chore(deps): bump @langchain/community and langchain #930
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
dependabot
bot
added
the
dependencies
WalkthroughThe pull request modifies the Changes
Possibly related PRs
Poem
🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/multi-5a5a190d2b
branch
from
dbd5b55
to
4e8c2fc
Compare
Removes [@langchain/community](https://github.com/langchain-ai/langchainjs). It's no longer used after updating ancestor dependency [langchain](https://github.com/langchain-ai/langchainjs). These dependencies need to be updated together. Removes `@langchain/community` Updates `langchain` from 0.1.32 to 0.3.5 - [Release notes](https://github.com/langchain-ai/langchainjs/releases) - [Changelog](https://github.com/langchain-ai/langchainjs/blob/main/release_workspace.js) - [Commits](langchain-ai/langchainjs@0.1.32...0.3.5) --- updated-dependencies: - dependency-name: "@langchain/community" dependency-type: indirect - dependency-name: langchain dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/multi-5a5a190d2b
branch
from
4e8c2fc
to
6c05632
Compare
|
@coderabbitai review |
✅ Actions performedReview triggered.
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
⛔ Files ignored due to path filters (1)
package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (1)
package.json(1 hunks)
🔇 Additional comments (1)
package.json (1)
49-49: Consider updating @langchain/core override.
The overrides section pins @langchain/core to ~0.2.12. Verify if this version is compatible with langchain 0.3.5 to avoid potential version conflicts.
#!/bin/bash
# Description: Check compatibility between langchain and @langchain/core versions
# Test: Check if langchain 0.3.5 specifies a dependency on @langchain/core
npm info "[email protected]" dependencies| @@ -46,7 +46,7 @@ | |||
| "electron-builder": "^25.0.5", | |||
| "jszip": "^3.10.1", | |||
| "katex": "^0.16.11", | |||
| "langchain": "^0.1.32", | |||
| "langchain": "^0.3.5", | |||
There was a problem hiding this comment.
💡 Codebase verification
Update @langchain/core override to meet peer dependency requirements
The langchain 0.3.5 upgrade requires @langchain/core >=0.2.21 but the current override pins it to ~0.2.12, which is incompatible. Please:
- Update the @langchain/core override to "~0.2.21" or higher
- Consider using "^0.2.21" instead of tilde range to allow compatible minor version updates within the <0.4.0 constraint
🔗 Analysis chain
Verify compatibility with other @langchain packages.
The major version jump from 0.1.32 to 0.3.5 suggests breaking changes. Please ensure compatibility with the following dependencies:
- @langchain/anthropic: ^0.2.3
- @langchain/cohere: ^0.0.11
- @langchain/google-genai: ^0.0.21
- @langchain/groq: ^0.1.2
- @langchain/openai: ^0.2.1
Let me generate one more verification script to check the current @langchain/core version constraint in package.json since it's a critical peer dependency.
The results will help verify if the current @langchain/core version meets the peer dependency requirement of langchain 0.3.5 (>=0.2.21 <0.4.0).
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Check for potential compatibility issues in the dependency tree
# Test 1: Check if there are any peer dependency warnings for langchain
npm info "[email protected]" peerDependencies
# Test 2: Check if any @langchain/* packages specify langchain as a peer dependency
for pkg in "@langchain/[email protected]" "@langchain/[email protected]" "@langchain/[email protected]" "@langchain/[email protected]" "@langchain/[email protected]"; do
echo "Checking $pkg..."
npm info "$pkg" peerDependencies
done
Length of output: 2116
Script:
#!/bin/bash
# Check current @langchain/core version constraints in package.json
rg "@langchain/core" package.json -A 1 -B 1
Length of output: 135
Removes @langchain/community. It's no longer used after updating ancestor dependency langchain. These dependencies need to be updated together.
Removes
@langchain/communityUpdates
langchainfrom 0.1.32 to 0.3.5Release notes
Sourced from langchain's releases.
... (truncated)
Commits
afdad9dRelease 0.3.5 (#7088)b5b1920feat(google-genai): Release 0.1.1 (#7087)b62c408fix(google-genai): Type error parsing api res (#7086)14be264fix(langchain): Fix withConfig with universal chat model (#7085)34ae98efeat(anthropic): Release 0.3.6 (#7084)49acaecfix: Commit yarn.lock (#7083)203c295fix(anthropic): Release 0.3.6-rc.0 (#7082)660edbdfix(anthropic): Fixed streaming tool calls with Anthropic (#7081)f75e99bchore(community): Release 0.3.10 (#7073)c214740chore(community): Bump langchain dep within community (#7071)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.
Summary by CodeRabbit
New Features
langchainpackage to version^0.3.5, potentially introducing new features and improvements.Bug Fixes