chore(deps-dev): bump the langchain group across 1 directory with 2 updates

[dependabot]

Bumps the langchain group with 2 updates in the / directory: langchain-openai and langchain.

Updates langchain-openai from 0.3.34 to 1.2.1

Release notes

Sourced from langchain-openai's releases.

langchain-openai==1.2.1

Changes since langchain-openai==1.2.0

hotfix: bump min core versions (#36996) release(openai): 1.2.1 (#36995) fix(openai): add gpt-5.5 pro to Responses API check (#36994) feat(core): add content-block-centric streaming (v2) (#36834) chore(model-profiles): refresh model profile data (#36982)

langchain-openai==1.2.0

Changes since langchain-openai==1.1.16

release(openai): 1.2.0 (#36961) feat(openai): prevent silent streaming hangs in ChatOpenAI (#36949) hotfix(ci): remove nobenchmark flag (#36959) chore(partners): standardize integration test invocation (#36958)

langchain-openai==1.1.16

Changes since langchain-openai==1.1.15

release(openai): 1.1.16 (#36927) fix(openai): tolerate prompt_cache_retention drift in streaming (#36925)

langchain-openai==1.1.15

Changes since langchain-openai==1.1.14

release(openai): 1.1.15 (#36901) fix(openai): accommodate dict response items in streaming (#36899) fix(openai): infer azure chat profiles from model name (#36858) chore(model-profiles): refresh model profile data (#36864)

langchain-openai==1.1.14

Changes since langchain-openai==1.1.13

release(openai): 1.1.14 (#36820) fix(openai): use SSRF-safe transport for image token counting (#36819) chore(deps): bump pytest to 9.0.3 (#36801) chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/partners/openai (#36795) chore: bump pillow from 12.1.1 to 12.2.0 in /libs/partners/openai (#36777)

langchain-openai==1.1.13

Changes since langchain-openai==1.1.12

release(openai): 1.1.13 (#36729) fix(openai): handle content blocks without type key in responses api conversion (#36725) chore(model-profiles): refresh model profile data (#36539) chore(openai): fix broken vcr cassette playback and add ci guard (#36502) fix(openai,groq,openrouter): use is-not-None checks in usage metadata token extraction (#36500) fix(core): fixed typos in the documentation (#36459) chore(model-profiles): refresh model profile data (#36455)

... (truncated)

Commits

• 87ba30f ci(infra): label release jobs, resolve package name in run title (#36998)
• 56d6e89 hotfix: bump min core versions (#36996)
• a70e7ab release(openai): 1.2.1 (#36995)
• 5a37cd5 fix(openai): add gpt-5.5 pro to Responses API check (#36994)
• c4498cc chore(core): mark stream_v2/astream_v2 as beta (#36992)
• fa0f0d8 release(core): 1.3.2 (#36990)
• 9ce72eb feat(core): add content-block-centric streaming (v2) (#36834)
• 889a45b ci(infra): overlay local langchain-* installs for external partners (#36989)
• ffaac42 ci(infra): add pytest-xdist to partner test groups (#36988)
• cc2feb1 chore(model-profiles): refresh model profile data (#36982)
• Additional commits viewable in compare view

Updates langchain from 1.2.13 to 1.3.0

Release notes

Sourced from langchain's releases.

langchain-core==1.3.0

Changes since langchain-core==1.2.31

release(core): release 1.3.0 (#36851) release(core): 1.3.0a3 (#36829) chore(core): keep checkpoint_ns behavior in streaming metadata for backwards compat (#36828) feat(core): Add chat model and LLM invocation params to traceable metadata (#36771) fix(core): restore cloud metadata IPs and link-local range in SSRF policy (#36816) chore(deps): bump pytest to 9.0.3 (#36801) chore(core): harden private SSRF utilities (#36768) fix(openai): handle content blocks without type key in responses api conversion (#36725) chore: bump pytest from 9.0.2 to 9.0.3 in /libs/core (#36719) release(core): 1.3.0.a2 (#36698) fix(core): Use reference counting for storing inherited run trees to support garbage collection (#36660) docs(core): nit (#36685) release(core): 1.3.0a1 (#36656) chore(core): reduce streaming metadata / perf (#36588)

langchain-fireworks==1.3.0

Changes since langchain-fireworks==1.2.1

release(fireworks): 1.3.0 (#37144) feat(fireworks): service_tier init kwarg on ChatFireworks (#37143) chore(model-profiles): refresh model profile data (#37122)

langchain==1.3.0

This release adds support for version="v3" in stream_events / astream_events for langchain agents. Refer to the event streaming guide for details.

langchain-core==1.3.0a3

Initial release

release(core): 1.3.0a3 (#36829) chore(core): keep checkpoint_ns behavior in streaming metadata for backwards compat (#36828) feat(core): Add chat model and LLM invocation params to traceable metadata (#36771) fix(core): restore cloud metadata IPs and link-local range in SSRF policy (#36816) chore(deps): bump pytest to 9.0.3 (#36801) chore(core): harden private SSRF utilities (#36768) fix(openai): handle content blocks without type key in responses api conversion (#36725) chore: bump pytest from 9.0.2 to 9.0.3 in /libs/core (#36719) release(core): 1.3.0.a2 (#36698) fix(core): Use reference counting for storing inherited run trees to support garbage collection (#36660) docs(core): nit (#36685) release(core): 1.3.0a1 (#36656) chore(core): reduce streaming metadata / perf (#36588) release(core): release 1.2.28 (#36614) fix(core): add more sanitization to templates (#36612) release(core): 1.2.27 (#36586) fix(core): handle symlinks in deprecated prompt save path (#36585) chore: add comment explaining pygments>=2.20.0 (#36570) release(core): 1.2.26 (#36511)

... (truncated)

Commits

• 21d77d6 release(langchain): 1.3.0 (#37361)
• e8ca09d chore: bump jupyter-server from 2.17.0 to 2.18.0 in /libs/core (#37354)
• 9b6af7f chore: bump mistune from 3.1.4 to 3.2.1 in /libs/core (#37353)
• f7420f7 chore: bump requests from 2.33.1 to 2.34.0 in /libs/partners/fireworks (#37355)
• 70e66a1 chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/openrouter (#37352)
• da380bc chore(infra): merge v1.4 into master (#37350)
• bbd10fe chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/anthropic (#37343)
• 11bbfb7 chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/fireworks (#37339)
• 7fd61d2 chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/mistralai (#37338)
• 5c096bb chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/nomic (#37334)
• Additional commits viewable in compare view

[claude]

The langchain-openai bump spans a major version boundary (0.3.34 → 1.1.12), which may introduce breaking API changes in the test suite — worth a human check that CI passes.

Extended reasoning...

Overview

This is a dependabot PR updating two dev-only dependencies in pyproject.toml and uv.lock: langchain-openai (0.3.34 → 1.1.12) and langchain (1.2.13 → 1.2.15). Incidentally, langgraph (1.1.3 → 1.1.5) and langgraph-prebuilt (1.0.8 → 1.0.9) are also bumped as transitive resolution changes. All changes are to the [dependency-groups] dev section — none affect the published package.

Security Risks

No security risks from the version bumps themselves. The langchain 1.2.14 release includes a pygments CVE fix (CVE-2026-4539), which is a minor positive. No auth, crypto, or data-exposure surface in these changes.

Level of Scrutiny

The langchain-openai jump from 0.3.34 to 1.1.12 crosses a major version boundary and skips many minor versions, meaning the upstream library may have introduced API breaking changes. Even though it is a dev dependency, the test suite relies on it and tests could silently pass or fail depending on API compatibility. The constraint in pyproject.toml was widened from <0.4 to <1.2 to accommodate this, which is a deliberate widening. A human should confirm CI is green before merging.

Other Factors

No bugs were found by the automated bug hunting system. The langchain and langgraph bumps are minor patch-level and low risk. The lock file hash updates are consistent with the version changes. The main concern is solely the magnitude of the langchain-openai version jump.