Skip to content

build(deps): bump the uv group across 2 directories with 4 updates#422

Merged
John Kennedy (jkennedyvz) merged 1 commit intomainfrom
dependabot/uv/uv-42cdda0244
Feb 26, 2026
Merged

build(deps): bump the uv group across 2 directories with 4 updates#422
John Kennedy (jkennedyvz) merged 1 commit intomainfrom
dependabot/uv/uv-42cdda0244

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 26, 2026

Bumps the uv group with 4 updates in the / directory: langchain-core, cryptography, langgraph-checkpoint and langsmith.
Bumps the uv group with 1 update in the /examples/servers/streamable-http-stateless directory: cryptography.

Updates langchain-core from 1.2.5 to 1.2.11

Release notes

Sourced from langchain-core's releases.

langchain-core==1.2.11

Changes since langchain-core==1.2.10

release(core): 1.2.11 (#35144) fix(openai): sanitize urls when counting tokens in images (#35143) chore(core): clean up docstring mismatch and redundant logic in langchain-core (#35064) fix(core): replace bare except with Exception in tracer (#35138)

langchain-core==1.2.10

Changes since langchain-core==1.2.9

release(core): 1.2.10 (#35136) chore(deps): bump the langchain-deps group across 3 directories with 40 updates (#35129) chore(deps): bump the langchain-deps group across 3 directories with 11 updates (#35121) feat(core): add ContextOverflowError, raise in anthropic and openai (#35099) feat(model-profiles): add text_inputs and text_outputs (#35084) feat(core): count tokens from tool schemas in count_tokens_approximately (#35098) docs(core): add missing name docstring for RunnableSerializable (#35088)

langchain-core==1.2.9

Changes since langchain-core==1.2.8

release(core): 1.2.9 (#35025) fix(core): adjust cap when scaling approximate token counts (#35017) revert: precompile hex color regex pattern at module level (#35016) chore: add make type target (#35015) revert: "chore: add typing target in Makefile" (#35013) chore: add typing target in Makefile (#35012) fix(core): apply cap when scaling approximate token counts (#35005) feat(core): allow scaling by reported usage when counting tokens approximately (#34996) test(core): increase delta_time for flaky test (#34982) chore: enrich pyproject.toml files (#34980)

langchain-core==1.2.8

Changes since langchain-core==1.2.7

release(core): 1.2.8 (#34975) docs(core): add examples for pretty_repr, pretty_print (#34968) docs(core): use proper admonition for get_buffer_string (#34967) docs: add usage examples to core classes (#34841) chore(core): fix docstring format (#34966) chore(deps): bump the uv group across 20 directories with 3 updates (#34941) docs: add example to create_message function docstring (#34851) docs(core): clarify @​tool decorator argument and return type requirements (#34860) fix(core): fix nested mustache variable extraction and update docs (#34872) fix(core): allow base model annotations for empty model (#34932) chore: upgrade urllib3 to 2.6.3 (#34940) fix(core): prevent crash in ParrotFakeChatModel when messages list is empty (#34943) fix(core): google docstring parsing with no arguments/reserved arguments (#34861) test(core): add tests for approximate token counting with multimodal messages (#34898)

... (truncated)

Commits
  • 524e1da release(core): 1.2.11 (#35144)
  • 2b4b1dc fix(openai): sanitize urls when counting tokens in images (#35143)
  • 0493b27 fix(anthropic): support effort="max" and remove beta headers (#35141)
  • a5f22e7 chore(core): clean up docstring mismatch and redundant logic in langchain-cor...
  • 97ee14c fix(core): replace bare except with Exception in tracer (#35138)
  • 990e807 release(standard-tests): release 1.1.5 (#35139)
  • 74dffca release(langchain): 1.2.10 (#35137)
  • f41e049 release(core): 1.2.10 (#35136)
  • de05838 chore(deps): bump the langchain-deps group across 3 directories with 40 updat...
  • d6e86aa chore(deps): bump the other-deps group across 3 directories with 12 updates (...
  • Additional commits viewable in compare view

Updates cryptography from 46.0.4 to 46.0.5

Changelog

Sourced from cryptography's changelog.

46.0.5 - 2026-02-10


* An attacker could create a malicious public key that reveals portions of your
  private key when using certain uncommon elliptic curves (binary curves).
  This version now includes additional security checks to prevent this attack.
  This issue only affects binary elliptic curves, which are rarely used in
  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and
  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.
  **CVE-2026-26007**
* Support for ``SECT*`` binary elliptic curves is deprecated and will be
  removed in the next release.

.. v46-0-4:

Commits

Updates langgraph-checkpoint from 3.0.1 to 4.0.0

Release notes

Sourced from langgraph-checkpoint's releases.

langgraph-checkpoint==4.0.0

Changes since checkpoint==3.0.1

  • fix: flip default on base cache (#6677)
  • fix(checkpoint): InMemorySaver context managers should return self in… (#6529)
  • fix: docstring for serializer protocol (#6525)
  • chore: clean up some refs (#6487)
  • chore: add pyproject.toml links (#6364)

langgraph-checkpoint-postgres==3.0.4

Changes since checkpointpostgres==3.0.3

  • chore: Omit lock when using connection pool (#6734)
  • chore(deps): upgrade dependencies with uv lock --upgrade (#6671)
  • chore: update twitter URLs (#6683)

langgraph-checkpoint-postgres==3.0.3

Changes since checkpointpostgres==3.0.2

  • fix: flip default on base cache (#6677)
  • docs: storage nits (#6651)

langgraph-checkpoint-sqlite==3.0.3

Changes since checkpointsqlite==3.0.2

  • fix: aiosqlite's breaking change (#6699)
  • chore(deps): upgrade dependencies with uv lock --upgrade (#6671)
  • chore: update twitter URLs (#6683)

langgraph-checkpoint-postgres==3.0.2

Changes since checkpointpostgres==3.0.1

  • release(checkpoint-postgres): 3.0.1 (#6568)
  • chore: pgqs (#6567)
  • fix(checkpoint-postgres): ensure vector extension is created only if not exists (#6154)
  • fix(checkpoint-postgres): Replace f-string SQL formatting with parameterized queries in migration statements (#6328)
  • chore: add pyproject.toml links (#6364)
  • docs: add license files for checkpoint-sqlite and checkpoint-postgres (#6392)

langgraph-checkpoint-sqlite==3.0.2

Changes since checkpointsqlite==3.0.1

  • fix: flip default on base cache (#6677)
  • docs: storage nits (#6651)
Commits

Updates langsmith from 0.4.30 to 0.6.3

Release notes

Sourced from langsmith's releases.

v0.6.1

What's Changed

Full Changelog: langchain-ai/langsmith-sdk@v0.6.0...v0.6.1

v0.6.0

What's Changed

Full Changelog: langchain-ai/langsmith-sdk@v0.5.2...v0.6.0

v0.6.0rc0

What's Changed

Full Changelog: langchain-ai/langsmith-sdk@v0.5.1...v0.6.0rc0

v0.5.2

What's Changed

Full Changelog: langchain-ai/langsmith-sdk@v0.5.1...v0.5.2

... (truncated)

Commits

Updates cryptography from 46.0.4 to 46.0.5

Changelog

Sourced from cryptography's changelog.

46.0.5 - 2026-02-10


* An attacker could create a malicious public key that reveals portions of your
  private key when using certain uncommon elliptic curves (binary curves).
  This version now includes additional security checks to prevent this attack.
  This issue only affects binary elliptic curves, which are rarely used in
  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and
  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.
  **CVE-2026-26007**
* Support for ``SECT*`` binary elliptic curves is deprecated and will be
  removed in the next release.

.. v46-0-4:

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump the uv group across 2 directories with 4 updates
b3c6839 
Bumps the uv group with 4 updates in the / directory: [langchain-core](https://github.com/langchain-ai/langchain), [cryptography](https://github.com/pyca/cryptography), [langgraph-checkpoint](https://github.com/langchain-ai/langgraph) and [langsmith](https://github.com/langchain-ai/langsmith-sdk).
Bumps the uv group with 1 update in the /examples/servers/streamable-http-stateless directory: [cryptography](https://github.com/pyca/cryptography).


Updates `langchain-core` from 1.2.5 to 1.2.11
- [Release notes](https://github.com/langchain-ai/langchain/releases)
- [Commits](langchain-ai/langchain@langchain-core==1.2.5...langchain-core==1.2.11)

Updates `cryptography` from 46.0.4 to 46.0.5
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@46.0.4...46.0.5)

Updates `langgraph-checkpoint` from 3.0.1 to 4.0.0
- [Release notes](https://github.com/langchain-ai/langgraph/releases)
- [Commits](langchain-ai/langgraph@checkpoint==3.0.1...checkpoint==4.0.0)

Updates `langsmith` from 0.4.30 to 0.6.3
- [Release notes](https://github.com/langchain-ai/langsmith-sdk/releases)
- [Commits](https://github.com/langchain-ai/langsmith-sdk/commits)

Updates `cryptography` from 46.0.4 to 46.0.5
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@46.0.4...46.0.5)

---
updated-dependencies:
- dependency-name: langchain-core
  dependency-version: 1.2.11
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: cryptography
  dependency-version: 46.0.5
  dependency-type: indirect
  dependency-group: uv
- dependency-name: langgraph-checkpoint
  dependency-version: 4.0.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: langsmith
  dependency-version: 0.6.3
  dependency-type: indirect
  dependency-group: uv
- dependency-name: cryptography
  dependency-version: 46.0.5
  dependency-type: indirect
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Feb 26, 2026
@jkennedyvz John Kennedy (jkennedyvz) merged commit 141be26 into main Feb 26, 2026
6 checks passed
@jkennedyvz John Kennedy (jkennedyvz) deleted the dependabot/uv/uv-42cdda0244 branch February 26, 2026 00:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jkennedyvz