mirror of
https://github.com/hwchase17/langchain.git
synced 2026-07-01 14:47:02 +00:00
langchain-perplexity==1.4.0
16122 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
|
53f2ad18a0 | release(perplexity): 1.4.0 (#37993) langchain-perplexity==1.4.0 | ||
|
|
de9502525a |
feat(perplexity): bind_tools and Responses-API tool round-trip (#37934)
## Summary Follow-up to #37911 (released in `langchain-perplexity` 1.3.2). That PR fixed the outbound `ToolMessage` / `AIMessage.tool_calls` serialization; this one implements **`ChatPerplexity.bind_tools`**, which flips `has_tool_calling` to `True` and lights up the full `langchain-tests` standard tool-calling suite — the suite that would have caught #37911 in the first place. Verified live against the Perplexity Agent API (`openai/gpt-5.5`, `use_responses_api=True`): a client-side function-tool round-trip (invoke + stream) works end-to-end. ## Core change (the `bind_tools` work + the Responses-API follow-up) - **`bind_tools`** mirrors `langchain-openai`: converts tools via `convert_to_openai_tool`, normalizes `tool_choice`, and passes Perplexity built-in tools (`web_search`, etc.) through unchanged. - **`_to_responses_payload`** now translates tool turns into the Responses (Agent) API's typed input items: `AIMessage.tool_calls` → `function_call`, `ToolMessage` → `function_call_output`, and flattens function tool specs. (The Responses API has no `tool` role, so this translation is required for round-trips.) ## Changes required to make standard-suite tests pass on the Responses route - Streaming: `_convert_responses_stream_event_to_chunk` emits a `tool_call_chunk` on `response.output_item.done` function calls — required by `test_tool_calling` (which streams and asserts tool calls). - `_content_to_text` reduces list-shaped assistant content to text in the tool-call branch — required by `test_agent_loop` and `test_tool_message_histories_list_content`. - `response_metadata["model_name"]` on the Responses route, mirroring Chat Completions — required by `test_usage_metadata` / `test_usage_metadata_streaming` (used by `langchain_core` usage callbacks). ## Tests - `sonar` standard class marked `has_tool_calling=False` (the family returns 400 "Tool calling is not supported for this model"). - New `TestPerplexityResponsesStandard` runs the full suite on `openai/gpt-5.5` + `use_responses_api` with `has_tool_choice=False`: **35 passed, 13 skipped, 2 xfailed**. - The 2 xfails (`test_unicode_tool_call_integration`, `test_structured_few_shot_examples`) hard-code `tool_choice="any"`. The Responses (Agent) API does not support `tool_choice` (verified: every form returns HTTP 200 without forcing a call), which `ChatPerplexity` surfaces as `ValueError` — **existing behavior, unchanged here.** Softening that to a warning can be a separate change. `make format lint` clean; unit + standard tests green. --------- Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com> Co-authored-by: Mason Daugherty <mason@langchain.dev> Co-authored-by: Mason Daugherty <github@mdrxy.com> |
||
|
|
fac194b34f |
ci(infra): restore release validation coverage (#37992)
Release validation now covers the release paths that were intended but not actually exercised. Manual core and `langchain_v1` releases use short dropdown inputs, so the dependent-package test gate needs to match those values in addition to full `libs/...` paths. |
||
|
|
c0103c3d2c | hotfix(openai): min core dep (#37990) langchain-openai==1.3.0 | ||
|
|
c15cfe21b6 | release(core): 1.4.3 (#37991) langchain-core==1.4.3 | ||
|
|
c7d01d5270 | release(openai): 1.3.0 (#37989) | ||
|
|
0f45b2c285 |
feat(openai): support apply_patch built-in tool (#37157)
[Docs](https://github.com/langchain-ai/docs/pull/4370) Fixes #37031 Adds support for OpenAI Responses API `apply_patch` built-in tool. This PR: - Adds `apply_patch` to the OpenAI well-known tools list so `bind_tools([{"type": "apply_patch"}])` works. - Preserves `apply_patch_call` and `apply_patch_call_output` items when converting OpenAI Responses API outputs into LangChain `AIMessage.content`. - Preserves the same item types in streaming `AIMessageChunk` conversion. - Supports round-trip input conversion for `apply_patch_call` and `apply_patch_call_output`. - Adds unit tests for core tool passthrough, non-streaming conversion, streaming conversion, and round-trip input conversion. ## Testing - `cd libs/core && uv run --group test pytest tests/unit_tests/utils/test_function_calling.py -k "apply_patch" -vv` - `cd libs/partners/openai && uv run --group test pytest tests/unit_tests/chat_models/test_base.py -k "apply_patch" -vv` - `cd libs/core && uv run --all-groups ruff check langchain_core/utils/function_calling.py tests/unit_tests/utils/test_function_calling.py` - `cd libs/partners/openai && uv run --all-groups ruff check langchain_openai/chat_models/base.py tests/unit_tests/chat_models/test_base.py` --------- Co-authored-by: Mason Daugherty <github@mdrxy.com> Co-authored-by: Mason Daugherty <mason@langchain.dev> |
||
|
|
7e9c916c7e |
chore(model-profiles): refresh model profile data (#37973)
Automated refresh of model profile data for all in-monorepo partner integrations via `langchain-profiles refresh`. 🤖 Generated by the `refresh_model_profiles` workflow. Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com> |
||
|
|
e096992984 | release(core): 1.4.2 (#37968) langchain-core==1.4.2 | ||
|
|
74c23741b0 |
feat(core): deprecate problematic dict() method (#31685)
`dict()` is a problematic method name as it clashes with the builtin `dict` used as a type annotation. This PR replaces it with an `asdict` method (inspired by dataclasses). It also fixes a few places where `dict` must be replaced by `builtins.dict` until the `dict()` method is removed. --------- Co-authored-by: Mason Daugherty <github@mdrxy.com> |
||
|
|
f9f11527f6 |
fix(standard-tests): serialize BytesIO bodies in VCR cassettes (#37963)
The custom VCR serializer pipes the cassette dict through `yaml.safe_dump`, which raises on stream objects — so any request with an `io.BytesIO` body (multipart/file-upload endpoints) couldn't be recorded. A new `_coerce_bytesio` helper walks the cassette and replaces each `BytesIO` with its raw bytes before dumping. |
||
|
|
4bd3b6ab64 |
chore(model-profiles): refresh model profile data (#37958)
Automated refresh of model profile data for all in-monorepo partner integrations via `langchain-profiles refresh`. 🤖 Generated by the `refresh_model_profiles` workflow. Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com> |
||
|
|
8fed1dd641 |
chore: bump pyarrow from 21.0.0 to 23.0.1 in /libs/langchain_v1 (#37930)
Bumps [pyarrow](https://github.com/apache/arrow) from 21.0.0 to 23.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/apache/arrow/releases">pyarrow's releases</a>.</em></p> <blockquote> <h2>Apache Arrow 23.0.1</h2> <p>Release Notes URL: <a href="https://arrow.apache.org/release/23.0.1.html">https://arrow.apache.org/release/23.0.1.html</a></p> <h2>Apache Arrow 23.0.1 RC0</h2> <p>Release Notes: Release Candidate: 23.0.1 RC0</p> <h2>Apache Arrow 23.0.0</h2> <p>Release Notes URL: <a href="https://arrow.apache.org/release/23.0.0.html">https://arrow.apache.org/release/23.0.0.html</a></p> <h2>Apache Arrow 23.0.0 RC2</h2> <p>Release Notes: Release Candidate: 23.0.0 RC2</p> <h2>Apache Arrow 22.0.0</h2> <p>Release Notes URL: <a href="https://arrow.apache.org/release/22.0.0.html">https://arrow.apache.org/release/22.0.0.html</a></p> <h2>Apache Arrow 22.0.0 RC1</h2> <p>Release Notes: Release Candidate: 22.0.0 RC1</p> <h2>Apache Arrow 22.0.0 RC0</h2> <p>Release Notes: Release Candidate: 22.0.0 RC0</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
9fa4d7b6a1 |
chore(model-profiles): refresh model profile data (#37936)
Automated refresh of model profile data for all in-monorepo partner integrations via `langchain-profiles refresh`. 🤖 Generated by the `refresh_model_profiles` workflow. Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com> |
||
|
|
ad8c0fc4cc |
chore: bump pyarrow from 22.0.0 to 23.0.1 in /libs/partners/nomic (#37931)
Bumps [pyarrow](https://github.com/apache/arrow) from 22.0.0 to 23.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/apache/arrow/releases">pyarrow's releases</a>.</em></p> <blockquote> <h2>Apache Arrow 23.0.1</h2> <p>Release Notes URL: <a href="https://arrow.apache.org/release/23.0.1.html">https://arrow.apache.org/release/23.0.1.html</a></p> <h2>Apache Arrow 23.0.1 RC0</h2> <p>Release Notes: Release Candidate: 23.0.1 RC0</p> <h2>Apache Arrow 23.0.0</h2> <p>Release Notes URL: <a href="https://arrow.apache.org/release/23.0.0.html">https://arrow.apache.org/release/23.0.0.html</a></p> <h2>Apache Arrow 23.0.0 RC2</h2> <p>Release Notes: Release Candidate: 23.0.0 RC2</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
2ef987bf7d |
chore: bump pyarrow from 21.0.0 to 23.0.1 in /libs/langchain (#37929)
Bumps [pyarrow](https://github.com/apache/arrow) from 21.0.0 to 23.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/apache/arrow/releases">pyarrow's releases</a>.</em></p> <blockquote> <h2>Apache Arrow 23.0.1</h2> <p>Release Notes URL: <a href="https://arrow.apache.org/release/23.0.1.html">https://arrow.apache.org/release/23.0.1.html</a></p> <h2>Apache Arrow 23.0.1 RC0</h2> <p>Release Notes: Release Candidate: 23.0.1 RC0</p> <h2>Apache Arrow 23.0.0</h2> <p>Release Notes URL: <a href="https://arrow.apache.org/release/23.0.0.html">https://arrow.apache.org/release/23.0.0.html</a></p> <h2>Apache Arrow 23.0.0 RC2</h2> <p>Release Notes: Release Candidate: 23.0.0 RC2</p> <h2>Apache Arrow 22.0.0</h2> <p>Release Notes URL: <a href="https://arrow.apache.org/release/22.0.0.html">https://arrow.apache.org/release/22.0.0.html</a></p> <h2>Apache Arrow 22.0.0 RC1</h2> <p>Release Notes: Release Candidate: 22.0.0 RC1</p> <h2>Apache Arrow 22.0.0 RC0</h2> <p>Release Notes: Release Candidate: 22.0.0 RC0</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
cdafe607af | release(perplexity): 1.3.2 (#37925) langchain-perplexity==1.3.2 | ||
|
|
1be54cc0e1 |
fix(perplexity): serialize ToolMessage and AIMessage.tool_calls (#37911)
Fixes #37912 `ChatPerplexity._convert_message_to_dict` raises `TypeError` on `ToolMessage` and drops `AIMessage.tool_calls`, which breaks tool-message round-trips through `ChatPerplexity` — a client-side tool-calling loop, or a shared message history across providers via `RunnableWithFallbacks`. Repro: ```python from langchain_perplexity import ChatPerplexity from langchain_core.messages import ToolMessage ChatPerplexity(model="sonar")._convert_message_to_dict( ToolMessage(content="result", tool_call_id="call_1") ) # TypeError: Got unknown type content='result' tool_call_id='call_1' ``` An `AIMessage` carrying `tool_calls` also serializes to `{"role": "assistant", "content": ...}` with the `tool_calls` silently dropped. This brings the converter to parity with `langchain-openai`: serialize `tool_calls` / `invalid_tool_calls`, send `content` as `null` when tool_calls are present, and add a `tool`-role branch for `ToolMessage`. How I verified: added unit tests for the `ToolMessage` and `AIMessage.tool_calls` / `invalid_tool_calls` cases; the perplexity package unit tests, lint, and format all pass. Scope: translating these to the Responses (Agent) API's `function_call` / `function_call_output` input items is a separate follow-up; this PR is the Chat Completions serialization parity fix. --------- Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com> Co-authored-by: Mason Daugherty <mason@langchain.dev> Co-authored-by: Mason Daugherty <github@mdrxy.com> |
||
|
|
1d09011b1d |
ci(infra): gate PyPI publish on prior-partner tests (#37923)
The `🚀 Publish to PyPI` job no longer starts until `🔄 Test prior partners against new core` finishes. Previously that dependency was commented out, so a core release could publish to PyPI in parallel with—or before—the integration tests that install the new unreleased core against already-published partner packages, defeating their purpose as a pre-publish gate. ## Changes - Add `test-prior-published-packages-against-new-core` to the `publish` job's `needs`, so publishing blocks on those partner integration tests completing. - The existing `if: ${{ !cancelled() && !failure() }}` guard is unchanged: publish proceeds only if the gate **succeeded or was skipped**, and fails closed if the partner tests fail. For non-core releases the partner-test job short-circuits with `exit 0`, so this adds no friction outside `libs/core` releases. |
||
|
|
a401351e12 | release(core): 1.4.1 (#37922) langchain-core==1.4.1 | ||
|
|
053c368ba4 |
fix(core): remove Bedrock prevalidation from load (#37909)
Removes the built-in Bedrock class init validator from `load` so Bedrock kwargs such as `base_url` and `endpoint_url` are no longer specially rejected during deserialization. This keeps provider-specific SSRF policy out of core; callers should continue to avoid untrusted manifests or use restrictive `allowed_objects`. Verified with `make format`, `make lint`, and the focused serialization load unit tests. AI-assisted contribution by Open SWE. Made by [Open SWE](https://openswe.vercel.app) --------- Co-authored-by: open-swe[bot] <215916821+open-swe[bot]@users.noreply.github.com> |
||
|
|
0993edba86 |
chore(model-profiles): refresh model profile data (#37916)
Automated refresh of model profile data for all in-monorepo partner integrations via `langchain-profiles refresh`. 🤖 Generated by the `refresh_model_profiles` workflow. Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com> |
||
|
|
6f7c8f5445 |
chore: bump starlette from 0.49.1 to 1.0.1 in /libs/langchain (#37899)
Bumps [starlette](https://github.com/Kludex/starlette) from 0.49.1 to 1.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Kludex/starlette/releases">starlette's releases</a>.</em></p> <blockquote> <h2>Version 1.0.1</h2> <h2>What's Changed</h2> <ul> <li>Ignore malformed <code>Host</code> header when constructing <code>request.url</code> by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/starlette/pull/3279">Kludex/starlette#3279</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/starlette/compare/1.0.0...1.0.1">https://github.com/Kludex/starlette/compare/1.0.0...1.0.1</a></p> <h2>Version 1.0.0</h2> <p>Starlette 1.0 is here! 🎉</p> <p>After nearly eight years since its creation, Starlette has reached its first stable release.</p> <p>A special thank you to <a href="https://github.com/lovelydinosaur"><code>@lovelydinosaur</code></a>, the creator of Starlette, Uvicorn, HTTPX and MkDocs, whose work helped to lay the foundation for the modern async Python ecosystem. 🙏</p> <p>Thank you to <a href="https://github.com/adriangb"><code>@adriangb</code></a>, <a href="https://github.com/graingert"><code>@graingert</code></a>, <a href="https://github.com/agronholm"><code>@agronholm</code></a>, <a href="https://github.com/florimondmanca"><code>@florimondmanca</code></a>, <a href="https://github.com/aminalaee"><code>@aminalaee</code></a>, <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>, <a href="https://github.com/alex-oleshkevich"><code>@alex-oleshkevich</code></a>, <a href="https://github.com/abersheeran"><code>@abersheeran</code></a>, and <a href="https://github.com/uSpike"><code>@uSpike</code></a> for helping make Starlette what it is today. And to all my sponsors - especially <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>, <a href="https://github.com/huggingface"><code>@huggingface</code></a>, and <a href="https://github.com/elevenlabs"><code>@elevenlabs</code></a> - thank you for your support!</p> <p>Thank you to all <a href="https://github.com/encode/starlette/graphs/contributors">290+ contributors</a> who have shaped Starlette over the years! ❤️</p> <p>Read more on the <a href="https://marcelotryle.com/blog/2026/03/22/starlette-10-is-here/">blog post</a>.</p> <p>Check out the full release notes at <a href="https://www.starlette.io/release-notes/#100-march-22-2026">https://www.starlette.io/release-notes/#100-march-22-2026</a></p> <hr /> <p><strong>Full Changelog</strong>: <a href="https://github.com/encode/starlette/compare/1.0.0rc1...1.0.0">https://github.com/encode/starlette/compare/1.0.0rc1...1.0.0</a></p> <h2>Version 1.0.0rc1</h2> <p>We're ready! 🚀</p> <p>The first release candidate for Starlette 1.0 is here! After years on ZeroVer, we're finally making the jump.</p> <p>This release removes all deprecated features marked for 1.0.0, along with some last-minute bug fixes.</p> <p>A special thank you to <a href="https://github.com/lovelydinosaur"><code>@lovelydinosaur</code></a>, the creator of Starlette, Uvicorn, HTTPX and MkDocs, whose work helped to lay the foundation for the modern async Python ecosystem. 🙏</p> <p>Thank you to <a href="https://github.com/adriangb"><code>@adriangb</code></a>, <a href="https://github.com/graingert"><code>@graingert</code></a>, <a href="https://github.com/agronholm"><code>@agronholm</code></a>, <a href="https://github.com/florimondmanca"><code>@florimondmanca</code></a>, <a href="https://github.com/aminalaee"><code>@aminalaee</code></a>, <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>, <a href="https://github.com/alex-oleshkevich"><code>@alex-oleshkevich</code></a>, and <a href="https://github.com/abersheeran"><code>@abersheeran</code></a> for helping make Starlette what it is today. And to all my sponsors - especially <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>, <a href="https://github.com/huggingface"><code>@huggingface</code></a>, and <a href="https://github.com/elevenlabs"><code>@elevenlabs</code></a> - thank you for your support!</p> <p>Thank you to all <a href="https://github.com/encode/starlette/graphs/contributors">290+ contributors</a> who have shaped Starlette over the years!</p> <p>Check out the full release notes at <a href="https://www.starlette.io/release-notes/#100rc1-february-23-2026">https://www.starlette.io/release-notes/#100rc1-february-23-2026</a></p> <hr /> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/starlette/compare/0.52.1...1.0.0rc1">https://github.com/Kludex/starlette/compare/0.52.1...1.0.0rc1</a></p> <h2>Version 0.52.1</h2> <h2>What's Changed</h2> <ul> <li>Only use <code>typing_extensions</code> in older Python versions by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/starlette/pull/3109">Kludex/starlette#3109</a></li> </ul> <hr /> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Kludex/starlette/blob/main/docs/release-notes.md">starlette's changelog</a>.</em></p> <blockquote> <h2>1.0.1 (May 21, 2026)</h2> <h4>Fixed</h4> <ul> <li>Ignore malformed <code>Host</code> header when constructing <code>request.url</code> <a href="https://redirect.github.com/encode/starlette/pull/3279">#3279</a>.</li> </ul> <h2>1.0.0 (March 22, 2026)</h2> <p>Starlette 1.0 is here!</p> <p>After nearly eight years since its creation, Starlette has reached its first stable release. Thank you to everyone who tested the release candidate and reported issues.</p> <p>You can read more on the <a href="https://marcelotryle.com/blog/2026/03/22/starlette-10-is-here/">blog post</a>.</p> <h4>Added</h4> <ul> <li>Track session access and modification in <code>SessionMiddleware</code> <a href="https://redirect.github.com/encode/starlette/pull/3166">#3166</a>.</li> </ul> <h4>Fixed</h4> <ul> <li>Handle websocket denial responses in <code>StreamingResponse</code> and <code>FileResponse</code> <a href="https://redirect.github.com/encode/starlette/pull/3189">#3189</a>.</li> <li>Use <code>bytearray</code> for field accumulation in <code>FormParser</code> <a href="https://redirect.github.com/encode/starlette/pull/3179">#3179</a>.</li> <li>Move <code>parser.finalize()</code> inside try/except in <code>MultiPartParser.parse()</code> <a href="https://redirect.github.com/encode/starlette/pull/3153">#3153</a>.</li> </ul> <h2>1.0.0rc1 (February 23, 2026)</h2> <p>We're ready! I'm thrilled to announce the first release candidate for Starlette 1.0.</p> <p>Starlette was created in June 2018 by Tom Christie, and has been on ZeroVer for years. Today, it's downloaded almost <a href="https://pypistats.org/packages/starlette">10 million times a day</a>, serves as the foundation for FastAPI, and has inspired many other frameworks. In the age of AI, Starlette continues to play an important role as a dependency of the Python MCP SDK.</p> <p>This release focuses on removing deprecated features that were marked for removal in 1.0.0, along with some last minute bug fixes. It's a release candidate, so we can gather feedback from the community before the final 1.0.0 release soon.</p> <p>A huge thank you to all the contributors who have helped make Starlette what it is today. In particular, I'd like to recognize:</p> <ul> <li><a href="https://github.com/lovelydinosaur">Kim Christie</a> - The original creator of Starlette, Uvicorn, and MkDocs, and the current maintainer of HTTPX. Kim's work helped lay the foundation for the modern async Python ecosystem.</li> <li><a href="https://github.com/adriangb">Adrian Garcia Badaracco</a> - One of the smartest people I know, whom I have the pleasure of working with at Pydantic.</li> <li><a href="https://github.com/graingert">Thomas Grainger</a> - My async teacher, always ready to help with questions.</li> <li><a href="https://github.com/agronholm">Alex Grönholm</a> - Another async mentor, always prompt to help with questions.</li> <li><a href="https://github.com/florimondmanca">Florimond Manca</a> - Always present in the early days of both Starlette and Uvicorn, and helped a lot in the ecosystem.</li> <li><a href="https://github.com/aminalaee">Amin Alaee</a> - Contributed a lot with file-related PRs.</li> <li><a href="https://github.com/tiangolo">Sebastián Ramírez</a> - Maintains FastAPI upstream, and always in contact to help with upstream issues.</li> <li><a href="https://github.com/alex-oleshkevich">Alex Oleshkevich</a> - Helped a lot on templates and many discussions.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
586bcd46a1 |
docs(core): expand and link ModelProfile docstrings (#37904)
Rewrote the `ModelProfile` docstrings to point readers at canonical docs. The class docstring now explains how profiles are accessed and where the data comes from, and several terse field docstrings gain a one-line clarification or a link to the relevant guide. |
||
|
|
9eab5237cc |
chore: bump requests from 2.34.0 to 2.34.2 in /libs/partners/xai (#37903)
Bumps [requests](https://github.com/psf/requests) from 2.34.0 to 2.34.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.34.2</h2> <h2>2.34.2 (2026-05-14)</h2> <ul> <li>Moved <code>headers</code> input type back to <code>Mapping</code> to avoid invariance issues with <code>MutableMapping</code> and inferred dict types. Users calling <code>Request.headers.update()</code> may need to narrow typing in their code. (<a href="https://redirect.github.com/psf/requests/issues/7441">#7441</a>)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14">https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14</a></p> <h2>v2.34.1</h2> <h2>2.34.1 (2026-05-13)</h2> <p><strong>Bugfixes</strong></p> <ul> <li>Widened <code>json</code> input type from <code>dict</code> and <code>list</code> to <code>Mapping</code> and <code>Sequence</code>. (<a href="https://redirect.github.com/psf/requests/issues/7436">#7436</a>)</li> <li>Changed <code>headers</code> input type to MutableMapping and removed <code>None</code> from <code>Request.headers</code> typing to improve handling for users. (<a href="https://redirect.github.com/psf/requests/issues/7431">#7431</a>)</li> <li><code>Response.reason</code> moved from <code>str | None</code> to <code>str</code> to improve handling for users. (<a href="https://redirect.github.com/psf/requests/issues/7437">#7437</a>)</li> <li>Fixed a bug where some bodies with custom <code>__getattr__</code> implementations weren't being properly detected as Iterables. (<a href="https://redirect.github.com/psf/requests/issues/7433">#7433</a>)</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/k223kim"><code>@k223kim</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7433">psf/requests#7433</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13">https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.34.2 (2026-05-14)</h2> <ul> <li>Moved <code>headers</code> input type back to <code>Mapping</code> to avoid invariance issues with <code>MutableMapping</code> and inferred dict types. Users calling <code>Request.headers.update()</code> may need to narrow typing in their code. (<a href="https://redirect.github.com/psf/requests/issues/7441">#7441</a>)</li> </ul> <h2>2.34.1 (2026-05-13)</h2> <p><strong>Bugfixes</strong></p> <ul> <li>Widened <code>json</code> input type from <code>dict</code> and <code>list</code> to <code>Mapping</code> and <code>Sequence</code>. (<a href="https://redirect.github.com/psf/requests/issues/7436">#7436</a>)</li> <li>Changed <code>headers</code> input type to MutableMapping and removed <code>None</code> from <code>Request.headers</code> typing to improve handling for users. (<a href="https://redirect.github.com/psf/requests/issues/7431">#7431</a>)</li> <li><code>Response.reason</code> moved from <code>str | None</code> to <code>str</code> to improve handling for users. (<a href="https://redirect.github.com/psf/requests/issues/7437">#7437</a>)</li> <li>Fixed a bug where some bodies with custom <code>__getattr__</code> implementations weren't being properly detected as Iterables. (<a href="https://redirect.github.com/psf/requests/issues/7433">#7433</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
be2e8f70bc |
ci(infra): add exclude input to skip libs in scheduled integration tests (#37902)
|
||
|
|
3b999176c8 |
test(langchain,partners): disable pytest-benchmark under xdist to silence PytestBenchmarkWarning (#37901)
Test targets run with `-n auto`, which makes `pytest-benchmark` (present via `langchain-tests`) auto-disable itself and emit a `PytestBenchmarkWarning` once per xdist worker. Passing `--benchmark-disable` turns the plugin off explicitly so the warning never fires, matching what `core` and `langchain_v1` already do. ## Changes - Add `--benchmark-disable` to the `-n auto` test targets across `langchain` (unit) and 14 partner packages' integration targets: `anthropic`, `chroma`, `deepseek`, `exa`, `fireworks`, `groq`, `huggingface`, `mistralai`, `nomic`, `ollama`, `openai`, `openrouter`, `qdrant`, `xai`. - Deliberately excluded `text-splitters` and `model-profiles`: their `test` group doesn't install `pytest-benchmark`, so the flag would fail with `unrecognized arguments`. Verified by importing the plugin under each package's actual dependency group before editing. |
||
|
|
34af59c1a6 |
fix(partners): cap aiohttp below 3.14 for vcrpy compat (#37898)
aiohttp **3.14.0** (released 2026-06-01) removed `aiohttp.streams.AsyncStreamReaderMixin`. The current release of `vcrpy` (8.1.1) still subclasses it in its aiohttp stub: ```python class MockStream(asyncio.StreamReader, streams.AsyncStreamReaderMixin): ``` As a result, the VCR fixture fails to import during test setup, and the scheduled integration tests for the `fireworks` and `xai` partners error out at `test_stream_time`: ``` AttributeError: module 'aiohttp.streams' has no attribute 'AsyncStreamReaderMixin' ``` Only these two partners are affected because their SDKs use `aiohttp`, so VCR loads its aiohttp stub; partners on `httpx` (e.g. `anthropic`, `openai`) are unaffected. This is an upstream incompatibility tracked at kevin1024/vcrpy#995, with a fix in kevin1024/vcrpy#996 that has not yet been released. Until a fixed `vcrpy` ships, this caps `aiohttp<3.14.0` via `[tool.uv] constraint-dependencies` (the same mechanism already used for the `pygments` CVE pin) in both packages. Using a constraint rather than tightening the published `aiohttp>=3.9.1,<4.0.0` range means the change only affects local/CI resolution — the package metadata users install against is untouched. Both lockfiles re-resolve to `aiohttp` 3.13.5, which still provides the removed attribute. A code comment points back to the upstream fix so the pin can be removed once it lands. |
||
|
|
414d7b8e94 |
chore(model-profiles): refresh model profile data (#37895)
Automated refresh of model profile data for all in-monorepo partner integrations via `langchain-profiles refresh`. 🤖 Generated by the `refresh_model_profiles` workflow. Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com> |
||
|
|
bae485bd5e |
chore: bump dependencies (#37892)
## Summary - Bump `langsmith` in `libs/partners/huggingface/uv.lock` from 0.7.31 to 0.8.9 - Bump `langchain-classic` in `libs/langchain_v1/uv.lock` from 1.0.0 to 1.0.7 - Bump transitive `langsmith` in `libs/langchain_v1/uv.lock` from 0.8.0 to 0.8.9 ## Notes - The open Chroma alert currently has no patched version in GitHub Dependabot metadata. `chromadb` is already at 1.5.9 on `master`, and PyPI shows 1.5.9 as the latest available release. ## Testing - `uv lock --check` in `libs/partners/huggingface` - `uv lock --check` in `libs/langchain_v1` - `uv lock --check` in `libs/partners/chroma` - `git diff --check` |
||
|
|
1a2dcdeee9 |
chore: bump aiohttp from 3.13.4 to 3.14.0 in /libs/langchain_v1 (#37888)
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langchain/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: John Kennedy <65985482+jkennedyvz@users.noreply.github.com> |
||
|
|
dca3138e59 |
chore: bump aiohttp from 3.13.5 to 3.14.0 in /libs/partners/xai (#37887)
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langchain/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
e9f4182988 |
chore: bump aiohttp from 3.13.4 to 3.14.0 in /libs/langchain (#37889)
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langchain/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
a7b53c9b77 |
chore: bump langsmith from 0.8.5 to 0.8.9 in /libs/partners/xai (#37886)
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from 0.8.5 to 0.8.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's releases</a>.</em></p> <blockquote> <h2>v0.8.9</h2> <h2>What's Changed</h2> <ul> <li>feat(sandbox): add JS Dockerfile snapshots by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2951">langchain-ai/langsmith-sdk#2951</a></li> <li>chore(deps-dev): bump the js-minor-and-patch group across 1 directory with 11 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2931">langchain-ai/langsmith-sdk#2931</a></li> <li>chore(deps): bump websockets from 15.0.1 to 16.0 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2811">langchain-ai/langsmith-sdk#2811</a></li> <li>chore(deps): update myst-parser requirement from >=3 to >=4.0.1 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2841">langchain-ai/langsmith-sdk#2841</a></li> <li>chore(deps): bump the py-minor-and-patch group across 1 directory with 19 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2934">langchain-ai/langsmith-sdk#2934</a></li> <li>chore(deps): bump typescript from 5.9.3 to 6.0.3 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2839">langchain-ai/langsmith-sdk#2839</a></li> <li>chore(deps-dev): bump google-adk from 1.10.0 to 2.1.0 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2960">langchain-ai/langsmith-sdk#2960</a></li> <li>chore(deps-dev): bump wrapt from 1.17.3 to 2.2.1 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2961">langchain-ai/langsmith-sdk#2961</a></li> <li>chore(deps-dev): bump the py-minor-and-patch group in /python with 6 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2958">langchain-ai/langsmith-sdk#2958</a></li> <li>chore(deps-dev): bump types-tqdm from 4.67.3.20260408 to 4.67.3.20260518 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2959">langchain-ai/langsmith-sdk#2959</a></li> <li>ci: add minimum workflow permissions by <a href="https://github.com/jkennedyvz"><code>@jkennedyvz</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2967">langchain-ai/langsmith-sdk#2967</a></li> <li>chore: update dependabot.yml to comply with posture checks by <a href="https://github.com/jkennedyvz"><code>@jkennedyvz</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2966">langchain-ai/langsmith-sdk#2966</a></li> <li>test(python): deflake test_tracing_queue_limit_drops_when_full by <a href="https://github.com/baskaryan"><code>@baskaryan</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2964">langchain-ai/langsmith-sdk#2964</a></li> <li>feat(sandbox): size the dockerfile-build sandbox via vcpus/mem_bytes (python) by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2979">langchain-ai/langsmith-sdk#2979</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.8...v0.8.9">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.8...v0.8.9</a></p> <h2>v0.8.8</h2> <h2>What's Changed</h2> <ul> <li>fix(python): retry sandbox pool timeouts by <a href="https://github.com/baskaryan"><code>@baskaryan</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2953">langchain-ai/langsmith-sdk#2953</a></li> <li>fix(sandbox): build Dockerfile snapshots off /tmp by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2956">langchain-ai/langsmith-sdk#2956</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.7...v0.8.8">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.7...v0.8.8</a></p> <h2>v0.8.7</h2> <h2>What's Changed</h2> <ul> <li>fix: reconnect sandbox command streams on EOF by <a href="https://github.com/ramon-langchain"><code>@ramon-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2941">langchain-ai/langsmith-sdk#2941</a></li> <li>feat(sandbox): build snapshots from Dockerfiles by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2950">langchain-ai/langsmith-sdk#2950</a></li> <li>fix(python): add organization id to context URLs by <a href="https://github.com/vishnu-ssuresh"><code>@vishnu-ssuresh</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2945">langchain-ai/langsmith-sdk#2945</a></li> <li>fix(js): add organization id to context URLs by <a href="https://github.com/vishnu-ssuresh"><code>@vishnu-ssuresh</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2946">langchain-ai/langsmith-sdk#2946</a></li> <li>release(py): 0.8.7 by <a href="https://github.com/ramon-langchain"><code>@ramon-langchain</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2947">langchain-ai/langsmith-sdk#2947</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.6...v0.8.7">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.6...v0.8.7</a></p> <h2>v0.8.6</h2> <h2>What's Changed</h2> <ul> <li>chore(deps-dev): bump <code>@google/genai</code> from 1.50.1 to 2.0.1 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2875">langchain-ai/langsmith-sdk#2875</a></li> <li>chore(deps): bump mako from 1.3.11 to 1.3.12 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2880">langchain-ai/langsmith-sdk#2880</a></li> <li>chore(deps): bump authlib from 1.6.11 to 1.6.12 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2888">langchain-ai/langsmith-sdk#2888</a></li> <li>chore(deps): bump hono from 4.12.15 to 4.12.18 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2894">langchain-ai/langsmith-sdk#2894</a></li> <li>chore(deps): bump fast-uri from 3.1.0 to 3.1.2 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2895">langchain-ai/langsmith-sdk#2895</a></li> <li>chore(deps-dev): bump <code>@anthropic-ai/sdk</code> from 0.94.0 to 0.95.0 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2881">langchain-ai/langsmith-sdk#2881</a></li> <li>chore(deps): bump postcss from 8.5.8 to 8.5.14 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2898">langchain-ai/langsmith-sdk#2898</a></li> <li>chore(deps): bump <code>@protobufjs/utf8</code> from 1.1.0 to 1.1.1 in /js/internal/environment_tests/test-exports-vite in the npm_and_yarn group across 1 directory by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2908">langchain-ai/langsmith-sdk#2908</a></li> <li>chore(deps): bump hono from 4.12.18 to 4.12.19 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2909">langchain-ai/langsmith-sdk#2909</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
efb0a4589b |
chore: bump aiohttp from 3.13.5 to 3.14.0 in /libs/partners/fireworks (#37882)
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langchain/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
f717342a86 |
chore: bump langsmith from 0.8.7 to 0.8.9 in /libs/partners/fireworks (#37883)
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from 0.8.7 to 0.8.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's releases</a>.</em></p> <blockquote> <h2>v0.8.9</h2> <h2>What's Changed</h2> <ul> <li>feat(sandbox): add JS Dockerfile snapshots by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2951">langchain-ai/langsmith-sdk#2951</a></li> <li>chore(deps-dev): bump the js-minor-and-patch group across 1 directory with 11 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2931">langchain-ai/langsmith-sdk#2931</a></li> <li>chore(deps): bump websockets from 15.0.1 to 16.0 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2811">langchain-ai/langsmith-sdk#2811</a></li> <li>chore(deps): update myst-parser requirement from >=3 to >=4.0.1 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2841">langchain-ai/langsmith-sdk#2841</a></li> <li>chore(deps): bump the py-minor-and-patch group across 1 directory with 19 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2934">langchain-ai/langsmith-sdk#2934</a></li> <li>chore(deps): bump typescript from 5.9.3 to 6.0.3 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2839">langchain-ai/langsmith-sdk#2839</a></li> <li>chore(deps-dev): bump google-adk from 1.10.0 to 2.1.0 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2960">langchain-ai/langsmith-sdk#2960</a></li> <li>chore(deps-dev): bump wrapt from 1.17.3 to 2.2.1 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2961">langchain-ai/langsmith-sdk#2961</a></li> <li>chore(deps-dev): bump the py-minor-and-patch group in /python with 6 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2958">langchain-ai/langsmith-sdk#2958</a></li> <li>chore(deps-dev): bump types-tqdm from 4.67.3.20260408 to 4.67.3.20260518 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2959">langchain-ai/langsmith-sdk#2959</a></li> <li>ci: add minimum workflow permissions by <a href="https://github.com/jkennedyvz"><code>@jkennedyvz</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2967">langchain-ai/langsmith-sdk#2967</a></li> <li>chore: update dependabot.yml to comply with posture checks by <a href="https://github.com/jkennedyvz"><code>@jkennedyvz</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2966">langchain-ai/langsmith-sdk#2966</a></li> <li>test(python): deflake test_tracing_queue_limit_drops_when_full by <a href="https://github.com/baskaryan"><code>@baskaryan</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2964">langchain-ai/langsmith-sdk#2964</a></li> <li>feat(sandbox): size the dockerfile-build sandbox via vcpus/mem_bytes (python) by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2979">langchain-ai/langsmith-sdk#2979</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.8...v0.8.9">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.8...v0.8.9</a></p> <h2>v0.8.8</h2> <h2>What's Changed</h2> <ul> <li>fix(python): retry sandbox pool timeouts by <a href="https://github.com/baskaryan"><code>@baskaryan</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2953">langchain-ai/langsmith-sdk#2953</a></li> <li>fix(sandbox): build Dockerfile snapshots off /tmp by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2956">langchain-ai/langsmith-sdk#2956</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.7...v0.8.8">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.7...v0.8.8</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
d55c08bc72 |
chore: bump langsmith from 0.8.7 to 0.8.9 in /libs/partners/chroma (#37884)
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from 0.8.7 to 0.8.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langsmith-sdk/releases">langsmith's releases</a>.</em></p> <blockquote> <h2>v0.8.9</h2> <h2>What's Changed</h2> <ul> <li>feat(sandbox): add JS Dockerfile snapshots by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2951">langchain-ai/langsmith-sdk#2951</a></li> <li>chore(deps-dev): bump the js-minor-and-patch group across 1 directory with 11 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2931">langchain-ai/langsmith-sdk#2931</a></li> <li>chore(deps): bump websockets from 15.0.1 to 16.0 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2811">langchain-ai/langsmith-sdk#2811</a></li> <li>chore(deps): update myst-parser requirement from >=3 to >=4.0.1 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2841">langchain-ai/langsmith-sdk#2841</a></li> <li>chore(deps): bump the py-minor-and-patch group across 1 directory with 19 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2934">langchain-ai/langsmith-sdk#2934</a></li> <li>chore(deps): bump typescript from 5.9.3 to 6.0.3 in /js by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2839">langchain-ai/langsmith-sdk#2839</a></li> <li>chore(deps-dev): bump google-adk from 1.10.0 to 2.1.0 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2960">langchain-ai/langsmith-sdk#2960</a></li> <li>chore(deps-dev): bump wrapt from 1.17.3 to 2.2.1 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2961">langchain-ai/langsmith-sdk#2961</a></li> <li>chore(deps-dev): bump the py-minor-and-patch group in /python with 6 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2958">langchain-ai/langsmith-sdk#2958</a></li> <li>chore(deps-dev): bump types-tqdm from 4.67.3.20260408 to 4.67.3.20260518 in /python by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2959">langchain-ai/langsmith-sdk#2959</a></li> <li>ci: add minimum workflow permissions by <a href="https://github.com/jkennedyvz"><code>@jkennedyvz</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2967">langchain-ai/langsmith-sdk#2967</a></li> <li>chore: update dependabot.yml to comply with posture checks by <a href="https://github.com/jkennedyvz"><code>@jkennedyvz</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2966">langchain-ai/langsmith-sdk#2966</a></li> <li>test(python): deflake test_tracing_queue_limit_drops_when_full by <a href="https://github.com/baskaryan"><code>@baskaryan</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2964">langchain-ai/langsmith-sdk#2964</a></li> <li>feat(sandbox): size the dockerfile-build sandbox via vcpus/mem_bytes (python) by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2979">langchain-ai/langsmith-sdk#2979</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.8...v0.8.9">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.8...v0.8.9</a></p> <h2>v0.8.8</h2> <h2>What's Changed</h2> <ul> <li>fix(python): retry sandbox pool timeouts by <a href="https://github.com/baskaryan"><code>@baskaryan</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2953">langchain-ai/langsmith-sdk#2953</a></li> <li>fix(sandbox): build Dockerfile snapshots off /tmp by <a href="https://github.com/langchain-infra"><code>@langchain-infra</code></a> in <a href="https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2956">langchain-ai/langsmith-sdk#2956</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.7...v0.8.8">https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.7...v0.8.8</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
8fc277a4f4 |
chore: bump aiohttp from 3.13.4 to 3.14.0 in /libs/partners/huggingface (#37885)
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langchain/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
86be220e7d |
docs(infra): document uv-based Python environment setup (#37881)
Adds an "Environment and dependency management" subsection to the contributor guidance files, codifying the existing `uv`-only workflow so agents and contributors don't reach for `pip`/`poetry`/`conda`, pin a global Python version, or spin up stray virtualenvs. The guidance is adapted to the monorepo's reality (per-package `requires-python`, `uv sync`/`uv run` without manual activation) rather than a generic single-project setup. |
||
|
|
06ab861ace |
chore(model-profiles): refresh model profile data (#37870)
Automated refresh of model profile data for all in-monorepo partner integrations via `langchain-profiles refresh`. 🤖 Generated by the `refresh_model_profiles` workflow. Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>langchain-deepseek==1.1.0 |
||
|
|
eb2dabb8b7 | release(langchain): 1.3.4 (#37861) langchain==1.3.4 | ||
|
|
17d1c274c4 |
fix(langchain): improve HITL rejection guidance (#37859)
Improves the default `reject` `ToolMessage` so models see that the human denied the action, the tool was not executed, and the same call should not be retried unless the user asks. Also documents that clients can provide a custom `reject` message for domain-specific guidance. [Docs](https://github.com/langchain-ai/docs/pull/4269) _Opened collaboratively by Mason Daugherty and open-swe._ --------- Co-authored-by: open-swe[bot] <open-swe@users.noreply.github.com> Co-authored-by: Mason Daugherty <61371264+mdrxy@users.noreply.github.com> Co-authored-by: Mason Daugherty <github@mdrxy.com> |
||
|
|
14b1a243e5 | release(langchain): 1.3.3 (#37843) langchain==1.3.3 | ||
|
|
eb1f731aee |
chore(langchain): bump langgraph to 1.2.4 (#37857)
|
||
|
|
06e3c2a2af |
chore(langchain): loosen langgraph dep range (#37855)
|
||
|
|
44545a0ffc |
chore: bump aws-actions/configure-aws-credentials from 6.1.1 to 6.2.0 in the minor-and-patch group (#37846)
Bumps the minor-and-patch group with 1 update: [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials). Updates `aws-actions/configure-aws-credentials` from 6.1.1 to 6.2.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/aws-actions/configure-aws-credentials/releases">aws-actions/configure-aws-credentials's releases</a>.</em></p> <blockquote> <h2>v6.2.0</h2> <h2><a href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.1.3...v6.2.0">6.2.0</a> (2026-06-01)</h2> <h3>Features</h3> <ul> <li>add additional session tags by default (<a href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1775">#1775</a>) (<a href=" |
||
|
|
7a74eeb33c |
chore(model-profiles): refresh model profile data (#37852)
Automated refresh of model profile data for all in-monorepo partner integrations via `langchain-profiles refresh`. 🤖 Generated by the `refresh_model_profiles` workflow. Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com> |
||
|
|
dfca7f4424 | feat(langchain): project subagent runs onto typed run.subagents channel (#37739) | ||
|
|
36be77b0f1 |
feat(langchain): add interrupt_mode and when predicate to HumanInTheLoopMiddleware (#37579)
Adds an optional `when` predicate to `InterruptOnConfig`, allowing
dynamic per-tool-call control over whether a HITL interrupt fires.
---
**`when` predicate in `InterruptOnConfig`**
```python
class InterruptOnConfig(TypedDict):
allowed_decisions: list[DecisionType]
description: NotRequired[str | _DescriptionFactory]
args_schema: NotRequired[dict[str, Any]]
when: NotRequired[Callable[[ToolCallRequest], bool]] # new
```
When provided, `when` is called before adding a tool call to the batch
interrupt. If it returns `False`, the call is auto-approved and
excluded. If it returns `True` (or `when` is absent), existing behaviour
is unchanged.
The predicate receives a `ToolCallRequest` with:
- `tool_call` — the raw tool call dict (name, args, id)
- `tool` — `None` (no `BaseTool` instance is available at the
`after_model` stage)
- `state` — current agent state
- `runtime` — a `ToolRuntime` constructed from the node-level `Runtime`,
with `tool_call_id` populated
Example:
```python
HumanInTheLoopMiddleware(
interrupt_on={
"delete_file": InterruptOnConfig(
allowed_decisions=["approve", "reject"],
when=lambda req: req.tool_call["args"].get("path", "").startswith("/etc"),
)
}
)
```
This change is fully backwards-compatible — `when` is `NotRequired` and
existing configs without it behave identically.
> This PR was developed with AI-agent assistance.
|
||
|
|
bc5f1517cf |
chore(model-profiles): refresh model profile data (#37802)
Automated refresh of model profile data for all in-monorepo partner integrations via `langchain-profiles refresh`. 🤖 Generated by the `refresh_model_profiles` workflow. Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com> |