chore(deps-dev): bump the langchain group across 1 directory with 2 updates

[dependabot]

Bumps the langchain group with 2 updates in the / directory: langchain-openai and langchain.

Updates langchain-openai from 0.3.34 to 1.1.12

Release notes

Sourced from langchain-openai's releases.

langchain-openai==1.1.12

Changes since langchain-openai==1.1.11

fix(openai): bump min core version (#36180) release(openai): 1.1.12 (#36178) fix(core,model-profiles): add missing ModelProfile fields, warn on schema drift (#36129) fix(openai): support phase parameter (#36161) fix(openai): preserve namespace field in streaming function_call chunks (#36108) ci: suppress pytest streaming output in CI (#36092) ci: avoid unnecessary dep installs in lint targets (#36046) chore(model-profiles): refresh model profile data (#36039) chore: bump orjson from 3.11.5 to 3.11.6 in /libs/partners/openai (#35860) fix(openai): add type: message to Responses API input items (#35693) perf(.github): set a timeout on get min versions HTTP calls (#35851) feat(model-profiles): new fields + Makefile target (#35788) fix(openai): close PIL Image handles in token counting to prevent fd leak (#35742) fix(openai): typo (#35763) chore(model-profiles): refresh model profile data (#35754)

langchain-openai==1.1.11

Changes since langchain-openai==1.1.10

fix(openai): bump min core version (#35705) release(openai): 1.1.11 (#35703) fix(openai): update responses API model detection for pro and codex models (#35594) feat(openai): support tool search (#35582) chore: bump langgraph from 1.0.8 to 1.0.10rc1 in /libs/partners/openai (#35612) chore(model-profiles): refresh model profile data (#35593) fix(openai): avoid PydanticSerializationUnexpectedValue for structured output (#35543) feat(openrouter): add streaming token usage support (#35559) fix: compaction typo (#35467) fix(openai): add test for CSV and accommodate breaking changes in file url inputs (#35454) chore: bump langgraph-checkpoint from 3.0.0 to 4.0.0 in /libs/partners/openai (#35448) fix(model-profiles): sort generated profiles by model ID for stable diffs (#35344) fix(openai): accept valid responses that are falsy at runtime (#35307)

langchain-openai==1.1.10

Changes since langchain-openai==1.1.9

release(openai): 1.1.10 (#35292) feat(openai): support automatic server-side compaction (#35212) fix(openai): add model property (#35284) fix(nomic,openai,perplexity): update pillow version to >= 12.1.1, <13.0.0 (#35254) docs(openai): more nits (#35277) docs(openai): clarify reasoning config for openai-compatible endpoints (#35202) fix(openai): gpt-5.2-pro Model Profile structured_output key fixed (#35216) chore(openai): extend model_token_mapping till gpt-5.2 for modelname_to_contextsize (#35214) fix(openai): enhance error message for non-OpenAI embedding providers (#35252) fix(openai): sanitize chat completions text content blocks (#35217) fix(openai): improve error message for null choices in OpenAI-compatible APIs (#35236)

... (truncated)

Commits

• ad574fc fix(openai): bump min core version (#36180)
• 19f81cf release(core): 1.2.21 (#36179)
• 6d07ef2 release(openai): 1.1.12 (#36178)
• 2f64d80 fix(core,model-profiles): add missing ModelProfile fields, warn on schema d...
• 5ffece5 chore(core): remove stale blockbuster allowlist for deleted context module (#...
• 936b0a6 chore(model-profiles): refresh model profile data (#36152)
• 900f8a3 fix(openai): support phase parameter (#36161)
• 64a848a ci: add maintainer override to require-issue-link workflow (#36147)
• 7d05cfb fix(openai): preserve namespace field in streaming function_call chunks (#36108)
• 74ade80 chore(model-profiles): refresh model profile data (#36123)
• Additional commits viewable in compare view

Updates langchain from 1.2.13 to 1.2.15

Release notes

Sourced from langchain's releases.

langchain-core==1.2.15

Changes since langchain-core==1.2.14

fix(core): improve error message for non-JSON-serializable tool schemas (#34376) fix(core): improve typing/docs for on_chat_model_start to clarify required positional args (#35324) perf(core): defer specific langsmith imports to reduce import time (#35298) revert: add ChatAnthropicBedrockWrapper (#35371) release(core): 1.2.15 (#35367) fix(anthropic): replace retired model IDs in tests and docstrings (#35365) feat(anthropic): add ChatAnthropicBedrock wrapper (#35091) style: fix some ruff noqa (#35321)

langchain==1.2.15

Changes since langchain==1.2.14

release: langchain v1.2.15 (#36496) chore: bump aiohttp from 3.13.3 to 3.13.4 in /libs/langchain_v1 (#36438)

langchain-core==1.2.14

Changes since langchain-core==1.2.13

release(core): 1.2.14 (#35328) chore(core): remove langserve from sys info util, add deepagents (#35325) fix(core): fix merge_lists incorrectly merging parallel tool calls (#35281) fix(core): accept int temperature in _get_ls_params for LangSmith tracing (#35302) revert: accept integer temperature values in _get_ls_params (#35319) fix(core): accept integer temperature values in _get_ls_params (#35317) docs(core): update load note to be precise (#35309) fix(core): prevent recursion error when args_schema is dict (#35260) fix(core): preserve index and timestamp fields when merging (#34731) docs(core): add security warnings and best practices for deserialization (#35282) docs: fix docstring inaccuracies and update outdated LangSmith URLs (#35283) fix(core): correct misleading jinja2 sandboxing comment (#35183) chore: bump the langchain-deps group across 3 directories with 8 updates (#35257)

langchain==1.2.14

Changes since langchain==1.2.13

release(langchain): 1.2.14 (#36396) chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385) test(langchain): cover runtime recursion limit override in create_agent (#36376) perf(langchain): reduce init speed by 15% (#36375) fix(langchain): update recursion limit for create_agent (#36351) fix(infra): correct lint_diff relative paths in package makefiles (#36333) chore: bump cryptography from 46.0.5 to 46.0.6 in /libs/langchain_v1 (#36324) fix(langchain): recognize ChatAnthropicVertex in _get_approximate_token_counter (#36320) chore(langchain): remove unnecessary description for toods list as a group (#36315) chore(langchain): add async implementation to todolist and test (#36313) chore(langchain): speed up todo list middleware init (#36311) chore: bump requests from 2.32.5 to 2.33.0 in /libs/langchain_v1 (#36241)

... (truncated)

Commits

• dd63731 release: langchain v1.2.15 (#36496)
• d1529dd fix(core): correct parameter names in filter_messages docstring example (#36462)
• e89afed release(core): 1.2.25 (#36473)
• 0b5f2c0 fix(core): harden check for txt files in deprecated prompt loading functions ...
• c9f51ae fix(core): fixed typos in the documentation (#36459)
• cd394b7 chore(model-profiles): refresh model profile data (#36455)
• 34c4a2a chore: bump aiohttp from 3.13.3 to 3.13.4 in /libs/partners/huggingface (#36436)
• 914cef0 chore: bump aiohttp from 3.13.3 to 3.13.4 in /libs/partners/xai (#36435)
• 66ad4f7 chore: bump aiohttp from 3.13.3 to 3.13.4 in /libs/langchain (#36439)
• 8fb12b8 chore: bump aiohttp from 3.13.3 to 3.13.4 in /libs/partners/fireworks (#36437)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Disclaimer: Experimental PR review

Greptile Summary

This dependabot PR bumps two dev-only LangChain packages: langchain-openai from 0.3.34 to 1.1.12 (crossing a major version boundary) and langchain from 1.2.13 to 1.2.15. Only uv.lock and (optionally) pyproject.toml are affected; the existing constraint langchain-openai>=0.0.5,<1.2 already permits 1.1.12, so no constraint edits are needed. Both packages are in the [dependency-groups] dev section and have no effect on the production package.

Confidence Score: 5/5

Safe to merge — both updated packages are dev-only dependencies and the existing version constraints already accommodate the new versions.

No production dependencies are affected. The langchain-openai 0.x→1.x jump is large but the pyproject.toml upper bound (< 1.2) already anticipated it, indicating the team planned for this upgrade. The langchain 1.2.13→1.2.15 bump is a routine patch. No P0/P1 findings were identified.

No files require special attention.

Important Files Changed

Filename	Overview
pyproject.toml	Dev dependency constraints unchanged; existing bounds (langchain-openai >=0.0.5,<1.2 and langchain >=1,<2) already accommodate the new versions
uv.lock	Lock file updated to langchain-openai 1.1.12, langchain 1.2.15, and langchain-core 1.2.22; all transitive pins look consistent with the resolved graph

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[dev dependency group] --> B[langchain-openai]
    A --> C[langchain]
    B --> |bumped 0.3.34 → 1.1.12| D[langchain-core 1.2.22]
    C --> |bumped 1.2.13 → 1.2.15| D
    D --> E[uv.lock resolved graph]
    style B fill:#f9c74f
    style C fill:#90be6d

Loading

_{Reviews (1): Last reviewed commit: "chore(deps-dev): bump the langchain grou..." | Re-trigger Greptile}

[claude]

The langchain-openai bump spans a major version boundary (0.3.34 → 1.1.12), which may introduce breaking API changes in the test suite — worth a human check that CI passes.

Extended reasoning...

Overview

This is a dependabot PR updating two dev-only dependencies in pyproject.toml and uv.lock: langchain-openai (0.3.34 → 1.1.12) and langchain (1.2.13 → 1.2.15). Incidentally, langgraph (1.1.3 → 1.1.5) and langgraph-prebuilt (1.0.8 → 1.0.9) are also bumped as transitive resolution changes. All changes are to the [dependency-groups] dev section — none affect the published package.

Security Risks

No security risks from the version bumps themselves. The langchain 1.2.14 release includes a pygments CVE fix (CVE-2026-4539), which is a minor positive. No auth, crypto, or data-exposure surface in these changes.

Level of Scrutiny

The langchain-openai jump from 0.3.34 to 1.1.12 crosses a major version boundary and skips many minor versions, meaning the upstream library may have introduced API breaking changes. Even though it is a dev dependency, the test suite relies on it and tests could silently pass or fail depending on API compatibility. The constraint in pyproject.toml was widened from <0.4 to <1.2 to accommodate this, which is a deliberate widening. A human should confirm CI is green before merging.

Other Factors

No bugs were found by the automated bug hunting system. The langchain and langgraph bumps are minor patch-level and low risk. The lock file hash updates are consistent with the version changes. The main concern is solely the magnitude of the langchain-openai version jump.