chore(deps-dev): bump langchain from 1.2.13 to 1.3.9#1721
chore(deps-dev): bump langchain from 1.2.13 to 1.3.9#1721dependabot[bot] wants to merge 1 commit into
Conversation
dependabot
Bot
added
dependencies
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
LGTM, dev-only dependency bump within the langchain v1.x major.
Extended reasoning...
Overview
This dependabot PR only touches uv.lock, bumping the langchain dev dependency from 1.2.13 to 1.3.9 (and pulling along its companion packages langchain-core 1.2.22→1.4.7, langgraph 1.1.3→1.2.5, langgraph-checkpoint, langgraph-prebuilt, langgraph-sdk, plus new transitives langchain-protocol and websockets). No source files are modified.
Security risks
None specific to this PR. Supply-chain risk is the usual concern for dependency bumps, but exclude-newer-span = "P7D" is in effect and the package versions are published to PyPI with hashes pinned in the lockfile. The exclude-newer value being reset to "0001-01-01T00:00:00Z" is a documented uv behavior when using the relative exclude-newer-span form ("This has no effect and is included for backwards compatibility...") — not a regression.
Level of scrutiny
Low. langchain and langgraph are listed only under [dependency-groups].dev in pyproject.toml — they are not runtime dependencies of the published langfuse package, only used by the integration tests that exercise the LangChain callback handler. A minor-version-range bump within the >=1,<2 constraint, CI will validate the integration end-to-end.
Other factors
The bug hunting system found no issues. No outstanding reviewer comments. The diff is purely lockfile, well within the scope of routine dependabot dev-dep updates that can be merged once CI is green.
dependabot
Bot
force-pushed
the
dependabot/uv/langchain-1.3.9
branch
from
389f9fb to
0280e4f
Compare
Bumps [langchain](https://github.com/langchain-ai/langchain) from 1.2.13 to 1.3.9. - [Release notes](https://github.com/langchain-ai/langchain/releases) - [Commits](langchain-ai/langchain@langchain==1.2.13...langchain==1.3.9) --- updated-dependencies: - dependency-name: langchain dependency-version: 1.3.9 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/uv/langchain-1.3.9
branch
from
0280e4f to
3c51531
Compare
Bumps langchain from 1.2.13 to 1.3.9.
Release notes
Sourced from langchain's releases.
... (truncated)
Commits
3bfb6a3release(langchain): 1.3.9 (#38104)dcaf779fix(langchain,anthropic): confine file-search results and tighten anthropic `...0392b6bfix(core): fix Pydantic v1 support in tools/runnable (#33698)f6d63bcrelease(langchain): 1.3.8 (#38096)5d20596style(core,langchain,langchain-classic,partners): replace double backticks in...fb55c66chore: bump langsmith from 0.8.9 to 0.8.14 in /libs/partners/huggingface (#38...51daae5chore: bump langsmith from 0.8.9 to 0.8.14 in /libs/partners/chroma (#38092)70e9579chore: bump langsmith from 0.8.9 to 0.8.14 in /libs/partners/fireworks (#38093)6c0e9afchore: bump langsmith from 0.8.9 to 0.8.14 in /libs/partners/xai (#38094)222dc84ci(infra): clarify early PR auto-close guidance (#38090)