chore(deps-dev): bump the langchain group across 1 directory with 2 updates

[dependabot]

Bumps the langchain group with 2 updates in the / directory: langchain-openai and langchain.

Updates langchain-openai from 0.3.34 to 1.3.0

Release notes

Sourced from langchain-openai's releases.

langchain-openai==1.3.0

Changes since langchain-openai==1.2.2

hotfix(openai): min core dep (#37990) release(openai): 1.3.0 (#37989) feat(openai): support apply_patch built-in tool (#37157) chore(model-profiles): refresh model profile data (#37973) test(langchain,partners): disable pytest-benchmark under xdist to silence PytestBenchmarkWarning (#37901) chore(model-profiles): refresh model profile data (#37895)

langchain-openai==1.2.2

Changes since langchain-openai==1.2.1

release(openai): 1.2.2 (#37617) chore(infra): bump langchain-tests floor to 1.1.9 (#37610) test(openai): unbreak audio chat and Azure embedding integration tests (#37589) fix(openai): guard httpx finalizers (#37570) chore: bump langsmith from 0.8.4 to 0.8.5 in /libs/partners/openai (#37549) chore: bump idna from 3.11 to 3.15 in /libs/partners/openai (#37548) ci(infra): harden Dependabot version-bound preservation (#37510) test(standard-tests): assert ls_model_name honors per-call model override (#37504) fix(openai): source LLM context size from model profiles (#37489) chore(core,langchain,openai): refresh stale OpenAI model references (#37487) fix(openai): broaden condition for ContextOverflowError to accommodate other providers (#37457) docs(openai): document base_url env var fallback chain (#37436) chore: bump langsmith from 0.8.0 to 0.8.4 in /libs/partners/openai (#37416) chore: bump langsmith from 0.7.31 to 0.8.0 in /libs/partners/openai (#37398) chore(infra): merge v1.4 into master (#37350) chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/openai (#37330) chore: bump langchain-core from 1.3.2 to 1.3.3 in /libs/partners/openai (#37266) chore(docs): update x handle references (#37081) chore(model-profiles): refresh model profile data (#37074) chore(docs): update comment for chatopenai (#37034) chore(model-profiles): refresh model profile data (#37015)

langchain-openai==1.2.1

Changes since langchain-openai==1.2.0

hotfix: bump min core versions (#36996) release(openai): 1.2.1 (#36995) fix(openai): add gpt-5.5 pro to Responses API check (#36994) feat(core): add content-block-centric streaming (v2) (#36834) chore(model-profiles): refresh model profile data (#36982)

langchain-openai==1.2.0

Changes since langchain-openai==1.1.16

release(openai): 1.2.0 (#36961) feat(openai): prevent silent streaming hangs in ChatOpenAI (#36949) hotfix(ci): remove nobenchmark flag (#36959)

... (truncated)

Commits

• c0103c3 hotfix(openai): min core dep (#37990)
• c15cfe2 release(core): 1.4.3 (#37991)
• c7d01d5 release(openai): 1.3.0 (#37989)
• 0f45b2c feat(openai): support apply_patch built-in tool (#37157)
• 7e9c916 chore(model-profiles): refresh model profile data (#37973)
• e096992 release(core): 1.4.2 (#37968)
• 74c2374 feat(core): deprecate problematic dict() method (#31685)
• f9f1152 fix(standard-tests): serialize BytesIO bodies in VCR cassettes (#37963)
• 4bd3b6a chore(model-profiles): refresh model profile data (#37958)
• 8fed1dd chore: bump pyarrow from 21.0.0 to 23.0.1 in /libs/langchain_v1 (#37930)
• Additional commits viewable in compare view

Updates langchain from 1.2.13 to 1.3.6

Release notes

Sourced from langchain's releases.

langchain==1.3.6

Changes since langchain==1.3.5

release(langchain): 1.3.6 (#38001) fix(langchain): preserve summarization trigger compatibility (#38000)

langchain==1.3.5

Changes since langchain==1.3.4

release(langchain): 1.3.5 (#37998) feat(langchain): port AND-capable trigger conditions to SummarizationMiddleware (#34576) hotfix(openai): min core dep (#37990) feat(openai): support apply_patch built-in tool (#37157) chore: bump pyarrow from 21.0.0 to 23.0.1 in /libs/langchain_v1 (#37930) chore: bump dependencies (#37892) chore: bump aiohttp from 3.13.4 to 3.14.0 in /libs/langchain_v1 (#37888)

langchain==1.3.4

Changes since langchain==1.3.3

release(langchain): 1.3.4 (#37861) fix(langchain): improve HITL rejection guidance (#37859)

langchain-core==1.3.3

Changes since langchain-core==1.3.2

release(core): 1.3.3 (#37198) fix(core): set deprecation since to 1.3.3 to match release (#37200) fix(core, langchain): harden load() against untrusted manifests (#37197) chore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (#37109) chore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (#37129) fix(core): preserve structured inputs on tool runs in tracers (#37108) release(perplexity): 1.2.0 (#37091) chore(docs): update x handle references (#37081) fix(core): make removal optional in warn_deprecated (#37056) fix(core): validate batch_size in _batch and _abatch to prevent infinite loop (#36663) chore(core): mark stream_v2/astream_v2 as beta (#36992)

langchain==1.3.3

Changes since langchain==1.3.2

release(langchain): 1.3.3 (#37843) chore(langchain): bump langgraph to 1.2.4 (#37857) chore(langchain): loosen langgraph dep range (#37855) feat(langchain): project subagent runs onto typed run.subagents channel (#37739) feat(langchain): add interrupt_mode and when predicate to HumanInTheLoopMiddleware (#37579)

langchain-core==1.3.2

Changes since langchain-core==1.3.1

... (truncated)

Commits

• e16386d release(langchain): 1.3.6 (#38001)
• 8c5b36c fix(langchain): preserve summarization trigger compatibility (#38000)
• 90b2f94 release(langchain): 1.3.5 (#37998)
• 05fe082 feat(langchain): port AND-capable trigger conditions to `SummarizationMiddlew...
• ac18ef5 docs(core): document multimodal handling in get_buffer_string (#37994)
• 53f2ad1 release(perplexity): 1.4.0 (#37993)
• de95025 feat(perplexity): bind_tools and Responses-API tool round-trip (#37934)
• fac194b ci(infra): restore release validation coverage (#37992)
• c0103c3 hotfix(openai): min core dep (#37990)
• c15cfe2 release(core): 1.4.3 (#37991)
• Additional commits viewable in compare view

[claude]

The langchain-openai bump spans a major version boundary (0.3.34 → 1.1.12), which may introduce breaking API changes in the test suite — worth a human check that CI passes.

Extended reasoning...

Overview

This is a dependabot PR updating two dev-only dependencies in pyproject.toml and uv.lock: langchain-openai (0.3.34 → 1.1.12) and langchain (1.2.13 → 1.2.15). Incidentally, langgraph (1.1.3 → 1.1.5) and langgraph-prebuilt (1.0.8 → 1.0.9) are also bumped as transitive resolution changes. All changes are to the [dependency-groups] dev section — none affect the published package.

Security Risks

No security risks from the version bumps themselves. The langchain 1.2.14 release includes a pygments CVE fix (CVE-2026-4539), which is a minor positive. No auth, crypto, or data-exposure surface in these changes.

Level of Scrutiny

The langchain-openai jump from 0.3.34 to 1.1.12 crosses a major version boundary and skips many minor versions, meaning the upstream library may have introduced API breaking changes. Even though it is a dev dependency, the test suite relies on it and tests could silently pass or fail depending on API compatibility. The constraint in pyproject.toml was widened from <0.4 to <1.2 to accommodate this, which is a deliberate widening. A human should confirm CI is green before merging.

Other Factors

No bugs were found by the automated bug hunting system. The langchain and langgraph bumps are minor patch-level and low risk. The lock file hash updates are consistent with the version changes. The main concern is solely the magnitude of the langchain-openai version jump.