mirror of
https://github.com/hwchase17/langchain.git
synced 2026-05-17 04:45:11 +00:00
langchain==1.2.18
544 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Mason Daugherty
|
4d50a2a68b |
ci(infra): run pre-release checks before TestPyPI publish (#37194)
Reorder the release pipeline so `pre-release-checks` runs before `test-pypi-publish`. The original ordering existed because `pre-release-checks` used to `pip install` from TestPyPI; that dependency was removed in #28492 (Dec 2024), which switched checks to install from the locally-built `dist/*.whl`. Since then, the TestPyPI upload was running ahead of checks for no functional reason — and a failed checks job left a TestPyPI version burned, with `skip-existing: true` papering over the resulting collision on re-runs. |
||
Nick Hollon
|
91842db32b |
ci(infra): extend allow-prereleases gating to remaining wheel-install steps (#37142)
|
||
|
Nick Hollon
|
37c8a5059f |
ci(infra): opt-in allow-prereleases flag for wheel-install steps (#37141)
## Summary The release pipeline's two \`uv pip install dist/*.whl\` calls fail when the released package depends on a langgraph alpha that itself has transitive prerelease deps. uv's default \`if-necessary-or-explicit\` mode allows prereleases for first-party explicit markers (the wheel's own deps) but rejects transitive ones, so the install fails on the wheel — even when the wheel itself names an explicit prerelease for the immediate dependency. Add a workflow input \`allow-prereleases\` (default \`false\`, on both \`workflow_call\` and \`workflow_dispatch\` triggers). When true, both install steps pass \`--prerelease=allow\`. When false (the default), behavior is unchanged. The existing \`check_prerelease_dependencies.py\` step still gates stable releases against accidentally-pinned prerelease deps. |
||
dependabot[bot]
|
f2d0878d23 |
chore: bump actions/github-script from 8.0.0 to 9.0.0 (#37121)
Bumps [actions/github-script](https://github.com/actions/github-script) from 8.0.0 to 9.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/github-script/releases">actions/github-script's releases</a>.</em></p> <blockquote> <h2>v9.0.0</h2> <p><strong>New features:</strong></p> <ul> <li><strong><code>getOctokit</code> factory function</strong> — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See <a href="https://github.com/actions/github-script#creating-additional-clients-with-getoctokit">Creating additional clients with <code>getOctokit</code></a> for details and examples.</li> <li><strong>Orchestration ID in user-agent</strong> — The <code>ACTIONS_ORCHESTRATION_ID</code> environment variable is automatically appended to the user-agent string for request tracing.</li> </ul> <p><strong>Breaking changes:</strong></p> <ul> <li><strong><code>require('@actions/github')</code> no longer works in scripts.</strong> The upgrade to <code>@actions/github</code> v9 (ESM-only) means <code>require('@actions/github')</code> will fail at runtime. If you previously used patterns like <code>const { getOctokit } = require('@actions/github')</code> to create secondary clients, use the new injected <code>getOctokit</code> function instead — it's available directly in the script context with no imports needed.</li> <li><code>getOctokit</code> is now an injected function parameter. Scripts that declare <code>const getOctokit = ...</code> or <code>let getOctokit = ...</code> will get a <code>SyntaxError</code> because JavaScript does not allow <code>const</code>/<code>let</code> redeclaration of function parameters. Use the injected <code>getOctokit</code> directly, or use <code>var getOctokit = ...</code> if you need to redeclare it.</li> <li>If your script accesses other <code>@actions/github</code> internals beyond the standard <code>github</code>/<code>octokit</code> client, you may need to update those references for v9 compatibility.</li> </ul> <h2>What's Changed</h2> <ul> <li>Add ACTIONS_ORCHESTRATION_ID to user-agent string by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/695">actions/github-script#695</a></li> <li>ci: use deployment: false for integration test environments by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/712">actions/github-script#712</a></li> <li>feat!: add getOctokit to script context, upgrade <code>@actions/github</code> v9, <code>@octokit/core</code> v7, and related packages by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/700">actions/github-script#700</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Copilot"><code>@Copilot</code></a> made their first contribution in <a href="https://redirect.github.com/actions/github-script/pull/695">actions/github-script#695</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/github-script/compare/v8.0.0...v9.0.0">https://github.com/actions/github-script/compare/v8.0.0...v9.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
5c27249e27 |
chore: bump the minor-and-patch group with 5 updates (#37119)
Bumps the minor-and-patch group with 5 updates: | Package | From | To | | --- | --- | --- | | [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `3.0.0` | `3.1.1` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `8.1.0` | `8.1.1` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` | | [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `1.13.0` | `1.14.0` | | [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `6.0.0` | `6.1.0` | Updates `actions/create-github-app-token` from 3.0.0 to 3.1.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/create-github-app-token/releases">actions/create-github-app-token's releases</a>.</em></p> <blockquote> <h2>v3.1.1</h2> <h2><a href="https://github.com/actions/create-github-app-token/compare/v3.1.0...v3.1.1">3.1.1</a> (2026-04-11)</h2> <h3>Bug Fixes</h3> <ul> <li>improve error message when app identifier is empty (<a href="https://redirect.github.com/actions/create-github-app-token/issues/362">#362</a>) (<a href=" |
||
|
dependabot[bot]
|
2f79e0e3ca |
chore: bump mikefarah/yq from 17f66dc6c6a177fafd8b71a6abea6d6340aa1e16 to cb9793555487aafb501e1a9d85c28b812aeadfab (#37120)
Bumps [mikefarah/yq](https://github.com/mikefarah/yq) from 17f66dc6c6a177fafd8b71a6abea6d6340aa1e16 to cb9793555487aafb501e1a9d85c28b812aeadfab. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/mikefarah/yq/blob/master/release_notes.txt">mikefarah/yq's changelog</a>.</em></p> <blockquote> <p>4.53.2:</p> <ul> <li>Fixing release process</li> </ul> <p>4.53.1:</p> <ul> <li>Releases and tags now signed and immutable!</li> <li>Add system(command; args) operator (disabled by default) (<a href="https://redirect.github.com/mikefarah/yq/issues/2640">#2640</a>)</li> <li>TOML encoder: prefer readable table sections over inline tables (<a href="https://redirect.github.com/mikefarah/yq/issues/2649">#2649</a>)</li> <li>Fix TOML encoder to quote keys containing special characters (<a href="https://redirect.github.com/mikefarah/yq/issues/2648">#2648</a>)</li> <li>Add string slicing support (<a href="https://redirect.github.com/mikefarah/yq/issues/2639">#2639</a>)</li> <li>Fix findInArray misuse on MappingNodes in equality and contains (<a href="https://redirect.github.com/mikefarah/yq/issues/2645">#2645</a>) Thanks <a href="https://github.com/jandubois"><code>@jandubois</code></a>!</li> <li>Fix panic on negative slice indices that underflow after adjustment (<a href="https://redirect.github.com/mikefarah/yq/issues/2646">#2646</a>) Thanks <a href="https://github.com/jandubois"><code>@jandubois</code></a>!</li> <li>Fix stack overflow from circular alias in traverse (<a href="https://redirect.github.com/mikefarah/yq/issues/2647">#2647</a>) Thanks <a href="https://github.com/jandubois"><code>@jandubois</code></a>!</li> <li>Fix panic and OOM in repeatString for large repeat counts (<a href="https://redirect.github.com/mikefarah/yq/issues/2644">#2644</a>) Thanks <a href="https://github.com/jandubois"><code>@jandubois</code></a>!</li> <li>Bumped dependencies</li> </ul> <p>4.52.5:</p> <ul> <li>Fix: reset TOML decoder state between files (<a href="https://redirect.github.com/mikefarah/yq/issues/2634">#2634</a>) thanks <a href="https://github.com/terminalchai"><code>@terminalchai</code></a></li> <li>Fix: preserve original filename when using --front-matter (<a href="https://redirect.github.com/mikefarah/yq/issues/2613">#2613</a>) thanks <a href="https://github.com/cobyfrombrooklyn-bot"><code>@cobyfrombrooklyn-bot</code></a></li> <li>Fix typo in filename (<a href="https://redirect.github.com/mikefarah/yq/issues/2611">#2611</a>) thanks <a href="https://github.com/alexandear"><code>@alexandear</code></a></li> <li>Bumped dependencies</li> </ul> <p>4.52.4:</p> <ul> <li>Dropping windows/arm - no longer supported in cross-compile</li> </ul> <p>4.52.3:</p> <ul> <li>Fixing comments in TOML arrays (<a href="https://redirect.github.com/mikefarah/yq/issues/2592">#2592</a>)</li> <li>Bumped dependencies</li> </ul> <p>4.52.2:</p> <ul> <li>Fixed bad instructions file breaking go-install (<a href="https://redirect.github.com/mikefarah/yq/issues/2587">#2587</a>) Thanks <a href="https://github.com/theyoprst"><code>@theyoprst</code></a></li> <li>Fixed TOML table scope after comments (<a href="https://redirect.github.com/mikefarah/yq/issues/2588">#2588</a>) Thanks <a href="https://github.com/tomers"><code>@tomers</code></a></li> <li>Multiply uses a readonly context (<a href="https://redirect.github.com/mikefarah/yq/issues/2558">#2558</a>)</li> <li>Fixed merge globbing wildcards in keys (<a href="https://redirect.github.com/mikefarah/yq/issues/2564">#2564</a>)</li> <li>Fixing TOML subarray parsing issue (<a href="https://redirect.github.com/mikefarah/yq/issues/2581">#2581</a>)</li> </ul> <p>4.52.1:</p> <ul> <li> <p>TOML encoder support - you can now roundtrip! <a href="https://redirect.github.com/mikefarah/yq/issues/1364">#1364</a></p> </li> <li> <p>Parent now supports negative indices, and added a 'root' command for referencing the top level document</p> </li> <li> <p>Fixed scalar encoding for HCL</p> </li> <li> <p>Add --yaml-compact-seq-indent / -c flag for compact sequence indentation (<a href="https://redirect.github.com/mikefarah/yq/issues/2583">#2583</a>) Thanks <a href="https://github.com/jfenal"><code>@jfenal</code></a></p> </li> <li> <p>Add symlink check to file rename util (<a href="https://redirect.github.com/mikefarah/yq/issues/2576">#2576</a>) Thanks <a href="https://github.com/Elias-elastisys"><code>@Elias-elastisys</code></a></p> </li> <li> <p>Powershell fixed default command used for __completeNoDesc alias (<a href="https://redirect.github.com/mikefarah/yq/issues/2568">#2568</a>) Thanks <a href="https://github.com/teejaded"><code>@teejaded</code></a></p> </li> <li> <p>Unwrap scalars in shell output mode. (<a href="https://redirect.github.com/mikefarah/yq/issues/2548">#2548</a>) Thanks <a href="https://github.com/flintwinters"><code>@flintwinters</code></a></p> </li> <li> <p>Added K8S KYAML output format support (<a href="https://redirect.github.com/mikefarah/yq/issues/2560">#2560</a>) Thanks <a href="https://github.com/robbat2"><code>@robbat2</code></a></p> </li> <li> <p>Bumped dependencies</p> </li> <li> <p>Special shout out to <a href="https://github.com/ccoVeille"><code>@ccoVeille</code></a> for reviewing my PRs!</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Mason Daugherty
|
87ba30f097 |
ci(infra): label release jobs, resolve package name in run title (#36998)
Polish the manual release workflow (`_release.yml`) so the Actions UI is readable at a glance — job display names, a run title that reflects the actual published package, and a broader partner matrix for the core-compat sanity check. ## Changes - Add `name:` labels to each job (`📦 Build distribution`, `📝 Generate release notes`, `🧪 Publish to TestPyPI`, `✅ Pre-release checks`, `🔄 Test prior partners against new core`, `🚀 Publish to PyPI`, `🏷️ Tag GitHub release`). Job IDs are unchanged, so all `needs:` references still resolve. - Rewrite `run-name` to resolve the dropdown value to the actual PyPI package name — e.g. `core` → `langchain-core`, `openai` → `langchain-openai`, with explicit remaps for the three that don't follow `langchain-{name}` (`langchain` → `langchain-classic`, `langchain_v1` → `langchain`, `standard-tests` → `langchain-tests`). `workflow_call` callers passing full `libs/...` paths and manual overrides are returned verbatim. - Simplify `test-dependents` label to `🐍 Test dependent: ${{ matrix.package.path }} (Python ${{ matrix.python-version }})`. |
||
|
Nick Hollon
|
889a45b664 |
ci(infra): overlay local langchain-* installs for external partners (#36989)
we want to be able to test against the branch we run against when we are testing external partner packages (aws, google) so overally the changes on top of the external partners when we install the dependencies Co-authored-by: Mason Daugherty <mason@langchain.dev> |
||
|
Mason Daugherty
|
2d3b49162c |
ci(infra): shorten working-directory dropdown labels (#36974)
Clean up the `workflow_dispatch` dropdowns for the release and scheduled integration-test workflows. Showing short package names (`openai`, `langchain_v1`, ...) instead of `libs/partners/openai` makes the UI in the Actions tab easier to scan; the prefix now lives in the resolver rather than every dropdown entry. |
||
|
Mason Daugherty
|
fd901803f7 |
ci: auto-close issues without issue type from external users (#36857)
Port https://github.com/langchain-ai/deepagents/pull/2809 |
||
ccurme
|
b7447c6969 | fix(infra): skip serdes tests in min-version release step (#36818) | ||
|
Mason Daugherty
|
a06c205738 |
ci(infra): validate issue checkboxes by section (#36811)
Port https://github.com/langchain-ai/deepagents/pull/2769 |
||
|
Mason Daugherty
|
f2d3a2f6e2 |
fix(infra): skip codspeed for partners without benchmarks (#36775)
The CodSpeed workflow was failing on partner PRs because `check_diff.py` added every partner to the `codspeed` matrix unconditionally — even when no `tests/benchmarks/` directory exists. The workflow then ran an empty shell block for those partners, CodSpeed saw zero benchmarks, and marked the check as failed. Currently no partner package has benchmarks, so this affected every partner PR. |
||
|
ccurme
|
311675a517 | revert: fix(infra): skip serdes tests in min-version release step (#36759) | ||
|
ccurme
|
d647311ecf | fix(infra): skip serdes tests in min-version release step (#36730) | ||
|
Mason Daugherty
|
c59e83a1ff |
ci(infra): add dropdown + override inputs to release and integration test workflows (#36687)
Both `_release.yml` and `integration_tests.yml` previously required manually typing a package path to target a specific library. Replace the free-text-only inputs with a dropdown of known packages plus a free-text override for unlisted paths. The release workflow consolidates the override-or-default resolution into a single `EFFECTIVE_WORKING_DIR` env var to eliminate duplication across 20+ step references. |
||
Eugene Yurtsev
|
9f232caa7a |
chore(infra): limit codspeed to benchmark tests (#36658)
limit codspeed to benchmark tests folder only |
||
|
Eugene Yurtsev
|
42d677e41f |
chore(infra): swap runner for codspeed (#36653)
change runner for codspeed |
||
|
Mason Daugherty
|
6443612fa3 |
ci: pin all actions to full-length commit SHAs (#36621)
Pin all remaining GitHub Actions references to full-length commit SHAs, matching the convention already established by third-party actions in this repo. This is a prerequisite for enabling GitHub's "Require actions to be pinned to a full-length commit SHA" repository ruleset, which mitigates tag-hijacking supply chain attacks. |
||
|
Mason Daugherty
|
ce21bf469d |
ci: convert working-directory to validated dropdown (#36575)
Convert the `working-directory` input in the release workflow from a free-text string to a dropdown of known package paths. ## Changes - Change `working-directory` from `type: string` to `type: choice` in `_release.yml`, enumerating all 21 releasable packages under `libs/` and `libs/partners/` - Add `check-release-options` CI job in `check_diffs.yml` that runs a pytest script to assert the dropdown options match directories containing a `pyproject.toml` |
||
|
Mason Daugherty
|
642c981d70 |
ci: match both h2 and h3 area headings in auto-labeler (#36572)
GitHub issue forms render the "Area (Required)" field label at inconsistent heading levels — some issues get `### Area` (h3), others get `## Area` (h2). The `auto-label-by-package` workflow's regex was hardcoded to `### Area`, silently skipping issues with `## Area` headings and never applying package labels (e.g. [#2471](https://github.com/langchain-ai/deepagents/issues/2471)). |
||
|
dependabot[bot]
|
b8caf9ef10 |
chore: bump mikefarah/yq from 88a31ae8c6b34aad77d2efdecc146113cb3315d0 to 17f66dc6c6a177fafd8b71a6abea6d6340aa1e16 (#36422)
Bumps [mikefarah/yq](https://github.com/mikefarah/yq) from 88a31ae8c6b34aad77d2efdecc146113cb3315d0 to 17f66dc6c6a177fafd8b71a6abea6d6340aa1e16. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/mikefarah/yq/blob/master/release_notes.txt">mikefarah/yq's changelog</a>.</em></p> <blockquote> <p>4.52.5:</p> <ul> <li>Fix: reset TOML decoder state between files (<a href="https://redirect.github.com/mikefarah/yq/issues/2634">#2634</a>) thanks <a href="https://github.com/terminalchai"><code>@terminalchai</code></a></li> <li>Fix: preserve original filename when using --front-matter (<a href="https://redirect.github.com/mikefarah/yq/issues/2613">#2613</a>) thanks <a href="https://github.com/cobyfrombrooklyn-bot"><code>@cobyfrombrooklyn-bot</code></a></li> <li>Fix typo in filename (<a href="https://redirect.github.com/mikefarah/yq/issues/2611">#2611</a>) thanks <a href="https://github.com/alexandear"><code>@alexandear</code></a></li> <li>Bumped dependencies</li> </ul> <p>4.52.4:</p> <ul> <li>Dropping windows/arm - no longer supported in cross-compile</li> </ul> <p>4.52.3:</p> <ul> <li>Fixing comments in TOML arrays (<a href="https://redirect.github.com/mikefarah/yq/issues/2592">#2592</a>)</li> <li>Bumped dependencies</li> </ul> <p>4.52.2:</p> <ul> <li>Fixed bad instructions file breaking go-install (<a href="https://redirect.github.com/mikefarah/yq/issues/2587">#2587</a>) Thanks <a href="https://github.com/theyoprst"><code>@theyoprst</code></a></li> <li>Fixed TOML table scope after comments (<a href="https://redirect.github.com/mikefarah/yq/issues/2588">#2588</a>) Thanks <a href="https://github.com/tomers"><code>@tomers</code></a></li> <li>Multiply uses a readonly context (<a href="https://redirect.github.com/mikefarah/yq/issues/2558">#2558</a>)</li> <li>Fixed merge globbing wildcards in keys (<a href="https://redirect.github.com/mikefarah/yq/issues/2564">#2564</a>)</li> <li>Fixing TOML subarray parsing issue (<a href="https://redirect.github.com/mikefarah/yq/issues/2581">#2581</a>)</li> </ul> <p>4.52.1:</p> <ul> <li> <p>TOML encoder support - you can now roundtrip! <a href="https://redirect.github.com/mikefarah/yq/issues/1364">#1364</a></p> </li> <li> <p>Parent now supports negative indices, and added a 'root' command for referencing the top level document</p> </li> <li> <p>Fixed scalar encoding for HCL</p> </li> <li> <p>Add --yaml-compact-seq-indent / -c flag for compact sequence indentation (<a href="https://redirect.github.com/mikefarah/yq/issues/2583">#2583</a>) Thanks <a href="https://github.com/jfenal"><code>@jfenal</code></a></p> </li> <li> <p>Add symlink check to file rename util (<a href="https://redirect.github.com/mikefarah/yq/issues/2576">#2576</a>) Thanks <a href="https://github.com/Elias-elastisys"><code>@Elias-elastisys</code></a></p> </li> <li> <p>Powershell fixed default command used for __completeNoDesc alias (<a href="https://redirect.github.com/mikefarah/yq/issues/2568">#2568</a>) Thanks <a href="https://github.com/teejaded"><code>@teejaded</code></a></p> </li> <li> <p>Unwrap scalars in shell output mode. (<a href="https://redirect.github.com/mikefarah/yq/issues/2548">#2548</a>) Thanks <a href="https://github.com/flintwinters"><code>@flintwinters</code></a></p> </li> <li> <p>Added K8S KYAML output format support (<a href="https://redirect.github.com/mikefarah/yq/issues/2560">#2560</a>) Thanks <a href="https://github.com/robbat2"><code>@robbat2</code></a></p> </li> <li> <p>Bumped dependencies</p> </li> <li> <p>Special shout out to <a href="https://github.com/ccoVeille"><code>@ccoVeille</code></a> for reviewing my PRs!</p> </li> </ul> <p>4.50.1:</p> <ul> <li>Added HCL support!</li> <li>Fixing handling of CRLF <a href="https://redirect.github.com/mikefarah/yq/issues/2352">#2352</a></li> <li>Bumped dependencies</li> </ul> <p>4.49.2:</p> <ul> <li>Fixing escape character bugs 😓 <a href="https://redirect.github.com/mikefarah/yq/issues/2517">#2517</a></li> <li>Fixing snap release pipeline <a href="https://redirect.github.com/mikefarah/yq/issues/2518">#2518</a> Thanks <a href="https://github.com/aalexjo"><code>@aalexjo</code></a></li> </ul> <p>4.49.1:</p> <ul> <li>Added <code>--security</code> flags to disable env and file ops <a href="https://redirect.github.com/mikefarah/yq/issues/2515">#2515</a></li> <li>Fixing TOML ArrayTable parsing issues <a href="https://redirect.github.com/mikefarah/yq/issues/1758">#1758</a></li> <li>Fixing parsing of escaped characters <a href="https://redirect.github.com/mikefarah/yq/issues/2506">#2506</a></li> </ul> <p>4.48.2:</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
8b4e848c4a |
chore: bump EndBug/add-and-commit from 9.1.4 to 10.0.0 (#36421)
Bumps [EndBug/add-and-commit](https://github.com/endbug/add-and-commit) from 9.1.4 to 10.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/endbug/add-and-commit/releases">EndBug/add-and-commit's releases</a>.</em></p> <blockquote> <h2>v10.0.0</h2> <h2>What's Changed</h2> <ul> <li>chore(deps-dev): bump husky from 8.0.3 to 9.0.6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/617">EndBug/add-and-commit#617</a></li> <li>chore(deps-dev): bump <code>@typescript-eslint/parser</code> from 6.19.0 to 6.19.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/618">EndBug/add-and-commit#618</a></li> <li>chore(deps-dev): bump prettier from 3.2.4 to 3.2.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/619">EndBug/add-and-commit#619</a></li> <li>chore(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 6.19.1 to 6.21.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/623">EndBug/add-and-commit#623</a></li> <li>chore(deps-dev): bump <code>@typescript-eslint/parser</code> from 6.19.1 to 6.21.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/624">EndBug/add-and-commit#624</a></li> <li>chore(deps-dev): bump husky from 9.0.6 to 9.0.11 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/626">EndBug/add-and-commit#626</a></li> <li>chore: switch to GTS for linting by <a href="https://github.com/EndBug"><code>@EndBug</code></a> in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/636">EndBug/add-and-commit#636</a></li> <li>chore(deps-dev): bump gts from 5.2.0 to 5.3.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/637">EndBug/add-and-commit#637</a></li> <li>chore(deps-dev): bump typescript from 5.2.2 to 5.4.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/639">EndBug/add-and-commit#639</a></li> <li>chore(deps-dev): bump gts from 5.3.0 to 5.3.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/642">EndBug/add-and-commit#642</a></li> <li>chore(deps-dev): bump braces from 3.0.2 to 3.0.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/641">EndBug/add-and-commit#641</a></li> <li>chore(deps-dev): bump typescript from 5.4.5 to 5.5.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/644">EndBug/add-and-commit#644</a></li> <li>Adds examples of input arrays. by <a href="https://github.com/tommie"><code>@tommie</code></a> in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/645">EndBug/add-and-commit#645</a></li> <li>chore(deps-dev): bump typescript from 5.5.2 to 5.5.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/649">EndBug/add-and-commit#649</a></li> <li>docs: add tommie as a contributor for doc by <a href="https://github.com/allcontributors"><code>@allcontributors</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/647">EndBug/add-and-commit#647</a></li> <li>chore(deps-dev): bump husky from 9.0.11 to 9.1.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/650">EndBug/add-and-commit#650</a></li> <li>chore(deps-dev): bump typescript from 5.5.3 to 5.5.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/653">EndBug/add-and-commit#653</a></li> <li>chore(deps-dev): bump husky from 9.1.1 to 9.1.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/655">EndBug/add-and-commit#655</a></li> <li>chore(deps-dev): bump husky from 9.1.4 to 9.1.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/659">EndBug/add-and-commit#659</a></li> <li>chore(deps-dev): bump husky from 9.1.5 to 9.1.6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/660">EndBug/add-and-commit#660</a></li> <li>chore(deps-dev): bump typescript from 5.5.4 to 5.6.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/661">EndBug/add-and-commit#661</a></li> <li>chore(deps-dev): bump <code>@vercel/ncc</code> from 0.38.1 to 0.38.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/662">EndBug/add-and-commit#662</a></li> <li>chore(deps): bump <code>@actions/core</code> from 1.10.1 to 1.11.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/663">EndBug/add-and-commit#663</a></li> <li>chore(deps-dev): bump typescript from 5.6.2 to 5.6.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/664">EndBug/add-and-commit#664</a></li> <li>chore(deps-dev): bump gts from 5.3.1 to 6.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/665">EndBug/add-and-commit#665</a></li> <li>chore(deps-dev): bump gts from 6.0.0 to 6.0.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/666">EndBug/add-and-commit#666</a></li> <li>chore(deps-dev): bump <code>@vercel/ncc</code> from 0.38.2 to 0.38.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/669">EndBug/add-and-commit#669</a></li> <li>chore(deps): bump cross-spawn by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/670">EndBug/add-and-commit#670</a></li> <li>docs: add icemac as a contributor for doc by <a href="https://github.com/allcontributors"><code>@allcontributors</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/674">EndBug/add-and-commit#674</a></li> <li>chore(deps-dev): bump husky from 9.1.6 to 9.1.7 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/672">EndBug/add-and-commit#672</a></li> <li>chore(deps-dev): bump typescript from 5.6.3 to 5.7.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/671">EndBug/add-and-commit#671</a></li> <li>chore(deps-dev): bump typescript from 5.7.2 to 5.7.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/676">EndBug/add-and-commit#676</a></li> <li>chore(deps-dev): bump eslint-config-prettier from 9.1.0 to 10.0.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/677">EndBug/add-and-commit#677</a></li> <li>chore(deps-dev): bump eslint-config-prettier from 10.0.1 to 10.0.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/678">EndBug/add-and-commit#678</a></li> <li>chore(deps-dev): bump typescript from 5.7.3 to 5.8.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/679">EndBug/add-and-commit#679</a></li> <li>chore(deps-dev): bump eslint-config-prettier from 10.0.2 to 10.1.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/680">EndBug/add-and-commit#680</a></li> <li>chore(deps-dev): bump typescript from 5.8.2 to 5.8.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/681">EndBug/add-and-commit#681</a></li> <li>chore(deps-dev): bump eslint-config-prettier from 10.1.1 to 10.1.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/682">EndBug/add-and-commit#682</a></li> <li>chore(deps-dev): bump eslint-config-prettier from 10.1.2 to 10.1.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/683">EndBug/add-and-commit#683</a></li> <li>chore(deps-dev): bump eslint-config-prettier from 10.1.5 to 10.1.8 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/686">EndBug/add-and-commit#686</a></li> <li>ci(deps): bump actions/checkout from 4 to 5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/688">EndBug/add-and-commit#688</a></li> <li>ci(deps): bump actions/setup-node from 4 to 5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/690">EndBug/add-and-commit#690</a></li> <li>chore(deps-dev): bump <code>@vercel/ncc</code> from 0.38.3 to 0.38.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/691">EndBug/add-and-commit#691</a></li> <li>chore(deps-dev): bump typescript from 5.8.3 to 5.9.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/694">EndBug/add-and-commit#694</a></li> <li>ci(deps): bump actions/setup-node from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/697">EndBug/add-and-commit#697</a></li> <li>ci(deps): bump github/codeql-action from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/696">EndBug/add-and-commit#696</a></li> <li>Removes the redundant JSON array parsing. by <a href="https://github.com/tommie"><code>@tommie</code></a> in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/652">EndBug/add-and-commit#652</a></li> <li>docs: add tommie as a contributor for code, and test by <a href="https://github.com/allcontributors"><code>@allcontributors</code></a>[bot] in <a href="https://redirect.github.com/EndBug/add-and-commit/pull/699">EndBug/add-and-commit#699</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
04732b07a5 |
chore: bump aws-actions/configure-aws-credentials from fb7eb401298e393da51cdcb2feb1ed0183619014 to 8df5847569e6427dd6c4fb1cf565c83acfa8afa7 (#36420)
Bumps [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) from fb7eb401298e393da51cdcb2feb1ed0183619014 to 8df5847569e6427dd6c4fb1cf565c83acfa8afa7. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md">aws-actions/configure-aws-credentials's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes to this project will be documented in this file. See <a href="https://github.com/conventional-changelog/standard-version">standard-version</a> for commit guidelines.</p> <h2><a href="https://github.com/aws-actions/configure-aws-credentials/compare/v5.1.1...v6.0.0">6.0.0</a> (2026-02-04)</h2> <h3>⚠ BREAKING CHANGES</h3> <ul> <li>Update action to use node24 (<a href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1632">#1632</a>) (<a href=" |
||
|
dependabot[bot]
|
62bc87492c |
chore: bump ncipollo/release-action from 1.20.0 to 1.21.0 in the minor-and-patch group (#36419)
Bumps the minor-and-patch group with 1 update: [ncipollo/release-action](https://github.com/ncipollo/release-action). Updates `ncipollo/release-action` from 1.20.0 to 1.21.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ncipollo/release-action/releases">ncipollo/release-action's releases</a>.</em></p> <blockquote> <h2>v1.21.0</h2> <h2>What's Changed</h2> <ul> <li>Bump jest-circus from 29.7.0 to 30.2.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/ncipollo/release-action/pull/557">ncipollo/release-action#557</a></li> <li>Bump typescript from 5.8.3 to 5.9.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/ncipollo/release-action/pull/556">ncipollo/release-action#556</a></li> <li>Bump actions/setup-node from 4 to 5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/ncipollo/release-action/pull/551">ncipollo/release-action#551</a></li> <li>Bump <code>@types/node</code> from 22.15.29 to 24.6.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/ncipollo/release-action/pull/555">ncipollo/release-action#555</a></li> <li>Bump actions/setup-node from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/ncipollo/release-action/pull/559">ncipollo/release-action#559</a></li> <li>Bump ts-jest from 29.3.4 to 29.4.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/ncipollo/release-action/pull/561">ncipollo/release-action#561</a></li> <li>Bump <code>@biomejs/biome</code> from 1.9.4 to 2.3.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/ncipollo/release-action/pull/564">ncipollo/release-action#564</a></li> <li>Bump <code>@types/node</code> from 24.6.1 to 24.9.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/ncipollo/release-action/pull/563">ncipollo/release-action#563</a></li> <li>Bump js-yaml from 3.14.1 to 3.14.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/ncipollo/release-action/pull/567">ncipollo/release-action#567</a></li> <li>Bump glob from 11.0.3 to 11.1.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/ncipollo/release-action/pull/568">ncipollo/release-action#568</a></li> <li>Bump actions/checkout from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/ncipollo/release-action/pull/569">ncipollo/release-action#569</a></li> <li>Bump <code>@biomejs/biome</code> from 2.3.2 to 2.3.8 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/ncipollo/release-action/pull/575">ncipollo/release-action#575</a></li> <li>Bump glob from 11.1.0 to 13.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/ncipollo/release-action/pull/573">ncipollo/release-action#573</a></li> <li>Bump <code>@octokit/types</code> from 13.10.0 to 16.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/ncipollo/release-action/pull/577">ncipollo/release-action#577</a></li> <li>Bump <code>@biomejs/biome</code> from 2.3.8 to 2.3.10 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/ncipollo/release-action/pull/578">ncipollo/release-action#578</a></li> <li>Bump <code>@actions/core</code> from 1.11.1 to 2.0.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/ncipollo/release-action/pull/579">ncipollo/release-action#579</a></li> <li>Bump <code>@types/node</code> from 24.10.1 to 25.0.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/ncipollo/release-action/pull/580">ncipollo/release-action#580</a></li> <li>Bump <code>@biomejs/biome</code> from 2.3.10 to 2.3.13 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/ncipollo/release-action/pull/586">ncipollo/release-action#586</a></li> <li>Bump <code>@types/node</code> from 25.0.3 to 25.1.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/ncipollo/release-action/pull/583">ncipollo/release-action#583</a></li> <li>Bump to core-3.0.0, move to vitest, support ESM modules by <a href="https://github.com/ncipollo"><code>@ncipollo</code></a> in <a href="https://redirect.github.com/ncipollo/release-action/pull/587">ncipollo/release-action#587</a></li> <li>Bump <code>@actions/github</code> from 6.0.1 to 9.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/ncipollo/release-action/pull/585">ncipollo/release-action#585</a></li> <li>Bump glob from 13.0.0 to 13.0.6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/ncipollo/release-action/pull/592">ncipollo/release-action#592</a></li> <li>Bump <code>@biomejs/biome</code> from 2.3.13 to 2.4.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/ncipollo/release-action/pull/591">ncipollo/release-action#591</a></li> <li>Fixes <a href="https://redirect.github.com/ncipollo/release-action/issues/593">#593</a> Pass commitish into release notes request when present by <a href="https://github.com/ncipollo"><code>@ncipollo</code></a> in <a href="https://redirect.github.com/ncipollo/release-action/pull/594">ncipollo/release-action#594</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ncipollo/release-action/compare/v1...v1.21.0">https://github.com/ncipollo/release-action/compare/v1...v1.21.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Mason Daugherty
|
deb85b6c4c |
chore(openai): fix broken vcr cassette playback and add ci guard (#36502)
Fix broken VCR cassette playback in `langchain-openai` integration tests and add a CI job to prevent regressions. Two independent bugs made all VCR-backed tests fail: `before_record_request` redacts URIs to `**REDACTED**` but `match_on` still included `uri` (so playback never matched), and a typo-fix commit (`c9f51aef85`) changed test input strings without re-recording cassettes (so `json_body` matching also failed). |
||
|
Mason Daugherty
|
98ea15501f |
ci: re-run require_issue_link check after PR reopen (#36499)
After reopening a PR and removing the `missing-issue-link` label, the `require_issue_link` check still shows as failed on the PR. Because the default `GITHUB_TOKEN` suppresses event-driven re-triggers, the old red check persists until the contributor pushes again. This adds a best-effort re-run of the failed check so the PR's status clears automatically on assignment. |
||
|
Mason Daugherty
|
f94d4215a4 |
ci: minimize stale enforcement comments on pr reopen (#36407)
When the `require_issue_link` workflow closes a PR and posts an enforcement comment, that comment was never cleaned up after the situation resolved — leaving a stale "automatically closed" message visible on reopened PRs. Now all three resolution paths (maintainer bypass, author fixing the issue link, and contributor assignment) minimize the enforcement comment as outdated via GraphQL. The cleanup is best-effort: failures log a warning but never block the primary workflow logic (label removal, bypass, reopen). |
||
|
Mason Daugherty
|
453c4d878b |
ci: remove secrets from codspeed env (#36405)
Remove 22 unnecessary API key secrets from the CodSpeed benchmark workflow. |
||
|
Mason Daugherty
|
a453348fb0 |
ci: tighten top-level release permissions to contents: read (#36404)
Tighten the top-level `permissions` default in the release workflow from `contents: write` to `contents: read`. All 8 jobs already declare their own `permissions` blocks, so this has zero functional impact — but it prevents any future job added without explicit permissions from silently inheriting write access. |
||
|
Mason Daugherty
|
e207685e8f |
ci: auto-reopen PRs on issue assignment (#36384)
`require_issue_link.yml` auto-closes external PRs when the author isn't assigned to the linked issue, but there was no trigger to reopen them when a maintainer later grants the assignment. Contributors had to manually edit their PR description to trigger re-evaluation — poor UX that generated repeat questions. This adds a companion workflow that listens for issue assignment events and reopens matching PRs automatically. |
||
|
Mason Daugherty
|
29b7c79bb4 |
ci: auto-close issues that bypass template checkboxes (#36377)
GitHub issue forms enforce `required: true` checkboxes in the web UI, but the API bypasses form validation — bots and scripts can open issues with every box unchecked or skip the template entirely. This adds a workflow that auto-closes those issues, with an org-membership carve-out so maintainers can still open free-form issues. |
||
|
Mason Daugherty
|
0351588117 | chore: harden language in ci (#36314) | ||
|
Mason Daugherty
|
3e64c255b8 |
chore: use repo permissions instead of org membership for maintainer override (#36191)
The `require_issue_link` workflow's maintainer override (reopen PR or remove `missing-issue-link` to bypass enforcement) has never worked. It calls `orgs.getMembershipForUser` to verify the sender is an org member, but `GITHUB_TOKEN` is a GitHub App installation token — not an org member — so the endpoint always returns 403. The catch block only handled 404, so the unhandled 403 crashed the entire job, blocking even the normal issue-link validation from running. ## Changes - Replace `orgs.getMembershipForUser` with `repos.getCollaboratorPermissionLevel` in `senderIsOrgMember()` — checks if the event sender (the user who reopened the PR or removed the label) has write/maintain/admin access on the repo, which works with `GITHUB_TOKEN` and is a better proxy for "maintainer" than org membership |
||
|
Mason Daugherty
|
2f64d80cc6 |
fix(core,model-profiles): add missing ModelProfile fields, warn on schema drift (#36129)
PR #35788 added 7 new fields to the `langchain-profiles` CLI output (`name`, `status`, `release_date`, `last_updated`, `open_weights`, `attachment`, `temperature`) but didn't update `ModelProfile` in `langchain-core`. Partner packages like `langchain-aws` that set `extra="forbid"` on their Pydantic models hit `extra_forbidden` validation errors when Pydantic encountered undeclared TypedDict keys at construction time. This adds the missing fields, makes `ModelProfile` forward-compatible, provides a base-class hook so partners can stop duplicating model-profile validator boilerplate, migrates all in-repo partners to the new hook, and adds runtime + CI-time warnings for schema drift. ## Changes ### `langchain-core` - Add `__pydantic_config__ = ConfigDict(extra="allow")` to `ModelProfile` so unknown profile keys pass Pydantic validation even on models with `extra="forbid"` — forward-compatibility for when the CLI schema evolves ahead of core - Declare the 7 missing fields on `ModelProfile`: `name`, `status`, `release_date`, `last_updated`, `open_weights` (metadata) and `attachment`, `temperature` (capabilities) - Add `_warn_unknown_profile_keys()` in `model_profile.py` — emits a `UserWarning` when a profile dict contains keys not in `ModelProfile`, suggesting a core upgrade. Wrapped in a bare `except` so introspection failures never crash model construction - Add `BaseChatModel._resolve_model_profile()` hook that returns `None` by default. Partners can override this single method instead of redefining the full `_set_model_profile` validator — the base validator calls it automatically - Add `BaseChatModel._check_profile_keys` as a separate `model_validator` that calls `_warn_unknown_profile_keys`. Uses a distinct method name so partner overrides of `_set_model_profile` don't inadvertently suppress the check ### `langchain-profiles` CLI - Add `_warn_undeclared_profile_keys()` to the CLI (`cli.py`), called after merging augmentations in `refresh()` — warns at profile-generation time (not just runtime) when emitted keys aren't declared in `ModelProfile`. Gracefully skips if `langchain-core` isn't installed - Add guard test `test_model_data_to_profile_keys_subset_of_model_profile` in model-profiles — feeds a fully-populated model dict to `_model_data_to_profile()` and asserts every emitted key exists in `ModelProfile.__annotations__`. CI fails before any release if someone adds a CLI field without updating the TypedDict ### Partner packages - Migrate all 10 in-repo partners to the `_resolve_model_profile()` hook, replacing duplicated `@model_validator` / `_set_model_profile` overrides: anthropic, deepseek, fireworks, groq, huggingface, mistralai, openai (base + azure), openrouter, perplexity, xai - Anthropic retains custom logic (context-1m beta → `max_input_tokens` override); all others reduce to a one-liner - Add `pr_lint.yml` scope for the new `model-profiles` package |
||
|
Mason Daugherty
|
64a848a03b |
ci: add maintainer override to require-issue-link workflow (#36147)
Add a durable maintainer override to the "Require Issue Link" workflow. The existing maintainer-reopen path skipped enforcement once but didn't persist that decision — a subsequent PR edit could re-trigger closure. Maintainers now have two override paths (reopen the PR or remove `missing-issue-link`), both converging on `applyMaintainerBypass()` which reopens the PR, cleans up `missing-issue-link`, and applies a durable `bypass-issue-check` label so future triggers skip enforcement. ## Changes - Add `unlabeled` to `pull_request_target` trigger types and gate it on `missing-issue-link` removal + `external` label presence in the job-level `if` - Introduce `bypass-issue-check` as a new skip label alongside `trusted-contributor` — scoped per-PR (not per-author) so maintainers can override individual PRs without blanket trust - Extract three helpers in the check-link script: `ensureAndAddLabel` (idempotent label creation), `senderIsOrgMember` (org membership check), and `applyMaintainerBypass` (remove label → reopen → add bypass) - `applyMaintainerBypass` reopens the PR *before* adding the bypass label so a failed reopen (deleted branch, permissions) leaves a more actionable state; reopen failure is caught and surfaced via `core.warning` instead of crashing the step - Non-member label removal defensively re-adds `missing-issue-link` and early-returns with failure outputs (re-add failure is non-fatal so the downstream "Add label" step can retry) - Replace hardcoded `'langchain-ai'` org in `senderIsOrgMember` with `context.repo.owner` for portability - Auto-close comments now include a maintainer override hint: *"reopen this PR or remove the `missing-issue-link` label to bypass this check"* - Live-label race guard also checks for `bypass-issue-check` |
||
|
Mason Daugherty
|
349047057b |
ci: respect maintainer reopens on auto-closed PRs (#36115)
When a maintainer manually reopens a PR that was auto-closed by the `require-issue-link` workflow, skip enforcement so it stays open. Scoped to PRs carrying the `missing-issue-link` label (i.e. only those closed by this workflow). Non-org-members reopening their own PRs still go through normal enforcement. |
||
|
Mason Daugherty
|
faadc1f3ce |
ci: suppress pytest streaming output in CI (#36092)
Reduce CI log noise by suppressing pytest's per-test dot/verbose streaming output. The `_test.yml` workflow now passes `PYTEST_EXTRA=-q` to `make test`, which overrides the default verbosity with quiet mode — failures still print in full, but the thousands of `.......` progress lines are gone. Local `make test` is unaffected since `PYTEST_EXTRA` defaults empty. ## Changes - Add `PYTEST_EXTRA ?=` variable to all 21 package Makefiles and inject it into each `test` target's pytest invocation - Pass `PYTEST_EXTRA=-q` in `_test.yml` for both the main test step and the min-version retest step |
||
|
Mason Daugherty
|
9c64cb7136 |
ci: add --frozen to uv sync/run in refresh_model_profiles (#36087)
`--no-group test --no-group dev --no-group lint` only controls which groups get *installed*; uv still resolves the full dependency graph (all groups) and tries to generate metadata for editable sources like `../langchain_v1`. In a sparse checkout these paths don't exist. `--frozen` skips re-resolution entirely and uses the existing lock, so the missing editable paths are never accessed. |
||
|
Mason Daugherty
|
f33667fef3 |
ci: skip dev/test/lint groups when installing langchain-profiles CLI (#36086)
The reusable refresh_model_profiles workflow sparse-checks out only libs/model-profiles from the langchain monorepo. `uv sync` fails because the test/dev/lint dependency groups reference sibling editable packages (../langchain_v1, ../core) that aren't present in the sparse checkout. Restrict to the default dependency group so only the runtime deps (httpx, tomli, typing-extensions) are installed — which is all the CLI needs. |
||
|
Mason Daugherty
|
cf1f510d77 |
fix(infra): resolve module crash blocking external PR enforcement (#36059)
`pr-labeler.js` used `require('@actions/core')` to access GitHub Actions
logging/failure helpers, but that module is bundled inside
`actions/github-script`'s dist — it's not resolvable via Node's
`require()` from a checked-out file on disk. Two of the three call sites
were in rarely-hit error branches, so the bug was latent. The third
(`applyTierLabel`) ran unconditionally, crashing the tier-label step on
every external PR. Because the tier step runs *before* the "add external
label" step, the crash prevented the `external` label from ever being
applied — which meant `require_issue_link.yml` never triggered and
unapproved external PRs stayed open.
## Changes
- Thread the `core` object (provided by `actions/github-script` at eval
time) through `loadAndInit()` → `init()` instead of calling
`require('@actions/core')` from the checked-out script — fixes the
`MODULE_NOT_FOUND` crash on all three call sites (`ensureLabel`,
`getContributorInfo`, `applyTierLabel`)
- Add a console-based fallback in `loadAndInit` so callers that don't
need `core.setFailed` still work without passing it
- Update all 9 `loadAndInit(github, owner, repo)` call sites across
`pr_labeler.yml`, `pr_labeler_backfill.yml`, and
`tag-external-issues.yml` to pass `core`
|
||
|
Mason Daugherty
|
54a5f83f2e |
ci(infra): drop redundant opened trigger from issue-link check (#36054)
Remove `opened` from the `require_issue_link.yml` trigger list. New PRs never have labels at creation time, so the job-level `if` (which requires the `external` label) always evaluated to skip — producing a noisy "Skipped" check on every internal PR. Enforcement chains through `pr_labeler.yml` → `labeled` event, making `opened` a no-op. ## Changes - Drop `opened` from `pull_request_target.types` in `require_issue_link.yml` — only `edited`, `reopened`, and `labeled` remain - Update header comment to document why `opened` is intentionally excluded |
||
|
Mason Daugherty
|
a81203bf6a |
ci: decouple codspeed from ci gate (#36051)
CodSpeed benchmarks shared the main CI workflow's concurrency group, which has `cancel-in-progress: true`. On push-to-master (post-merge), back-to-back merges would cancel in-flight CodSpeed jobs — failing the `ci_success` gate and marking the merge commit red, even though the PR passed all checks before merging. The cancelled jobs also meant baseline benchmark data was never uploaded, silently breaking CodSpeed's regression detection for subsequent PRs. ## Changes - Extract CodSpeed into a standalone `codspeed.yml` workflow with its own concurrency group — push-to-master runs use `github.sha` as the group key (unique per commit, never cancelled), while PR runs continue to cancel stale runs via `github.ref` - Remove the `codspeed` job, its output, and its `ci_success` gate dependency from `check_diffs.yml` — benchmark results are informational and shouldn't block merges ## Review - The new workflow duplicates the `build` (change detection) job from `check_diffs.yml` since it can't reference jobs across workflows. This means an extra `check_diff.py` run per trigger, but it's lightweight (~2s) and the tradeoff is worth the isolation. |
||
|
Mason Daugherty
|
b7e0b41d3a |
ci: use codspeed walltime mode for slow partners (#36049)
Speed up CodSpeed benchmarks for partners with heavy SDK inits by
switching them to walltime mode. `fireworks` takes ~328s and `openai` ~6
min under CPU simulation (Valgrind-based) — walltime is noisier but more
than adequate for detecting init-time regressions on these packages.
## Changes
- Add `CODSPEED_WALLTIME_DIRS` set in `_get_configs_for_single_dir` that
routes `libs/core`, `libs/partners/fireworks`, and
`libs/partners/openai` to walltime mode; all other partners default to
`simulation`
- Emit a `codspeed-mode` field in the CodSpeed matrix config and consume
it as `${{ matrix.job-configs.codspeed-mode }}` in the workflow,
replacing the inline ternary
|
||
|
Mason Daugherty
|
2476f558ad |
ci: replace deprecated codspeed instrumentation mode with simulation (#36047)
- Replace deprecated `instrumentation` runner mode with `simulation` in CodSpeed benchmarks (purely a rename, identical behavior) - Scope partner benchmarks to `tests/unit_tests/ -m benchmark` instead of `tests/` — avoids collecting ~80-90 non-benchmark tests per partner just to deselect them - Integration benchmark (`test_stream_time`) is always skipped anyway (no VCR cassettes in CI), so no loss from excluding `integration_tests/` Resolves: `Warning: The 'instrumentation' runner mode is deprecated and will be removed in a future version. Please use 'simulation' instead.` |
||
|
Mason Daugherty
|
07fa576de1 |
ci: avoid unnecessary dep installs in lint targets (#36046)
CI lint jobs use `uv run --all-groups` for all tools, but ruff doesn't need dependency resolution — only mypy does. By splitting into `UV_RUN_LINT` (ruff) and `UV_RUN_TYPE` (mypy), the CI-facing targets run ruff with `--group lint` only, giving fast-fail feedback before mypy triggers the full environment sync. For packages where source code only conditionally imports heavy deps (text-splitters, huggingface), `lint_package` also overrides `UV_RUN_TYPE` to `--group lint --group typing`, skipping the ~3.5GB `test_integration` download entirely. `lint_tests` keeps `--all-groups` since test code legitimately imports those deps. Additionally, `lint_imports.sh` was inconsistently wired — most packages had the script but weren't calling it. ## Changes **Makefile optimization** - Introduce `UV_RUN_LINT` and `UV_RUN_TYPE` Make variables, both defaulting to `uv run --all-groups`. For `lint_package` and `lint_tests`, `UV_RUN_LINT` is overridden to `uv run --group lint` so ruff runs instantly without syncing heavy deps - For `text-splitters` and `huggingface`, override `UV_RUN_TYPE` on `lint_package` to `uv run --group lint --group typing` — mypy runs without downloading torch, CUDA, spacy, etc. **mypy config for lean groups** - Add `transformers` and `transformers.*` to `ignore_missing_imports` in `text-splitters` pyproject.toml (conditional `try/except` import, same treatment as existing `konlpy`/`nltk` entries) - Add `torch`, `torch.*`, `langchain_community`, `langchain_community.*` to `ignore_missing_imports` in `huggingface` pyproject.toml - Add dual `# type: ignore[unreachable, unused-ignore]` in `text-splitters/base.py` to handle the `PreTrainedTokenizerBase` isinstance check that behaves differently depending on whether transformers is installed **lint_imports.sh consistency** - Add `./scripts/lint_imports.sh` to the lint recipe in every package that wasn't calling it (standard-tests, model-profiles, all 15 partners), and create the script for the two packages missing it entirely (`model-profiles`, `openrouter`) - Update all `lint_imports.sh` scripts to allow `from langchain.agents` and `from langchain.tools` imports (legitimate v1 middleware dependencies used by `langchain-anthropic` and `langchain-openai`) |
||
|
Mason Daugherty
|
58f3d1a633 |
ci: consolidate PR labeling into unified workflows (#36042)
Consolidate four separate PR labeling workflows (`pr_labeler_file.yml`, `pr_labeler_title.yml`, `pr_size_labeler.yml`, and the PR-handling half of `tag-external-contributions.yml`) into a single `pr_labeler.yml` workflow. The old workflows raced against each other — concurrent label mutations could drop or duplicate labels depending on execution order. A unified workflow with concurrency grouping eliminates that class of bug. |
||
|
Mason Daugherty
|
6965c87a68 |
ci(model-profiles): extract reusable workflow for cross-repo profile refresh (#36038)
Extract the model profile refresh logic into a reusable `workflow_call`
workflow so external repos like `langchain-google` and `langchain-aws`
can run the same daily profile refresh and get auto-PRs without
duplicating the pipeline. The in-monorepo caller becomes a thin wrapper
passing provider JSON.
## Changes
- Add `_refresh_model_profiles.yml` as a reusable `workflow_call`
workflow — accepts a `providers` JSON array of `{provider, data_dir}`
pairs, optional `cli-path` (skips cloning the CLI repo when the caller
already has it), and configurable PR metadata inputs
- External callers get the `langchain-profiles` CLI via sparse checkout
of `langchain-ai/langchain` at a configurable `cli-ref`; the in-monorepo
caller short-circuits with `cli-path: libs/model-profiles`
- Add input validation step using `jq` — rejects non-array JSON and
entries missing `provider`/`data_dir` keys with `::error::` annotations
- Replace the piped `while read` loop with `mapfile`/`for` +
per-provider error handling: one provider failure no longer kills the
rest, and all failures are collected and reported at the end
- Route all `${{ inputs.* }}` expressions through `env:` bindings in
`run:` blocks to prevent script injection from caller-controlled values
- Validate `cli-path` existence before use, with a clear error if the
directory is missing
- Summary step now runs with `if: always()` and handles
failure/success/no-op states separately
- Refactor `refresh_model_profiles.yml` into a thin caller that passes
the 10 in-monorepo providers as JSON
|
||
|
Mason Daugherty
|
93947dcea8 |
ci: cancel other CI runs when require-issue-link closes a PR (#35849)
When the `require_issue_link` workflow closes an external PR for failing the issue-link/assignee check, other CI workflows (lint, tests, integration tests) keep running uselessly. This cancels all of them immediately after closing the PR. ## Changes - After closing the PR in the `check-issue-link` job's final step, enumerate all `in_progress` and `queued` workflow runs matching the PR's `head_sha` via `actions.listWorkflowRunsForRepo` and cancel each one (skipping self via `context.runId`) - Add `actions: write` permission to the job to allow cancellation API calls |
||
|
Mason Daugherty
|
5d9568b5f5 |
feat(model-profiles): new fields + Makefile target (#35788)
Extract additional fields from models.dev into `_model_data_to_profile`: `name`, `status`, `release_date`, `last_updated`, `open_weights`, `attachment`, `temperature` Move the model profile refresh logic from an inline bash script in the GitHub Actions workflow into a `make refresh-profiles` target in `libs/model-profiles/Makefile`. This makes it runnable locally with a single command and keeps the provider map in one place instead of duplicated between CI and developer docs. |