Bump the python-dependencies group across 1 directory with 31 updates

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps the python-dependencies group with 31 updates in the / directory:

Package	From	To
boto3	1.43.3	1.43.10
botocore	1.43.3	1.43.10
cbor2	6.0.1	6.1.1
coverage	7.13.5	7.14.0
cryptography	47.0.0	48.0.0
django-import-export	4.4.0	4.4.1
django-stubs-ext	6.0.3	6.0.4
django-stubs	6.0.3	6.0.4
django-unfold	0.92.0	0.94.0
gunicorn	25.3.0	26.0.0
langchain-core	1.3.3	1.4.0
langgraph-checkpoint	4.0.3	4.1.0
langgraph-prebuilt	1.0.13	1.1.0
langgraph-sdk	0.3.13	0.3.14
langgraph	1.1.10	1.2.0
langsmith	0.8.0	0.8.5
librt	0.9.0	0.11.0
mypy	1.20.2	2.1.0
pyopenssl	26.1.0	26.2.0
qdrant-client	1.17.1	1.18.0
ruff	0.15.12	0.15.13
sentence-transformers	5.4.1	5.5.0
svix	1.92.2	1.93.0
twisted	25.5.0	26.4.0
types-deprecated	1.3.1.20260408	1.3.1.20260508
types-python-dateutil	2.9.0.20260408	2.9.0.20260518
types-pyyaml	6.0.12.20260408	6.0.12.20260518
types-requests	2.33.0.20260503	2.33.0.20260518
ujson	5.12.0	5.12.1
uuid-utils	0.14.1	0.15.0
black	26.3.1	26.5.1

Updates boto3 from 1.43.3 to 1.43.10

Commits

• d8c26e0 Merge branch 'release-1.43.10'
• 413e36a Bumping version to 1.43.10
• 401448d Add changelog entries from botocore
• 6d47260 Merge branch 'release-1.43.9'
• df96d6d Merge branch 'release-1.43.9' into develop
• 7fb9872 Bumping version to 1.43.9
• 1881c7f Add changelog entries from botocore
• 7a82579 Merge branch 'release-1.43.8'
• 9ff48ec Merge branch 'release-1.43.8' into develop
• 06a1d63 Bumping version to 1.43.8
• Additional commits viewable in compare view

Updates botocore from 1.43.3 to 1.43.10

Commits

• faaa928 Merge branch 'release-1.43.10'
• e9c71e1 Bumping version to 1.43.10
• 7fcec45 Update endpoints model
• 57b1164 Update to latest models
• 994b6d7 Merge branch 'release-1.43.9'
• 855395b Merge branch 'release-1.43.9' into develop
• 386e9cb Bumping version to 1.43.9
• f1997ac Update endpoints model
• 964083c Update to latest models
• fc709c3 Update resource leak test scaling factors and CI Python resolution (#3705)
• Additional commits viewable in compare view

Updates cbor2 from 6.0.1 to 6.1.1

Release notes

Sourced from cbor2's releases.

6.1.1

• Fixed cbor2.load() returning corrupted data for payloads exceeding 4096 bytes (#304)

6.1.0

• Added the allow_duplicate_keys parameter to CBORDecoder, load and loads (default: True). When set to False, a CBORDecodeError is raised upon encountering a duplicate key within the same map. (#283)
• Added support for decoding from any object supporting the buffer API (e.g. memoryview or bytearray) in addition to bytes (#297)
• Fixed compatibility issues with 32-bit systems (#300)

Commits

• 3e7bc53 Bumped up the version
• 985d54c Fixed read() and read_exact() not respecting read_position
• 2bf399c Bumped up the version
• bde5a9f [pre-commit.ci] pre-commit autoupdate (#303)
• d2bbecc Make 32-bit builds when appropriate
• c9b8190 Fixed compatibility with 32-bit systems (#301)
• 348ad10 Fixed cargo pre-commit hooks
• 8aaac16 Fixed two more build issues on 32-bit systems
• 93e391a Fixed build failing on 32-bit systems
• b5d7f8b Broadened decoder support to any type supporting the buffer interface (#298)
• Additional commits viewable in compare view

Updates coverage from 7.13.5 to 7.14.0

Changelog

Sourced from coverage's changelog.

Version 7.14.0 — 2026-05-10

• Feature: now when running one of the reporting commands, if there are parallel data files that need combining, they will be implicitly combined before creating the report. There is no option to avoid the combination; let us know if you have a use case that requires it. Thanks, Tim Hatch <pull 2162_>. Closes issue 1781.

• Fix: the output from combine was too verbose, listing each file considered. Now it shows a single line with the counts of files combined, files skipped, and files with errors. The -q flag suppresses this line. The old detailed lines are available with the new --debug=combine option.

• Fix: running a Python file through a symlink now sets the sys.path correctly, matching regular Python behavior. Fixes issue 2157_.

• Fix: Collector.flush_data could fail with "RuntimeError: Set changed size during iteration" when a tracer in another thread added a line to the per-file set that add_lines (or add_arcs) was iterating. The values passed to CoverageData are now snapshotted via dict.copy() and set.copy(), which are atomic under the GIL. Thanks, Alex Vandiver <pull 2165_>_.

• Fix: the soft keyword lazy is now bolded in HTML reports.

• We are no longer testing eventlet support. Eventlet started issuing stern deprecation warnings that break our tests. Our support code is still there.

.. _issue 1781: coveragepy/coveragepy#1781 .. _issue 2157: coveragepy/coveragepy#2157 .. _pull 2162: coveragepy/coveragepy#2162 .. _pull 2165: coveragepy/coveragepy#2165

.. _changes_7-13-5:

Commits

• 646351b docs: sample HTML for 7.14.0
• 39cd015 docs: prep for 7.14.0
• 649e8aa docs: thanks Alex Vandiver for #2165
• 8cd392e fix: snapshot data in Collector.flush_data to avoid threading race (#2165)
• c48e0ed fix: less output for combining
• c2a3a28 docs: explain the change from #2162
• 1cd47aa fix: implicit combine-during-report now removes the combined data files
• 2d99fd7 feat: automatically combine coverage in report, thanks Tim Hatch (#2162)
• 9fbdcdf fix: lazy soft keywords are bolded
• 5de7d02 build: oops, misplaced quote
• Additional commits viewable in compare view

Updates cryptography from 47.0.0 to 48.0.0

Changelog

Sourced from cryptography's changelog.

48.0.0 - 2026-05-04

* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.
  ``cryptography`` now requires Python 3.9 or later.
* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner
  ``TBSCertList.signature`` algorithm does not match the outer
  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs
  were parsed successfully and only rejected during signature validation.
* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and
  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or
  later, in addition to the existing AWS-LC and BoringSSL support. This means
  post-quantum algorithms are now available to users of our wheels.

Note: Going forward, we do not guarantee that all functionality

in cryptography will be available when building against

OpenSSL. See :doc:/statements/state-of-openssl for more information.

.. _v47-0-0:

Commits

• 8e03e30 bump for 48.0.0 release (#14796)
• 295e0d2 Add AGENTS.md with CLAUDE.md symlink (#14794)
• 104a2de Bump BoringSSL, OpenSSL, AWS-LC in CI (#14793)
• 67ec1e5 call check_length early on AesSiv::encrypt (#14792)
• b2da57a changelog for mldsa/mlkem for openssl (#14791)
• 3cf44ad ML-KEM OpenSSL support (#14781)
• 2e31639 ML-DSA OpenSSL support (#14773)
• 5affe5a fix rust nightly clippy (#14790)
• 2e73ca4 bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (#1...
• 82ebd3b Bump BoringSSL, OpenSSL, AWS-LC in CI (#14785)
• Additional commits viewable in compare view

Updates django-import-export from 4.4.0 to 4.4.1

Release notes

Sourced from django-import-export's releases.

4.4.1

• Changelog

Changelog

Sourced from django-import-export's changelog.

4.4.1 (2026-05-05)

• Refactor lookup value retrieval in Field and CachedForeignKeyWidget (2146 <https://github.com/django-import-export/django-import-export/pull/2146>_)
• Fix IncorrectLookupParameters when exporting from filtered change view (2154 <https://github.com/django-import-export/django-import-export/pull/2154>_)
• Fix console error 'resource select input not found' on export (2158 <https://github.com/django-import-export/django-import-export/pull/2158>_)
• Fix CachedForeignKeyWidget type mismatch on non-string lookup fields (2159 <https://github.com/django-import-export/django-import-export/pull/2159>_)

Commits

• f4cfc4d updated changelog
• See full diff in compare view

Updates django-stubs-ext from 6.0.3 to 6.0.4

Commits

• 928eec4 Version 6.0.4 release (#3375)
• a994204 Update dependency mypy to v2 (#3374)
• ec8107b Update dependency pyrefly to v0.64.0 (#3373)
• 28d997b Remove unused get_field_lookup_exact_type from helpers (#3372)
• d312d60 Update dependency django to v5.2.14 (#3371)
• f20e490 Update Django to 6.0.5 (#3369)
• 6d9d0e2 Resolve default_alias for positional Aggregate in annotate() (#3362)
• 6dd9231 Update int128/hide-comment-action action to v1.58.0 (#3368)
• e270482 Update dependency psycopg to v3.3.4 (#3365)
• cfb0f9a Update dependency pyrefly to v0.63.1 (#3367)
• Additional commits viewable in compare view

Updates django-stubs from 6.0.3 to 6.0.4

Commits

• 928eec4 Version 6.0.4 release (#3375)
• a994204 Update dependency mypy to v2 (#3374)
• ec8107b Update dependency pyrefly to v0.64.0 (#3373)
• 28d997b Remove unused get_field_lookup_exact_type from helpers (#3372)
• d312d60 Update dependency django to v5.2.14 (#3371)
• f20e490 Update Django to 6.0.5 (#3369)
• 6d9d0e2 Resolve default_alias for positional Aggregate in annotate() (#3362)
• 6dd9231 Update int128/hide-comment-action action to v1.58.0 (#3368)
• e270482 Update dependency psycopg to v3.3.4 (#3365)
• cfb0f9a Update dependency pyrefly to v0.63.1 (#3367)
• Additional commits viewable in compare view

Updates django-unfold from 0.92.0 to 0.94.0

Release notes

Sourced from django-unfold's releases.

0.94.0

v0.94.0 (2026-05-18)

This release is published under the MIT License.

Bug Fixes

• Center and prevent repetition of user avatars (#2031, cd689c9)

• Changelist actions positioning (#2034, ffbf5cc)

• Crispy forms formset margin (#2040, e447af2)

Features

• Card component md size (#2041, 6ccf3f9)

• Changelist row action as button (#2036, 2db16da)

• Extra options for actions (#2039, 5ac14b9)

• Resizable sidebar (#2026, 449100e)

---

Detailed Changes: 0.93.0...0.94.0

0.93.0

v0.93.0 (2026-05-11)

This release is published under the MIT License.

Bug Fixes

• Crispy forms hr dark mode (#2025, 3e27e22)

• Disable dataset sorting (#2027, 008d290)

• Django 6.0 readonly password widget (#2013, 0bf41ba)

• Filters custom label (#2021, 2dd5b81)

Features

• Fieldset tabs redesign (#2014, adf9a6a)

• Horizontal filters (#1935, 73273ab)

---

... (truncated)

Changelog

Sourced from django-unfold's changelog.

v0.94.0 (2026-05-18)

Bug Fixes

• Center and prevent repetition of user avatars (#2031, cd689c9)

• Changelist actions positioning (#2034, ffbf5cc)

• Crispy forms formset margin (#2040, e447af2)

Features

• Card component md size (#2041, 6ccf3f9)

• Changelist row action as button (#2036, 2db16da)

• Extra options for actions (#2039, 5ac14b9)

• Resizable sidebar (#2026, 449100e)

v0.93.0 (2026-05-11)

Bug Fixes

• Crispy forms hr dark mode (#2025, 3e27e22)

• Disable dataset sorting (#2027, 008d290)

• Django 6.0 readonly password widget (#2013, 0bf41ba)

• Filters custom label (#2021, 2dd5b81)

Features

• Fieldset tabs redesign (#2014, adf9a6a)

... (truncated)

Commits

• a906465 0.94.0
• 6ccf3f9 feat: card component md size (#2041)
• e447af2 fix: crispy forms formset margin (#2040)
• 5ac14b9 feat: extra options for actions (#2039)
• 1b59060 chore: datasets tests (#2037)
• 2db16da feat: changelist row action as button (#2036)
• ffbf5cc fix: changelist actions positioning (#2034)
• 2d13d5d chore(deps): bump urllib3 from 2.6.3 to 2.7.0 (#2033)
• 449100e feat: resizable sidebar (#2026)
• cd689c9 fix: center and prevent repetition of user avatars (#2031)
• Additional commits viewable in compare view

Updates gunicorn from 25.3.0 to 26.0.0

Release notes

Sourced from gunicorn's releases.

26.0.0

Breaking Changes

• Eventlet worker removed: The eventlet worker class has been dropped. Migrate to gevent, gthread, or tornado.

New Features

• ASGI Framework Compatibility Suite: New end-to-end compatibility test harness covering Starlette, FastAPI, Litestar, Quart, Sanic, and BlackSheep. Current grid passes 438/444 tests (98%).
• ASGI Test Suite Expansion: 134 additional ASGI unit tests covering protocol semantics, lifespan, websockets, and chunked framing.

Security

• HTTP/1.1 Request-Target Validation (RFC 9112 sections 3.2.3, 3.2.4):
  • Reject authority-form request-target outside CONNECT
  • Reject asterisk-form request-target outside OPTIONS
  • Reject relative-reference request-targets
• Header Field Hardening (RFC 9110):
  • Reject control characters in header field-value (section 5.5)
  • Reject forbidden trailer field-names (section 6.5.1)
  • Reject Content-Length list form (RFC 9112 section 6.3)
• Request Smuggling Hardening:
  • Tighten keepalive gate and scope finish_body byte cap
  • Keep _body_receiver alive across the keepalive smuggling gate so pipelined requests cannot re-enter a closed body
  • Address parser/protocol findings from a six-point WSGI/ASGI audit
• PROXY Protocol (ASGI): Enforce proxy_allow_ips and tighten v1/v2 parsing in the ASGI callback parser.
• Connection Draining: Drain the connection on close per RFC 9112 section 9.6 to prevent reset-on-close truncation.

Bug Fixes

• Body Framing on HEAD/204/304:
  • Keep Content-Length on HEAD and 304 responses (#3621)
  • Drop body framing on HEAD/204/304 even when the framework set it
  • Warn once when an ASGI app emits a body for a no-body response
• HTTP/2 ASGI:
  • Fix _handle_stream_ended to set _body_complete in the async HTTP/2 handler so request bodies finalize correctly on stream end
  • Add InvalidChunkExtension mapping and fast-parser support in ASGI tests (#3565)
• HTTP/1.1 100-Continue: Stop adding Transfer-Encoding: chunked to 100-Continue interim responses.
• WebSocket Close Handshake (RFC 6455):
  • Comply with the close handshake state machine
  • Close the transport after the close handshake completes
  • Fix binary send when the text key is None
• Early Hints: Validate headers in the early_hints callback to match process_headers; pass only the header name to InvalidHeader (#3588).
• ASGI Framework Fixes:
  • Fix ASGI disconnect handling for Django-style apps
  • Fix Litestar request handling (use raw ASGI receive for body/headers)
  • Fix Litestar HTTP endpoints for compatibility tests
  • Fix Quart headers endpoint to normalize keys to lowercase
  • Fix Quart WebSocket close test app (missing accept())
  • Fix duplicate Transfer-Encoding header for BlackSheep streaming

... (truncated)

Commits

• 5d819cf release: 26.0.0
• b45c70d Merge pull request #3611 from zc-mattcen/docs-typo
• 99c8d48 Merge pull request #3623 from benoitc/chore/drop-eventlet-add-h2-uvloop-test-...
• 5a655af Merge pull request #3622 from benoitc/test/docker-port-and-ipv4-fixes
• 201df19 chore: remove eventlet worker; add h2 and uvloop to test deps
• f4ac8e1 test: pass action name to dirty client and stabilize after TTOU spam
• 54d38af test: unblock docker fixtures on macOS hosts
• 68843c8 Merge pull request #3621 from benoitc/fix/asgi-preserve-content-length-on-hea...
• 31f2618 Merge pull request #3620 from benoitc/fix/asgi-proxy-protocol-trust-and-parsing
• 41ec752 fix: keep Content-Length on HEAD and 304 responses
• Additional commits viewable in compare view

Updates langchain-core from 1.3.3 to 1.4.0

Release notes

Sourced from langchain-core's releases.

langchain-core==1.4.0

Changes since langchain-core==0.3.86

chore(infra): merge v1.4 into master (#37350) chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/core (#37329) fix(core): avoid eager pydantic.v1 import in @deprecated (#37308) chore: bump mistune from 3.1.4 to 3.2.1 in /libs/core (#37237) chore: bump jupyter-server from 2.17.0 to 2.18.0 in /libs/core (#37204) release(core): 1.3.3 (#37198) fix(core): set deprecation since to 1.3.3 to match release (#37200) fix(core, langchain): harden load() against untrusted manifests (#37197) chore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (#37109) chore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (#37129) fix(core): preserve structured inputs on tool runs in tracers (#37108) release(perplexity): 1.2.0 (#37091) chore(docs): update x handle references (#37081) fix(core): make removal optional in warn_deprecated (#37056) fix(core): validate batch_size in _batch and _abatch to prevent infinite loop (#36663) chore(core): mark stream_v2/astream_v2 as beta (#36992) release(core): 1.3.2 (#36990) feat(core): add content-block-centric streaming (v2) (#36834) release(core): 1.3.1 (#36972) feat(core): allow _format_output to pass through list of ToolOutputMixin instances (#36963) chore: bump nbconvert from 7.17.0 to 7.17.1 in /libs/core (#36923) feat(core): Update inheritance behavior for tracer metadata for special keys (#36900) chore: bump langsmith from 0.7.13 to 0.7.31 in /libs/core (#36813) release(core): release 1.3.0 (#36851) release(core): 1.3.0a3 (#36829) chore(core): keep checkpoint_ns behavior in streaming metadata for backwards compat (#36828) feat(core): Add chat model and LLM invocation params to traceable metadata (#36771) fix(core): restore cloud metadata IPs and link-local range in SSRF policy (#36816) chore(deps): bump pytest to 9.0.3 (#36801) chore(core): harden private SSRF utilities (#36768) fix(openai): handle content blocks without type key in responses api conversion (#36725) chore: bump pytest from 9.0.2 to 9.0.3 in /libs/core (#36719) release(core): 1.3.0.a2 (#36698) fix(core): Use reference counting for storing inherited run trees to support garbage collection (#36660) docs(core): nit (#36685) release(core): 1.3.0a1 (#36656) chore(core): reduce streaming metadata / perf (#36588) release(core): release 1.2.28 (#36614) fix(core): add more sanitization to templates (#36612) release(core): 1.2.27 (#36586) fix(core): handle symlinks in deprecated prompt save path (#36585) chore: add comment explaining pygments>=2.20.0 (#36570) release(core): 1.2.26 (#36511) fix(core): add init validator and serialization mappings for Bedrock models (#34510) feat(core): add ChatBaseten to serializable mapping (#36510) chore(core): drop gpt-3.5-turbo from docstrings (#36497) fix(core): correct parameter names in filter_messages docstring example (#36462)

... (truncated)

Commits

• 70e66a1 chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/openrouter (#37352)
• da380bc chore(infra): merge v1.4 into master (#37350)
• bbd10fe chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/anthropic (#37343)
• 11bbfb7 chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/fireworks (#37339)
• 7fd61d2 chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/mistralai (#37338)
• 5c096bb chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/nomic (#37334)
• ac47d54 chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/chroma (#37333)
• 7e5c570 chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/qdrant (#37332)
• 2086b91 chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/core (#37329)
• 407e33a chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/langchain (#37327)
• Additional commits viewable in compare view

Updates langgraph-checkpoint from 4.0.3 to 4.1.0

Release notes

Sourced from langgraph-checkpoint's releases.

langgraph-checkpoint==4.1.0

Changes since checkpoint==4.1.0a4

• release: bump alpha packages to official versions (#7775)
• chore(deps): bump urllib3 from 2.6.3 to 2.7.0 in /libs/checkpoint (#7762)
• chore(deps): bump langchain-core from 1.3.2 to 1.3.3 in /libs/checkpoint (#7752)
• feat(checkpoint): force delta channel snapshot after max supersteps since last snapshot (#7746)
• fix(checkpoint): specify allowed_objects in Reviver (#7743)
• chore: remove keepset helper (#7745)
• chore(langgraph): add guide/conformance for delta channel checkpointer (#7736)
• docs(checkpoint): mark DeltaChannel and delta-history APIs as beta (#7732)
• chore(deps): bump the minor-and-patch group across 1 directory with 3 updates (#7670)
• chore: "chore: minor clean up around checkpoint and delta channel" (#7706)
• chore: minor clean up around checkpoint and delta channel (#7705)

langgraph-checkpoint==4.1.0a4

Changes since checkpoint==4.1.0a3

• release: alpha bump (a4) for langgraph, checkpoint, checkpoint-postgres (#7701)
• feat: public get_writes_history saver API + delta cadence rework (#7699)

langgraph-checkpoint==4.1.0a3

Changes since checkpoint==4.1.0a2

• release: alpha bump (a3) for langgraph, checkpoint, checkpoint-postgres (#7678)
• chore(langgraph): use two phase read to avoid unnecessary data transport (#7660)
• release: alpha for timers (#7647)
• feat(langgraph): DeltaChannel: store sentinel in blobs, reconstruct from checkpoint_writes (#7586)
• chore: dynamic push-task timeouts (#7646)
• chore: update x links to langchain_oss (#7645)
• release(checkpoint): 4.0.3 (#7625)
• fix(checkpoint): revive lc=2 JSON blobs for safe types without allowlist (#7582)

langgraph-checkpoint==4.1.0a2

Changes since checkpoint==4.1.0a1

langgraph-checkpoint==4.1.0a1

Changes since checkpoint==4.0.3

• release: alpha for timers (#7647)
• feat(langgraph): DeltaChannel: store sentinel in blobs, reconstruct from checkpoint_writes (#7586)
• chore: dynamic push-task timeouts (#7646)
• chore: update x links to langchain_oss (#7645)

Commits

• 3614e88 release: bump alpha packages to official versions (#7775)
• 6dff3b3 feat(langgraph): durable error-handler resume across host crashes (#7773)
• 786c42f release(cli): 0.4.26 (#7772)
• 8537ea9 fix(cli): add support for prerelease api_versions (#7771)
• 3db82d5 feat(langgraph): add set_node_defaults() to StateGraph (#7747)
• 029eabf chore(deps): bump urllib3 from 2.6.3 to 2.7.0 in /libs/checkpoint (#7762)
• f52f1ce chore(deps): bump the uv group across 2 directories with 1 update (#7749)
• e47a7bb chore(deps): bump langchain-core from 1.3.2 to 1.3.3 in /libs/checkpoint (#7752)
• 29fefa0 chore(deps): bump urllib3 from 2.6.3 to 2.7.0 in /libs/langgraph (#7766)
• 0c23779 chore(deps): bump urllib3 from 2.6.3 to 2.7.0 in /libs/cli (#7765)
• Additional commits viewable in compare view

Updates langgraph-prebuilt from 1.0.13 to 1.1.0

Release notes

Sourced from langgraph-prebuilt's releases.

langgraph==1.1.0

Changes since 1.0.10

• release(langgraph): 1.1 (#7102)
• fix: replay behavior for parent + subgraphs! (#7038)
• feat: type safe stream/invoke w/ proper output type coercion (#6961)

Type-Safe Streaming & Invoke

LangGraph 1.1 introduces version="v2" — a new opt-in streaming format that brings full type safety to stream(), astream(), invoke(), and ainvoke().

What's changing

v1 (default, unchanged): stream() yields bare tuples like (stream_mode, data) or just data. invoke() returns a plain dict. Interrupts are mixed into the output dict under "__interrupt__".

v2 (opt-in): stream() yields strongly-typed StreamPart dicts with type, ns, data, and (for values) interrupts fields. invoke() returns a GraphOutput object with .value and .interrupts attributes. When your state schema is a Pydantic model or dataclass, outputs are automatically coerced to the correct type.

invoke() / ainvoke() with version="v2"

from langgraph.types import GraphOutput
result = graph.invoke({"input": "hello"}, version="v2")
result is a GraphOutput, not a dict
assert isinstance(result, GraphOutput)
result.value       # your output — dict, Pydantic model, or dataclass
result.interrupts  # tuple[Interrupt, ...], empty if none occurred

With a non-"values" stream mode, invoke(..., stream_mode="updates", version="v2") returns list[StreamPart] instead of list[tuple].

stream() / astream() with version="v2"

for part in graph.stream({"input": "hello"}, version="v2"):
    if part["type"] == "values":
        part["data"]        # OutputT — full state
        part["interrupts"]  # tuple[Interrupt, ...]
    elif part["type"] == "updates":
        part["data"]        # dict[str, Any]
    elif part["type"] == "messages":
        part["data"]        # tuple[BaseMessage, dict]
    elif part["type"] == "custom":
        part["data"]        # Any
    elif part["type"] == "tasks":
        part["data"]        # TaskPayload | TaskResultPayload
    elif part["type"] == "debug":
        part["data"]        # DebugPayload

... (truncated)

Commits

• 3330ccd release(langgraph): 1.1 (#7102)
• 4ef6169 feat(cli): add distributed runtime support to langgraph cli (#7096)
• 27da1d3 chore(deps): bump the all-dependencies group across 1 directory with 3 update...
• 9c2deac fix: replay behavior for parent + subgraphs! (#7038)
• 2638ff7 release(cli): 0.4.15 (#7095)
• 6511797 feat(cli): add langgraph deploy (#7004)

[dependabot]

Looks like these dependencies are no longer being updated by Dependabot, so this is no longer needed.