Bump the python-requirements group in /src with 4 updates

[dependabot]

Bumps the python-requirements group in /src with 4 updates: langchain, langchain-openai, ruff and mypy.

Updates langchain from 1.2.7 to 1.2.15

Release notes

Sourced from langchain's releases.

langchain-core==1.2.15

Changes since langchain-core==1.2.14

fix(core): improve error message for non-JSON-serializable tool schemas (#34376) fix(core): improve typing/docs for on_chat_model_start to clarify required positional args (#35324) perf(core): defer specific langsmith imports to reduce import time (#35298) revert: add ChatAnthropicBedrockWrapper (#35371) release(core): 1.2.15 (#35367) fix(anthropic): replace retired model IDs in tests and docstrings (#35365) feat(anthropic): add ChatAnthropicBedrock wrapper (#35091) style: fix some ruff noqa (#35321)

langchain==1.2.15

Changes since langchain==1.2.14

release: langchain v1.2.15 (#36496) chore: bump aiohttp from 3.13.3 to 3.13.4 in /libs/langchain_v1 (#36438)

langchain-core==1.2.14

Changes since langchain-core==1.2.13

release(core): 1.2.14 (#35328) chore(core): remove langserve from sys info util, add deepagents (#35325) fix(core): fix merge_lists incorrectly merging parallel tool calls (#35281) fix(core): accept int temperature in _get_ls_params for LangSmith tracing (#35302) revert: accept integer temperature values in _get_ls_params (#35319) fix(core): accept integer temperature values in _get_ls_params (#35317) docs(core): update load note to be precise (#35309) fix(core): prevent recursion error when args_schema is dict (#35260) fix(core): preserve index and timestamp fields when merging (#34731) docs(core): add security warnings and best practices for deserialization (#35282) docs: fix docstring inaccuracies and update outdated LangSmith URLs (#35283) fix(core): correct misleading jinja2 sandboxing comment (#35183) chore: bump the langchain-deps group across 3 directories with 8 updates (#35257)

langchain==1.2.14

Changes since langchain==1.2.13

release(langchain): 1.2.14 (#36396) chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385) test(langchain): cover runtime recursion limit override in create_agent (#36376) perf(langchain): reduce init speed by 15% (#36375) fix(langchain): update recursion limit for create_agent (#36351) fix(infra): correct lint_diff relative paths in package makefiles (#36333) chore: bump cryptography from 46.0.5 to 46.0.6 in /libs/langchain_v1 (#36324) fix(langchain): recognize ChatAnthropicVertex in _get_approximate_token_counter (#36320) chore(langchain): remove unnecessary description for toods list as a group (#36315) chore(langchain): add async implementation to todolist and test (#36313) chore(langchain): speed up todo list middleware init (#36311) chore: bump requests from 2.32.5 to 2.33.0 in /libs/langchain_v1 (#36241)

... (truncated)

Commits

• dd63731 release: langchain v1.2.15 (#36496)
• d1529dd fix(core): correct parameter names in filter_messages docstring example (#36462)
• e89afed release(core): 1.2.25 (#36473)
• 0b5f2c0 fix(core): harden check for txt files in deprecated prompt loading functions ...
• c9f51ae fix(core): fixed typos in the documentation (#36459)
• cd394b7 chore(model-profiles): refresh model profile data (#36455)
• 34c4a2a chore: bump aiohttp from 3.13.3 to 3.13.4 in /libs/partners/huggingface (#36436)
• 914cef0 chore: bump aiohttp from 3.13.3 to 3.13.4 in /libs/partners/xai (#36435)
• 66ad4f7 chore: bump aiohttp from 3.13.3 to 3.13.4 in /libs/langchain (#36439)
• 8fb12b8 chore: bump aiohttp from 3.13.3 to 3.13.4 in /libs/partners/fireworks (#36437)
• Additional commits viewable in compare view

Updates langchain-openai from 1.1.7 to 1.1.14

Release notes

Sourced from langchain-openai's releases.

langchain-openai==1.1.14

Changes since langchain-openai==1.1.13

release(openai): 1.1.14 (#36820) fix(openai): use SSRF-safe transport for image token counting (#36819) chore(deps): bump pytest to 9.0.3 (#36801) chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/partners/openai (#36795) chore: bump pillow from 12.1.1 to 12.2.0 in /libs/partners/openai (#36777)

langchain-openai==1.1.13

Changes since langchain-openai==1.1.12

release(openai): 1.1.13 (#36729) fix(openai): handle content blocks without type key in responses api conversion (#36725) chore(model-profiles): refresh model profile data (#36539) chore(openai): fix broken vcr cassette playback and add ci guard (#36502) fix(openai,groq,openrouter): use is-not-None checks in usage metadata token extraction (#36500) fix(core): fixed typos in the documentation (#36459) chore(model-profiles): refresh model profile data (#36455) feat(core): impute placeholder filenames for OpenAI file inputs (#36433) chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385) chore(model-profiles): refresh model profile data (#36368) fix(openai): update computer call test (#36352) fix(openai): let user-provided User-Agent override the Azure default (#35523) chore: bump requests from 2.32.5 to 2.33.0 in /libs/partners/openai (#36248)

langchain-openai==1.1.12

Changes since langchain-openai==1.1.11

fix(openai): bump min core version (#36180) release(openai): 1.1.12 (#36178) fix(core,model-profiles): add missing ModelProfile fields, warn on schema drift (#36129) fix(openai): support phase parameter (#36161) fix(openai): preserve namespace field in streaming function_call chunks (#36108) ci: suppress pytest streaming output in CI (#36092) ci: avoid unnecessary dep installs in lint targets (#36046) chore(model-profiles): refresh model profile data (#36039) chore: bump orjson from 3.11.5 to 3.11.6 in /libs/partners/openai (#35860) fix(openai): add type: message to Responses API input items (#35693) perf(.github): set a timeout on get min versions HTTP calls (#35851) feat(model-profiles): new fields + Makefile target (#35788) fix(openai): close PIL Image handles in token counting to prevent fd leak (#35742) fix(openai): typo (#35763) chore(model-profiles): refresh model profile data (#35754)

langchain-openai==1.1.11

Changes since langchain-openai==1.1.10

fix(openai): bump min core version (#35705) release(openai): 1.1.11 (#35703)

... (truncated)

Commits

• b7447c6 fix(infra): skip serdes tests in min-version release step (#36818)
• 41c0cc5 release(openai): 1.1.14 (#36820)
• 0516156 fix(openai): use SSRF-safe transport for image token counting (#36819)
• 338aa81 fix(core): restore cloud metadata IPs and link-local range in SSRF policy (#3...
• 51e9548 chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (#36797)
• e85c418 chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/model-profiles (#36798)
• 789126e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/standard-tests (#36799)
• 937b3eb chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/langchain_v1 (#36800)
• a06c205 ci(infra): validate issue checkboxes by section (#36811)
• aa33b06 fix(langchain-classic): suppress mypy errors in compat code (#36806)
• Additional commits viewable in compare view

Updates ruff from 0.15.10 to 0.15.11

Release notes

Sourced from ruff's releases.

0.15.11

Release Notes

Released on 2026-04-16.

Preview features

• [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
• [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
• [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

Bug fixes

• [flake8-async] Omit overridden methods for ASYNC109 (#24648)

Documentation

• [flake8-async] Add override mention to ASYNC109 docs (#24666)
• Update Neovim config examples to use vim.lsp.config (#24577)

Contributors

• @​augustelalande
• @​anishgirianish
• @​benberryallwood
• @​charliermarsh
• @​Dev-iL

Install ruff 0.15.11

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.ps1 | iex"

Download ruff 0.15.11

File	Platform	Checksum
ruff-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
ruff-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
ruff-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
ruff-i686-pc-windows-msvc.zip	x86 Windows	checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.11

Released on 2026-04-16.

Preview features

• [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
• [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
• [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

Bug fixes

• [flake8-async] Omit overridden methods for ASYNC109 (#24648)

Documentation

• [flake8-async] Add override mention to ASYNC109 docs (#24666)
• Update Neovim config examples to use vim.lsp.config (#24577)

Contributors

• @​augustelalande
• @​anishgirianish
• @​benberryallwood
• @​charliermarsh
• @​Dev-iL

Commits

• 53554b1 Bump 0.15.11 (#24678)
• 08c56c8 Factor out the mdtest crate (#24616)
• 725fbb7 [ty] Use partially qualified names when reporting diagnostics regarding bad c...
• ddd6a30 [ty] Do not suggest argument completion when at value of keyword argument (#2...
• 9282e61 Disallow @​disjoint_base on TypedDicts and Protocols (#24671)
• e9986d8 [ty] Reject using properties with Never setters or deleters (#24510)
• 9cf212f [ty] Normalize property setter and deleter wrappers (#24509)
• 12a1589 Add override mention to ASYNC109 docs (#24666)
• dccb03d [ty] Avoid panicking on overloaded Callable type context (#24661)
• 61f9a0a [ty] Sync vendored typeshed stubs (#24646)
• Additional commits viewable in compare view

Updates mypy from 1.20.0 to 1.20.1

Changelog

Sourced from mypy's changelog.

Mypy 1.20.1

• Always disable sync in SQLite cache (Ivan Levkivskyi, PR 21184)
• Temporarily skip few base64 tests (Ivan Levkivskyi, PR 21193)
• Revert dict.__or__ typeshed change (Ivan Levkivskyi, PR 21186)
• Fix narrowing for match case with variadic tuples (Shantanu, PR 21192)
• Avoid narrowing type[T] in type calls (Shantanu, PR 21174)
• Fix regression for catching empty tuple in except (Shantanu, PR 21153)
• Fix reachability for frozenset and dict view narrowing (Shantanu, PR 21151)
• Fix narrowing with chained comparison (Shantanu, PR 21150)
• Avoid narrowing to unreachable at module level (Shantanu, PR 21144)
• Allow dangerous identity comparisons to Any typed variables (Shantanu, PR 21142)
• --warn-unused-config should not be a strict flag (Ivan Levkivskyi, PR 21139)

Mypy 1.20.2

• Use WAL with SQLite cache and fix close (Shantanu, PR 21154)
• Adjust SQLite journal mode (Ivan Levkivskyi, PR 21217)
• Correctly aggregate narrowing information on parent expressions (Shantanu, PR 21206)
• Fix regression related to generic callables (Shantanu, PR 21208)
• Fix regression by avoiding widening types in some contexts (Shantanu, PR 21242)
• Fix slicing in non-strict optional mode (Shantanu, PR 21282)
• mypyc: Fix match statement semantics for "or" pattern (Shantanu, PR 21156)
• mypyc: Fix issue with module dunder attributes (Piotr Sawicki, PR 21275)
• Initial support for Python 3.15.0a8 (Marc Mueller, PR 21255)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

• A5rocks
• Aaron Wieczorek
• Adam Turner
• Ali Hamdan
• asce
• BobTheBuidler
• Brent Westbrook
• Brian Schubert
• bzoracler
• Chris Burroughs
• Christoph Tyralla
• Colin Watson
• Donghoon Nam
• E. M. Bray
• Emma Smith
• Ethan Sarp
• George Ogden
• getzze
• grayjk
• Gregor Riepl
• Ivan Levkivskyi

... (truncated)

Commits

• c60e8bf Bump version to 1.20.1
• 842e492 Always disable sync in SQLite cache (#21184)
• e82a046 Temporarily skip few base64 tests (#21193)
• f7fa418 Revert dict.or typeshed change (#21186)
• a2e8ee1 Fix narrowing for match case with variadic tuples (#21192)
• 521f88f Avoid narrowing type[T] in type calls (#21174)
• a4876e9 Fix regression for catching empty tuple in except (#21153)
• 6fccffc Fix reachability for frozenset and dict view narrowing (#21151)
• de50419 Fix narrowing with chained comparison (#21150)
• eafcf18 Avoid narrowing to unreachable at module level (#21144)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions