Problem
langchain-google-spanner==0.9.0 hard-pins langchain-core <1.0.0 and langchain-community <1.0.0. This makes it impossible to install alongside any package that requires LangChain 1.x — including Google's own ecosystem partners like deepagents>=0.6.x (which requires langchain-core>=1.4.7).
Anyone building AI agents on top of Google Cloud Spanner — the exact use case this library exists for — is blocked.
Evidence the Fix Is Trivial and Already Known
Your own Renovate automation filed this fix three separate times, all ignored and autoclosed with no human review:
Each PR was a 2-line change to pyproject.toml. Each was assigned to @amullick-git and @rahul2393. None received a comment or review.
The Dependency Dashboard (issue #8) still lists this as a pending, unfixed security update as of June 2026.
Current State
The main branch today is identical to the July 2025 0.9.0 release — zero releases in 11 months:
dependencies = [
"langchain-core>=0.1.25, <1.0.0", # blocking
"langchain-community>=0.0.18, <1.0.0", # blocking
]
The pending v0.9.1 is docs-only with no dependency changes.
Workaround We're Forced To Use
Because there is no fix, users must:
- Install with
--no-deps to bypass the conflict
- Manually patch
graph_retriever.py to fix a broken import (from langchain.schema.retriever import BaseRetriever → from langchain_core.retrievers import BaseRetriever)
- Disable
SpannerGraphQAChain (inherits from removed Chain base class)
This is fragile, breaks on venv rebuilds, and is not acceptable for a production AI library backed by Google.
Request
Please merge a LangChain 1.x compatible release. The Renovate PRs already contain the correct fix. This is blocking the core use case of the library.
cc @amullick-git @rahul2393
Problem
langchain-google-spanner==0.9.0hard-pinslangchain-core <1.0.0andlangchain-community <1.0.0. This makes it impossible to install alongside any package that requires LangChain 1.x — including Google's own ecosystem partners likedeepagents>=0.6.x(which requireslangchain-core>=1.4.7).Anyone building AI agents on top of Google Cloud Spanner — the exact use case this library exists for — is blocked.
Evidence the Fix Is Trivial and Already Known
Your own Renovate automation filed this fix three separate times, all ignored and autoclosed with no human review:
Each PR was a 2-line change to
pyproject.toml. Each was assigned to@amullick-gitand@rahul2393. None received a comment or review.The Dependency Dashboard (issue #8) still lists this as a pending, unfixed security update as of June 2026.
Current State
The
mainbranch today is identical to the July 20250.9.0release — zero releases in 11 months:The pending v0.9.1 is docs-only with no dependency changes.
Workaround We're Forced To Use
Because there is no fix, users must:
--no-depsto bypass the conflictgraph_retriever.pyto fix a broken import (from langchain.schema.retriever import BaseRetriever→from langchain_core.retrievers import BaseRetriever)SpannerGraphQAChain(inherits from removedChainbase class)This is fragile, breaks on venv rebuilds, and is not acceptable for a production AI library backed by Google.
Request
Please merge a LangChain 1.x compatible release. The Renovate PRs already contain the correct fix. This is blocking the core use case of the library.
cc @amullick-git @rahul2393