Skip to content

chore(deps-dev): bump the langchain group across 1 directory with 2 updates#1622

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/langchain-5313e6a929
Open

chore(deps-dev): bump the langchain group across 1 directory with 2 updates#1622
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/langchain-5313e6a929

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 10, 2026
edited
Loading

Bumps the langchain group with 2 updates in the / directory: langchain-openai and langchain.

Updates langchain-openai from 0.3.34 to 1.1.12

Release notes

Sourced from langchain-openai's releases.

langchain-openai==1.1.12

Changes since langchain-openai==1.1.11

fix(openai): bump min core version (#36180) release(openai): 1.1.12 (#36178) fix(core,model-profiles): add missing ModelProfile fields, warn on schema drift (#36129) fix(openai): support phase parameter (#36161) fix(openai): preserve namespace field in streaming function_call chunks (#36108) ci: suppress pytest streaming output in CI (#36092) ci: avoid unnecessary dep installs in lint targets (#36046) chore(model-profiles): refresh model profile data (#36039) chore: bump orjson from 3.11.5 to 3.11.6 in /libs/partners/openai (#35860) fix(openai): add type: message to Responses API input items (#35693) perf(.github): set a timeout on get min versions HTTP calls (#35851) feat(model-profiles): new fields + Makefile target (#35788) fix(openai): close PIL Image handles in token counting to prevent fd leak (#35742) fix(openai): typo (#35763) chore(model-profiles): refresh model profile data (#35754)

langchain-openai==1.1.11

Changes since langchain-openai==1.1.10

fix(openai): bump min core version (#35705) release(openai): 1.1.11 (#35703) fix(openai): update responses API model detection for pro and codex models (#35594) feat(openai): support tool search (#35582) chore: bump langgraph from 1.0.8 to 1.0.10rc1 in /libs/partners/openai (#35612) chore(model-profiles): refresh model profile data (#35593) fix(openai): avoid PydanticSerializationUnexpectedValue for structured output (#35543) feat(openrouter): add streaming token usage support (#35559) fix: compaction typo (#35467) fix(openai): add test for CSV and accommodate breaking changes in file url inputs (#35454) chore: bump langgraph-checkpoint from 3.0.0 to 4.0.0 in /libs/partners/openai (#35448) fix(model-profiles): sort generated profiles by model ID for stable diffs (#35344) fix(openai): accept valid responses that are falsy at runtime (#35307)

langchain-openai==1.1.10

Changes since langchain-openai==1.1.9

release(openai): 1.1.10 (#35292) feat(openai): support automatic server-side compaction (#35212) fix(openai): add model property (#35284) fix(nomic,openai,perplexity): update pillow version to >= 12.1.1, <13.0.0 (#35254) docs(openai): more nits (#35277) docs(openai): clarify reasoning config for openai-compatible endpoints (#35202) fix(openai): gpt-5.2-pro Model Profile structured_output key fixed (#35216) chore(openai): extend model_token_mapping till gpt-5.2 for modelname_to_contextsize (#35214) fix(openai): enhance error message for non-OpenAI embedding providers (#35252) fix(openai): sanitize chat completions text content blocks (#35217) fix(openai): improve error message for null choices in OpenAI-compatible APIs (#35236)

... (truncated)

Commits
  • ad574fc fix(openai): bump min core version (#36180)
  • 19f81cf release(core): 1.2.21 (#36179)
  • 6d07ef2 release(openai): 1.1.12 (#36178)
  • 2f64d80 fix(core,model-profiles): add missing ModelProfile fields, warn on schema d...
  • 5ffece5 chore(core): remove stale blockbuster allowlist for deleted context module (#...
  • 936b0a6 chore(model-profiles): refresh model profile data (#36152)
  • 900f8a3 fix(openai): support phase parameter (#36161)
  • 64a848a ci: add maintainer override to require-issue-link workflow (#36147)
  • 7d05cfb fix(openai): preserve namespace field in streaming function_call chunks (#36108)
  • 74ade80 chore(model-profiles): refresh model profile data (#36123)
  • Additional commits viewable in compare view

Updates langchain from 1.2.13 to 1.2.15

Release notes

Sourced from langchain's releases.

langchain-core==1.2.15

Changes since langchain-core==1.2.14

fix(core): improve error message for non-JSON-serializable tool schemas (#34376) fix(core): improve typing/docs for on_chat_model_start to clarify required positional args (#35324) perf(core): defer specific langsmith imports to reduce import time (#35298) revert: add ChatAnthropicBedrockWrapper (#35371) release(core): 1.2.15 (#35367) fix(anthropic): replace retired model IDs in tests and docstrings (#35365) feat(anthropic): add ChatAnthropicBedrock wrapper (#35091) style: fix some ruff noqa (#35321)

langchain==1.2.15

Changes since langchain==1.2.14

release: langchain v1.2.15 (#36496) chore: bump aiohttp from 3.13.3 to 3.13.4 in /libs/langchain_v1 (#36438)

langchain-core==1.2.14

Changes since langchain-core==1.2.13

release(core): 1.2.14 (#35328) chore(core): remove langserve from sys info util, add deepagents (#35325) fix(core): fix merge_lists incorrectly merging parallel tool calls (#35281) fix(core): accept int temperature in _get_ls_params for LangSmith tracing (#35302) revert: accept integer temperature values in _get_ls_params (#35319) fix(core): accept integer temperature values in _get_ls_params (#35317) docs(core): update load note to be precise (#35309) fix(core): prevent recursion error when args_schema is dict (#35260) fix(core): preserve index and timestamp fields when merging (#34731) docs(core): add security warnings and best practices for deserialization (#35282) docs: fix docstring inaccuracies and update outdated LangSmith URLs (#35283) fix(core): correct misleading jinja2 sandboxing comment (#35183) chore: bump the langchain-deps group across 3 directories with 8 updates (#35257)

langchain==1.2.14

Changes since langchain==1.2.13

release(langchain): 1.2.14 (#36396) chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385) test(langchain): cover runtime recursion limit override in create_agent (#36376) perf(langchain): reduce init speed by 15% (#36375) fix(langchain): update recursion limit for create_agent (#36351) fix(infra): correct lint_diff relative paths in package makefiles (#36333) chore: bump cryptography from 46.0.5 to 46.0.6 in /libs/langchain_v1 (#36324) fix(langchain): recognize ChatAnthropicVertex in _get_approximate_token_counter (#36320) chore(langchain): remove unnecessary description for toods list as a group (#36315) chore(langchain): add async implementation to todolist and test (#36313) chore(langchain): speed up todo list middleware init (#36311) chore: bump requests from 2.32.5 to 2.33.0 in /libs/langchain_v1 (#36241)

... (truncated)

Commits
  • dd63731 release: langchain v1.2.15 (#36496)
  • d1529dd fix(core): correct parameter names in filter_messages docstring example (#36462)
  • e89afed release(core): 1.2.25 (#36473)
  • 0b5f2c0 fix(core): harden check for txt files in deprecated prompt loading functions ...
  • c9f51ae fix(core): fixed typos in the documentation (#36459)
  • cd394b7 chore(model-profiles): refresh model profile data (#36455)
  • 34c4a2a chore: bump aiohttp from 3.13.3 to 3.13.4 in /libs/partners/huggingface (#36436)
  • 914cef0 chore: bump aiohttp from 3.13.3 to 3.13.4 in /libs/partners/xai (#36435)
  • 66ad4f7 chore: bump aiohttp from 3.13.3 to 3.13.4 in /libs/langchain (#36439)
  • 8fb12b8 chore: bump aiohttp from 3.13.3 to 3.13.4 in /libs/partners/fireworks (#36437)
  • Additional commits viewable in compare view

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Apr 10, 2026
claude[bot]
claude bot reviewed Apr 10, 2026
View reviewed changes
Copy link
Copy Markdown

@claude claude bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The langchain-openai bump spans a major version boundary (0.3.34 → 1.1.12), which may introduce breaking API changes in the test suite — worth a human check that CI passes.

Extended reasoning...

Overview

This is a dependabot PR updating two dev-only dependencies in pyproject.toml and uv.lock: langchain-openai (0.3.34 → 1.1.12) and langchain (1.2.13 → 1.2.15). Incidentally, langgraph (1.1.3 → 1.1.5) and langgraph-prebuilt (1.0.8 → 1.0.9) are also bumped as transitive resolution changes. All changes are to the [dependency-groups] dev section — none affect the published package.

Security Risks

No security risks from the version bumps themselves. The langchain 1.2.14 release includes a pygments CVE fix (CVE-2026-4539), which is a minor positive. No auth, crypto, or data-exposure surface in these changes.

Level of Scrutiny

The langchain-openai jump from 0.3.34 to 1.1.12 crosses a major version boundary and skips many minor versions, meaning the upstream library may have introduced API breaking changes. Even though it is a dev dependency, the test suite relies on it and tests could silently pass or fail depending on API compatibility. The constraint in pyproject.toml was widened from <0.4 to <1.2 to accommodate this, which is a deliberate widening. A human should confirm CI is green before merging.

Other Factors

No bugs were found by the automated bug hunting system. The langchain and langgraph bumps are minor patch-level and low risk. The lock file hash updates are consistent with the version changes. The main concern is solely the magnitude of the langchain-openai version jump.

@dependabot dependabot bot force-pushed the dependabot/uv/langchain-5313e6a929 branch from 2d7394a to 32ca532 Compare April 16, 2026 05:56
@dependabot
chore(deps-dev): bump the langchain group across 1 directory with 2 u…
9ca4bbf 
…pdates

Bumps the langchain group with 2 updates in the / directory: [langchain-openai](https://github.com/langchain-ai/langchain) and [langchain](https://github.com/langchain-ai/langchain).


Updates `langchain-openai` from 0.3.34 to 1.1.12
- [Release notes](https://github.com/langchain-ai/langchain/releases)
- [Commits](langchain-ai/langchain@langchain-openai==0.3.34...langchain-openai==1.1.12)

Updates `langchain` from 1.2.13 to 1.2.15
- [Release notes](https://github.com/langchain-ai/langchain/releases)
- [Commits](langchain-ai/langchain@langchain==1.2.13...langchain==1.2.15)

---
updated-dependencies:
- dependency-name: langchain-openai
  dependency-version: 1.1.12
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: langchain
- dependency-name: langchain
  dependency-version: 1.2.15
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: langchain
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/uv/langchain-5313e6a929 branch from 32ca532 to 9ca4bbf Compare April 17, 2026 05:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants