chore(deps-dev): bump the langchain group across 1 directory with 2 updates

[dependabot]

Bumps the langchain group with 2 updates in the / directory: langchain-openai and langchain.

Updates langchain-openai from 0.3.34 to 1.2.2

Release notes

Sourced from langchain-openai's releases.

langchain-openai==1.2.2

Changes since langchain-openai==1.2.1

release(openai): 1.2.2 (#37617) chore(infra): bump langchain-tests floor to 1.1.9 (#37610) test(openai): unbreak audio chat and Azure embedding integration tests (#37589) fix(openai): guard httpx finalizers (#37570) chore: bump langsmith from 0.8.4 to 0.8.5 in /libs/partners/openai (#37549) chore: bump idna from 3.11 to 3.15 in /libs/partners/openai (#37548) ci(infra): harden Dependabot version-bound preservation (#37510) test(standard-tests): assert ls_model_name honors per-call model override (#37504) fix(openai): source LLM context size from model profiles (#37489) chore(core,langchain,openai): refresh stale OpenAI model references (#37487) fix(openai): broaden condition for ContextOverflowError to accommodate other providers (#37457) docs(openai): document base_url env var fallback chain (#37436) chore: bump langsmith from 0.8.0 to 0.8.4 in /libs/partners/openai (#37416) chore: bump langsmith from 0.7.31 to 0.8.0 in /libs/partners/openai (#37398) chore(infra): merge v1.4 into master (#37350) chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/openai (#37330) chore: bump langchain-core from 1.3.2 to 1.3.3 in /libs/partners/openai (#37266) chore(docs): update x handle references (#37081) chore(model-profiles): refresh model profile data (#37074) chore(docs): update comment for chatopenai (#37034) chore(model-profiles): refresh model profile data (#37015)

langchain-openai==1.2.1

Changes since langchain-openai==1.2.0

hotfix: bump min core versions (#36996) release(openai): 1.2.1 (#36995) fix(openai): add gpt-5.5 pro to Responses API check (#36994) feat(core): add content-block-centric streaming (v2) (#36834) chore(model-profiles): refresh model profile data (#36982)

langchain-openai==1.2.0

Changes since langchain-openai==1.1.16

release(openai): 1.2.0 (#36961) feat(openai): prevent silent streaming hangs in ChatOpenAI (#36949) hotfix(ci): remove nobenchmark flag (#36959) chore(partners): standardize integration test invocation (#36958)

langchain-openai==1.1.16

Changes since langchain-openai==1.1.15

release(openai): 1.1.16 (#36927) fix(openai): tolerate prompt_cache_retention drift in streaming (#36925)

langchain-openai==1.1.15

Changes since langchain-openai==1.1.14

... (truncated)

Commits

• a1e2daf release(openai): 1.2.2 (#37617)
• 9e21348 fix(openai): guard httpx finalizers against uninitialized instances (#37568)
• 74cecb4 ci(infra): expand integration tests dispatch dropdown to external partners (#...
• 269d628 fix(standard-tests): recognize parametrize-nested xfails in override check (#...
• 23d369e test(xai): tolerate extra block types in web search and xfail v1 streaming to...
• aef86c4 chore(infra): bump langchain-tests floor to 1.1.9 (#37610)
• ebc1880 release(standard-tests): 1.1.9 (#37609)
• 22575ad test(standard-tests): allow extra content blocks in streaming assertions (#37...
• 1aa4496 feat(langchain): register stream transformers on middleware (#37591)
• d2931d8 release(fireworks): 1.4.1 (#37603)
• Additional commits viewable in compare view

Updates langchain from 1.2.13 to 1.3.1

Release notes

Sourced from langchain's releases.

langchain-core==1.3.1

Changes since langchain-core==1.3.0

release(core): 1.3.1 (#36972) feat(core): allow _format_output to pass through list of ToolOutputMixin instances (#36963) chore: bump nbconvert from 7.17.0 to 7.17.1 in /libs/core (#36923) feat(core): Update inheritance behavior for tracer metadata for special keys (#36900) chore: bump langsmith from 0.7.13 to 0.7.31 in /libs/core (#36813)

langchain-fireworks==1.3.1

Changes since langchain-fireworks==1.3.0

fix(fireworks): require api_key in FireworksEmbeddings (#37193) release(fireworks): 1.3.1 (#37189) fix(fireworks): strip non-wire keys from ToolMessage text content blocks (#37187)

langchain==1.3.1

Changes since langchain==1.3.0

release(langchain): 1.3.1 (#37454) fix(langchain): alias Bedrock providers in summarization token check (#37453)

langchain-perplexity==1.3.1

Changes since langchain-perplexity==1.3.0

release(perplexity): 1.3.1 (#37720) chore(perplexity): bump perplexityai to 0.34.1 (#37710)

langchain-core==1.3.0

Changes since langchain-core==1.2.31

release(core): release 1.3.0 (#36851) release(core): 1.3.0a3 (#36829) chore(core): keep checkpoint_ns behavior in streaming metadata for backwards compat (#36828) feat(core): Add chat model and LLM invocation params to traceable metadata (#36771) fix(core): restore cloud metadata IPs and link-local range in SSRF policy (#36816) chore(deps): bump pytest to 9.0.3 (#36801) chore(core): harden private SSRF utilities (#36768) fix(openai): handle content blocks without type key in responses api conversion (#36725) chore: bump pytest from 9.0.2 to 9.0.3 in /libs/core (#36719) release(core): 1.3.0.a2 (#36698) fix(core): Use reference counting for storing inherited run trees to support garbage collection (#36660) docs(core): nit (#36685) release(core): 1.3.0a1 (#36656) chore(core): reduce streaming metadata / perf (#36588)

langchain-fireworks==1.3.0

Changes since langchain-fireworks==1.2.1

release(fireworks): 1.3.0 (#37144)

... (truncated)

Commits

• b6b769b release(langchain): 1.3.1 (#37454)
• 36c381b fix(langchain): alias Bedrock providers in summarization token check (#37453)
• 0831e44 docs(openai): document base_url env var fallback chain (#37436)
• e208f38 chore: bump langsmith from 0.8.0 to 0.8.4 in /libs/partners/xai (#37411)
• a4a2be9 chore: bump langsmith from 0.8.0 to 0.8.4 in /libs/partners/qdrant (#37412)
• f5322d9 chore: bump langsmith from 0.8.0 to 0.8.4 in /libs/partners/perplexity (#37413)
• 5d9ac69 chore: bump langsmith from 0.8.0 to 0.8.4 in /libs/partners/openrouter (#37414)
• f42d80c fix(core): preserve chunk additional_kwargs across v3 stream assembly (#37435)
• 649d82f fix(core): preserve reasoning blocks alongside tool_call in v3 stream (#37434)
• 9f9a8a7 chore: bump langsmith from 0.8.0 to 0.8.4 in /libs/partners/ollama (#37415)
• Additional commits viewable in compare view

[claude]

The langchain-openai bump spans a major version boundary (0.3.34 → 1.1.12), which may introduce breaking API changes in the test suite — worth a human check that CI passes.

Extended reasoning...

Overview

This is a dependabot PR updating two dev-only dependencies in pyproject.toml and uv.lock: langchain-openai (0.3.34 → 1.1.12) and langchain (1.2.13 → 1.2.15). Incidentally, langgraph (1.1.3 → 1.1.5) and langgraph-prebuilt (1.0.8 → 1.0.9) are also bumped as transitive resolution changes. All changes are to the [dependency-groups] dev section — none affect the published package.

Security Risks

No security risks from the version bumps themselves. The langchain 1.2.14 release includes a pygments CVE fix (CVE-2026-4539), which is a minor positive. No auth, crypto, or data-exposure surface in these changes.

Level of Scrutiny

The langchain-openai jump from 0.3.34 to 1.1.12 crosses a major version boundary and skips many minor versions, meaning the upstream library may have introduced API breaking changes. Even though it is a dev dependency, the test suite relies on it and tests could silently pass or fail depending on API compatibility. The constraint in pyproject.toml was widened from <0.4 to <1.2 to accommodate this, which is a deliberate widening. A human should confirm CI is green before merging.

Other Factors

No bugs were found by the automated bug hunting system. The langchain and langgraph bumps are minor patch-level and low risk. The lock file hash updates are consistent with the version changes. The main concern is solely the magnitude of the langchain-openai version jump.