Skip to content

build(deps): bump the pip group across 1 directory with 2 updates#6259

Merged
liuruibin merged 1 commit into
v2from
dependabot/pip/pip-13f9d31fc3
Jun 22, 2026
Merged

build(deps): bump the pip group across 1 directory with 2 updates#6259
liuruibin merged 1 commit into
v2from
dependabot/pip/pip-13f9d31fc3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor

Bumps the pip group with 2 updates in the / directory: langchain and pypdf.

Updates langchain from 1.2.18 to 1.3.10

Release notes

Sourced from langchain's releases.

langchain==1.3.10

Changes since langchain==1.3.9

release(langchain): 1.3.10 (#38255) chore: bump cryptography from 46.0.7 to 48.0.1 in /libs/langchain_v1 (#38176) chore: bump aiohttp from 3.14.0 to 3.14.1 in /libs/langchain_v1 (#38179) fix(langchain): switch summary format (#38171) fix(langchain): detect provider strategy for dated gpt-5.2/gpt-5.4 snapshots (#38222) chore(langchain): improve typing in tests (#38163) chore: bump pyjwt from 2.12.0 to 2.13.0 in /libs/langchain_v1 (#38168) release(openai): 1.3.2 (#38130) hotfix(openai): switch version (#38123) release(openai): 1.4.0 (#38120) docs: refresh README installation and resources (#38119) test(core,langchain): update tests for explicit deserialization allowlists (#38118) release(core): 1.4.7 (#38111) release(anthropic): 1.4.6 (#38105)

langchain==1.3.9

Changes since langchain==1.3.8

release(anthropic): 1.4.6 (#38105) release(langchain): 1.3.9 (#38104) fix(langchain,anthropic): confine file-search results and tighten anthropic allowed_prefixes (#38106)

langchain==1.3.8

Changes since langchain==1.3.7

release(langchain): 1.3.8 (#38096) style(core,langchain,langchain-classic,partners): replace double backticks in docstrings (#38095) release(core): 1.4.6 (#38061) chore(langchain): add overloads to create_agent (#34309) chore(infra): bump mypy to 2.1 and unify type-check config across the monorepo (#36470) fix(langchain): support async middleware decorator typing (#34584) fix(langchain): tighten structured output model fallbacks (#38042) release(anthropic): 1.4.5 (#38036) hotfix(core): bump lockfile(s) (#38032) refactor(langchain): refactor test_create_agent_tool_validation (#34443)

langchain==1.3.7

Changes since langchain==1.3.6

release(langchain): 1.3.7 (#38024) style(langchain): add ruff rules ARG (#34435) feat(langchain): add ProviderToolSearchMiddleware (#37969) chore(langchain): activate mypy warn_return_any (#34249) test(langchain): mark legacy trigger view for 2.0 removal (#38002)

langchain==1.3.6

Changes since langchain==1.3.5

... (truncated)

Commits
  • a807a9c release(langchain): 1.3.10 (#38255)
  • 15b0a49 chore: bump jupyter-server from 2.18.0 to 2.20.0 in /libs/core (#38252)
  • 612139f chore: bump tornado from 6.5.6 to 6.5.7 in /libs/text-splitters (#38175)
  • 921e370 chore: bump cryptography from 46.0.7 to 48.0.1 in /libs/langchain_v1 (#38176)
  • 1aabc26 chore: bump aiohttp from 3.14.0 to 3.14.1 in /libs/langchain_v1 (#38179)
  • 8d51355 chore: bump aiohttp from 3.14.0 to 3.14.1 in /libs/langchain (#38180)
  • 0b1b7bb chore: bump cryptography from 46.0.7 to 48.0.1 in /libs/langchain (#38181)
  • dfd0627 chore: bump starlette from 1.0.1 to 1.3.1 in /libs/langchain (#38182)
  • 0269392 chore: bump tornado from 6.5.6 to 6.5.7 in /libs/langchain (#38183)
  • 24d0b37 chore: bump tornado from 6.5.6 to 6.5.7 in /libs/core (#38184)
  • Additional commits viewable in compare view

Updates pypdf from 6.12.0 to 6.13.3

Release notes

Sourced from pypdf's releases.

Version 6.13.3, 2026-06-17

What's new

Security (SEC)

Performance Improvements (PI)

Robustness (ROB)

Maintenance (MAINT)

Full Changelog

Version 6.13.2, 2026-06-10

What's new

Security (SEC)

Robustness (ROB)

Full Changelog

Version 6.13.1, 2026-06-08

What's new

Security (SEC)

Full Changelog

Version 6.13.0, 2026-06-05

What's new

Security (SEC)

New Features (ENH)

Robustness (ROB)

... (truncated)

Changelog

Sourced from pypdf's changelog.

Version 6.13.3, 2026-06-17

Security (SEC)

  • Apply MAX_DECLARED_STREAM_LENGTH to streams without length as well (#3871)

Performance Improvements (PI)

  • Avoid per-pixel getpixel loop for 1-bit indexed images (#3854)

Robustness (ROB)

  • Several fixes

Maintenance (MAINT)

  • Make mypy assert messages consistent (#3849)

Full Changelog

Version 6.13.2, 2026-06-10

Security (SEC)

  • Detect multi-hop cyclic /Pages trees in _flatten to prevent SIGSEGV (#3847)

Robustness (ROB)

  • Fix UnboundLocalError in _read_standard_xref_table on a malformed entry (#3841)
  • Raise PdfStreamError on non-hexadecimal bytes in hex readers (#3832)

Full Changelog

Version 6.13.1, 2026-06-08

Security (SEC)

  • Prevent infinite loops when processing threads/articles (#3839)

Full Changelog

Version 6.13.0, 2026-06-05

Security (SEC)

  • Avoid infinite loops for outlines and text extraction (#3830)

New Features (ENH)

  • Add Japanese predefined CMaps (#3800)
  • Font: Collect all character widths, not only those that can be unicode mapped (#3798)

Robustness (ROB)

  • Recover a corrupt trailing startxref pointer (closes #3238) (#3826)
  • Handle /Pages node without /Kids during flattening (#3825)
  • Accept inline image EI marker at the end of a content stream (#3827)

Maintenance (MAINT)

  • Type the always-raising deprecation helpers as NoReturn (#3819)

... (truncated)

Commits
  • 9aa05e7 REL: 6.13.3
  • bbd083d SEC: Apply MAX_DECLARED_STREAM_LENGTH to streams without length as well (#3871)
  • d5cd266 ROB: Guard text operators against missing operands in extract_text (#3861)
  • 82f1f90 ROB: Tolerate malformed /Limits in index2label (#3858)
  • 0276a6f PI: Avoid per-pixel getpixel loop for 1-bit indexed images (#3854)
  • 41a9c3c MAINT: Make mypy assert messages consistent (#3849)
  • d1bba60 MAINT: Increase readability of PdfDocCommon (#3834)
  • 53b6fbc DEV: Bump codecov/codecov-action from 6.0.1 to 7.0.0 (#3859)
  • e07c223 MAINT: Enforce G004 (no f-strings in logging) (#3845)
  • 5270f76 ROB: Guard zero unitsPerEm in from_truetype_font_file (#3846)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump the pip group across 1 directory with 2 updates
97dcc3a 
Bumps the pip group with 2 updates in the / directory: [langchain](https://github.com/langchain-ai/langchain) and [pypdf](https://github.com/py-pdf/pypdf).


Updates `langchain` from 1.2.18 to 1.3.10
- [Release notes](https://github.com/langchain-ai/langchain/releases)
- [Commits](langchain-ai/langchain@langchain==1.2.18...langchain==1.3.10)

Updates `pypdf` from 6.12.0 to 6.13.3
- [Release notes](https://github.com/py-pdf/pypdf/releases)
- [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md)
- [Commits](py-pdf/pypdf@6.12.0...6.13.3)

---
updated-dependencies:
- dependency-name: langchain
  dependency-version: 1.3.10
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pypdf
  dependency-version: 6.13.3
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 22, 2026
@liuruibin liuruibin merged commit b0343ae into v2 Jun 22, 2026
1 of 3 checks passed
@liuruibin liuruibin deleted the dependabot/pip/pip-13f9d31fc3 branch June 22, 2026 02:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@liuruibin