chore(deps-dev): bump the langchain group across 1 directory with 2 updates

[dependabot]

Bumps the langchain group with 2 updates in the / directory: langchain-openai and langchain.

Updates langchain-openai from 0.3.34 to 1.2.2

Release notes

Sourced from langchain-openai's releases.

langchain-openai==1.2.2

Changes since langchain-openai==1.2.1

release(openai): 1.2.2 (#37617) chore(infra): bump langchain-tests floor to 1.1.9 (#37610) test(openai): unbreak audio chat and Azure embedding integration tests (#37589) fix(openai): guard httpx finalizers (#37570) chore: bump langsmith from 0.8.4 to 0.8.5 in /libs/partners/openai (#37549) chore: bump idna from 3.11 to 3.15 in /libs/partners/openai (#37548) ci(infra): harden Dependabot version-bound preservation (#37510) test(standard-tests): assert ls_model_name honors per-call model override (#37504) fix(openai): source LLM context size from model profiles (#37489) chore(core,langchain,openai): refresh stale OpenAI model references (#37487) fix(openai): broaden condition for ContextOverflowError to accommodate other providers (#37457) docs(openai): document base_url env var fallback chain (#37436) chore: bump langsmith from 0.8.0 to 0.8.4 in /libs/partners/openai (#37416) chore: bump langsmith from 0.7.31 to 0.8.0 in /libs/partners/openai (#37398) chore(infra): merge v1.4 into master (#37350) chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/openai (#37330) chore: bump langchain-core from 1.3.2 to 1.3.3 in /libs/partners/openai (#37266) chore(docs): update x handle references (#37081) chore(model-profiles): refresh model profile data (#37074) chore(docs): update comment for chatopenai (#37034) chore(model-profiles): refresh model profile data (#37015)

langchain-openai==1.2.1

Changes since langchain-openai==1.2.0

hotfix: bump min core versions (#36996) release(openai): 1.2.1 (#36995) fix(openai): add gpt-5.5 pro to Responses API check (#36994) feat(core): add content-block-centric streaming (v2) (#36834) chore(model-profiles): refresh model profile data (#36982)

langchain-openai==1.2.0

Changes since langchain-openai==1.1.16

release(openai): 1.2.0 (#36961) feat(openai): prevent silent streaming hangs in ChatOpenAI (#36949) hotfix(ci): remove nobenchmark flag (#36959) chore(partners): standardize integration test invocation (#36958)

langchain-openai==1.1.16

Changes since langchain-openai==1.1.15

release(openai): 1.1.16 (#36927) fix(openai): tolerate prompt_cache_retention drift in streaming (#36925)

langchain-openai==1.1.15

Changes since langchain-openai==1.1.14

... (truncated)

Commits

• a1e2daf release(openai): 1.2.2 (#37617)
• 9e21348 fix(openai): guard httpx finalizers against uninitialized instances (#37568)
• 74cecb4 ci(infra): expand integration tests dispatch dropdown to external partners (#...
• 269d628 fix(standard-tests): recognize parametrize-nested xfails in override check (#...
• 23d369e test(xai): tolerate extra block types in web search and xfail v1 streaming to...
• aef86c4 chore(infra): bump langchain-tests floor to 1.1.9 (#37610)
• ebc1880 release(standard-tests): 1.1.9 (#37609)
• 22575ad test(standard-tests): allow extra content blocks in streaming assertions (#37...
• 1aa4496 feat(langchain): register stream transformers on middleware (#37591)
• d2931d8 release(fireworks): 1.4.1 (#37603)
• Additional commits viewable in compare view

Updates langchain from 1.2.13 to 1.3.2

Release notes

Sourced from langchain's releases.

langchain-core==1.3.2

Changes since langchain-core==1.3.1

release(core): 1.3.2 (#36990) feat(core): add content-block-centric streaming (v2) (#36834)

langchain==1.3.2

Changes since langchain==1.3.1

chore(langchain): bump to 1.3.2, require langgraph>=1.2.2 (#37703) fix(langchain): land final answer in last AIMessage for TodoListMiddleware (#37643) feat(langchain): redact streamed PII in flight on PIIMiddleware (#37616) chore(infra): bump langchain-tests floor to 1.1.9 (#37610) release(standard-tests): 1.1.9 (#37609) feat(langchain): register stream transformers on middleware (#37591) chore: bump idna from 3.11 to 3.15 in /libs/langchain_v1 (#37534) ci(infra): harden Dependabot version-bound preservation (#37510) refactor(langchain): clean redundancy ifelse. (#37448) hotfix: bump lockfiles (#37508) chore(core,langchain,openai): refresh stale OpenAI model references (#37487) fix(langchain): sort glob_search results by mtime (newest first) (#37462) chore: bump langsmith from 0.7.31 to 0.8.0 in /libs/langchain_v1 (#37391)

langchain-core==1.3.1

Changes since langchain-core==1.3.0

release(core): 1.3.1 (#36972) feat(core): allow _format_output to pass through list of ToolOutputMixin instances (#36963) chore: bump nbconvert from 7.17.0 to 7.17.1 in /libs/core (#36923) feat(core): Update inheritance behavior for tracer metadata for special keys (#36900) chore: bump langsmith from 0.7.13 to 0.7.31 in /libs/core (#36813)

langchain-fireworks==1.3.1

Changes since langchain-fireworks==1.3.0

fix(fireworks): require api_key in FireworksEmbeddings (#37193) release(fireworks): 1.3.1 (#37189) fix(fireworks): strip non-wire keys from ToolMessage text content blocks (#37187)

langchain==1.3.1

Changes since langchain==1.3.0

release(langchain): 1.3.1 (#37454) fix(langchain): alias Bedrock providers in summarization token check (#37453)

langchain-perplexity==1.3.1

Changes since langchain-perplexity==1.3.0

release(perplexity): 1.3.1 (#37720) chore(perplexity): bump perplexityai to 0.34.1 (#37710)

... (truncated)

Commits

• 7bb4130 chore(langchain): bump to 1.3.2, require langgraph>=1.2.2 (#37703)
• d9b8dd5 fix(langchain): land final answer in last AIMessage for TodoListMiddleware ...
• 95c6a8a chore(core): bump uuid-utils to 0.16.0 (#37699)
• c7858c4 test(anthropic): retry integration tests on transient failures (#37697)
• 53a5ac3 chore(model-profiles): refresh model profile data (#37694)
• 69d9e95 chore(model-profiles): refresh model profile data (#37650)
• 33875fd ci(infra): serialize integration test shards across runs (#37648)
• 2638f75 feat(standard-tests): forward LangSmith CI env vars to traces (#37645)
• bdd7f71 ci(infra): trace scheduled integration tests (#37615)
• 11cdce9 ci(infra): add middleware evals workflow for workflow_dispatch discovery (#...
• Additional commits viewable in compare view

[claude]

The langchain-openai bump spans a major version boundary (0.3.34 → 1.1.12), which may introduce breaking API changes in the test suite — worth a human check that CI passes.

Extended reasoning...

Overview

This is a dependabot PR updating two dev-only dependencies in pyproject.toml and uv.lock: langchain-openai (0.3.34 → 1.1.12) and langchain (1.2.13 → 1.2.15). Incidentally, langgraph (1.1.3 → 1.1.5) and langgraph-prebuilt (1.0.8 → 1.0.9) are also bumped as transitive resolution changes. All changes are to the [dependency-groups] dev section — none affect the published package.

Security Risks

No security risks from the version bumps themselves. The langchain 1.2.14 release includes a pygments CVE fix (CVE-2026-4539), which is a minor positive. No auth, crypto, or data-exposure surface in these changes.

Level of Scrutiny

The langchain-openai jump from 0.3.34 to 1.1.12 crosses a major version boundary and skips many minor versions, meaning the upstream library may have introduced API breaking changes. Even though it is a dev dependency, the test suite relies on it and tests could silently pass or fail depending on API compatibility. The constraint in pyproject.toml was widened from <0.4 to <1.2 to accommodate this, which is a deliberate widening. A human should confirm CI is green before merging.

Other Factors

No bugs were found by the automated bug hunting system. The langchain and langgraph bumps are minor patch-level and low risk. The lock file hash updates are consistent with the version changes. The main concern is solely the magnitude of the langchain-openai version jump.