/issues/7436">#7436</a>)</li>
<li>Changed <code>headers</code> input type to MutableMapping and
removed <code>None</code> from
<code>Request.headers</code> typing to improve handling for users. (<a
href="https://redirect.github.com/psf/requests/issues/7431">#7431</a>)</li>
<li><code>Response.reason</code> moved from <code>str | None</code> to
<code>str</code> to improve handling
for users. (<a
href="https://redirect.github.com/psf/requests/issues/7437">#7437</a>)</li>
<li>Fixed a bug where some bodies with custom <code>__getattr__</code>
implementations
weren't being properly detected as Iterables. (<a
href="https://redirect.github.com/psf/requests/issues/7433">#7433</a>)</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/k223kim"><code>@​k223kim</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/7433">psf/requests#7433</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13">https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's
changelog</a>.</em></p>
<blockquote>
<h2>2.34.2 (2026-05-14)</h2>
<ul>
<li>Moved <code>headers</code> input type back to <code>Mapping</code>
to avoid invariance issues
with <code>MutableMapping</code> and inferred dict types. Users calling
<code>Request.headers.update()</code> may need to narrow typing in their
code. (<a
href="https://redirect.github.com/psf/requests/issues/7441">#7441</a>)</li>
</ul>
<h2>2.34.1 (2026-05-13)</h2>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Widened <code>json</code> input type from <code>dict</code> and
<code>list</code> to <code>Mapping</code>
and <code>Sequence</code>. (<a
href="https://redirect.github.com/psf/requests/issues/7436">#7436</a>)</li>
<li>Changed <code>headers</code> input type to MutableMapping and
removed <code>None</code> from
<code>Request.headers</code> typing to improve handling for users. (<a
href="https://redirect.github.com/psf/requests/issues/7431">#7431</a>)</li>
<li><code>Response.reason</code> moved from <code>str | None</code> to
<code>str</code> to improve handling
for users. (<a
href="https://redirect.github.com/psf/requests/issues/7437">#7437</a>)</li>
<li>Fixed a bug where some bodies with custom <code>__getattr__</code>
implementations
weren't being properly detected as Iterables. (<a
href="https://redirect.github.com/psf/requests/issues/7433">#7433</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6e83187b8f"><code>6e83187</code></a>
v2.34.2</li>
<li><a
href="84d10f0be8"><code>84d10f0</code></a>
Move Request.headers back to Mapping (<a
href="https://redirect.github.com/psf/requests/issues/7441">#7441</a>)</li>
<li><a
href="b7b549b545"><code>b7b549b</code></a>
v2.34.1</li>
<li><a
href="e511bc7277"><code>e511bc7</code></a>
Fix mutability issues with headers input types (<a
href="https://redirect.github.com/psf/requests/issues/7431">#7431</a>)</li>
<li><a
href="5691f59613"><code>5691f59</code></a>
Update JsonType containers to read-based collections (<a
href="https://redirect.github.com/psf/requests/issues/7436">#7436</a>)</li>
<li><a
href="2144213c30"><code>2144213</code></a>
Constrain Response.reason to str (<a
href="https://redirect.github.com/psf/requests/issues/7437">#7437</a>)</li>
<li><a
href="6404f345e5"><code>6404f34</code></a>
Fix <code>prepare_body</code> stream detection for
<code>__getattr__</code>-based file wrappers (<a
href="https://redirect.github.com/psf/requests/issues/7">#7</a>...</li>
<li>See full diff in <a
href="https://github.com/psf/requests/compare/v2.34.0...v2.34.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=requests&package-manager=uv&previous-version=2.34.0&new-version=2.34.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-04 14:30:03 -04:00