chore(deps-dev): bump the langchain group across 1 directory with 2 updates#1622
chore(deps-dev): bump the langchain group across 1 directory with 2 updates#1622dependabot[bot] wants to merge 1 commit into
Conversation
There was a problem hiding this comment.
The langchain-openai bump spans a major version boundary (0.3.34 → 1.1.12), which may introduce breaking API changes in the test suite — worth a human check that CI passes.
Extended reasoning...
Overview
This is a dependabot PR updating two dev-only dependencies in pyproject.toml and uv.lock: langchain-openai (0.3.34 → 1.1.12) and langchain (1.2.13 → 1.2.15). Incidentally, langgraph (1.1.3 → 1.1.5) and langgraph-prebuilt (1.0.8 → 1.0.9) are also bumped as transitive resolution changes. All changes are to the [dependency-groups] dev section — none affect the published package.
Security Risks
No security risks from the version bumps themselves. The langchain 1.2.14 release includes a pygments CVE fix (CVE-2026-4539), which is a minor positive. No auth, crypto, or data-exposure surface in these changes.
Level of Scrutiny
The langchain-openai jump from 0.3.34 to 1.1.12 crosses a major version boundary and skips many minor versions, meaning the upstream library may have introduced API breaking changes. Even though it is a dev dependency, the test suite relies on it and tests could silently pass or fail depending on API compatibility. The constraint in pyproject.toml was widened from <0.4 to <1.2 to accommodate this, which is a deliberate widening. A human should confirm CI is green before merging.
Other Factors
No bugs were found by the automated bug hunting system. The langchain and langgraph bumps are minor patch-level and low risk. The lock file hash updates are consistent with the version changes. The main concern is solely the magnitude of the langchain-openai version jump.
fe0fe0c to
413d518
Compare
413d518 to
a218e0f
Compare
81e1288 to
4e210e8
Compare
955020b to
cf83784
Compare
6eae19f to
3b492ed
Compare
10d8aa7 to
c4a09bb
Compare
1ce292f to
99df812
Compare
99df812 to
a1d2ff7
Compare
ee7e0f7 to
85394ec
Compare
85394ec to
7fcc752
Compare
…pdates Bumps the langchain group with 2 updates in the / directory: [langchain-openai](https://github.com/langchain-ai/langchain) and [langchain](https://github.com/langchain-ai/langchain). Updates `langchain-openai` from 0.3.34 to 1.3.3 - [Release notes](https://github.com/langchain-ai/langchain/releases) - [Commits](langchain-ai/langchain@langchain-openai==0.3.34...langchain-openai==1.3.3) Updates `langchain` from 1.2.13 to 1.3.11 - [Release notes](https://github.com/langchain-ai/langchain/releases) - [Commits](langchain-ai/langchain@langchain==1.2.13...langchain==1.3.11) --- updated-dependencies: - dependency-name: langchain dependency-version: 1.2.15 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: langchain - dependency-name: langchain-openai dependency-version: 1.1.12 dependency-type: direct:development update-type: version-update:semver-major dependency-group: langchain ... Signed-off-by: dependabot[bot] <support@github.com>
7fcc752 to
62416fb
Compare
Bumps the langchain group with 2 updates in the / directory: langchain-openai and langchain.
Updates
langchain-openaifrom 0.3.34 to 1.3.3Release notes
Sourced from langchain-openai's releases.
... (truncated)
Commits
4a83756release(openai): 1.3.3 (#38375)792c1a7fix(openai): drop response item ids whenstoreis false (#38372)9f7e46frelease(anthropic): 1.4.7 (#38373)9ef324cfix(langchain,openai): only setstrict=Trueon tools for OpenAI-compatible ...05b5af1chore(infra): update workflow key name (#38367)8e81774test(groq): xfail flaky tool choice test (#38365)946fbbbfix(groq): replace deprecated Groq llama models (#38363)d11b1fcchore(model-profiles): refresh model profile data (#38341)9d14a5efeat(groq): addperformanceservice tier (#38339)cc6b125test(openai): clarify expected strict schema error (#38338)Updates
langchainfrom 1.2.13 to 1.3.11Release notes
Sourced from langchain's releases.
... (truncated)
Commits
83e8249release(langchain): 1.3.11 (#38377)6dd45c9hotfix(anthropic): regenerate cassette (#38376)4a83756release(openai): 1.3.3 (#38375)792c1a7fix(openai): drop response item ids whenstoreis false (#38372)9f7e46frelease(anthropic): 1.4.7 (#38373)9ef324cfix(langchain,openai): only setstrict=Trueon tools for OpenAI-compatible ...05b5af1chore(infra): update workflow key name (#38367)8e81774test(groq): xfail flaky tool choice test (#38365)946fbbbfix(groq): replace deprecated Groq llama models (#38363)d11b1fcchore(model-profiles): refresh model profile data (#38341)