chore(deps-dev): bump the langchain group across 1 directory with 2 updates

[dependabot]

Bumps the langchain group with 2 updates in the / directory: langchain-openai and langchain.

Updates langchain-openai from 0.3.34 to 1.2.1

Release notes

Sourced from langchain-openai's releases.

langchain-openai==1.2.1

Changes since langchain-openai==1.2.0

hotfix: bump min core versions (#36996) release(openai): 1.2.1 (#36995) fix(openai): add gpt-5.5 pro to Responses API check (#36994) feat(core): add content-block-centric streaming (v2) (#36834) chore(model-profiles): refresh model profile data (#36982)

langchain-openai==1.2.0

Changes since langchain-openai==1.1.16

release(openai): 1.2.0 (#36961) feat(openai): prevent silent streaming hangs in ChatOpenAI (#36949) hotfix(ci): remove nobenchmark flag (#36959) chore(partners): standardize integration test invocation (#36958)

langchain-openai==1.1.16

Changes since langchain-openai==1.1.15

release(openai): 1.1.16 (#36927) fix(openai): tolerate prompt_cache_retention drift in streaming (#36925)

langchain-openai==1.1.15

Changes since langchain-openai==1.1.14

release(openai): 1.1.15 (#36901) fix(openai): accommodate dict response items in streaming (#36899) fix(openai): infer azure chat profiles from model name (#36858) chore(model-profiles): refresh model profile data (#36864)

langchain-openai==1.1.14

Changes since langchain-openai==1.1.13

release(openai): 1.1.14 (#36820) fix(openai): use SSRF-safe transport for image token counting (#36819) chore(deps): bump pytest to 9.0.3 (#36801) chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/partners/openai (#36795) chore: bump pillow from 12.1.1 to 12.2.0 in /libs/partners/openai (#36777)

langchain-openai==1.1.13

Changes since langchain-openai==1.1.12

release(openai): 1.1.13 (#36729) fix(openai): handle content blocks without type key in responses api conversion (#36725) chore(model-profiles): refresh model profile data (#36539) chore(openai): fix broken vcr cassette playback and add ci guard (#36502) fix(openai,groq,openrouter): use is-not-None checks in usage metadata token extraction (#36500) fix(core): fixed typos in the documentation (#36459) chore(model-profiles): refresh model profile data (#36455)

... (truncated)

Commits

• 87ba30f ci(infra): label release jobs, resolve package name in run title (#36998)
• 56d6e89 hotfix: bump min core versions (#36996)
• a70e7ab release(openai): 1.2.1 (#36995)
• 5a37cd5 fix(openai): add gpt-5.5 pro to Responses API check (#36994)
• c4498cc chore(core): mark stream_v2/astream_v2 as beta (#36992)
• fa0f0d8 release(core): 1.3.2 (#36990)
• 9ce72eb feat(core): add content-block-centric streaming (v2) (#36834)
• 889a45b ci(infra): overlay local langchain-* installs for external partners (#36989)
• ffaac42 ci(infra): add pytest-xdist to partner test groups (#36988)
• cc2feb1 chore(model-profiles): refresh model profile data (#36982)
• Additional commits viewable in compare view

Updates langchain from 1.2.13 to 1.2.17

Release notes

Sourced from langchain's releases.

langchain-core==1.2.17

Changes since langchain-core==1.2.16

release(core): 1.2.17 (#35527) fix(core): extract usage metadata from serialized tracer message outputs (#35526) chore: bump the langchain-deps group across 3 directories with 7 updates (#35513) chore: bump the langchain-deps group across 3 directories with 14 updates (#35441)

langchain==1.2.17

Changes since langchain==1.2.16

release(langchain): 1.2.17 (#37110) feat(langchain): add respond decision to HITL middleware (#37095)

langchain-core==1.2.16

Changes since langchain-core==1.2.15

release(core): 1.2.16 (#35439) fix(core): treat empty tool chunk ids as missing in merge (#35414)

langchain==1.2.16

Changes since langchain==1.2.15

release(langchain): 1.2.16 (#37085) chore(docs): update x handle references (#37081) release(anthropic): 1.4.2 (#37061) perf(langchain): stop inlining agent state into tool-dispatch Sends (#36960) docs(langchain): correct import paths in agent middleware docstrings (#36987) hotfix: bump min core versions (#36996) release(openai): 1.2.1 (#36995) feat(core): add content-block-centric streaming (v2) (#36834) fix(fireworks): honor max_retries (#36973) release(openai): 1.2.0 (#36961) docs(langchain): correct import path in ModelCallLimitMiddleware docstring (#36895) feat(langchain): ls_agent_type tag on create_agent calls (#36774) release(core): release 1.3.0 (#36851) chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/langchain_v1 (#36800) chore(deps): bump pytest to 9.0.3 (#36801) chore: bump pytest from 9.0.2 to 9.0.3 in /libs/langchain_v1 (#36717) chore: bump pillow from 12.1.1 to 12.2.0 in /libs/langchain_v1 (#36710) test(langchain): test cache hit/miss on lru (#36659) perf(langchain): add lru cache when resolving types (#36649) perf(langchain): add another init test with middleware (#36644) chore(core): reduce streaming metadata / perf (#36588) perf(langchain): add benchmark command (#36641) chore: bump cryptography from 46.0.6 to 46.0.7 in /libs/langchain_v1 (#36619) docs(langchain): add missing baseten and litellm to init_chat_model (#36562) release(core): 1.2.26 (#36511)

langchain-core==1.2.15

... (truncated)

Commits

• b339f65 release(langchain): 1.2.17 (#37110)
• 04e7a55 fix(fireworks): translate canonical multimodal content blocks for chat comple...
• a1f336f fix(core): preserve structured inputs on tool runs in tracers (#37108)
• ba56ac6 feat(langchain): add respond decision to HITL middleware (#37095)
• b6b836a chore: bump notebook from 7.4.5 to 7.5.6 in /libs/langchain (#37104)
• 3d96874 chore: bump notebook from 7.4.7 to 7.5.6 in /libs/text-splitters (#37105)
• 5ac6224 chore: bump aiohttp from 3.13.4 to 3.13.5 in /libs/partners/fireworks (#37106)
• 90caeef chore: bump requests from 2.33.0 to 2.33.1 in /libs/partners/fireworks (#37107)
• 38553c3 release(perplexity): 1.2.0 (#37091)
• 28f5448 feat(perplexity): add PerplexityEmbeddings (#37082)
• Additional commits viewable in compare view

[claude]

The langchain-openai bump spans a major version boundary (0.3.34 → 1.1.12), which may introduce breaking API changes in the test suite — worth a human check that CI passes.

Extended reasoning...

Overview

This is a dependabot PR updating two dev-only dependencies in pyproject.toml and uv.lock: langchain-openai (0.3.34 → 1.1.12) and langchain (1.2.13 → 1.2.15). Incidentally, langgraph (1.1.3 → 1.1.5) and langgraph-prebuilt (1.0.8 → 1.0.9) are also bumped as transitive resolution changes. All changes are to the [dependency-groups] dev section — none affect the published package.

Security Risks

No security risks from the version bumps themselves. The langchain 1.2.14 release includes a pygments CVE fix (CVE-2026-4539), which is a minor positive. No auth, crypto, or data-exposure surface in these changes.

Level of Scrutiny

The langchain-openai jump from 0.3.34 to 1.1.12 crosses a major version boundary and skips many minor versions, meaning the upstream library may have introduced API breaking changes. Even though it is a dev dependency, the test suite relies on it and tests could silently pass or fail depending on API compatibility. The constraint in pyproject.toml was widened from <0.4 to <1.2 to accommodate this, which is a deliberate widening. A human should confirm CI is green before merging.

Other Factors

No bugs were found by the automated bug hunting system. The langchain and langgraph bumps are minor patch-level and low risk. The lock file hash updates are consistent with the version changes. The main concern is solely the magnitude of the langchain-openai version jump.