Avatar for the langchain-ai user
langchain-ai
langchain
BlogDocsChangelog

Performance History

Latest Results

feat(core)!: auto-assign UUID to BaseMessage.id at creation Change the `id` field from `default=None` to `default_factory=lambda: str(uuid.uuid4())` so every message receives a stable, unique id from birth rather than being id-less until a reducer or `add_messages` assigns one. ## Motivation LangGraph's `DeltaChannel` stores pending writes (the raw message objects) as serialized blobs **before** `update()` is called. Any id assigned inside the reducer (e.g. a random UUID in `_messages_delta_reducer`) only exists in the in-memory channel state; it never reaches the stored write. On checkpoint replay the same id-less message gets a fresh random UUID, so an eviction/update Command that references the runtime-assigned id cannot match the replayed message — both the original and the update land in state as separate messages. The root fix is here: if messages already carry a stable id when they are first constructed (before any serialization boundary), the stored write and any subsequent Command that updates that message by id will always agree on the id, making `DeltaChannel` replay fully correct. ## Breaking change `HumanMessage(content="x") == HumanMessage(content="x")` is now `False` because auto-assigned UUIDs differ. Previously both had `id=None` and compared equal. Code that relies on content-based message equality must be updated (compare `.content` / `.model_dump(exclude={'id'})` directly, or set an explicit shared `id`). 129 unit tests in langchain-core fail; all are due to this equality change. Options the team can consider: - Fix tests to use explicit ids or field-level comparisons - Override `BaseMessage.__eq__` to exclude `id` (preserves backward compat for equality; DeltaChannel dedup uses id-keyed dict, not ==) - Introduce a `__eq__` that only uses `id` when both sides have a non-None id, otherwise falls back to content comparison Explicitly passing `id=None` still produces a message with `id=None` (default_factory is not invoked for explicitly-supplied values).
fix/auto-assign-message-ids
6 hours ago
release(langchain): 1.3.0 (#37361)
master
7 hours ago
bump deps and increment version
cc/release_langchain
7 hours ago
chore: bump jupyter-server from 2.17.0 to 2.18.0 in /libs/core (#37354) Bumps [jupyter-server](https://github.com/jupyter-server/jupyter_server) from 2.17.0 to 2.18.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jupyter-server/jupyter_server/releases">jupyter-server's releases</a>.</em></p> <blockquote> <h2>v2.18.0</h2> <h2>2.18.0</h2> <p>(<a href="https://github.com/jupyter-server/jupyter_server/compare/v2.17.0...49b34392feaa97735b3b777e3baf8f22f2a14ed8">Full Changelog</a>)</p> <h3>Security patches</h3> <ul> <li>CVE-2026-40110 <a href="https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-24qx-w28j-9m6p">https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-24qx-w28j-9m6p</a></li> <li>CVE-2025-61669 <a href="https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6qm3-653w">https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6qm3-653w</a></li> <li>CVE-2026-40934 <a href="https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5mrq-x3x5-8v8f">https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5mrq-x3x5-8v8f</a></li> <li>CVE-2026-35397 <a href="https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3">https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3</a></li> </ul> <h3>API and Breaking Changes</h3> <ul> <li>Add query param to sanitize HTML in GET /nbconvert/html <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1618">#1618</a> (<a href="https://github.com/Yann-P"><code>@​Yann-P</code></a>, <a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li> </ul> <h3>Enhancements made</h3> <ul> <li>Update handlers.py to fix ioloop blockers(sync file operations) <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1617">#1617</a> (<a href="https://github.com/zolyfarkas-fb"><code>@​zolyfarkas-fb</code></a>, <a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li> <li>Add resolvePath API for resolving kernel-relative paths <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1331">#1331</a> (<a href="https://github.com/krassowski"><code>@​krassowski</code></a>, <a href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a href="https://github.com/blink1073"><code>@​blink1073</code></a>)</li> </ul> <h3>Bugs fixed</h3> <ul> <li>Move check origin into a util function and add it to websocket <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1630">#1630</a> (<a href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a href="https://github.com/Yann-P"><code>@​Yann-P</code></a>)</li> <li>Fix flaky test_restart_kernel by unsticking nudge() after port-changing restart <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1628">#1628</a> (<a href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a href="https://github.com/claude"><code>@​claude</code></a>, <a href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li> <li>Try to fix flaky test &quot;test_restart_kernel&quot; <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1625">#1625</a> (<a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li> <li>Fix potential unraisable pytest error <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1624">#1624</a> (<a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li> <li>fix: use %s placeholders in HTTPError to prevent Tornado from doubling % in gateway URLs <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1620">#1620</a> (<a href="https://github.com/terminalchai"><code>@​terminalchai</code></a>, <a href="https://github.com/krassowski"><code>@​krassowski</code></a>, <a href="https://github.com/ptch314"><code>@​ptch314</code></a>)</li> <li>Fix three file descriptor leaks in kernel connection lifecycle (<a href="https://redirect.github.com/jupyter-server/jupyter_server/issues/1506">#1506</a>) <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1619">#1619</a> (<a href="https://github.com/tonyx93"><code>@​tonyx93</code></a>, <a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li> <li>Use web.HTTPError for kernel restart failures <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1616">#1616</a> (<a href="https://github.com/YDawn"><code>@​YDawn</code></a>, <a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li> <li>Handle EADDRINUSE and EACCES in _bind_http_server_tcp <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1613">#1613</a> (<a href="https://github.com/YDawn"><code>@​YDawn</code></a>, <a href="https://github.com/Zsailer"><code>@​Zsailer</code></a>, <a href="https://github.com/minrk"><code>@​minrk</code></a>)</li> <li>Use st_birthtime for file created timestamp on macOS/BSD <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1594">#1594</a> (<a href="https://github.com/ktaletsk"><code>@​ktaletsk</code></a>, <a href="https://github.com/krassowski"><code>@​krassowski</code></a>, <a href="https://github.com/minrk"><code>@​minrk</code></a>)</li> <li>Fix double write when refusing hidden files in contents handler <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1585">#1585</a> (<a href="https://github.com/Krish-876"><code>@​Krish-876</code></a>, <a href="https://github.com/minrk"><code>@​minrk</code></a>)</li> <li>Close all sockets in _find_http_port explicitly <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1584">#1584</a> (<a href="https://github.com/MaryushSoroka"><code>@​MaryushSoroka</code></a>, <a href="https://github.com/minrk"><code>@​minrk</code></a>)</li> <li>Fix writing on remote file systems with attribute cache <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1574">#1574</a> (<a href="https://github.com/krassowski"><code>@​krassowski</code></a>, <a href="https://github.com/Zsailer"><code>@​Zsailer</code></a>)</li> <li>Add IdentityProvider.cookie_secret_hook <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1569">#1569</a> (<a href="https://github.com/emin63"><code>@​emin63</code></a>, <a href="https://github.com/minrk"><code>@​minrk</code></a>)</li> <li>fix context pollution <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1561">#1561</a> (<a href="https://github.com/dualc"><code>@​dualc</code></a>, <a href="https://github.com/Zsailer"><code>@​Zsailer</code></a>)</li> <li>Fix gateway cookie handling <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1558">#1558</a> (<a href="https://github.com/kevin-bates"><code>@​kevin-bates</code></a>, <a href="https://github.com/RRosio"><code>@​RRosio</code></a>, <a href="https://github.com/lresende"><code>@​lresende</code></a>, <a href="https://github.com/minrk"><code>@​minrk</code></a>)</li> <li>fix connection exception cause high cpu load <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1484">#1484</a> (<a href="https://github.com/dualc"><code>@​dualc</code></a>, <a href="https://github.com/lresende"><code>@​lresende</code></a>, <a href="https://github.com/minrk"><code>@​minrk</code></a>)</li> </ul> <h3>Maintenance and upkeep improvements</h3> <ul> <li>Start to test on Python 3.13 and 3.14 <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1623">#1623</a> (<a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li> <li>Bump actions/create-github-app-token from 2 to 3 in the actions group across 1 directory <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1621">#1621</a> (<a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li> <li>Bump brace-expansion from 1.1.12 to 1.1.13 <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1615">#1615</a> (<a href="https://github.com/minrk"><code>@​minrk</code></a>)</li> <li>Fix package spec for jupytext <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1614">#1614</a> (<a href="https://github.com/krassowski"><code>@​krassowski</code></a>, <a href="https://github.com/Zsailer"><code>@​Zsailer</code></a>)</li> <li>chore: update pre-commit hooks <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1607">#1607</a> (<a href="https://github.com/minrk"><code>@​minrk</code></a>)</li> <li>try to fix ci on windows <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1600">#1600</a> (<a href="https://github.com/minrk"><code>@​minrk</code></a>, <a href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li> <li>run prerelease tests on 3.14 <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1599">#1599</a> (<a href="https://github.com/minrk"><code>@​minrk</code></a>)</li> <li>Pin sphinx to an older version (&lt;9) to fix docs <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1597">#1597</a> (<a href="https://github.com/krassowski"><code>@​krassowski</code></a>, <a href="https://github.com/minrk"><code>@​minrk</code></a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jupyter-server/jupyter_server/blob/main/CHANGELOG.md">jupyter-server's changelog</a>.</em></p> <blockquote> <h2>2.18.0</h2> <p>(<a href="https://github.com/jupyter-server/jupyter_server/compare/v2.9.1...49b34392feaa97735b3b777e3baf8f22f2a14ed8">Full Changelog</a>)</p> <h3>API and Breaking Changes</h3> <ul> <li>Add query param to sanitize HTML in GET /nbconvert/html <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1618">#1618</a> (<a href="https://github.com/Yann-P"><code>@​Yann-P</code></a>, <a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li> </ul> <h3>Enhancements made</h3> <ul> <li>Update handlers.py to fix ioloop blockers(sync file operations) <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1617">#1617</a> (<a href="https://github.com/zolyfarkas-fb"><code>@​zolyfarkas-fb</code></a>, <a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li> <li>Avoid redundant call to <code>_get_os_path</code> in <code>_dir_model</code> <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1547">#1547</a> (<a href="https://github.com/joeyutong"><code>@​joeyutong</code></a>, <a href="https://github.com/vidartf"><code>@​vidartf</code></a>)</li> <li>Allow specifying extra params to scrub from logs <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1538">#1538</a> (<a href="https://github.com/jtpio"><code>@​jtpio</code></a>, <a href="https://github.com/Zsailer"><code>@​Zsailer</code></a>, <a href="https://github.com/vidartf"><code>@​vidartf</code></a>)</li> <li>Add a logger to the ExtensionPoint API <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1523">#1523</a> (<a href="https://github.com/Zsailer"><code>@​Zsailer</code></a>, <a href="https://github.com/vidartf"><code>@​vidartf</code></a>)</li> <li>Allow user to update identity values <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1518">#1518</a> (<a href="https://github.com/brichet"><code>@​brichet</code></a>, <a href="https://github.com/minrk"><code>@​minrk</code></a>)</li> <li>If ServerApp.ip is ipv6 use [::1] as local_url <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1495">#1495</a> (<a href="https://github.com/manics"><code>@​manics</code></a>, <a href="https://github.com/afshin"><code>@​afshin</code></a>)</li> <li>Better error message when starting kernel for session. <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1478">#1478</a> (<a href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a href="https://github.com/davidbrochart"><code>@​davidbrochart</code></a>, <a href="https://github.com/krassowski"><code>@​krassowski</code></a>, <a href="https://github.com/minrk"><code>@​minrk</code></a>)</li> <li>Add a traitlet to disable recording HTTP request metrics <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1472">#1472</a> (<a href="https://github.com/yuvipanda"><code>@​yuvipanda</code></a>, <a href="https://github.com/Zsailer"><code>@​Zsailer</code></a>)</li> <li>prometheus: Expose 3 activity metrics <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1471">#1471</a> (<a href="https://github.com/yuvipanda"><code>@​yuvipanda</code></a>, <a href="https://github.com/Zsailer"><code>@​Zsailer</code></a>)</li> <li>Add prometheus info metrics listing server extensions + versions <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1470">#1470</a> (<a href="https://github.com/yuvipanda"><code>@​yuvipanda</code></a>, <a href="https://github.com/Zsailer"><code>@​Zsailer</code></a>)</li> <li>Add prometheus metric with version information <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1467">#1467</a> (<a href="https://github.com/yuvipanda"><code>@​yuvipanda</code></a>, <a href="https://github.com/Zsailer"><code>@​Zsailer</code></a>)</li> <li>Don't hide .so,.dylib files by default <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1457">#1457</a> (<a href="https://github.com/nokados"><code>@​nokados</code></a>, <a href="https://github.com/krassowski"><code>@​krassowski</code></a>, <a href="https://github.com/minrk"><code>@​minrk</code></a>, <a href="https://github.com/vidartf"><code>@​vidartf</code></a>)</li> <li>Better hash format error message <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1442">#1442</a> (<a href="https://github.com/fcollonval"><code>@​fcollonval</code></a>, <a href="https://github.com/Zsailer"><code>@​Zsailer</code></a>)</li> <li>Removing excessive logging from reading local files <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1420">#1420</a> (<a href="https://github.com/lresende"><code>@​lresende</code></a>, <a href="https://github.com/kevin-bates"><code>@​kevin-bates</code></a>)</li> <li>Add async start hook to ExtensionApp API <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1417">#1417</a> (<a href="https://github.com/Zsailer"><code>@​Zsailer</code></a>, <a href="https://github.com/Darshan808"><code>@​Darshan808</code></a>, <a href="https://github.com/bollwyvl"><code>@​bollwyvl</code></a>, <a href="https://github.com/fcollonval"><code>@​fcollonval</code></a>, <a href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li> <li>Do not include token in dashboard link, when available <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1406">#1406</a> (<a href="https://github.com/minrk"><code>@​minrk</code></a>, <a href="https://github.com/blink1073"><code>@​blink1073</code></a>)</li> <li>Add an option to have authentication enabled for all endpoints by default <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1392">#1392</a> (<a href="https://github.com/krassowski"><code>@​krassowski</code></a>, <a href="https://github.com/Wh1isper"><code>@​Wh1isper</code></a>, <a href="https://github.com/blink1073"><code>@​blink1073</code></a>, <a href="https://github.com/bollwyvl"><code>@​bollwyvl</code></a>, <a href="https://github.com/minrk"><code>@​minrk</code></a>, <a href="https://github.com/yuvipanda"><code>@​yuvipanda</code></a>)</li> <li>websockets: add configurations for ping interval and timeout <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1391">#1391</a> (<a href="https://github.com/oliver-sanders"><code>@​oliver-sanders</code></a>, <a href="https://github.com/blink1073"><code>@​blink1073</code></a>)</li> <li>log extension import time at debug level unless it's actually slow <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1375">#1375</a> (<a href="https://github.com/minrk"><code>@​minrk</code></a>, <a href="https://github.com/Zsailer"><code>@​Zsailer</code></a>, <a href="https://github.com/yuvipanda"><code>@​yuvipanda</code></a>)</li> <li>Add support for async Authorizers (part 2) <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1374">#1374</a> (<a href="https://github.com/Zsailer"><code>@​Zsailer</code></a>, <a href="https://github.com/blink1073"><code>@​blink1073</code></a>)</li> <li>Support async Authorizers <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1373">#1373</a> (<a href="https://github.com/Zsailer"><code>@​Zsailer</code></a>, <a href="https://github.com/blink1073"><code>@​blink1073</code></a>)</li> <li>Support get file(notebook) md5 <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1363">#1363</a> (<a href="https://github.com/Wh1isper"><code>@​Wh1isper</code></a>, <a href="https://github.com/blink1073"><code>@​blink1073</code></a>, <a href="https://github.com/bollwyvl"><code>@​bollwyvl</code></a>, <a href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li> <li>Update kernel env to reflect changes in session <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1354">#1354</a> (<a href="https://github.com/blink1073"><code>@​blink1073</code></a>, <a href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li> <li>Add resolvePath API for resolving kernel-relative paths <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1331">#1331</a> (<a href="https://github.com/krassowski"><code>@​krassowski</code></a>, <a href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a href="https://github.com/blink1073"><code>@​blink1073</code></a>)</li> </ul> <h3>Bugs fixed</h3> <ul> <li>Move check origin into a util function and add it to websocket <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1630">#1630</a> (<a href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a href="https://github.com/Yann-P"><code>@​Yann-P</code></a>)</li> <li>Fix flaky test_restart_kernel by unsticking nudge() after port-changing restart <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1628">#1628</a> (<a href="https://github.com/Carreau"><code>@​Carreau</code></a>, <a href="https://github.com/claude"><code>@​claude</code></a>, <a href="https://github.com/krassowski"><code>@​krassowski</code></a>)</li> <li>Try to fix flaky test &quot;test_restart_kernel&quot; <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1625">#1625</a> (<a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li> <li>Fix potential unraisable pytest error <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1624">#1624</a> (<a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li> <li>fix: use %s placeholders in HTTPError to prevent Tornado from doubling % in gateway URLs <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1620">#1620</a> (<a href="https://github.com/terminalchai"><code>@​terminalchai</code></a>, <a href="https://github.com/krassowski"><code>@​krassowski</code></a>, <a href="https://github.com/ptch314"><code>@​ptch314</code></a>)</li> <li>Fix three file descriptor leaks in kernel connection lifecycle (<a href="https://redirect.github.com/jupyter-server/jupyter_server/issues/1506">#1506</a>) <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1619">#1619</a> (<a href="https://github.com/tonyx93"><code>@​tonyx93</code></a>, <a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li> <li>Use web.HTTPError for kernel restart failures <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1616">#1616</a> (<a href="https://github.com/YDawn"><code>@​YDawn</code></a>, <a href="https://github.com/Carreau"><code>@​Carreau</code></a>)</li> <li>Handle EADDRINUSE and EACCES in _bind_http_server_tcp <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1613">#1613</a> (<a href="https://github.com/YDawn"><code>@​YDawn</code></a>, <a href="https://github.com/Zsailer"><code>@​Zsailer</code></a>, <a href="https://github.com/minrk"><code>@​minrk</code></a>)</li> <li>Use st_birthtime for file created timestamp on macOS/BSD <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1594">#1594</a> (<a href="https://github.com/ktaletsk"><code>@​ktaletsk</code></a>, <a href="https://github.com/krassowski"><code>@​krassowski</code></a>, <a href="https://github.com/minrk"><code>@​minrk</code></a>)</li> <li>Fix double write when refusing hidden files in contents handler <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1585">#1585</a> (<a href="https://github.com/Krish-876"><code>@​Krish-876</code></a>, <a href="https://github.com/minrk"><code>@​minrk</code></a>)</li> <li>Close all sockets in _find_http_port explicitly <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1584">#1584</a> (<a href="https://github.com/MaryushSoroka"><code>@​MaryushSoroka</code></a>, <a href="https://github.com/minrk"><code>@​minrk</code></a>)</li> <li>Fix writing on remote file systems with attribute cache <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1574">#1574</a> (<a href="https://github.com/krassowski"><code>@​krassowski</code></a>, <a href="https://github.com/Zsailer"><code>@​Zsailer</code></a>)</li> <li>Add IdentityProvider.cookie_secret_hook <a href="https://redirect.github.com/jupyter-server/jupyter_server/pull/1569">#1569</a> (<a href="https://github.com/emin63"><code>@​emin63</code></a>, <a href="https://github.com/minrk"><code>@​minrk</code></a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jupyter-server/jupyter_server/commit/0ceed45a803ca36735f0fcfeb6d9db9430a50aa0"><code>0ceed45</code></a> Publish 2.18.0</li> <li><a href="https://github.com/jupyter-server/jupyter_server/commit/49b34392feaa97735b3b777e3baf8f22f2a14ed8"><code>49b3439</code></a> Move check origin into a util function and add it to websocket (<a href="https://redirect.github.com/jupyter-server/jupyter_server/issues/1630">#1630</a>)</li> <li><a href="https://github.com/jupyter-server/jupyter_server/commit/e2e08c845ddbc41fddcb2449601d2ecbd9dd5977"><code>e2e08c8</code></a> Add test case for bad next URL format</li> <li><a href="https://github.com/jupyter-server/jupyter_server/commit/624d6c0daf573e254a3fd69ca5318ce8194235bf"><code>624d6c0</code></a> Delete outdated patch code</li> <li><a href="https://github.com/jupyter-server/jupyter_server/commit/d825b93d9cf2da248d5baa6ca910611f275fa449"><code>d825b93</code></a> Apply suggestion from <a href="https://github.com/minrk"><code>@​minrk</code></a></li> <li><a href="https://github.com/jupyter-server/jupyter_server/commit/789fed081a489ff38c50ec9f6c0364cb677d4cd2"><code>789fed0</code></a> patch open redirect in /login</li> <li><a href="https://github.com/jupyter-server/jupyter_server/commit/2ee51eccf3ff2e27068cc0b7a39101eeedc4f665"><code>2ee51ec</code></a> fix(CVE-2026-35397): path traversal when target dir starts with root dir</li> <li><a href="https://github.com/jupyter-server/jupyter_server/commit/057869a327c46730afede3eab0ca2d2e3e74acea"><code>057869a</code></a> Fix allow_origin_pat to do full matching instead of prefix matching</li> <li><a href="https://github.com/jupyter-server/jupyter_server/commit/4862199a0fffacd4d2e4a0c2e61fc8bb5ffa52f0"><code>4862199</code></a> Add resolvePath API for resolving kernel-relative paths</li> <li><a href="https://github.com/jupyter-server/jupyter_server/commit/e31d51406de6a9b167b796ec79ab3315630d514a"><code>e31d514</code></a> Bump actions/create-github-app-token from 2 to 3 in the actions group across ...</li> <li>Additional commits viewable in <a href="https://github.com/jupyter-server/jupyter_server/compare/v2.17.0...v2.18.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jupyter-server&package-manager=uv&previous-version=2.17.0&new-version=2.18.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langchain/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
master
23 hours ago
chore: bump mistune from 3.1.4 to 3.2.1 in /libs/core (#37353) Bumps [mistune](https://github.com/lepture/mistune) from 3.1.4 to 3.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lepture/mistune/releases">mistune's releases</a>.</em></p> <blockquote> <h2>v3.2.1</h2> <h3>   🐞 Bug Fixes</h3> <ul> <li>Resolve Windows compatibility issues in file inclusion and tests  -  by <a href="https://github.com/Yuki9814"><code>@​Yuki9814</code></a> <a href="https://github.com/lepture/mistune/commit/2547102"><!-- raw HTML omitted -->(25471)<!-- raw HTML omitted --></a></li> <li>Escape html text  -  by <a href="https://github.com/lepture"><code>@​lepture</code></a> <a href="https://github.com/lepture/mistune/commit/a3cb6e5"><!-- raw HTML omitted -->(a3cb6)<!-- raw HTML omitted --></a></li> <li>Update link reference  -  by <a href="https://github.com/lepture"><code>@​lepture</code></a> <a href="https://github.com/lepture/mistune/commit/85eb54f"><!-- raw HTML omitted -->(85eb5)<!-- raw HTML omitted --></a></li> <li>Handle escaped dollar signs in inline math  -  by <a href="https://github.com/saschabuehrle"><code>@​saschabuehrle</code></a> in <a href="https://redirect.github.com/lepture/mistune/issues/370">lepture/mistune#370</a> <a href="https://github.com/lepture/mistune/commit/7bd5709"><!-- raw HTML omitted -->(7bd57)<!-- raw HTML omitted --></a></li> <li>Escape id of toc  -  by <a href="https://github.com/lepture"><code>@​lepture</code></a> <a href="https://github.com/lepture/mistune/commit/04880a0"><!-- raw HTML omitted -->(04880)<!-- raw HTML omitted --></a></li> <li>Escape id of headings  -  by <a href="https://github.com/lepture"><code>@​lepture</code></a> <a href="https://github.com/lepture/mistune/commit/2855622"><!-- raw HTML omitted -->(28556)<!-- raw HTML omitted --></a></li> <li>Remove double-encoding of image alt text  -  by <a href="https://github.com/lawrence3699"><code>@​lawrence3699</code></a> <a href="https://github.com/lepture/mistune/commit/0d6f3d8"><!-- raw HTML omitted -->(0d6f3)<!-- raw HTML omitted --></a></li> <li>Escape xml for math plugin  -  by <a href="https://github.com/lepture"><code>@​lepture</code></a> <a href="https://github.com/lepture/mistune/commit/5fa092e"><!-- raw HTML omitted -->(5fa09)<!-- raw HTML omitted --></a></li> <li>Use strict regex for image's height and width  -  by <a href="https://github.com/lepture"><code>@​lepture</code></a> <a href="https://github.com/lepture/mistune/commit/8d0cb75"><!-- raw HTML omitted -->(8d0cb)<!-- raw HTML omitted --></a></li> </ul> <h5>    <a href="https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1">View changes on GitHub</a></h5> <h2>v3.2.0</h2> <h3>   🚀 Features</h3> <ul> <li>Support footnotes that start on the next line.  -  by <a href="https://github.com/kylechui"><code>@​kylechui</code></a> <a href="https://github.com/lepture/mistune/commit/2677e2d"><!-- raw HTML omitted -->(2677e)<!-- raw HTML omitted --></a></li> <li>Properly handle code blocks inside footnotes.  -  by <a href="https://github.com/kylechui"><code>@​kylechui</code></a> <a href="https://github.com/lepture/mistune/commit/0516c9e"><!-- raw HTML omitted -->(0516c)<!-- raw HTML omitted --></a></li> <li>Support python 3.14  -  by <a href="https://github.com/lepture"><code>@​lepture</code></a> <a href="https://github.com/lepture/mistune/commit/7e0eb65"><!-- raw HTML omitted -->(7e0eb)<!-- raw HTML omitted --></a></li> </ul> <h3>   🐞 Bug Fixes</h3> <ul> <li>Render ref links and footnotes in footnotes.  -  by <a href="https://github.com/lepture"><code>@​lepture</code></a> <a href="https://github.com/lepture/mistune/commit/bd90e44"><!-- raw HTML omitted -->(bd90e)<!-- raw HTML omitted --></a></li> <li>Render ref links in TOC.  -  by <a href="https://github.com/lemon24"><code>@​lemon24</code></a> <a href="https://github.com/lepture/mistune/commit/a0a0148"><!-- raw HTML omitted -->(a0a01)<!-- raw HTML omitted --></a></li> <li>Update typing for mypy upgrades  -  by <a href="https://github.com/lepture"><code>@​lepture</code></a> <a href="https://github.com/lepture/mistune/commit/8d49cba"><!-- raw HTML omitted -->(8d49c)<!-- raw HTML omitted --></a></li> <li>Render correct html for footnotes  -  by <a href="https://github.com/lepture"><code>@​lepture</code></a> <a href="https://github.com/lepture/mistune/commit/9b62204"><!-- raw HTML omitted -->(9b622)<!-- raw HTML omitted --></a></li> </ul> <h5>    <a href="https://github.com/lepture/mistune/compare/v3.1.4...v3.2.0">View changes on GitHub</a></h5> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/lepture/mistune/blob/main/docs/changes.rst">mistune's changelog</a>.</em></p> <blockquote> <h2>Version 3.2.1</h2> <p><strong>Released on May 3, 2026</strong></p> <ul> <li>Escape link in <code>render_toc_ul</code>.</li> <li>Escape text in math plugin.</li> <li>Fix regex for math plugin.</li> <li>Escape heading's ID attribute.</li> <li>Fix <code>LINK_TITLE_RE</code> to prevent DoS.</li> <li>Escape class attribute for admonition directive.</li> <li>Remove double-encoding of image alt text.</li> <li>Escape class attribute for image directive.</li> <li>Fix width/height attribute for image directive.</li> </ul> <h2>Version 3.2.0</h2> <p><strong>Released on Dec 23, 2025</strong></p> <ul> <li>Announce supports for python 3.14</li> <li>Fix footnotes plugins for code blocks, ref links, blockquote and etc.</li> <li>Fix ref links in TOC.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39"><code>067f908</code></a> chore: release 3.2.1</li> <li><a href="https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6"><code>bf55030</code></a> Merge pull request <a href="https://redirect.github.com/lepture/mistune/issues/438">#438</a> from saschabuehrle/fix/issue-370</li> <li><a href="https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948"><code>8d0cb75</code></a> fix: use strict regex for image's height and width</li> <li><a href="https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab"><code>5fa092e</code></a> fix: escape xml for math plugin</li> <li><a href="https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb"><code>71ec947</code></a> Merge pull request <a href="https://redirect.github.com/lepture/mistune/issues/440">#440</a> from lawrence3699/fix/image-alt-double-encoding</li> <li><a href="https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722"><code>0d6f3d8</code></a> fix: remove double-encoding of image alt text</li> <li><a href="https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea"><code>2855622</code></a> fix: escape id of headings</li> <li><a href="https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04"><code>04880a0</code></a> fix: escape id of toc</li> <li><a href="https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4"><code>7bd5709</code></a> fix: handle escaped dollar signs in inline math (fixes <a href="https://redirect.github.com/lepture/mistune/issues/370">#370</a>)</li> <li><a href="https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278"><code>85eb54f</code></a> fix: update link reference</li> <li>Additional commits viewable in <a href="https://github.com/lepture/mistune/compare/v3.1.4...v3.2.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mistune&package-manager=uv&previous-version=3.1.4&new-version=3.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/langchain-ai/langchain/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
master
23 hours ago
chore: bump jupyter-server from 2.17.0 to 2.18.0 in /libs/core Bumps [jupyter-server](https://github.com/jupyter-server/jupyter_server) from 2.17.0 to 2.18.0. - [Release notes](https://github.com/jupyter-server/jupyter_server/releases) - [Changelog](https://github.com/jupyter-server/jupyter_server/blob/main/CHANGELOG.md) - [Commits](https://github.com/jupyter-server/jupyter_server/compare/v2.17.0...v2.18.0) --- updated-dependencies: - dependency-name: jupyter-server dependency-version: 2.18.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot/uv/libs/core/jupyter-server-2.18.0
1 day ago
chore: bump mistune from 3.1.4 to 3.2.1 in /libs/core Bumps [mistune](https://github.com/lepture/mistune) from 3.1.4 to 3.2.1. - [Release notes](https://github.com/lepture/mistune/releases) - [Changelog](https://github.com/lepture/mistune/blob/main/docs/changes.rst) - [Commits](https://github.com/lepture/mistune/compare/v3.1.4...v3.2.1) --- updated-dependencies: - dependency-name: mistune dependency-version: 3.2.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot/uv/libs/core/mistune-3.2.1
1 day ago
chore(infra): merge v1.4 into master (#37350)
master
1 day ago

Latest Branches

CodSpeed Performance Gauge
0%
feat(core)!: auto-assign UUID to BaseMessage.id at creation#37362
6 hours ago
1cf08ab
fix/auto-assign-message-ids
CodSpeed Performance Gauge
0%
release(langchain): 1.3.0#37361
7 hours ago
2be43b8
cc/release_langchain
CodSpeed Performance Gauge
0%
chore: bump jupyter-server from 2.17.0 to 2.18.0 in /libs/core#37354
1 day ago
597a348
dependabot/uv/libs/core/jupyter-server-2.18.0
© 2026 CodSpeed Technology
Home Terms Privacy Docs