chore(deps): bump the minor-and-patch group with 10 updates

[dependabot]

Bumps the minor-and-patch group with 10 updates:

Package	From	To
typer	0.24.1	0.24.2
langchain	1.2.12	1.2.15
pytest	9.0.2	9.0.3
ruff	0.15.7	0.15.11
mypy	1.19.1	1.20.2
sentence-transformers	5.3.0	5.4.1
langchain-cohere	0.5.0	0.5.1
langchain-openai	1.1.12	1.1.16
langchain-anthropic	1.4.0	1.4.1
langchain-google-genai	4.2.1	4.2.2

Updates typer from 0.24.1 to 0.24.2

Release notes

Sourced from typer's releases.

0.24.2

Fixes

• 🐛 Ensure that typer.launch forwards correctly when launching a file. PR #1708 by @​svlandeg.

Refactors

• 🎨 Ensure ty runs without errors. PR #1628 by @​svlandeg.

Docs

• 📝 Add dates to release notes. PR #1612 by @​YuriiMotov.
• 💄 Fix code blocks in reference docs overflowing table width. PR #1630 by @​YuriiMotov.
• 📝 Fix broken link to FastAPI and Friends newsletter. PR #1540 by @​Karlemami.
• 🔨 Handle external links target=_blank and CSS automatically in JS and CSS. PR #1622 by @​tiangolo.
• 📝 Remove link to Typer developer survey. PR #1609 by @​svlandeg.
• ✏️ Clean up documentation in install.md file. PR #1606 by @​Johandielangman.

Internal

• ⬆ Bump mypy from 1.20.1 to 1.20.2. PR #1715 by @​dependabot[bot].
• ⬆ Bump prek from 0.3.9 to 0.3.10. PR #1716 by @​dependabot[bot].
• ⬆ Bump pydantic-settings from 2.13.1 to 2.14.0. PR #1713 by @​dependabot[bot].
• ⬆ Bump ty from 0.0.31 to 0.0.32. PR #1711 by @​dependabot[bot].
• ⬆ Bump pydantic from 2.13.2 to 2.13.3. PR #1712 by @​dependabot[bot].
• ⬆ Bump pygments from 2.19.2 to 2.20.0. PR #1667 by @​dependabot[bot].
• ⬆ Bump pymdown-extensions from 10.20 to 10.21.2. PR #1710 by @​YuriiMotov.
• ⬆ Bump actions/cache from 5.0.4 to 5.0.5. PR #1700 by @​dependabot[bot].
• ⬆ Bump pydantic from 2.13.1 to 2.13.2. PR #1703 by @​dependabot[bot].
• ⬆ Bump actions/upload-artifact from 7.0.0 to 7.0.1. PR #1701 by @​dependabot[bot].
• ⬆ Bump ruff from 0.15.10 to 0.15.11. PR #1704 by @​dependabot[bot].
• ⬆ Bump cloudflare/wrangler-action from 3.14.1 to 3.15.0. PR #1702 by @​dependabot[bot].
• ⬆ Bump astral-sh/setup-uv from 7.6.0 to 8.1.0. PR #1699 by @​dependabot[bot].
• ⬆ Bump ty from 0.0.30 to 0.0.31. PR #1696 by @​dependabot[bot].
• ⬆ Bump pydantic from 2.13.0 to 2.13.1. PR #1697 by @​dependabot[bot].
• 🔒 Pin GitHub actions by commit SHA. PR #1666 by @​YuriiMotov.
• ⬆ Bump ty from 0.0.29 to 0.0.30. PR #1693 by @​dependabot[bot].
• ⬆ Bump prek from 0.3.8 to 0.3.9. PR #1691 by @​dependabot[bot].
• ⬆ Bump pygithub from 2.9.0 to 2.9.1. PR #1692 by @​dependabot[bot].
• ⬆ Bump rich from 14.3.3 to 15.0.0. PR #1688 by @​dependabot[bot].
• ⬆ Bump pydantic from 2.12.5 to 2.13.0. PR #1687 by @​dependabot[bot].
• ⬆ Bump mypy from 1.20.0 to 1.20.1. PR #1689 by @​dependabot[bot].
• ⬆ Bump cryptography from 46.0.6 to 46.0.7. PR #1682 by @​dependabot[bot].
• ⬆ Bump ruff from 0.15.9 to 0.15.10. PR #1684 by @​dependabot[bot].
• ⬆ Bump pytest from 9.0.2 to 9.0.3. PR #1681 by @​dependabot[bot].
• ⬆ Bump ty from 0.0.28 to 0.0.29. PR #1678 by @​dependabot[bot].
• ⬆ Bump ruff from 0.15.8 to 0.15.9. PR #1674 by @​dependabot[bot].
• ⬆ Bump ty from 0.0.27 to 0.0.28. PR #1675 by @​dependabot[bot].
• ⬆ Bump pillow from 12.1.1 to 12.2.0. PR #1672 by @​dependabot[bot].
• ⬆ Bump mypy from 1.19.1 to 1.20.0. PR #1670 by @​dependabot[bot].

... (truncated)

Changelog

Sourced from typer's changelog.

0.24.2 (2026-04-22)

Fixes

• 🐛 Ensure that typer.launch forwards correctly when launching a file. PR #1708 by @​svlandeg.

Refactors

• 🎨 Ensure ty runs without errors. PR #1628 by @​svlandeg.

Docs

• 📝 Add dates to release notes. PR #1612 by @​YuriiMotov.
• 💄 Fix code blocks in reference docs overflowing table width. PR #1630 by @​YuriiMotov.
• 📝 Fix broken link to FastAPI and Friends newsletter. PR #1540 by @​Karlemami.
• 🔨 Handle external links target=_blank and CSS automatically in JS and CSS. PR #1622 by @​tiangolo.
• 📝 Remove link to Typer developer survey. PR #1609 by @​svlandeg.
• ✏️ Clean up documentation in install.md file. PR #1606 by @​Johandielangman.

Internal

• ⬆ Bump mypy from 1.20.1 to 1.20.2. PR #1715 by @​dependabot[bot].
• ⬆ Bump prek from 0.3.9 to 0.3.10. PR #1716 by @​dependabot[bot].
• ⬆ Bump pydantic-settings from 2.13.1 to 2.14.0. PR #1713 by @​dependabot[bot].
• ⬆ Bump ty from 0.0.31 to 0.0.32. PR #1711 by @​dependabot[bot].
• ⬆ Bump pydantic from 2.13.2 to 2.13.3. PR #1712 by @​dependabot[bot].
• ⬆ Bump pygments from 2.19.2 to 2.20.0. PR #1667 by @​dependabot[bot].
• ⬆ Bump pymdown-extensions from 10.20 to 10.21.2. PR #1710 by @​YuriiMotov.
• ⬆ Bump actions/cache from 5.0.4 to 5.0.5. PR #1700 by @​dependabot[bot].
• ⬆ Bump pydantic from 2.13.1 to 2.13.2. PR #1703 by @​dependabot[bot].
• ⬆ Bump actions/upload-artifact from 7.0.0 to 7.0.1. PR #1701 by @​dependabot[bot].
• ⬆ Bump ruff from 0.15.10 to 0.15.11. PR #1704 by @​dependabot[bot].
• ⬆ Bump cloudflare/wrangler-action from 3.14.1 to 3.15.0. PR #1702 by @​dependabot[bot].
• ⬆ Bump astral-sh/setup-uv from 7.6.0 to 8.1.0. PR #1699 by @​dependabot[bot].
• ⬆ Bump ty from 0.0.30 to 0.0.31. PR #1696 by @​dependabot[bot].
• ⬆ Bump pydantic from 2.13.0 to 2.13.1. PR #1697 by @​dependabot[bot].
• 🔒 Pin GitHub actions by commit SHA. PR #1666 by @​YuriiMotov.
• ⬆ Bump ty from 0.0.29 to 0.0.30. PR #1693 by @​dependabot[bot].
• ⬆ Bump prek from 0.3.8 to 0.3.9. PR #1691 by @​dependabot[bot].
• ⬆ Bump pygithub from 2.9.0 to 2.9.1. PR #1692 by @​dependabot[bot].
• ⬆ Bump rich from 14.3.3 to 15.0.0. PR #1688 by @​dependabot[bot].
• ⬆ Bump pydantic from 2.12.5 to 2.13.0. PR #1687 by @​dependabot[bot].
• ⬆ Bump mypy from 1.20.0 to 1.20.1. PR #1689 by @​dependabot[bot].
• ⬆ Bump cryptography from 46.0.6 to 46.0.7. PR #1682 by @​dependabot[bot].
• ⬆ Bump ruff from 0.15.9 to 0.15.10. PR #1684 by @​dependabot[bot].
• ⬆ Bump pytest from 9.0.2 to 9.0.3. PR #1681 by @​dependabot[bot].
• ⬆ Bump ty from 0.0.28 to 0.0.29. PR #1678 by @​dependabot[bot].
• ⬆ Bump ruff from 0.15.8 to 0.15.9. PR #1674 by @​dependabot[bot].
• ⬆ Bump ty from 0.0.27 to 0.0.28. PR #1675 by @​dependabot[bot].
• ⬆ Bump pillow from 12.1.1 to 12.2.0. PR #1672 by @​dependabot[bot].

... (truncated)

Commits

• c9554ec 🔖 Release version 0.24.2
• 98f27ca 📝 Update release notes
• 31b468b 🐛 Ensure that typer.launch forwards correctly when launching a file (#1708)
• f0a6ee8 📝 Update release notes
• 5382d24 ⬆ Bump mypy from 1.20.1 to 1.20.2 (#1715)
• 6f15177 📝 Update release notes
• 8572894 ⬆ Bump prek from 0.3.9 to 0.3.10 (#1716)
• 9ce8e30 📝 Update release notes
• 22a86d3 ⬆ Bump pydantic-settings from 2.13.1 to 2.14.0 (#1713)
• c93d1c4 📝 Update release notes
• Additional commits viewable in compare view

Updates langchain from 1.2.12 to 1.2.15

Release notes

Sourced from langchain's releases.

langchain-core==1.2.15

Changes since langchain-core==1.2.14

fix(core): improve error message for non-JSON-serializable tool schemas (#34376) fix(core): improve typing/docs for on_chat_model_start to clarify required positional args (#35324) perf(core): defer specific langsmith imports to reduce import time (#35298) revert: add ChatAnthropicBedrockWrapper (#35371) release(core): 1.2.15 (#35367) fix(anthropic): replace retired model IDs in tests and docstrings (#35365) feat(anthropic): add ChatAnthropicBedrock wrapper (#35091) style: fix some ruff noqa (#35321)

langchain==1.2.15

Changes since langchain==1.2.14

release: langchain v1.2.15 (#36496) chore: bump aiohttp from 3.13.3 to 3.13.4 in /libs/langchain_v1 (#36438)

langchain-core==1.2.14

Changes since langchain-core==1.2.13

release(core): 1.2.14 (#35328) chore(core): remove langserve from sys info util, add deepagents (#35325) fix(core): fix merge_lists incorrectly merging parallel tool calls (#35281) fix(core): accept int temperature in _get_ls_params for LangSmith tracing (#35302) revert: accept integer temperature values in _get_ls_params (#35319) fix(core): accept integer temperature values in _get_ls_params (#35317) docs(core): update load note to be precise (#35309) fix(core): prevent recursion error when args_schema is dict (#35260) fix(core): preserve index and timestamp fields when merging (#34731) docs(core): add security warnings and best practices for deserialization (#35282) docs: fix docstring inaccuracies and update outdated LangSmith URLs (#35283) fix(core): correct misleading jinja2 sandboxing comment (#35183) chore: bump the langchain-deps group across 3 directories with 8 updates (#35257)

langchain==1.2.14

Changes since langchain==1.2.13

release(langchain): 1.2.14 (#36396) chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385) test(langchain): cover runtime recursion limit override in create_agent (#36376) perf(langchain): reduce init speed by 15% (#36375) fix(langchain): update recursion limit for create_agent (#36351) fix(infra): correct lint_diff relative paths in package makefiles (#36333) chore: bump cryptography from 46.0.5 to 46.0.6 in /libs/langchain_v1 (#36324) fix(langchain): recognize ChatAnthropicVertex in _get_approximate_token_counter (#36320) chore(langchain): remove unnecessary description for toods list as a group (#36315) chore(langchain): add async implementation to todolist and test (#36313) chore(langchain): speed up todo list middleware init (#36311) chore: bump requests from 2.32.5 to 2.33.0 in /libs/langchain_v1 (#36241)

... (truncated)

Commits

• dd63731 release: langchain v1.2.15 (#36496)
• d1529dd fix(core): correct parameter names in filter_messages docstring example (#36462)
• e89afed release(core): 1.2.25 (#36473)
• 0b5f2c0 fix(core): harden check for txt files in deprecated prompt loading functions ...
• c9f51ae fix(core): fixed typos in the documentation (#36459)
• cd394b7 chore(model-profiles): refresh model profile data (#36455)
• 34c4a2a chore: bump aiohttp from 3.13.3 to 3.13.4 in /libs/partners/huggingface (#36436)
• 914cef0 chore: bump aiohttp from 3.13.3 to 3.13.4 in /libs/partners/xai (#36435)
• 66ad4f7 chore: bump aiohttp from 3.13.3 to 3.13.4 in /libs/langchain (#36439)
• 8fb12b8 chore: bump aiohttp from 3.13.3 to 3.13.4 in /libs/partners/fireworks (#36437)
• Additional commits viewable in compare view

Updates pytest from 9.0.2 to 9.0.3

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

• #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

• #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

  Previously this resulted in an internal assertion failure during plugin loading.

  Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

• #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

• #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

• #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

• #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
• #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
• #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
• #14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

• #12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

  -- by aleguy02

Commits

• a7d58d7 Prepare release version 9.0.3
• 089d981 Merge pull request #14366 from bluetech/revert-14193-backport
• 8127eaf Revert "Fix: assertrepr_compare respects dict insertion order (#14050) (#14193)"
• 99a7e60 Merge pull request #14363 from pytest-dev/patchback/backports/9.0.x/95d8423bd...
• ddee02a Merge pull request #14343 from bluetech/cve-2025-71176-simple
• 74eac69 doc: Update training info (#14298) (#14301)
• f92dee7 Merge pull request #14267 from pytest-dev/patchback/backports/9.0.x/d6fa26c62...
• 7ee58ac Merge pull request #12378 from Pierre-Sassoulas/fix-implicit-str-concat-and-d...
• 37da870 Merge pull request #14259 from mitre88/patch-4 (#14268)
• c34bfa3 Add explanation for string context diffs (#14257) (#14266)
• Additional commits viewable in compare view

Updates ruff from 0.15.7 to 0.15.11

Release notes

Sourced from ruff's releases.

0.15.11

Release Notes

Released on 2026-04-16.

Preview features

• [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
• [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
• [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

Bug fixes

• [flake8-async] Omit overridden methods for ASYNC109 (#24648)

Documentation

• [flake8-async] Add override mention to ASYNC109 docs (#24666)
• Update Neovim config examples to use vim.lsp.config (#24577)

Contributors

• @​augustelalande
• @​anishgirianish
• @​benberryallwood
• @​charliermarsh
• @​Dev-iL

Install ruff 0.15.11

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.ps1 | iex"

Download ruff 0.15.11

File	Platform	Checksum
ruff-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
ruff-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
ruff-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
ruff-i686-pc-windows-msvc.zip	x86 Windows	checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.11

Released on 2026-04-16.

Preview features

• [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
• [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
• [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

Bug fixes

• [flake8-async] Omit overridden methods for ASYNC109 (#24648)

Documentation

• [flake8-async] Add override mention to ASYNC109 docs (#24666)
• Update Neovim config examples to use vim.lsp.config (#24577)

Contributors

• @​augustelalande
• @​anishgirianish
• @​benberryallwood
• @​charliermarsh
• @​Dev-iL

0.15.10

Released on 2026-04-09.

Preview features

• [flake8-logging] Allow closures in except handlers (LOG004) (#24464)
• [flake8-self] Make SLF diagnostics robust to non-self-named variables (#24281)
• [flake8-simplify] Make the fix for collapsible-if safe in preview (SIM102) (#24371)

Bug fixes

• Avoid emitting multi-line f-string elements before Python 3.12 (#24377)
• Avoid syntax error from E502 fixes in f-strings and t-strings (#24410)
• Strip form feeds from indent passed to dedent_to (#24381)
• [pyupgrade] Fix panic caused by handling of octals (UP012) (#24390)
• Reject multi-line f-string elements before Python 3.12 (#24355)

Rule changes

• [ruff] Treat f-string interpolation as potential side effect (RUF019) (#24426)

Server

... (truncated)

Commits

• 53554b1 Bump 0.15.11 (#24678)
• 08c56c8 Factor out the mdtest crate (#24616)
• 725fbb7 [ty] Use partially qualified names when reporting diagnostics regarding bad c...
• ddd6a30 [ty] Do not suggest argument completion when at value of keyword argument (#2...
• 9282e61 Disallow @​disjoint_base on TypedDicts and Protocols (#24671)
• e9986d8 [ty] Reject using properties with Never setters or deleters (#24510)
• 9cf212f [ty] Normalize property setter and deleter wrappers (#24509)
• 12a1589 Add override mention to ASYNC109 docs (#24666)
• dccb03d [ty] Avoid panicking on overloaded Callable type context (#24661)
• 61f9a0a [ty] Sync vendored typeshed stubs (#24646)
• Additional commits viewable in compare view

Updates mypy from 1.19.1 to 1.20.2

Changelog

Sourced from mypy's changelog.

Mypy 1.20.2

• Use WAL with SQLite cache and fix close (Shantanu, PR 21154)
• Adjust SQLite journal mode (Ivan Levkivskyi, PR 21217)
• Correctly aggregate narrowing information on parent expressions (Shantanu, PR 21206)
• Fix regression related to generic callables (Shantanu, PR 21208)
• Fix regression by avoiding widening types in some contexts (Shantanu, PR 21242)
• Fix slicing in non-strict optional mode (Shantanu, PR 21282)
• mypyc: Fix match statement semantics for "or" pattern (Shantanu, PR 21156)
• mypyc: Fix issue with module dunder attributes (Piotr Sawicki, PR 21275)
• Initial support for Python 3.15.0a8 (Marc Mueller, PR 21255)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

• A5rocks
• Aaron Wieczorek
• Adam Turner
• Ali Hamdan
• asce
• BobTheBuidler
• Brent Westbrook
• Brian Schubert
• bzoracler
• Chris Burroughs
• Christoph Tyralla
• Colin Watson
• Donghoon Nam
• E. M. Bray
• Emma Smith
• Ethan Sarp
• George Ogden
• getzze
• grayjk
• Gregor Riepl
• Ivan Levkivskyi
• James Hilliard
• James Le Cuirot
• Jeremy Nimmer
• Joren Hammudoglu
• Kai (Kazuya Ito)
• kaushal trivedi
• Kevin Kannammalil
• Lukas Geiger
• Łukasz Langa
• Marc Mueller
• Michael R. Crusoe
• michaelm-openai
• Neil Schemenauer
• Piotr Sawicki

... (truncated)

Commits

• 145a062 Bump version to 1.20.2
• 81cd492 Fix slicing with nonstrict optional (#21282)
• 908d344 [mypyc] Set dunder attrs when adding module to sys.modules (#21275)
• ba28610 Initial support for Python 3.15.0a8 (#21255)
• 7b0e09f Fix match statement semantics for "or" pattern (#21156)
• 92b74f2 Avoid widening types in conditional_types (#21242)
• 0dcbfaa Fix is_overlapping_types for generic callables (#21208)
• 210f518 Correctly aggregate narrowing information on parent expressions (#21206)
• c34530e Only set journal mode in coordinator (#21217)
• 79a3ec6 Use WAL with SQLite cache, fix close (#21154)
• Additional commits viewable in compare view

Updates sentence-transformers from 5.3.0 to 5.4.1

Release notes

Sourced from sentence-transformers's releases.

v5.4.1 - Numpy string arrays

This patch release allows encode() and predict() to accept 1D numpy string arrays as inputs.

Install this version with

# Training + Inference
pip install sentence-transformers[train]==5.4.1
Inference only, use one of:
pip install sentence-transformers==5.4.1
pip install sentence-transformers[onnx-gpu]==5.4.1
pip install sentence-transformers[onnx]==5.4.1
pip install sentence-transformers[openvino]==5.4.1
Multimodal dependencies (optional):
pip install sentence-transformers[image]==5.4.1
pip install sentence-transformers[audio]==5.4.1
pip install sentence-transformers[video]==5.4.1
Or combine as needed:
pip install sentence-transformers[train,onnx,image]==5.4.1

Numpy string/object arrays as batches (#3720)

encode() and predict() now correctly recognize 1D numpy string/object arrays as batches rather than singular inputs. Previously, something like model.encode(df["text"].to_numpy()) was silently treated as a single input and produced incorrect output. 1D numpy arrays with dtype.kind in ("U", "O") are now unpacked like lists, and 2D+ arrays are treated as batches of pairs (for CrossEncoder).

import numpy as np
from sentence_transformers import SentenceTransformer
model = SentenceTransformer("all-MiniLM-L6-v2")
Previously treated as one input; now correctly encoded as 3 separate texts
embeddings = model.encode(np.array(["first", "second", "third"]))
print(embeddings.shape)
(3, 384)

For CrossEncoder, a 1D numpy string array is still treated as a single [query, document] pair to match the existing list behavior, while a 2D array of shape (N, 2) is a batch of N pairs.

Safer activation function loading in Dense (#3714)

The Dense module stores its activation function as a dotted import path in its saved config (e.g. "torch.nn.modules.activation.Tanh"), which was then resolved via import_from_string whenever the module was loaded. Because any importable Python callable could be referenced, a maliciously crafted config.json on the Hub could trigger arbitrary imports at model load time.

The loader now only resolves activation functions whose import path starts with torch.. Anything else is skipped with a warning and replaced by the default activation (Tanh). To load a model with a custom (non-torch) activation function, opt in explicitly with trust_remote_code=True:

from sentence_transformers import SentenceTransformer
</tr></table>

... (truncated)

Commits

• 6dc2cb5 Release v5.4.1
• a6a371c Merge branch 'main' into v5.4-release
• c500af5 [fix] Treat numpy string/object arrays as batches in encode/predict (#3720)
• 25f0694 Only load activation functions starting with 'torch' in the Dense module (#3714)
• 9140444 Replace evaluation_strategy with eval_strategy in a few more places (#3713)
• cec9077 No revision needed anymore for nvidia nemotron (#3712)
• 5035ccd No revision needed anymore for nvidia nemotron (#3712)
• abca5aa Increment dev version after v5.4 release (#3711)
• d36232b [tests] Fix test_trainer_prompts for SE and ST after prompt handling moved ...
• fe93612 Merge branch 'main' into v5.4-release
• Additional commits viewable in compare view

Updates langchain-cohere from 0.5.0 to 0.5.1

Release notes

Sourced from langchain-cohere's releases.

libs/cohere/v0.5.1

What's Changed

• style: refs pass by @​mdrxy in langchain-ai/langchain-cohere#159
• fix: resolve griffe warnings in docstrings by @​mdrxy in langchain-ai/langchain-cohere#162
• Fix: Add id to toolcalls in tests by @​jasonozuzu-cohere in langchain-ai/langchain-cohere#163
• fix: patch 20 Dependabot security alerts (critical → low) by @​jkennedyvz in langchain-ai/langchain-cohere#166
• ci: add least-privilege permissions to all workflow files by @​jkennedyvz in langchain-ai/langchain-cohere#167
• release(cohere): 0.5.1 by @​ccurme in langchain-ai/langchain-cohere#168
• fix: grant contents:read to test-release workflow call by @​jkennedyvz in langchain-ai/langchain-cohere#169
• chore(deps): bump the pip group across 1 directory with 2 updates by @​dependabot[bot] in langchain-ai/langchain-cohere#170
• fix: patch 4 security alerts (urllib3 high+medium) by @​jkennedyvz in langchain-ai/langchain-cohere#171
• Remove CODEOWNERS by @​steven-connors-cohere in langchain-ai/langchain-cohere#172
• Add support for Command A Reasoning by @​steven-connors-cohere in langchain-ai/langchain-cohere#174
• chore(deps-dev): bump langgraph from 1.0.9 to 1.0.10rc1 in /libs/cohere in the pip group across 1 directory by @​dependabot[bot] in langchain-ai/langchain-cohere#175
• chore(deps): bump the pip group across 1 directory with 2 updates by @​dependabot[bot] in langchain-ai/langchain-cohere#176
• chore(deps): bump langchain-core from 1.2.16 to 1.2.22 in /libs/cohere in the pip group across 1 directory by @​dependabot[bot] in langchain-ai/langchain-cohere#177
• chore(deps): bump aiohttp from 3.13.3 to 3.13.4 in /libs/cohere in the pip group across 1 directory by @​dependabot[bot] in langchain-ai/langchain-cohere#178
• Update tests to use command A. Fix failing int test after dependency upgrade. by @​steven-connors-cohere in langchain-ai/langchain-cohere#181

New Contributors

• @​jkennedyvz made their first contribution in langchain-ai/langchain-cohere#166
• @​steven-connors-cohere made their first contribution in langchain-ai/langchain-cohere#172

Full Changelog: langchain-ai/langchain-cohere@libs/cohere/v0.5.0...libs/cohere/v0.5.1

Commits

• 7263e52 Update tests to use command A. Fix failing int test after dependency upgrade....
• 24cfdae chore(deps): bump aiohttp from 3.13.3 to 3.13.4 in /libs/cohere in the pip gr...
• 4e55ded chore(deps): bump langchain-core from 1.2.16 to 1.2.22 in /libs/cohere in the...
• 1316b49 chore(deps): bump the pip group across 1 directory with 2 updates (#176)
• f708771 chore(deps-dev): bump langgraph from 1.0.9 to 1.0.10rc1 in /libs/cohere in th...
• 9d0d394 Add support for Command A Reasoning (#174)
• c4c0e20 Remove CODEOWNERS (#172)
• 0fa8630 fix: patch 4 security alerts (urllib3 high+medium) (#171)
• cfc1c7f chore(deps): bump the pip group across 1 directory with 2 updates (#170)
• 3a99e42 fix: grant contents:read to test-release workflow call (#169)
• Additional commits viewable in compare view

Updates langchain-openai from 1.1.12 to 1.1.16

Release notes

Sourced from langchain-openai's releases.

langchain-openai==1.1.16

Changes since langchain-openai==1.1.15

release(openai): 1.1.16 (#36927) fix(openai): tolerate prompt_cache_retention drift in streaming (#36925)

langchain-openai==1.1.15

Changes since langchain-openai==1.1.14

release(openai): 1.1.15 (#36901) fix(openai): accommodate dict response items in streaming (#36899) fix(openai): infer azure chat profiles from model name (#36858) chore(model-profiles): refresh model profile data (#36864)

langchain-openai==1.1.14

Changes since langchain-openai==1.1.13

release(openai): 1.1.14 (#36820) fix(openai): use SSRF-safe transport for image token counting (#36819) chore(deps): bump pytest to 9.0.3 (#36801) chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/partners/openai (

[saschagobel]

Closing this PR without merging.

The dependency versions resolved in uv.lock are fine, but this PR also raises lower bounds in pyproject.toml even where the existing constraints already allow the new versions. For a library package, those lower bounds are part of our downstream compatibility contract, so we should not bump them as routine dependency maintenance.

This appears to match an open Dependabot uv issue: dependabot/dependabot-core#14908

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml