chore(deps): bump the uv group across 2 directories with 2 updates

[dependabot]

Bumps the uv group with 2 updates in the / directory: cryptography and langchain-core.
Bumps the uv group with 1 update in the /python/providers/claude_agent_sdk directory: cryptography.

Updates cryptography from 45.0.4 to 46.0.6

Changelog

Sourced from cryptography's changelog.

46.0.6 - 2026-03-25

* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied
  to peer names during verification when the leaf certificate contains a
  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,
  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for
  reporting the issue. **CVE-2026-34073**
.. _v46-0-5:
46.0.5 - 2026-02-10

• An attacker could create a malicious public key that reveals portions of your private key when using certain uncommon elliptic curves (binary curves). This version now includes additional security checks to prevent this attack. This issue only affects binary elliptic curves, which are rarely used in real-world applications. Credit to XlabAI Team of Tencent Xuanwu Lab and Atuin Automated Vulnerability Discovery Engine for reporting the issue. CVE-2026-26007
• Support for SECT* binary elliptic curves is deprecated and will be removed in the next release.

.. v46-0-4:

46.0.4 - 2026-01-27

* `Dropped support for win_arm64 wheels`_.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.
.. _v46-0-3:
46.0.3 - 2025-10-15

• Fixed compilation when using LibreSSL 4.2.0.

.. _v46-0-2:

46.0.2 - 2025-09-30

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.
.. _v46-0-1:
46.0.1 - 2025-09-16

... (truncated)

Commits

• 91d7288 Cherry-pick #14542 (#14543)
• 06e120e bump version for 46.0.5 release (#14289)
• 0eebb9d EC check key on cofactor > 1 (#14287)
• bedf6e1 fix openssl version on 46 branch (#14220)
• e6f44fc bump for 46.0.4 and drop win arm64 due to CI issues (#14217)
• c0af4dd release 46.0.3 (#13681)
• 99efe5a bump version for 46.0.2 (#13531)
• e735cfc release 46.0.1 (#13450)
• 4e457ff Explicitly specify python in mac uv build invocation (#13447)
• 2726efd Depend on CFFI 2.0.0 or newer on Python > 3.8 (#13448)
• Additional commits viewable in compare view

Updates langchain-core from 1.1.1 to 1.2.22

Release notes

Sourced from langchain-core's releases.

langchain-core==1.2.22

Changes since langchain-core==1.2.21

release(core): 1.2.22 (#36201) fix(core): validate paths in prompt.save and load_prompt, deprecate methods (#36200)

langchain-core==1.2.21

Changes since langchain-core==1.2.20

release(core): 1.2.21 (#36179) fix(core,model-profiles): add missing ModelProfile fields, warn on schema drift (#36129) chore(core): remove stale blockbuster allowlist for deleted context module (#36168) ci: suppress pytest streaming output in CI (#36092)

langchain-core==1.2.20

Changes since langchain-core==1.2.19

release(core): 1.2.20 (#36085) fix(core): trace invocation params in metadata (#36080) feat: Add LangSmith integration metadata to create_agent and init_chat_model (#35810) feat(core): harden anti-ssrf (#35960) ci: avoid unnecessary dep installs in lint targets (#36046) docs(core): document base_url in mermaid api (#35961) chore: bump orjson from 3.11.5 to 3.11.6 in /libs/core (#35805) chore: housekeeping (#35850)

langchain-core==1.2.19

Changes since langchain-core==1.2.18

release(core): 1.2.19 (#35832) chore(core): move BaseCrossEncoder to langchain-core (#35809) chore: bump tornado from 6.5.2 to 6.5.5 in /libs/core (#35775)

langchain-core==1.2.18

Changes since langchain-core==1.2.17

release(core): 1.2.18 (#35704) fix(core): fix double backticks in deprecation docstring for alternative_import (#35658) fix(core): preserve default_factory when generating tool call schema (#35550) feat(openai): support tool search (#35582) chore: bump the minor-and-patch group across 3 directories with 7 updates (#35605)

langchain-core==1.2.17

Changes since langchain-core==1.2.16

release(core): 1.2.17 (#35527) fix(core): extract usage metadata from serialized tracer message outputs (#35526) chore: bump the langchain-deps group across 3 directories with 7 updates (#35513) chore: bump the langchain-deps group across 3 directories with 14 updates (#35441)

... (truncated)

Commits

• d22df94 release(core): 1.2.22 (#36201)
• 27add91 fix(core): validate paths in prompt.save and load_prompt, deprecate metho...
• 7563fce chore(model-profiles): refresh model profile data (#36195)
• 3e64c25 chore: use repo permissions instead of org membership for maintainer override...
• 1778b08 chore(partners): bump langchain-core min to 1.2.21 (#36183)
• ad574fc fix(openai): bump min core version (#36180)
• 19f81cf release(core): 1.2.21 (#36179)
• 6d07ef2 release(openai): 1.1.12 (#36178)
• 2f64d80 fix(core,model-profiles): add missing ModelProfile fields, warn on schema d...
• 5ffece5 chore(core): remove stale blockbuster allowlist for deleted context module (#...
• Additional commits viewable in compare view

Updates cryptography from 46.0.3 to 46.0.6

Changelog

Sourced from cryptography's changelog.

46.0.6 - 2026-03-25

* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied
  to peer names during verification when the leaf certificate contains a
  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,
  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for
  reporting the issue. **CVE-2026-34073**
.. _v46-0-5:
46.0.5 - 2026-02-10

• An attacker could create a malicious public key that reveals portions of your private key when using certain uncommon elliptic curves (binary curves). This version now includes additional security checks to prevent this attack. This issue only affects binary elliptic curves, which are rarely used in real-world applications. Credit to XlabAI Team of Tencent Xuanwu Lab and Atuin Automated Vulnerability Discovery Engine for reporting the issue. CVE-2026-26007
• Support for SECT* binary elliptic curves is deprecated and will be removed in the next release.

.. v46-0-4:

46.0.4 - 2026-01-27

* `Dropped support for win_arm64 wheels`_.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.
.. _v46-0-3:
46.0.3 - 2025-10-15

• Fixed compilation when using LibreSSL 4.2.0.

.. _v46-0-2:

46.0.2 - 2025-09-30

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.
.. _v46-0-1:
46.0.1 - 2025-09-16

... (truncated)

Commits

• 91d7288 Cherry-pick #14542 (#14543)
• 06e120e bump version for 46.0.5 release (#14289)
• 0eebb9d EC check key on cofactor > 1 (#14287)
• bedf6e1 fix openssl version on 46 branch (#14220)
• e6f44fc bump for 46.0.4 and drop win arm64 due to CI issues (#14217)
• c0af4dd release 46.0.3 (#13681)
• 99efe5a bump version for 46.0.2 (#13531)
• e735cfc release 46.0.1 (#13450)
• 4e457ff Explicitly specify python in mac uv build invocation (#13447)
• 2726efd Depend on CFFI 2.0.0 or newer on Python > 3.8 (#13448)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
docs	Ready	Preview, Comment	Mar 28, 2026 9:08am