Skip to content

fix(core): add init validator and serialization mappings for Bedrock models#34510

Merged
Mason Daugherty (mdrxy) merged 7 commits into
langchain-ai:masterfrom
michaelnchin:chatbedrockconverse-ser-mapping
Apr 3, 2026
Merged

fix(core): add init validator and serialization mappings for Bedrock models#34510
Mason Daugherty (mdrxy) merged 7 commits into
langchain-ai:masterfrom
michaelnchin:chatbedrockconverse-ser-mapping

Conversation

@michaelnchin

@michaelnchin Michael Chin (michaelnchin) commented Dec 27, 2025
edited by mdrxy
Loading

Copy link
Copy Markdown
Contributor

Adds serialization mappings for ChatBedrockConverse and BedrockLLM to unblock standard tests on langchain-core>=1.2.5 (context: langchain-aws#821). Also introduces a class-specific validator system in langchain_core.load that blocks deserialization of AWS Bedrock models when endpoint_url or base_url parameters are present, preventing SSRF attacks via crafted serialized payloads.

Closes #34645

Changes

  • Add ChatBedrockConverse and BedrockLLM entries to SERIALIZABLE_MAPPING in mapping.py, mapping legacy paths to their langchain_aws import locations
  • Add validators.py with _bedrock_validator — rejects deserialization kwargs containing endpoint_url or base_url for all Bedrock-related classes (ChatBedrock, BedrockChat, ChatBedrockConverse, ChatAnthropicBedrock, BedrockLLM, Bedrock)
  • CLASS_INIT_VALIDATORS registry covers both serialized (legacy) keys and resolved import paths from ALL_SERIALIZABLE_MAPPINGS, preventing bypass via direct-path payloads
  • Move kwargs extraction and all validator checks (CLASS_INIT_VALIDATORS + init_validator) in Reviver.__call__ to run before importlib.import_module() — fail fast on security violations before executing third-party code
  • Class-specific validators are independent of init_validator and cannot be disabled by passing init_validator=None

Testing

  • test_validator_registry_keys_in_serializable_mapping — structural invariant test ensuring every CLASS_INIT_VALIDATORS key exists in ALL_SERIALIZABLE_MAPPINGS
  • 10 end-to-end load() tests covering all Bedrock class paths (legacy aliases, resolved import paths, ChatAnthropicBedrock, init_validator=None bypass attempt)
  • Unit tests for _bedrock_validator covering endpoint_url, base_url, both params, and safe kwargs

@github-actions github-actions Bot added core `langchain-core` package issues & PRs fix For PRs that implement a fix labels Dec 27, 2025
@codspeed-hq

codspeed-hq Bot commented Dec 27, 2025
edited
Loading

Copy link
Copy Markdown

Merging this PR will improve performance by 30.14%

⚠️ Unknown Walltime execution environment detected

Using the Walltime instrument on standard Hosted Runners will lead to inconsistent data.

For the most accurate results, we recommend using CodSpeed Macro Runners: bare-metal machines fine-tuned for performance measurement consistency.

⚠️ Different runtime environments detected

Some benchmarks with significant performance changes were compared across different runtime environments,
which may affect the accuracy of the results.

Open the report in CodSpeed to investigate

⚡ 1 improved benchmark
✅ 12 untouched benchmarks
⏩ 27 skipped benchmarks1

Performance Changes

Mode Benchmark BASE HEAD Efficiency
WallTime test_async_callbacks_in_sync 19.5 ms 15 ms +30.14%

Comparing michaelnchin:chatbedrockconverse-ser-mapping (60c1998) with master (e94cd41)

Open in CodSpeed

Footnotes

  1. 27 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports.

@mdrxy Mason Daugherty (mdrxy) changed the title fix(core): add ChatBedrockConverse serialization mapping fix(core): add ChatBedrockConverse serialization mapping Dec 27, 2025
@github-actions github-actions Bot added fix For PRs that implement a fix and removed fix For PRs that implement a fix labels Dec 27, 2025
@mdrxy

Mason Daugherty (mdrxy) commented Dec 27, 2025

Copy link
Copy Markdown
Member

ChatBedrockConverse makes network calls during __init__ (via get_inference_profile() in model validators), and the destination is attacker-controllable through the endpoint_url/base_url kwarg. Adding this class to trusted serialization mappings enables SSRF attacks when deserializing untrusted data—an attacker can craft a payload that forces the server to make HTTP requests to arbitrary endpoints, potentially exfiltrating AWS credentials on EC2/Lambda instances with IAM roles. We should probably add an init_validator. See default_init_validator in load.py for more info.

@michaelnchin Michael Chin (michaelnchin) changed the title fix(core): add ChatBedrockConverse serialization mapping fix(core): add init validator and serialization mappings for Bedrock chat models Dec 31, 2025
@michaelnchin Michael Chin (michaelnchin) changed the title fix(core): add init validator and serialization mappings for Bedrock chat models fix(core): add init validator and serialization mappings for Bedrock models Dec 31, 2025
@github-actions github-actions Bot added fix For PRs that implement a fix and removed fix For PRs that implement a fix labels Dec 31, 2025
@michaelnchin

Michael Chin (michaelnchin) commented Dec 31, 2025

Copy link
Copy Markdown
Contributor Author

Thank you for the feedback Mason Daugherty (@mdrxy) !

I've added a custom _bedrock_validator in a new validators.py file, which also builds out a more general CLASS_INIT_VALIDATORS object containing additional class<->validator mappings, to be used by load alongside default_init_validator. Also, I've applied to the validator to the existing BedrockLLM and ChatBedrock mappings, as they appear to have the same endpoint_url/base_url vector.

@mdrxy Mason Daugherty (mdrxy) mentioned this pull request Jan 8, 2026
Closed
@ccurme ccurme (ccurme) mentioned this pull request Feb 24, 2026
Closed
3 tasks
@ccurme ccurme (ccurme) mentioned this pull request Mar 8, 2026
Closed
@github-actions github-actions Bot added the size: S 50-199 LOC label Mar 9, 2026
@langchain-automated-triage langchain-automated-triage Bot added the trusted-contributor >= 5 merged PRs in the `langchain-ai/langchain` repo label Mar 9, 2026
@gabrielrfg gabrielrfg mentioned this pull request Mar 27, 2026
Closed
2 tasks
@github-actions github-actions Bot removed the size: S 50-199 LOC label Apr 3, 2026
@github-actions github-actions Bot added the size: M 200-499 LOC label Apr 3, 2026
@mdrxy Mason Daugherty (mdrxy) merged commit ebecddd into langchain-ai:master Apr 3, 2026
92 checks passed
@michaelnchin Michael Chin (michaelnchin) deleted the chatbedrockconverse-ser-mapping branch April 3, 2026 23:26
Abhilash Jaiswal (abhilashjaiswal0110) added a commit to abhilashjaiswal0110/langchain-agents that referenced this pull request May 9, 2026
@abhilashjaiswal0110 @jasiecky
@ccurme @ujjwalredd @sydney-runkle @mdrxy @michaelnchin @dependabot @langchain-model-profile-bot @keenborder786 @ambershen @imtiendat0311 @Bahtya @mohankumar27 @eyurtsev @hinthornw @jacoblee93 @jkennedyvz @thomas-bartlett @bansalkanav @phvash @hntrl @nick-hollon-lc @sharziki @lnhsingh @claude @blackwell-systems @deepak0x @open-swe @open-swe @jliounis @murugand23 @choudhary-akash @X-iZhang @npentrel
chore(infra): sync upstream langchain master (2026-05-09, 524 commits) (
89e1d95 
#26)

* fix(core): fixed typos in the documentation (#36459)

Fixes #36458 

Fixed typos in the documentation in the core module.

* fix(core): harden check for txt files in deprecated prompt loading functions (#36471)

* release(core): 1.2.25 (#36473)

* fix(core): correct parameter names in filter_messages docstring example (#36462)

* release: langchain v1.2.15 (#36496)

* chore(core): drop `gpt-3.5-turbo` from docstrings (#36497)

* ci: re-run `require_issue_link check` after PR reopen (#36499)

After reopening a PR and removing the `missing-issue-link` label, the
`require_issue_link` check still shows as failed on the PR. Because the
default `GITHUB_TOKEN` suppresses event-driven re-triggers, the old red
check persists until the contributor pushes again. This adds a
best-effort re-run of the failed check so the PR's status clears
automatically on assignment.

* fix(openai,groq,openrouter): use is-not-None checks in usage metadata token extraction (#36500)

Python's `or` operator treats `0` as falsy, so
`token_usage.get("total_tokens") or fallback` silently replaces a
provider-reported `total_tokens=0` with the computed sum of input +
output tokens. Providers can legitimately report zero tokens (e.g.,
cached responses, empty completions).

The same pattern exists in the dual-key lookups for
`input_tokens`/`output_tokens` in Groq and OpenRouter. While current
APIs don't return both key formats simultaneously (making the `or`-chain
functionally correct today), the semantics are still wrong; `0` should
not fall through to a fallback.

## Changes

- Replace `x.get(key) or fallback` with explicit `is not None` checks in
`_create_usage_metadata` across `langchain-openai`, `langchain-groq`,
and `langchain-openrouter` for `input_tokens`, `output_tokens`, and
`total_tokens`
- Fix a concrete bug in the `total_tokens` path: a provider-reported `0`
was silently replaced by the computed sum
- Harden dual-key lookups in Groq and OpenRouter to correctly preserve
zero values from the preferred key, should both key formats ever coexist
- Update OpenAI's single-key extraction for consistency — the old `or 0`
pattern happened to produce correct results (`0 or 0 == 0`) but was
semantically wrong

* chore(openai): fix broken vcr cassette playback and add ci guard (#36502)

Fix broken VCR cassette playback in `langchain-openai` integration tests
and add a CI job to prevent regressions. Two independent bugs made all
VCR-backed tests fail: `before_record_request` redacts URIs to
`**REDACTED**` but `match_on` still included `uri` (so playback never
matched), and a typo-fix commit (`c9f51aef85`) changed test input
strings without re-recording cassettes (so `json_body` matching also
failed).

* feat(core): add `ChatBaseten` to serializable mapping (#36510)

Register `ChatBaseten` from `langchain_baseten` in the core
serialization mapping so it can round-trip through `loads`/`dumps`.
Without this entry, serialized `ChatBaseten` objects fail to
deserialize.

* fix(core): add init validator and serialization mappings for Bedrock models (#34510)

Adds serialization mappings for `ChatBedrockConverse` and `BedrockLLM`
to unblock standard tests on `langchain-core>=1.2.5` (context:
[langchain-aws#821](https://github.com/langchain-ai/langchain-aws/pull/821)).
Also introduces a class-specific validator system in
`langchain_core.load` that blocks deserialization of AWS Bedrock models
when `endpoint_url` or `base_url` parameters are present, preventing
SSRF attacks via crafted serialized payloads.

Closes #34645

## Changes
- Add `ChatBedrockConverse` and `BedrockLLM` entries to
`SERIALIZABLE_MAPPING` in `mapping.py`, mapping legacy paths to their
`langchain_aws` import locations
- Add `validators.py` with `_bedrock_validator` — rejects
deserialization kwargs containing `endpoint_url` or `base_url` for all
Bedrock-related classes (`ChatBedrock`, `BedrockChat`,
`ChatBedrockConverse`, `ChatAnthropicBedrock`, `BedrockLLM`, `Bedrock`)
- `CLASS_INIT_VALIDATORS` registry covers both serialized (legacy) keys
and resolved import paths from `ALL_SERIALIZABLE_MAPPINGS`, preventing
bypass via direct-path payloads
- Move kwargs extraction and all validator checks
(`CLASS_INIT_VALIDATORS` + `init_validator`) in `Reviver.__call__` to
run **before** `importlib.import_module()` — fail fast on security
violations before executing third-party code
- Class-specific validators are independent of `init_validator` and
cannot be disabled by passing `init_validator=None`

## Testing
- `test_validator_registry_keys_in_serializable_mapping` — structural
invariant test ensuring every `CLASS_INIT_VALIDATORS` key exists in
`ALL_SERIALIZABLE_MAPPINGS`
- 10 end-to-end `load()` tests covering all Bedrock class paths (legacy
aliases, resolved import paths, `ChatAnthropicBedrock`,
`init_validator=None` bypass attempt)
- Unit tests for `_bedrock_validator` covering `endpoint_url`,
`base_url`, both params, and safe kwargs

---------

Co-authored-by: Mason Daugherty <mason@langchain.dev>
Co-authored-by: Mason Daugherty <github@mdrxy.com>

* release(core): 1.2.26 (#36511)

* chore: bump ncipollo/release-action from 1.20.0 to 1.21.0 in the minor-and-patch group (#36419)

Bumps the minor-and-patch group with 1 update:
[ncipollo/release-action](https://github.com/ncipollo/release-action).

Updates `ncipollo/release-action` from 1.20.0 to 1.21.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ncipollo/release-action/releases">ncipollo/release-action's
releases</a>.</em></p>
<blockquote>
<h2>v1.21.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump jest-circus from 29.7.0 to 30.2.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/ncipollo/release-action/pull/557">ncipollo/release-action#557</a></li>
<li>Bump typescript from 5.8.3 to 5.9.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/ncipollo/release-action/pull/556">ncipollo/release-action#556</a></li>
<li>Bump actions/setup-node from 4 to 5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/ncipollo/release-action/pull/551">ncipollo/release-action#551</a></li>
<li>Bump <code>@​types/node</code> from 22.15.29 to 24.6.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/ncipollo/release-action/pull/555">ncipollo/release-action#555</a></li>
<li>Bump actions/setup-node from 5 to 6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/ncipollo/release-action/pull/559">ncipollo/release-action#559</a></li>
<li>Bump ts-jest from 29.3.4 to 29.4.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/ncipollo/release-action/pull/561">ncipollo/release-action#561</a></li>
<li>Bump <code>@​biomejs/biome</code> from 1.9.4 to 2.3.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/ncipollo/release-action/pull/564">ncipollo/release-action#564</a></li>
<li>Bump <code>@​types/node</code> from 24.6.1 to 24.9.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/ncipollo/release-action/pull/563">ncipollo/release-action#563</a></li>
<li>Bump js-yaml from 3.14.1 to 3.14.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/ncipollo/release-action/pull/567">ncipollo/release-action#567</a></li>
<li>Bump glob from 11.0.3 to 11.1.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/ncipollo/release-action/pull/568">ncipollo/release-action#568</a></li>
<li>Bump actions/checkout from 5 to 6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/ncipollo/release-action/pull/569">ncipollo/release-action#569</a></li>
<li>Bump <code>@​biomejs/biome</code> from 2.3.2 to 2.3.8 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/ncipollo/release-action/pull/575">ncipollo/release-action#575</a></li>
<li>Bump glob from 11.1.0 to 13.0.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/ncipollo/release-action/pull/573">ncipollo/release-action#573</a></li>
<li>Bump <code>@​octokit/types</code> from 13.10.0 to 16.0.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/ncipollo/release-action/pull/577">ncipollo/release-action#577</a></li>
<li>Bump <code>@​biomejs/biome</code> from 2.3.8 to 2.3.10 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/ncipollo/release-action/pull/578">ncipollo/release-action#578</a></li>
<li>Bump <code>@​actions/core</code> from 1.11.1 to 2.0.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/ncipollo/release-action/pull/579">ncipollo/release-action#579</a></li>
<li>Bump <code>@​types/node</code> from 24.10.1 to 25.0.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/ncipollo/release-action/pull/580">ncipollo/release-action#580</a></li>
<li>Bump <code>@​biomejs/biome</code> from 2.3.10 to 2.3.13 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/ncipollo/release-action/pull/586">ncipollo/release-action#586</a></li>
<li>Bump <code>@​types/node</code> from 25.0.3 to 25.1.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/ncipollo/release-action/pull/583">ncipollo/release-action#583</a></li>
<li>Bump to core-3.0.0, move to vitest, support ESM modules by <a
href="https://github.com/ncipollo"><code>@​ncipollo</code></a> in <a
href="https://redirect.github.com/ncipollo/release-action/pull/587">ncipollo/release-action#587</a></li>
<li>Bump <code>@​actions/github</code> from 6.0.1 to 9.0.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/ncipollo/release-action/pull/585">ncipollo/release-action#585</a></li>
<li>Bump glob from 13.0.0 to 13.0.6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/ncipollo/release-action/pull/592">ncipollo/release-action#592</a></li>
<li>Bump <code>@​biomejs/biome</code> from 2.3.13 to 2.4.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/ncipollo/release-action/pull/591">ncipollo/release-action#591</a></li>
<li>Fixes <a
href="https://redirect.github.com/ncipollo/release-action/issues/593">#593</a>
Pass commitish into release notes request when present by <a
href="https://github.com/ncipollo"><code>@​ncipollo</code></a> in <a
href="https://redirect.github.com/ncipollo/release-action/pull/594">ncipollo/release-action#594</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ncipollo/release-action/compare/v1...v1.21.0">https://github.com/ncipollo/release-action/compare/v1...v1.21.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/ncipollo/release-action/commit/339a81892b84b4eeb0f6e744e4574d79d0d9b8dd"><code>339a818</code></a>
preparing release 1.21.0</li>
<li><a
href="https://github.com/ncipollo/release-action/commit/df172335574c196a8b2bd986fd39e686bbe7e4d6"><code>df17233</code></a>
Resolve pnpm audit results</li>
<li><a
href="https://github.com/ncipollo/release-action/commit/813e94245931b11c412f933d6fd5a9fd47043555"><code>813e942</code></a>
Update release script</li>
<li><a
href="https://github.com/ncipollo/release-action/commit/7df3a0e74942335847f3d882f61b7cd0fdac6942"><code>7df3a0e</code></a>
Update sheepit to use pnpm</li>
<li><a
href="https://github.com/ncipollo/release-action/commit/caacf56b56ba217c4eaf0a9deb59dbcdd12abfcd"><code>caacf56</code></a>
Fixes <a
href="https://redirect.github.com/ncipollo/release-action/issues/595">#595</a>
Bump to node 24</li>
<li><a
href="https://github.com/ncipollo/release-action/commit/c074b5e19fd155e5f9800d3c3284f1b6298aa41f"><code>c074b5e</code></a>
Fixes <a
href="https://redirect.github.com/ncipollo/release-action/issues/593">#593</a>
Pass commitish into release notes request when present (<a
href="https://redirect.github.com/ncipollo/release-action/issues/594">#594</a>)</li>
<li><a
href="https://github.com/ncipollo/release-action/commit/9e0366240f9b5d12cdd6a1237b070a31c8484b12"><code>9e03662</code></a>
Bump <code>@​biomejs/biome</code> from 2.3.13 to 2.4.4 (<a
href="https://redirect.github.com/ncipollo/release-action/issues/591">#591</a>)</li>
<li><a
href="https://github.com/ncipollo/release-action/commit/5b4b1954b0af460493d725e2d6ab001a3fbb0455"><code>5b4b195</code></a>
Bump glob from 13.0.0 to 13.0.6 (<a
href="https://redirect.github.com/ncipollo/release-action/issues/592">#592</a>)</li>
<li><a
href="https://github.com/ncipollo/release-action/commit/89bab4d0a786b1d8c582ff85606edc1d68164af5"><code>89bab4d</code></a>
debug build</li>
<li><a
href="https://github.com/ncipollo/release-action/commit/00cbfdc96043eb37dba8ad7a881b913586e97afa"><code>00cbfdc</code></a>
Bump <code>@​actions/github</code> from 6.0.1 to 9.0.0 (<a
href="https://redirect.github.com/ncipollo/release-action/issues/585">#585</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/ncipollo/release-action/compare/b7eabc95ff50cbeeedec83973935c8f306dfcd0b...339a81892b84b4eeb0f6e744e4574d79d0d9b8dd">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ncipollo/release-action&package-manager=github_actions&previous-version=1.20.0&new-version=1.21.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: bump aws-actions/configure-aws-credentials from fb7eb401298e393da51cdcb2feb1ed0183619014 to 8df5847569e6427dd6c4fb1cf565c83acfa8afa7 (#36420)

Bumps
[aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials)
from fb7eb401298e393da51cdcb2feb1ed0183619014 to
8df5847569e6427dd6c4fb1cf565c83acfa8afa7.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md">aws-actions/configure-aws-credentials's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this file.
See <a
href="https://github.com/conventional-changelog/standard-version">standard-version</a>
for commit guidelines.</p>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v5.1.1...v6.0.0">6.0.0</a>
(2026-02-04)</h2>
<h3>⚠ BREAKING CHANGES</h3>
<ul>
<li>Update action to use node24 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1632">#1632</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/a7a2c1125c67f40a1e95768f4e4a7d8f019f87af">a7a2c11</a>)</li>
</ul>
<h3>Features</h3>
<ul>
<li>add support to define transitive tag keys (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1316">#1316</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/232435c0c05e51137544f0203931b84893d13b74">232435c</a>)
(<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1628/changes/930ebd9bcaed959c3ba9e21567e8abbc3cae72c0">930ebd9</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>properly output <code>aws-account-id</code> and
<code>authenticated-arn</code> when using role-chaining (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1633">#1633</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/7ceaf96edc86cc1713cef59eba79feeb23f59da1">7ceaf96</a>)</li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v5.1.0...v5.1.1">5.1.1</a>
(2025-11-24)</h2>
<h3>Miscellaneous Chores</h3>
<ul>
<li>release 5.1.1 (<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/56d6a583f00f6bad6d19d91d53a7bc3b8143d0e9">56d6a58</a>)</li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v5.0.0...v5.1.0">5.1.0</a>
(2025-10-06)</h2>
<h3>Features</h3>
<ul>
<li>Add global timeout support (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1487">#1487</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/1584b8b0e2062557287c28fbe9b8920df434e866">1584b8b</a>)</li>
<li>add no-proxy support (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1482">#1482</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/dde9b22a8e889a0821997a21a2c5a38020ee8de3">dde9b22</a>)</li>
<li>Improve debug logging in retry logic (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1485">#1485</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/97ef425d73aa532439f54f90d0e83101a186c5a6">97ef425</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>properly expose getProxyForUrl (introduced in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1482">#1482</a>)
(<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1486">#1486</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/cea42985ac88b42678fbc84c18066a7f07f05176">cea4298</a>)</li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v4.3.1...v5.0.0">5.0.0</a>
(2025-09-03)</h2>
<h3>⚠ BREAKING CHANGES</h3>
<ul>
<li>Cleanup input handling. Changes invalid boolean input behavior (see
<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1445">#1445</a>)</li>
</ul>
<h3>Features</h3>
<ul>
<li>add skip OIDC option (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1458">#1458</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/8c45f6b08196feb86cfdbe431541d5571d9ab2c2">8c45f6b</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/aws-actions/configure-aws-credentials/compare/fb7eb401298e393da51cdcb2feb1ed0183619014...8df5847569e6427dd6c4fb1cf565c83acfa8afa7">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: bump EndBug/add-and-commit from 9.1.4 to 10.0.0 (#36421)

Bumps [EndBug/add-and-commit](https://github.com/endbug/add-and-commit)
from 9.1.4 to 10.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/endbug/add-and-commit/releases">EndBug/add-and-commit's
releases</a>.</em></p>
<blockquote>
<h2>v10.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(deps-dev): bump husky from 8.0.3 to 9.0.6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/617">EndBug/add-and-commit#617</a></li>
<li>chore(deps-dev): bump <code>@​typescript-eslint/parser</code> from
6.19.0 to 6.19.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/618">EndBug/add-and-commit#618</a></li>
<li>chore(deps-dev): bump prettier from 3.2.4 to 3.2.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/619">EndBug/add-and-commit#619</a></li>
<li>chore(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 6.19.1 to 6.21.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/623">EndBug/add-and-commit#623</a></li>
<li>chore(deps-dev): bump <code>@​typescript-eslint/parser</code> from
6.19.1 to 6.21.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/624">EndBug/add-and-commit#624</a></li>
<li>chore(deps-dev): bump husky from 9.0.6 to 9.0.11 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/626">EndBug/add-and-commit#626</a></li>
<li>chore: switch to GTS for linting by <a
href="https://github.com/EndBug"><code>@​EndBug</code></a> in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/636">EndBug/add-and-commit#636</a></li>
<li>chore(deps-dev): bump gts from 5.2.0 to 5.3.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/637">EndBug/add-and-commit#637</a></li>
<li>chore(deps-dev): bump typescript from 5.2.2 to 5.4.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/639">EndBug/add-and-commit#639</a></li>
<li>chore(deps-dev): bump gts from 5.3.0 to 5.3.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/642">EndBug/add-and-commit#642</a></li>
<li>chore(deps-dev): bump braces from 3.0.2 to 3.0.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/641">EndBug/add-and-commit#641</a></li>
<li>chore(deps-dev): bump typescript from 5.4.5 to 5.5.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/644">EndBug/add-and-commit#644</a></li>
<li>Adds examples of input arrays. by <a
href="https://github.com/tommie"><code>@​tommie</code></a> in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/645">EndBug/add-and-commit#645</a></li>
<li>chore(deps-dev): bump typescript from 5.5.2 to 5.5.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/649">EndBug/add-and-commit#649</a></li>
<li>docs: add tommie as a contributor for doc by <a
href="https://github.com/allcontributors"><code>@​allcontributors</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/647">EndBug/add-and-commit#647</a></li>
<li>chore(deps-dev): bump husky from 9.0.11 to 9.1.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/650">EndBug/add-and-commit#650</a></li>
<li>chore(deps-dev): bump typescript from 5.5.3 to 5.5.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/653">EndBug/add-and-commit#653</a></li>
<li>chore(deps-dev): bump husky from 9.1.1 to 9.1.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/655">EndBug/add-and-commit#655</a></li>
<li>chore(deps-dev): bump husky from 9.1.4 to 9.1.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/659">EndBug/add-and-commit#659</a></li>
<li>chore(deps-dev): bump husky from 9.1.5 to 9.1.6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/660">EndBug/add-and-commit#660</a></li>
<li>chore(deps-dev): bump typescript from 5.5.4 to 5.6.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/661">EndBug/add-and-commit#661</a></li>
<li>chore(deps-dev): bump <code>@​vercel/ncc</code> from 0.38.1 to
0.38.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/662">EndBug/add-and-commit#662</a></li>
<li>chore(deps): bump <code>@​actions/core</code> from 1.10.1 to 1.11.1
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/663">EndBug/add-and-commit#663</a></li>
<li>chore(deps-dev): bump typescript from 5.6.2 to 5.6.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/664">EndBug/add-and-commit#664</a></li>
<li>chore(deps-dev): bump gts from 5.3.1 to 6.0.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/665">EndBug/add-and-commit#665</a></li>
<li>chore(deps-dev): bump gts from 6.0.0 to 6.0.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/666">EndBug/add-and-commit#666</a></li>
<li>chore(deps-dev): bump <code>@​vercel/ncc</code> from 0.38.2 to
0.38.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/669">EndBug/add-and-commit#669</a></li>
<li>chore(deps): bump cross-spawn by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/670">EndBug/add-and-commit#670</a></li>
<li>docs: add icemac as a contributor for doc by <a
href="https://github.com/allcontributors"><code>@​allcontributors</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/674">EndBug/add-and-commit#674</a></li>
<li>chore(deps-dev): bump husky from 9.1.6 to 9.1.7 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/672">EndBug/add-and-commit#672</a></li>
<li>chore(deps-dev): bump typescript from 5.6.3 to 5.7.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/671">EndBug/add-and-commit#671</a></li>
<li>chore(deps-dev): bump typescript from 5.7.2 to 5.7.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/676">EndBug/add-and-commit#676</a></li>
<li>chore(deps-dev): bump eslint-config-prettier from 9.1.0 to 10.0.1 by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/677">EndBug/add-and-commit#677</a></li>
<li>chore(deps-dev): bump eslint-config-prettier from 10.0.1 to 10.0.2
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/678">EndBug/add-and-commit#678</a></li>
<li>chore(deps-dev): bump typescript from 5.7.3 to 5.8.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/679">EndBug/add-and-commit#679</a></li>
<li>chore(deps-dev): bump eslint-config-prettier from 10.0.2 to 10.1.1
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/680">EndBug/add-and-commit#680</a></li>
<li>chore(deps-dev): bump typescript from 5.8.2 to 5.8.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/681">EndBug/add-and-commit#681</a></li>
<li>chore(deps-dev): bump eslint-config-prettier from 10.1.1 to 10.1.2
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/682">EndBug/add-and-commit#682</a></li>
<li>chore(deps-dev): bump eslint-config-prettier from 10.1.2 to 10.1.5
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/683">EndBug/add-and-commit#683</a></li>
<li>chore(deps-dev): bump eslint-config-prettier from 10.1.5 to 10.1.8
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/686">EndBug/add-and-commit#686</a></li>
<li>ci(deps): bump actions/checkout from 4 to 5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/688">EndBug/add-and-commit#688</a></li>
<li>ci(deps): bump actions/setup-node from 4 to 5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/690">EndBug/add-and-commit#690</a></li>
<li>chore(deps-dev): bump <code>@​vercel/ncc</code> from 0.38.3 to
0.38.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/691">EndBug/add-and-commit#691</a></li>
<li>chore(deps-dev): bump typescript from 5.8.3 to 5.9.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/694">EndBug/add-and-commit#694</a></li>
<li>ci(deps): bump actions/setup-node from 5 to 6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/697">EndBug/add-and-commit#697</a></li>
<li>ci(deps): bump github/codeql-action from 3 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/696">EndBug/add-and-commit#696</a></li>
<li>Removes the redundant JSON array parsing. by <a
href="https://github.com/tommie"><code>@​tommie</code></a> in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/652">EndBug/add-and-commit#652</a></li>
<li>docs: add tommie as a contributor for code, and test by <a
href="https://github.com/allcontributors"><code>@​allcontributors</code></a>[bot]
in <a
href="https://redirect.github.com/EndBug/add-and-commit/pull/699">EndBug/add-and-commit#699</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/EndBug/add-and-commit/commit/290ea2c423ad77ca9c62ae0f5b224379612c0321"><code>290ea2c</code></a>
10.0.0</li>
<li><a
href="https://github.com/EndBug/add-and-commit/commit/5190a0ab62d7c5f7c4b7e60878626dbea39a1bd9"><code>5190a0a</code></a>
docs: prepare for v10</li>
<li><a
href="https://github.com/EndBug/add-and-commit/commit/9ac38785ff85cd5ec722cd36eb796e27ffed146d"><code>9ac3878</code></a>
chore: npm audit fix</li>
<li><a
href="https://github.com/EndBug/add-and-commit/commit/7b015bddf587bafa726e9873830750305d9236fd"><code>7b015bd</code></a>
docs: add CodeReaper as a contributor for maintenance (<a
href="https://redirect.github.com/endbug/add-and-commit/issues/723">#723</a>)</li>
<li><a
href="https://github.com/EndBug/add-and-commit/commit/300836dd70faf4d5bc5c139040255bec80cea0c3"><code>300836d</code></a>
chore(deps-dev): bump flatted from 3.3.3 to 3.4.2 (<a
href="https://redirect.github.com/endbug/add-and-commit/issues/722">#722</a>)</li>
<li><a
href="https://github.com/EndBug/add-and-commit/commit/f6e20ed3c450d7550c04cf0fdd3548c01ac3490b"><code>f6e20ed</code></a>
feat!: use node version 24 (<a
href="https://redirect.github.com/endbug/add-and-commit/issues/720">#720</a>)</li>
<li><a
href="https://github.com/EndBug/add-and-commit/commit/62806537b45381f4b1475ec463d5e2106d9d3110"><code>6280653</code></a>
chore(deps-dev): bump jest from 30.2.0 to 30.3.0 (<a
href="https://redirect.github.com/endbug/add-and-commit/issues/721">#721</a>)</li>
<li><a
href="https://github.com/EndBug/add-and-commit/commit/1539a6ad10f4790cad9ee6401eedc0cc0b70f44f"><code>1539a6a</code></a>
chore(deps): bump <code>@​actions/core</code> from 2.0.2 to 3.0.0 (<a
href="https://redirect.github.com/endbug/add-and-commit/issues/716">#716</a>)</li>
<li><a
href="https://github.com/EndBug/add-and-commit/commit/af611dd65b8c1b116389a4fa0403502d22aaa331"><code>af611dd</code></a>
chore(deps): bump minimatch (<a
href="https://redirect.github.com/endbug/add-and-commit/issues/718">#718</a>)</li>
<li><a
href="https://github.com/EndBug/add-and-commit/commit/2df77c10fb02f084460f06c7d7a576a43bd00b86"><code>2df77c1</code></a>
chore(deps-dev): bump eslint-plugin-prettier from 5.5.4 to 5.5.5 (<a
href="https://redirect.github.com/endbug/add-and-commit/issues/712">#712</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/endbug/add-and-commit/compare/a94899bca583c204427a224a7af87c02f9b325d5...290ea2c423ad77ca9c62ae0f5b224379612c0321">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=EndBug/add-and-commit&package-manager=github_actions&previous-version=9.1.4&new-version=10.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: bump mikefarah/yq from 88a31ae8c6b34aad77d2efdecc146113cb3315d0 to 17f66dc6c6a177fafd8b71a6abea6d6340aa1e16 (#36422)

Bumps [mikefarah/yq](https://github.com/mikefarah/yq) from
88a31ae8c6b34aad77d2efdecc146113cb3315d0 to
17f66dc6c6a177fafd8b71a6abea6d6340aa1e16.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/mikefarah/yq/blob/master/release_notes.txt">mikefarah/yq's
changelog</a>.</em></p>
<blockquote>
<p>4.52.5:</p>
<ul>
<li>Fix: reset TOML decoder state between files (<a
href="https://redirect.github.com/mikefarah/yq/issues/2634">#2634</a>)
thanks <a
href="https://github.com/terminalchai"><code>@​terminalchai</code></a></li>
<li>Fix: preserve original filename when using --front-matter (<a
href="https://redirect.github.com/mikefarah/yq/issues/2613">#2613</a>)
thanks <a
href="https://github.com/cobyfrombrooklyn-bot"><code>@​cobyfrombrooklyn-bot</code></a></li>
<li>Fix typo in filename (<a
href="https://redirect.github.com/mikefarah/yq/issues/2611">#2611</a>)
thanks <a
href="https://github.com/alexandear"><code>@​alexandear</code></a></li>
<li>Bumped dependencies</li>
</ul>
<p>4.52.4:</p>
<ul>
<li>Dropping windows/arm - no longer supported in cross-compile</li>
</ul>
<p>4.52.3:</p>
<ul>
<li>Fixing comments in TOML arrays (<a
href="https://redirect.github.com/mikefarah/yq/issues/2592">#2592</a>)</li>
<li>Bumped dependencies</li>
</ul>
<p>4.52.2:</p>
<ul>
<li>Fixed bad instructions file breaking go-install (<a
href="https://redirect.github.com/mikefarah/yq/issues/2587">#2587</a>)
Thanks <a
href="https://github.com/theyoprst"><code>@​theyoprst</code></a></li>
<li>Fixed TOML table scope after comments (<a
href="https://redirect.github.com/mikefarah/yq/issues/2588">#2588</a>)
Thanks <a
href="https://github.com/tomers"><code>@​tomers</code></a></li>
<li>Multiply uses a readonly context (<a
href="https://redirect.github.com/mikefarah/yq/issues/2558">#2558</a>)</li>
<li>Fixed merge globbing wildcards in keys (<a
href="https://redirect.github.com/mikefarah/yq/issues/2564">#2564</a>)</li>
<li>Fixing TOML subarray parsing issue (<a
href="https://redirect.github.com/mikefarah/yq/issues/2581">#2581</a>)</li>
</ul>
<p>4.52.1:</p>
<ul>
<li>
<p>TOML encoder support - you can now roundtrip! <a
href="https://redirect.github.com/mikefarah/yq/issues/1364">#1364</a></p>
</li>
<li>
<p>Parent now supports negative indices, and added a 'root' command for
referencing the top level document</p>
</li>
<li>
<p>Fixed scalar encoding for HCL</p>
</li>
<li>
<p>Add --yaml-compact-seq-indent / -c flag for compact sequence
indentation (<a
href="https://redirect.github.com/mikefarah/yq/issues/2583">#2583</a>)
Thanks <a href="https://github.com/jfenal"><code>@​jfenal</code></a></p>
</li>
<li>
<p>Add symlink check to file rename util (<a
href="https://redirect.github.com/mikefarah/yq/issues/2576">#2576</a>)
Thanks <a
href="https://github.com/Elias-elastisys"><code>@​Elias-elastisys</code></a></p>
</li>
<li>
<p>Powershell fixed default command used for __completeNoDesc alias (<a
href="https://redirect.github.com/mikefarah/yq/issues/2568">#2568</a>)
Thanks <a
href="https://github.com/teejaded"><code>@​teejaded</code></a></p>
</li>
<li>
<p>Unwrap scalars in shell output mode. (<a
href="https://redirect.github.com/mikefarah/yq/issues/2548">#2548</a>)
Thanks <a
href="https://github.com/flintwinters"><code>@​flintwinters</code></a></p>
</li>
<li>
<p>Added K8S KYAML output format support (<a
href="https://redirect.github.com/mikefarah/yq/issues/2560">#2560</a>)
Thanks <a
href="https://github.com/robbat2"><code>@​robbat2</code></a></p>
</li>
<li>
<p>Bumped dependencies</p>
</li>
<li>
<p>Special shout out to <a
href="https://github.com/ccoVeille"><code>@​ccoVeille</code></a> for
reviewing my PRs!</p>
</li>
</ul>
<p>4.50.1:</p>
<ul>
<li>Added HCL support!</li>
<li>Fixing handling of CRLF <a
href="https://redirect.github.com/mikefarah/yq/issues/2352">#2352</a></li>
<li>Bumped dependencies</li>
</ul>
<p>4.49.2:</p>
<ul>
<li>Fixing escape character bugs :sweat: <a
href="https://redirect.github.com/mikefarah/yq/issues/2517">#2517</a></li>
<li>Fixing snap release pipeline <a
href="https://redirect.github.com/mikefarah/yq/issues/2518">#2518</a>
Thanks <a
href="https://github.com/aalexjo"><code>@​aalexjo</code></a></li>
</ul>
<p>4.49.1:</p>
<ul>
<li>Added <code>--security</code> flags to disable env and file ops <a
href="https://redirect.github.com/mikefarah/yq/issues/2515">#2515</a></li>
<li>Fixing TOML ArrayTable parsing issues <a
href="https://redirect.github.com/mikefarah/yq/issues/1758">#1758</a></li>
<li>Fixing parsing of escaped characters <a
href="https://redirect.github.com/mikefarah/yq/issues/2506">#2506</a></li>
</ul>
<p>4.48.2:</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/mikefarah/yq/commit/17f66dc6c6a177fafd8b71a6abea6d6340aa1e16"><code>17f66dc</code></a>
Bump github.com/goccy/go-json from 0.10.5 to 0.10.6 (<a
href="https://redirect.github.com/mikefarah/yq/issues/2636">#2636</a>)</li>
<li><a
href="https://github.com/mikefarah/yq/commit/dcb9c2a54355cc388b3f9b2b14c601e518982d17"><code>dcb9c2a</code></a>
Bump github.com/pelletier/go-toml/v2 from 2.2.4 to 2.3.0 (<a
href="https://redirect.github.com/mikefarah/yq/issues/2637">#2637</a>)</li>
<li><a
href="https://github.com/mikefarah/yq/commit/8f5d876bf00b25ed8ab073978e292e1c1fcdf282"><code>8f5d876</code></a>
Bump github.com/fatih/color from 1.18.0 to 1.19.0 (<a
href="https://redirect.github.com/mikefarah/yq/issues/2638">#2638</a>)</li>
<li><a
href="https://github.com/mikefarah/yq/commit/7d8d3ab902928824c713bb830769531868bbb599"><code>7d8d3ab</code></a>
Replace gopkg.in/op/go-logging.v1 with log/slog (<a
href="https://redirect.github.com/mikefarah/yq/issues/2635">#2635</a>)</li>
<li><a
href="https://github.com/mikefarah/yq/commit/11f4dc1a0331f628427fd937a5982717870cb891"><code>11f4dc1</code></a>
Bumping version</li>
<li><a
href="https://github.com/mikefarah/yq/commit/0f4fb8d35ec1a939d78dd6862f494d19ec589f19"><code>0f4fb8d</code></a>
Bumping version</li>
<li><a
href="https://github.com/mikefarah/yq/commit/80c319aa0c80e5fa5587906fa1c486a15e022229"><code>80c319a</code></a>
Fixing tests with latest linting rules</li>
<li><a
href="https://github.com/mikefarah/yq/commit/b25ae78545e7f2d34c6e759141345cb15da95d52"><code>b25ae78</code></a>
fix: reset TOML decoder state between files (<a
href="https://redirect.github.com/mikefarah/yq/issues/2634">#2634</a>)</li>
<li><a
href="https://github.com/mikefarah/yq/commit/b151522485dc0432cf0f997356bbec7035d089c9"><code>b151522</code></a>
fix: preserve original filename when using --front-matter (<a
href="https://redirect.github.com/mikefarah/yq/issues/2613">#2613</a>)</li>
<li><a
href="https://github.com/mikefarah/yq/commit/c5cbf9760bc3c5b526f2b2ba65eaaad3921019a9"><code>c5cbf97</code></a>
Bump golang.org/x/net from 0.50.0 to 0.52.0 (<a
href="https://redirect.github.com/mikefarah/yq/issues/2628">#2628</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/mikefarah/yq/compare/88a31ae8c6b34aad77d2efdecc146113cb3315d0...17f66dc6c6a177fafd8b71a6abea6d6340aa1e16">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: bump aiohttp from 3.13.4 to 3.13.5 in /libs/partners/xai (#36464)

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aiohttp&package-manager=uv&previous-version=3.13.4&new-version=3.13.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(model-profiles): refresh model profile data (#36482)

Automated refresh of model profile data for all in-monorepo partner
integrations via `langchain-profiles refresh`.

🤖 Generated by the `refresh_model_profiles` workflow.

Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>

* chore(model-profiles): refresh model profile data (#36539)

Automated refresh of model profile data for all in-monorepo partner
integrations via `langchain-profiles refresh`.

🤖 Generated by the `refresh_model_profiles` workflow.

Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>

* chore(model-profiles): refresh model profile data (#36554)

Automated refresh of model profile data for all in-monorepo partner
integrations via `langchain-profiles refresh`.

🤖 Generated by the `refresh_model_profiles` workflow.

Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>

* docs(langchain): add missing baseten and litellm to `init_chat_model` (#36562)

The `init_chat_model` docstring lists supported `model_provider` values,
but `baseten` and `litellm` were missing despite both being present in
`_BUILTIN_PROVIDERS` since they were added. This adds the two missing
entries to keep the docstring in sync with the registry.

* chore: add comment explaining `pygments>=2.20.0` (#36570)

* chore(ollama): switch to `ty` (#36571)

* ci: match both `h2` and `h3` area headings in auto-labeler (#36572)

GitHub issue forms render the "Area (Required)" field label at
inconsistent heading levels — some issues get `### Area` (h3), others
get `## Area` (h2). The `auto-label-by-package` workflow's regex was
hardcoded to `### Area`, silently skipping issues with `## Area`
headings and never applying package labels (e.g.
[#2471](https://github.com/langchain-ai/deepagents/issues/2471)).

* feat(ollama): logprobs support in Ollama (#34218)

Closes #34207 

---

Expose log probabilities from the Ollama Python SDK through
`ChatOllama`. The ollama client already returns a `logprobs` field on
chat responses for supported models, but `ChatOllama` had no way to
request or surface it.

## Changes
- Add `logprobs` and `top_logprobs` fields to `ChatOllama`, forwarded to
the client via `_build_chat_params`. Setting `top_logprobs` without
`logprobs=True` auto-enables it with a warning; setting it with
`logprobs=False` raises a `ValueError`
- Surface per-token logprobs on intermediate streaming chunks (both sync
`_create_chat_stream` and async `_create_async_chat_stream`) via
`response_metadata["logprobs"]`, accumulated into the final response on
`invoke()`
- Bump minimum `ollama` SDK from `>=0.6.0` to `>=0.6.1` — the version
that added logprobs support

---------

Co-authored-by: Mason Daugherty <mason@langchain.dev>
Co-authored-by: Mason Daugherty <github@mdrxy.com>

* fix(ollama): respect scheme-less `base_url` (#34042)

Fixes #33986.

Summary:
- Normalize scheme-less `base_url` values (e.g., `ollama:11434`) by
defaulting to `http://` when the input resembles `host:port`.
- Preserve and merge `Authorization` headers when `userinfo` credentials
are present, both for sync and async clients.
- Add unit tests covering scheme-less host:port and scheme-less userinfo
credentials.

Implementation details:
- Update `parse_url_with_auth` to accept scheme-less endpoints,
producing a cleaned URL with explicit scheme and extracted auth headers.
- No changes required in `OllamaLLM`, `ChatOllama`, or
`OllamaEmbeddings`—they already consume the cleaned URL and headers.

Why:
- Previously, scheme-less inputs caused `parse_url_with_auth` to return
`(None, None)`, leading Ollama clients to fall back to defaults and
ignore the provided `base_url`.

Tests:
- Extended `libs/partners/ollama/tests/unit_tests/test_auth.py` to cover
the new cases.

Notes:
- Default scheme chosen is `http` to match common Ollama local
deployments. Users can still explicitly provide `https://` when
appropriate.

---------

Co-authored-by: Mason Daugherty <mason@langchain.dev>
Co-authored-by: Mason Daugherty <github@mdrxy.com>

* feat(ollama): add `dimensions` to `OllamaEmbeddings` (#36543)

Fixes #34623

Add `dimensions` field to `OllamaEmbeddings` to allow users to specify 
output embedding size for models that support variable dimensions . The
field is passed
directly to the Ollama client's `embed()` call for both sync and async
methods.

**How I verified it works:**
- Ran unit tests: `python -m pytest tests/unit_tests/ -v`
- Ran integration tests against a live Ollama instance:
`OLLAMA_HOST=http://ollama:11434 python -m pytest
tests/integration_tests/ -v`
- Confirmed that passing `dimensions=768` no longer raises
`extra_forbidden`
  Pydantic validation error and returns embeddings of the expected size.

---------

Co-authored-by: Mason Daugherty <mason@langchain.dev>
Co-authored-by: Mason Daugherty <github@mdrxy.com>

* fix(ollama): prevent `_convert_messages_to_ollama_messages` from mutating caller list (#36567)

Fixes #36564

The method modifies messages[idx] in-place when converting v1 format
content. Add messages = list(messages) to create a shallow copy before
any mutations.

1 line change in libs/partners/ollama/langchain_ollama/chat_models.py

Co-authored-by: bahtya <bahtyar153@qq.com>
Co-authored-by: Mason Daugherty <mason@langchain.dev>

* fix(ollama): serialize `reasoning_content` back to ollama `thinking` (#36573)

Closes #36177.

---

Ollama's deserialization path already captures `"thinking"` content as
`additional_kwargs["reasoning_content"]` on `AIMessage`, but the reverse
direction — serializing back to the Ollama wire format — was missing.
This means multi-turn conversations with reasoning models like
`deepseek-r1` would silently drop the chain-of-thought, breaking agents
that need prior reasoning preserved across turns.

* feat(ollama): support `response_format` (#34612)

Fixes #34610

---

This PR resolves an issue where `ChatOllama` would raise an `unexpected
keyword argument 'response_format'` error when used with `create_agent`
or when passed an OpenAI-style `response_format`.

When using `create_agent` (especially with models like `gpt-oss`),
LangChain creates a `response_format` argument (e.g., `{"type":
"json_schema", ...}`). `ChatOllama` previously passed this argument
directly to the underlying Ollama client, which does not support
`response_format` and instead expects a `format` parameter.

## The Fix
I updated `_chat_params` in
`libs/partners/ollama/langchain_ollama/chat_models.py` to:
1.  Intercept the `response_format` argument.
2.  Map it to the native Ollama `format` parameter:
* `{"type": "json_schema", "json_schema": {"schema": ...}}` ->
`format=schema`
    *   `{"type": "json_object"}` -> `format="json"`
3.  Remove `response_format` from the kwargs passed to the client.

## Validation
* **Reproduction Script**: Verified the fix with a script covering
`json_schema`, `json_object`, and explicit `format` priority scenarios.
* **New Tests**: Added 3 new unit tests to
`libs/partners/ollama/tests/unit_tests/test_chat_models.py` covering
these scenarios.
* **Regression**: Ran the full test suite (`make -C libs/partners/ollama
test`), passing 29 tests (previously 26).
* **Lint/Format**: Verified with `make lint_package` and `make format`.

---------

Co-authored-by: Mohan Kumar Sagadevan <mohankumarsagadevan@Mohans-MacBook-Air.local>
Co-authored-by: Mason Daugherty <mason@langchain.dev>
Co-authored-by: Mason Daugherty <github@mdrxy.com>

* release(ollama): 1.1.0 (#36574)

* ci: convert working-directory to validated dropdown (#36575)

Convert the `working-directory` input in the release workflow from a
free-text string to a dropdown of known package paths.

## Changes
- Change `working-directory` from `type: string` to `type: choice` in
`_release.yml`, enumerating all 21 releasable packages under `libs/` and
`libs/partners/`
- Add `check-release-options` CI job in `check_diffs.yml` that runs a
pytest script to assert the dropdown options match directories
containing a `pyproject.toml`

* fix(core): handle symlinks in deprecated prompt save path (#36585)

Resolve symlinks before validating file extensions in the deprecated
`save()` method on prompt classes.

Credit to Jeff Ponte (@JDP-Security) for reporting the symlink
resolution issue.

* release(core): 1.2.27 (#36586)

* chore(model-profiles): refresh model profile data (#36596)

Automated refresh of model profile data for all in-monorepo partner
integrations via `langchain-profiles refresh`.

🤖 Generated by the `refresh_model_profiles` workflow.

Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>

* fix(standard-tests): update standard tests for sandbox backends (#36036)

Co-authored-by: Eugene Yurtsev <eyurtsev@gmail.com>

* release(standard-tests): 1.1.6 (#36610)

* fix(core): add more sanitization to templates (#36612)

add more sanitization to templates

* release(core): release 1.2.28 (#36614)

release 1.27.8

* ci: pin all actions to full-length commit SHAs (#36621)

Pin all remaining GitHub Actions references to full-length commit SHAs,
matching the convention already established by third-party actions in
this repo. This is a prerequisite for enabling GitHub's "Require actions
to be pinned to a full-length commit SHA" repository ruleset, which
mitigates tag-hijacking supply chain attacks.

* docs(infra): note sha pinning requirement in agent files (#36625)

Following #36621

* docs(infra): add model reference freshness guidelines (#36626)

Add a "Model references in docs and examples" subsection to `AGENTS.md`
and `CLAUDE.md` under Documentation standards. Codifies that docstrings
and examples should use current GA model names, not stale ones — and
explicitly draws the line between updating illustrative references
(encouraged) and changing shipped code defaults (breaking change,
separate process).

* chore: bump cryptography from 46.0.6 to 46.0.7 in /libs/langchain (#36620)

Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.6
to 46.0.7.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's
changelog</a>.</em></p>
<blockquote>
<p>46.0.7 - 2026-04-07</p>
<pre><code>
* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could
be
  passed to APIs that accept Python buffers, which could lead to buffer
  overflow. **CVE-2026-39892**
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL
3.5.6.
<p>.. _v46-0-6:<br />
</code></pre></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5"><code>622d672</code></a>
46.0.7 release (<a
href="https://redirect.github.com/pyca/cryptography/issues/14602">#14602</a>)</li>
<li>See full diff in <a
href="https://github.com/pyca/cryptography/compare/46.0.6...46.0.7">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography&package-manager=uv&previous-version=46.0.6&new-version=46.0.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: bump cryptography from 46.0.6 to 46.0.7 in /libs/langchain_v1 (#36619)

Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.6
to 46.0.7.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's
changelog</a>.</em></p>
<blockquote>
<p>46.0.7 - 2026-04-07</p>
<pre><code>
* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could
be
  passed to APIs that accept Python buffers, which could lead to buffer
  overflow. **CVE-2026-39892**
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL
3.5.6.
<p>.. _v46-0-6:<br />
</code></pre></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5"><code>622d672</code></a>
46.0.7 release (<a
href="https://redirect.github.com/pyca/cryptography/issues/14602">#14602</a>)</li>
<li>See full diff in <a
href="https://github.com/pyca/cryptography/compare/46.0.6...46.0.7">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography&package-manager=uv&previous-version=46.0.6&new-version=46.0.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(model-profiles): refresh model profile data (#36630)

Automated refresh of model profile data for all in-monorepo partner
integrations via `langchain-profiles refresh`.

🤖 Generated by the `refresh_model_profiles` workflow.

Co-authored-by: mdrxy <61371264+mdrxy@users.noreply.github.com>

* perf(langchain): add benchmark command (#36641)

add benchmark in Makefile

* chore(core): reduce streaming metadata / perf (#36588)

- looking into reducing streaming metadata / perfm

---------

Co-authored-by: William Fu-Hinthorn <13333726+hinthornw@users.noreply.github.com>

* chore(infra): add langchain to codspeed (#36650)

add lang…
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mdrxy Mason Daugherty (mdrxy) mdrxy approved these changes

@eyurtsev Eugene Yurtsev (eyurtsev) Awaiting requested review from eyurtsev eyurtsev is a code owner

Assignees

No one assigned

Labels

core `langchain-core` package issues & PRs external fix For PRs that implement a fix size: M 200-499 LOC trusted-contributor >= 5 merged PRs in the `langchain-ai/langchain` repo

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Langsmith include_model broken due to deserialization allowlist

2 participants

@michaelnchin @mdrxy