build(deps): bump the patch-deps-updates-main group across 1 directory with 8 updates

[dependabot]

Bumps the patch-deps-updates-main group with 8 updates in the / directory:

Package	From	To
@eslint/eslintrc	3.3.3	3.3.5
eslint	10.0.0	10.0.3
@langchain/core	1.1.26	1.1.32
langchain	1.2.25	1.2.31
@langchain/anthropic	1.3.18	1.3.23
@langchain/openai	1.2.7	1.2.13
langsmith	0.5.4	0.5.9
modal	0.7.1	0.7.2

Updates @eslint/eslintrc from 3.3.3 to 3.3.5

Release notes

Sourced from @​eslint/eslintrc's releases.

eslintrc: v3.3.5

3.3.5 (2026-03-04)

Bug Fixes

• update dependency minimatch to ^3.1.5 (#227) (3dc2381)

eslintrc: v3.3.4

3.3.4 (2026-02-22)

Bug Fixes

• update ajv to 6.14.0 to address security vulnerabilities (#221) (9139140)
• update minimatch to 3.1.3 to address security vulnerabilities (#224) (30339d0)

Changelog

Sourced from @​eslint/eslintrc's changelog.

3.3.5 (2026-03-04)

Bug Fixes

• update dependency minimatch to ^3.1.5 (#227) (3dc2381)

3.3.4 (2026-02-22)

Bug Fixes

• update ajv to 6.14.0 to address security vulnerabilities (#221) (9139140)
• update minimatch to 3.1.3 to address security vulnerabilities (#224) (30339d0)

Commits

• 5135df1 chore: release 3.3.5 🚀 (#228)
• c109d69 docs: Update README sponsors
• 3dc2381 fix: update dependency minimatch to ^3.1.5 (#227)
• 81385b6 ci: pin Node.js 25.6.1 (#226)
• 4c45e24 chore: release 3.3.4 🚀 (#223)
• 30339d0 fix: update minimatch to 3.1.3 to address security vulnerabilities (#224)
• 9139140 fix: update ajv to 6.14.0 to address security vulnerabilities (#221)
• 245ada5 docs: Update README sponsors
• 78b1a0e docs: Update README sponsors
• df32fff docs: Update README sponsors
• Additional commits viewable in compare view

Updates eslint from 10.0.0 to 10.0.3

Release notes

Sourced from eslint's releases.

v10.0.3

Bug Fixes

• e511b58 fix: update eslint (#20595) (renovate[bot])
• f4c9cf9 fix: include variable name in no-useless-assignment message (#20581) (sethamus)
• ee9ff31 fix: update dependency minimatch to ^10.2.4 (#20562) (Milos Djermanovic)

Documentation

• 9fc31b0 docs: Update README (GitHub Actions Bot)
• 4efaa36 docs: add info box for eslint-plugin-eslint-comments (#20570) (DesselBane)
• 23b2759 docs: add v10 migration guide link to Use docs index (#20577) (Pixel998)
• 80259a9 docs: Remove deprecated eslintrc documentation files (#20472) (Copilot)
• 9b9b4ba docs: fix typo in no-await-in-loop documentation (#20575) (Pixel998)
• e7d72a7 docs: document TypeScript 5.3 minimum supported version (#20547) (sethamus)

Chores

• ef8fb92 chore: package.json update for eslint-config-eslint release (Jenkins)
• e8f2104 chore: updates for v9.39.4 release (Jenkins)
• 5cd1604 refactor: simplify isCombiningCharacter helper (#20524) (Huáng Jùnliàng)
• 70ff1d0 chore: eslint-config-eslint require Node ^20.19.0 || ^22.13.0 || >=24 (#20586) (Milos Djermanovic)
• e32df71 chore: update eslint-plugin-eslint-comments, remove legacy-peer-deps (#20576) (Milos Djermanovic)
• 53ca6ee chore: disable eslint-comments/no-unused-disable rule (#20578) (Milos Djermanovic)
• e121895 ci: pin Node.js 25.6.1 (#20559) (Milos Djermanovic)
• efc5aef chore: update tsconfig.json in eslint-config-eslint (#20551) (Francesco Trotta)

v10.0.2

Bug Fixes

• 2b72361 fix: update ajv to 6.14.0 to address security vulnerabilities (#20537) (루밀LuMir)

Documentation

• 13eeedb docs: link rule type explanation to CLI option --fix-type (#20548) (Mike McCready)
• 98cbf6b docs: update migration guide per Program range change (#20534) (Huáng Jùnliàng)
• 61a2405 docs: add missing semicolon in vars-on-top rule example (#20533) (Abilash)

Chores

• 951223b chore: update dependency @​eslint/eslintrc to ^3.3.4 (#20553) (renovate[bot])
• 6aa1afe chore: update dependency eslint-plugin-jsdoc to ^62.7.0 (#20536) (Milos Djermanovic)

v10.0.1

Bug Fixes

• c87d5bd fix: update eslint (#20531) (renovate[bot])
• d841001 fix: update minimatch to 10.2.1 to address security vulnerabilities (#20519) (루밀LuMir)
• 04c2147 fix: update error message for unused suppressions (#20496) (fnx)
• 38b089c fix: update dependency @​eslint/config-array to ^0.23.1 (#20484) (renovate[bot])

Documentation

• 5b3dbce docs: add AI acknowledgement section to templates (#20431) (루밀LuMir)
• 6f23076 docs: toggle nav in no-JS mode (#20476) (Tanuj Kanti)
• b69cfb3 docs: Update README (GitHub Actions Bot)

Chores

... (truncated)

Commits

• bfce7ea 10.0.3
• d44ced8 Build: changelog update for 10.0.3
• e511b58 fix: update eslint (#20595)
• ef8fb92 chore: package.json update for eslint-config-eslint release
• e8f2104 chore: updates for v9.39.4 release
• 5cd1604 refactor: simplify isCombiningCharacter helper (#20524)
• 9fc31b0 docs: Update README
• 70ff1d0 chore: eslint-config-eslint require Node ^20.19.0 || ^22.13.0 || >=24 (#20586)
• f4c9cf9 fix: include variable name in no-useless-assignment message (#20581)
• 4efaa36 docs: add info box for eslint-plugin-eslint-comments (#20570)
• Additional commits viewable in compare view

Updates @langchain/core from 1.1.26 to 1.1.32

Release notes

Sourced from @​langchain/core's releases.

@​langchain/core@​1.1.32

Patch Changes

• #10330 26488b5 Thanks @​hntrl! - fix(core): treat empty string tool call chunk IDs as missing during merge

  Fixed _mergeLists in message base to treat empty string "" IDs the same as null/undefined when merging tool call chunks. This fixes old completions-style streaming where follow-up chunks carry id: "" instead of undefined, which previously prevented chunks from being merged by index.

• #10167 ca826f6 Thanks @​colifran! - feat: implement type inference for tool streams

• #10334 a602c42 Thanks @​maahir30! - fix(core): add JSDoc docstrings to fakeModel builder API and export FakeBuiltModel

• #10254 db7d017 Thanks @​pawel-twardziak! - fix(core): preserve thoughtSignature in array content during streaming with thinking models

@​langchain/core@​1.1.31

Patch Changes

• #10271 7373b4c Thanks @​jacoblee93! - feat(core): Use uuid7 instead of v4 for generating run ids

• #10262 b0175a5 Thanks @​maahir30! - fix: Move fakeModel from utils/testing to testing namespace move to updated namespace

• #10185 414f6ed Thanks @​maahir30! - feat: add custom Vitest matchers for LangChain message and tool call assertions

  Adds a new @langchain/core/testing/matchers export containing custom Vitest matchers (toBeHumanMessage, toBeAIMessage, toBeSystemMessage, toBeToolMessage, toHaveToolCalls, toHaveToolCallCount, toContainToolCall, toHaveToolMessages, toHaveBeenInterrupted, toHaveStructuredResponse) that external users can register via expect.extend(langchainMatchers) in their Vitest setup files. Re-exported from langchain for convenience.

@​langchain/core@​1.1.30

Patch Changes

• #10243 96c630d Thanks @​hntrl! - fix: add explicit : symbol type annotations to Symbol.for() declarations for cross-version compatibility

  TypeScript infers unique symbol type when Symbol.for() is used without an explicit type annotation, causing type incompatibility when multiple versions of the same package are present in a dependency tree. By adding explicit : symbol annotations, all declarations now use the general symbol type, making them compatible across versions while maintaining identical runtime behavior.

  Changes:

  • Added : symbol to MESSAGE_SYMBOL in messages/base.ts
  • Added : symbol to MIDDLEWARE_BRAND in agents/middleware/types.ts (also changed from Symbol() to Symbol.for() for cross-realm compatibility)

• #10256 a8b9ccc Thanks @​colifran! - fix(core): standard schema type guards don't support callable schemas

• #10204 a1f22bb Thanks @​colifran! - feat(core): implement standard schema support for structured output

@​langchain/core@​1.1.29

Patch Changes

• #10106 9f30267 Thanks @​hntrl! - Add package version metadata to runnable traces. Each package now stamps its version in this.metadata.versions at construction time, making version info available in LangSmith trace metadata.

• #10154 403a99f Thanks @​kanweiwei! - fix(core): add usage_metadata to AIMessage lc_aliases

• #10169 3b1fd54 Thanks @​hntrl! - fix(core, langchain): bump uuid dependency from ^10.0.0 to ^11.0.0 to fix Metro bundler error

... (truncated)

Commits

• b5b1eec chore: version packages (#10273)
• 59aed4c chore: fix dependabot config (#10346)
• 08ee4c6 chore: reorganize community packages into libs/community/ (#10324)
• b7f63ea chore: replace claude 3 haiku with claude haiku 4.5 in tests (#10322)
• d6535ca chore(deps): patch CVE-2025-68665 — override langchain to workspace version (...
• 8740fe4 chore: update changeset (#10344)
• baedc05 fix: bump underscore to resolve CVE-2026-27601 (#10336)
• 2418c6f fix: bump tar override to >=7.5.11 to resolve CVE-2026-29786, CVE-2026-31802 ...
• c8c5840 Fix optional chaining for candidateContent in reduce (#10319)
• bb00b82 chore: bump simple-git to fix CVE-2026-28292 (#10331)
• Additional commits viewable in compare view

Updates langchain from 1.2.25 to 1.2.31

Release notes

Sourced from langchain's releases.

langchain@1.2.31

Patch Changes

• #10265 2647b48 Thanks @​christian-bromann! - fix(langchain): export todo schema

• #10167 ca826f6 Thanks @​colifran! - feat: implement type inference for tool streams

• #10290 a596d3f Thanks @​colifran! - fix(langchain): serializable schemas aren't exposed on create agent response format

• Updated dependencies [26488b5, ca826f6, a602c42, db7d017]:

  • @​langchain/core@​1.1.32

langchain@1.2.30

Patch Changes

• #10262 b0175a5 Thanks @​maahir30! - fix: Move fakeModel from utils/testing to testing namespace move to updated namespace

• #10185 414f6ed Thanks @​maahir30! - feat: add custom Vitest matchers for LangChain message and tool call assertions

  Adds a new @langchain/core/testing/matchers export containing custom Vitest matchers (toBeHumanMessage, toBeAIMessage, toBeSystemMessage, toBeToolMessage, toHaveToolCalls, toHaveToolCallCount, toContainToolCall, toHaveToolMessages, toHaveBeenInterrupted, toHaveStructuredResponse) that external users can register via expect.extend(langchainMatchers) in their Vitest setup files. Re-exported from langchain for convenience.

• Updated dependencies [7373b4c, b0175a5, 414f6ed]:

  • @​langchain/core@​1.1.31

langchain@1.2.29

Patch Changes

• #10245 48dfa1d Thanks @​christian-bromann! - fix(agents): propagate structured output retry Command through wrapModelCall middleware

• #10243 96c630d Thanks @​hntrl! - fix: add explicit : symbol type annotations to Symbol.for() declarations for cross-version compatibility

  TypeScript infers unique symbol type when Symbol.for() is used without an explicit type annotation, causing type incompatibility when multiple versions of the same package are present in a dependency tree. By adding explicit : symbol annotations, all declarations now use the general symbol type, making them compatible across versions while maintaining identical runtime behavior.

  Changes:

  • Added : symbol to MESSAGE_SYMBOL in messages/base.ts
  • Added : symbol to MIDDLEWARE_BRAND in agents/middleware/types.ts (also changed from Symbol() to Symbol.for() for cross-realm compatibility)

• #10252 0bf01a2 Thanks @​colifran! - feat: implement standard schema support for structured output

• Updated dependencies [96c630d, a8b9ccc, a1f22bb]:

  • @​langchain/core@​1.1.30

langchain@1.2.28

Patch Changes

• #10169 3b1fd54 Thanks @​hntrl! - fix(core, langchain): bump uuid dependency from ^10.0.0 to ^11.0.0 to fix Metro bundler error

  The uuid v10 package has ambiguous exports in its package.json which causes Metro (used by Expo/React Native) to resolve the wrong entry point, resulting in Cannot read properties of undefined (reading 'v1'). The uuid v11 package fixes its exports map to work correctly with Metro's package exports resolution.

... (truncated)

Commits

• b5b1eec chore: version packages (#10273)
• 59aed4c chore: fix dependabot config (#10346)
• 08ee4c6 chore: reorganize community packages into libs/community/ (#10324)
• b7f63ea chore: replace claude 3 haiku with claude haiku 4.5 in tests (#10322)
• d6535ca chore(deps): patch CVE-2025-68665 — override langchain to workspace version (...
• 8740fe4 chore: update changeset (#10344)
• baedc05 fix: bump underscore to resolve CVE-2026-27601 (#10336)
• 2418c6f fix: bump tar override to >=7.5.11 to resolve CVE-2026-29786, CVE-2026-31802 ...
• c8c5840 Fix optional chaining for candidateContent in reduce (#10319)
• bb00b82 chore: bump simple-git to fix CVE-2026-28292 (#10331)
• Additional commits viewable in compare view

Updates @langchain/anthropic from 1.3.18 to 1.3.23

Release notes

Sourced from @​langchain/anthropic's releases.

@​langchain/anthropic@​1.3.23

Patch Changes

• #10250 8252619 Thanks @​JadenKim-dev! - fix(anthropic): prevent cache token double-counting in streaming

• Updated dependencies [26488b5, ca826f6, a602c42, db7d017]:

  • @​langchain/core@​1.1.32

@​langchain/anthropic@​1.3.22

Patch Changes

• #10207 acab2f7 Thanks @​colifran! - feat(anthropic): implement standard schema support for structured output

• Updated dependencies [96c630d, a8b9ccc, a1f22bb]:

  • @​langchain/core@​1.1.30

@​langchain/anthropic@​1.3.21

Patch Changes

• #10106 9f30267 Thanks @​hntrl! - Add package version metadata to runnable traces. Each package now stamps its version in this.metadata.versions at construction time, making version info available in LangSmith trace metadata.

• #10166 e9c41f0 Thanks @​kanweiwei! - fix(anthropic): only set topP when defined to avoid API error

• Updated dependencies [9f30267, 403a99f, 3b1fd54, 77bd982]:

  • @​langchain/core@​1.1.29

@​langchain/anthropic@​1.3.20

Patch Changes

• #10117 66df7fa Thanks @​hntrl! - fix(anthropic): convert tool_calls to tool_use blocks when AIMessage content is an empty array

  When AIMessage.content was an empty array [] with tool_calls present, the tool calls were silently dropped during message formatting. This caused Anthropic API requests to fail with a 400 error. The array content branch now appends any tool_calls not already represented in the content array as tool_use blocks, matching the behavior of the string content path.

• #10108 e7576ee Thanks @​hntrl! - fix: replace retired Anthropic model IDs with active replacements

  • Update default model in ChatAnthropic from claude-3-5-sonnet-latest to claude-sonnet-4-5-20250929
  • Regenerate model profiles with latest data from models.dev API
  • Replace retired claude-3-5-haiku-20241022, claude-3-7-sonnet-20250219, claude-3-5-sonnet-20240620, and claude-3-5-sonnet-20241022 in tests, docstrings, and examples

Commits

• b5b1eec chore: version packages (#10273)
• 59aed4c chore: fix dependabot config (#10346)
• 08ee4c6 chore: reorganize community packages into libs/community/ (#10324)
• b7f63ea chore: replace claude 3 haiku with claude haiku 4.5 in tests (#10322)
• d6535ca chore(deps): patch CVE-2025-68665 — override langchain to workspace version (...
• 8740fe4 chore: update changeset (#10344)
• baedc05 fix: bump underscore to resolve CVE-2026-27601 (#10336)
• 2418c6f fix: bump tar override to >=7.5.11 to resolve CVE-2026-29786, CVE-2026-31802 ...
• c8c5840 Fix optional chaining for candidateContent in reduce (#10319)
• bb00b82 chore: bump simple-git to fix CVE-2026-28292 (#10331)
• Additional commits viewable in compare view

Updates @langchain/openai from 1.2.7 to 1.2.13

Release notes

Sourced from @​langchain/openai's releases.

@​langchain/openai@​1.2.13

Patch Changes

• #10311 aacbe87 Thanks @​christian-bromann! - fix(openai): add gpt-5.4 to profiles

• Updated dependencies [26488b5, ca826f6, a602c42, db7d017]:

  • @​langchain/core@​1.1.32

@​langchain/openai@​1.2.12

Patch Changes

• #10205 3682a8d Thanks @​colifran! - feat(openai): add standard schema support for structured output

• Updated dependencies [96c630d, a8b9ccc, a1f22bb]:

  • @​langchain/core@​1.1.30

@​langchain/openai@​1.2.11

Patch Changes

• #10106 9f30267 Thanks @​hntrl! - Add package version metadata to runnable traces. Each package now stamps its version in this.metadata.versions at construction time, making version info available in LangSmith trace metadata.

• #10151 f298a9b Thanks @​hntrl! - Bump openai SDK to ^6.24.0, fix ChatCompletionTool type narrowing for new union type, add file input converter tests for newly supported document types (docx, pptx, xlsx, csv)

• Updated dependencies [9f30267, 403a99f, 3b1fd54, 77bd982]:

  • @​langchain/core@​1.1.29

@​langchain/openai@​1.2.10

Patch Changes

• #10143 62ba83e Thanks @​topliceanurazvan! - fix(openai): emit handleLLMNewToken callback for usage chunk in Completions API streaming

  The final usage chunk in _streamResponseChunks was only yielded via the async generator but did not call runManager.handleLLMNewToken(). This meant callback-based consumers (e.g. LangGraph's StreamMessagesHandler) never received the usage_metadata chunk. Added the missing handleLLMNewToken call to match the behavior of the main streaming loop.

• Updated dependencies [10a876c, b46d96a]:

  • @​langchain/core@​1.1.28

@​langchain/openai@​1.2.8

Patch Changes

• #10077 05396f7 Thanks @​christian-bromann! - feat(core): add ContextOverflowError, raise in anthropic and openai

• #10081 5a6f26b Thanks @​hntrl! - feat(core): add namespace-based symbol branding for error class hierarchies

  Introduces createNamespace utility for hierarchical symbol-based branding of class hierarchies. All LangChain error classes now use this pattern, replacing hand-rolled duck-type isInstance checks with reliable cross-realm Symbol.for-based identity.

  • New LangChainError base class that all LangChain errors extend
  • New createNamespace / Namespace API in @langchain/core/utils/namespace
  • Refactored ModelAbortError, ContextOverflowError to use namespace branding

... (truncated)

Commits

• b5b1eec chore: version packages (#10273)
• 59aed4c chore: fix dependabot config (#10346)
• 08ee4c6 chore: reorganize community packages into libs/community/ (#10324)
• b7f63ea chore: replace claude 3 haiku with claude haiku 4.5 in tests (#10322)
• d6535ca chore(deps): patch CVE-2025-68665 — override langchain to workspace version (...
• 8740fe4 chore: update changeset (#10344)
• baedc05 fix: bump underscore to resolve CVE-2026-27601 (#10336)
• 2418c6f fix: bump tar override to >=7.5.11 to resolve CVE-2026-29786, CVE-2026-31802 ...
• c8c5840 Fix optional chaining for candidateContent in reduce (#10319)
• bb00b82 chore: bump simple-git to fix CVE-2026-28292 (#10331)
• Additional commits viewable in compare view

Updates langsmith from 0.5.4 to 0.5.9

Commits

• See full diff in compare view

Updates modal from 0.7.1 to 0.7.2

Changelog

Sourced from modal's changelog.

modal-js/v0.7.2, modal-go/v0.7.2

• Updated Sandbox methods to wait for newly created sandboxes to be ready and not error immediately when it's not avaliable yet.
• Fixed a bug in modal-js so that canceling sandbox.stdout or sandbox.stderr cleans up background resources.
• Updated Sandbox (JS) to raise a better error when the sandbox was terminated.

Commits

• f94cf9c [RELEASE] Prepare release for modal-js/v0.7.2, modal-go/v0.7.2 (#289)
• 1e2fe92 Fix error message when Sandbox already completed (#288)
• 3e555b7 Refresh auth just-in-time instead of in the background (#287)
• 3bb22b7 Add polling to getTaskId in Go and JS (#286)
• cf94e8d Fix stdout.cancel() not stopping polling with empty batches (#280)
• ea37d60 Update directory snapshot examples (#285)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[changeset-bot]

⚠️ No Changeset found

Latest commit: cc9380e

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR