Bump langsmith, @langchain/langgraph and @langchain/openai in /samples/nodejs/langchain-multiturn

[dependabot]

Bumps langsmith to 0.5.20 and updates ancestor dependencies langsmith, @langchain/langgraph and @langchain/openai. These dependencies need to be updated together.

Updates langsmith from 0.3.67 to 0.5.20

Release notes

Sourced from langsmith's releases.

v0.5.2

What's Changed

• feat(js): Add support for tracing AI SDK 6 by @​jacoblee93 in langchain-ai/langsmith-sdk#2237
• fix(js): Remove default Jestlike timeout by @​jacoblee93 in langchain-ai/langsmith-sdk#2243
• feat(js): Add support for tracing tool loop agent by @​jacoblee93 in langchain-ai/langsmith-sdk#2244
• feat: Replace UUID5 with deterministic UUID7 for replicas by @​angus-langchain in langchain-ai/langsmith-sdk#2249
• feat: add prompt caching to python sdk by @​langchain-infra in langchain-ai/langsmith-sdk#2246
• feat: add js prompt caching by @​langchain-infra in langchain-ai/langsmith-sdk#2251
• fix(claude): correctly parse llm and tool inputs in claude agent sdk by @​angus-langchain in langchain-ai/langsmith-sdk#2255
• bump(python): 0.5.2 by @​angus-langchain in langchain-ai/langsmith-sdk#2256

Full Changelog: langchain-ai/langsmith-sdk@v0.5.1...v0.5.2

v0.5.1

What's Changed

• feat(openai): Add use responses API to OpenAI wrapper by @​jacoblee93 in langchain-ai/langsmith-sdk#2218
• chore(py): Fix Python integration tests by @​jacoblee93 in langchain-ai/langsmith-sdk#2219
• feat(js): Add invocation param tracing for OpenAI responses wrapper in JS by @​jacoblee93 in langchain-ai/langsmith-sdk#2220
• Ignore empty string by @​hinthornw in langchain-ai/langsmith-sdk#2225
• remove duplicate patch from claude agent sdk by @​angus-langchain in langchain-ai/langsmith-sdk#2189
• fix(js): Fix JS Memory Leak clean child_runs by @​amodelaweb in langchain-ai/langsmith-sdk#2228
• fix(js): Make traced async iterators call finally on success by @​jacoblee93 in langchain-ai/langsmith-sdk#2230
• release(js): 0.4.1 by @​jacoblee93 in langchain-ai/langsmith-sdk#2231
• fix(js): Avoid waiting for child runs to complete if parent throws an error by @​jacoblee93 in langchain-ai/langsmith-sdk#2232
• release(js): 0.4.2 by @​jacoblee93 in langchain-ai/langsmith-sdk#2233
• fix(js): Remove unnecessary promise skip on error by @​jacoblee93 in langchain-ai/langsmith-sdk#2234
• Fix timestamp ordering violation in RunTree.create_child by @​loganrosen in langchain-ai/langsmith-sdk#2240
• fix(python): pull prompt for newer langchain_core by @​eyurtsev in langchain-ai/langsmith-sdk#2239

New Contributors

• @​amodelaweb made their first contribution in langchain-ai/langsmith-sdk#2228
• @​loganrosen made their first contribution in langchain-ai/langsmith-sdk#2240

Full Changelog: langchain-ai/langsmith-sdk@v0.5.0...v0.5.1

v0.5.0

What's Changed

• feat(py,js): Python 0.5, JS 0.4 by @​jacoblee93 in langchain-ai/langsmith-sdk#2182
• js: Ensures parent traceables always finish after children in langchain-ai/langsmith-sdk#2094
• py: Make evaluator target function traces only trace inputs instead of nested inputs outputs reference_outputs (BREAKING) in langchain-ai/langsmith-sdk#2074
• py,js: Change default ingest to multipart instead of single run (BREAKING) in langchain-ai/langsmith-sdk#2206
• js: Omit raw HTTP info when tracing AI SDK runs (BREAKING) in langchain-ai/langsmith-sdk#2207
• py,js: Remove legacy evaluators (BREAKING) in langchain-ai/langsmith-sdk#2144
• js: Remove legacy AI SDK exporter and wrapAIModel (BREAKING) in langchain-ai/langsmith-sdk#2210
• js: Make traceables that receive iterables as inputs use a single POST instead of the typical POST + PATCH flow in langchain-ai/langsmith-sdk#2209
• release(js): 0.4.0 by @​jacoblee93 in langchain-ai/langsmith-sdk#2216
• release(py): 0.5.0 by @​jacoblee93 in langchain-ai/langsmith-sdk#2217

... (truncated)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for langsmith since your current version.

Install script changes

This version modifies prepublish script that runs during installation. Review the package contents before updating.

Updates @langchain/langgraph from 0.3.12 to 1.2.8

Release notes

Sourced from @​langchain/langgraph's releases.

@​langchain/langgraph@​1.2.8

Patch Changes

• #2275 e42c2c8 Thanks @​open-swe! - enhance runtime with executionInfo and serverInfo

@​langchain/langgraph@​1.2.7

Patch Changes

• #2281 2b62610 Thanks @​christian-bromann! - feat(sdk): support for headless tools

@​langchain/langgraph@​1.2.6

Patch Changes

• #2241 6ee23e8 Thanks @​pawel-twardziak! - feat: add browser support for interrupt, writer, and other Node-only exports

  Export interrupt, writer, pushMessage, getStore, getWriter, getConfig, getPreviousState, getCurrentTaskInput from web.ts and add a "browser" condition to the "." package export so browser bundlers resolve to web.js instead of pulling in node:async_hooks.

• #2245 77af976 Thanks @​hntrl! - revert abort signal change that was causing problematic errors

• #2242 bdcf290 Thanks @​hntrl! - clean up resolved checkpointer promises to reduce memory retention

• Updated dependencies [88726df, 7dfcbff]:

  • @​langchain/langgraph-sdk@​1.8.1

@​langchain/langgraph@​1.2.5

Patch Changes

• #2213 a09932a Thanks @​hntrl! - fix(core): prevent AbortSignal listener leak in stream() and streamEvents()

  Pregel.stream() and streamEvents() called combineAbortSignals() but discarded the dispose function, leaking one abort listener on the caller's signal per invocation. Over many invocations this caused unbounded memory growth as each leaked listener retained references to its associated graph execution state.

  • Use AbortSignal.any() on Node 20+ which handles listener lifecycle automatically via GC
  • Fall back to manual listener management on Node 18, with proper dispose() called when the stream completes or is cancelled

• #2210 4d2e948 Thanks @​jackjin1997! - Fix AnyValue.update() returning false instead of true when values are received, aligning with all other channel implementations.

• Updated dependencies [414a7ad]:

  • @​langchain/langgraph-sdk@​1.8.0

@​langchain/langgraph@​1.2.4

Patch Changes

• fe4dd5b Thanks @​christian-bromann! - fix(sdk): fetch subagent history

• Updated dependencies [fe4dd5b, fe4dd5b, fe4dd5b]:

  • @​langchain/langgraph-sdk@​1.7.5

@​langchain/langgraph@​1.2.3

Patch Changes

... (truncated)

Changelog

Sourced from @​langchain/langgraph's changelog.

1.2.8

Patch Changes

• #2275 e42c2c8 Thanks @​open-swe! - enhance runtime with executionInfo and serverInfo

1.2.7

Patch Changes

• #2281 2b62610 Thanks @​christian-bromann! - feat(sdk): support for headless tools

1.2.6

Patch Changes

• #2241 6ee23e8 Thanks @​pawel-twardziak! - feat: add browser support for interrupt, writer, and other Node-only exports

  Export interrupt, writer, pushMessage, getStore, getWriter, getConfig, getPreviousState, getCurrentTaskInput from web.ts and add a "browser" condition to the "." package export so browser bundlers resolve to web.js instead of pulling in node:async_hooks.

• #2245 77af976 Thanks @​hntrl! - revert abort signal change that was causing problematic errors

• #2242 bdcf290 Thanks @​hntrl! - clean up resolved checkpointer promises to reduce memory retention

• Updated dependencies [88726df, 7dfcbff]:

  • @​langchain/langgraph-sdk@​1.8.1

1.2.5

Patch Changes

• #2213 a09932a Thanks @​hntrl! - fix(core): prevent AbortSignal listener leak in stream() and streamEvents()

  Pregel.stream() and streamEvents() called combineAbortSignals() but discarded the dispose function, leaking one abort listener on the caller's signal per invocation. Over many invocations this caused unbounded memory growth as each leaked listener retained references to its associated graph execution state.

  • Use AbortSignal.any() on Node 20+ which handles listener lifecycle automatically via GC
  • Fall back to manual listener management on Node 18, with proper dispose() called when the stream completes or is cancelled

• #2210 4d2e948 Thanks @​jackjin1997! - Fix AnyValue.update() returning false instead of true when values are received, aligning with all other channel implementations.

• Updated dependencies [414a7ad]:

  • @​langchain/langgraph-sdk@​1.8.0

1.2.4

Patch Changes

• fe4dd5b Thanks @​christian-bromann! - fix(sdk): fetch subagent history

• Updated dependencies [fe4dd5b, fe4dd5b, fe4dd5b]:

... (truncated)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​langchain/langgraph since your current version.

Install script changes

This version adds prepublish script that runs during installation. Review the package contents before updating.

Updates @langchain/openai from 0.5.18 to 1.4.4

Release notes

Sourced from @​langchain/openai's releases.

@​langchain/openai@​1.4.4

Patch Changes

• #10681 2301260 Thanks @​hntrl! - fix(openai): add index to streaming reasoning content blocks for proper chunk merging

@​langchain/openai@​1.4.3

Patch Changes

• #10670 6b8ef6c Thanks @​christian-bromann! - fix(openai): preserve plain string responses content

@​langchain/openai@​1.4.2

Patch Changes

• #10614 d6bf4fc Thanks @​colifran! - feat(openai): imput placeholder filenames for openai file inputs

• Updated dependencies [d3d0922]:

  • @​langchain/core@​1.1.39

@​langchain/openai@​1.4.1

Patch Changes

• #10551 9270c48 Thanks @​muhammadosama984! - fix(openai): preserve reasoning_content in ChatOpenAICompletions

• Updated dependencies [589ab9b]:

  • @​langchain/core@​1.1.38

@​langchain/openai@​1.4.0

Minor Changes

• #10509 5552999 Thanks @​hntrl! - feat(openai): add support for phase parameter on Responses API messages
  • Extract phase from message output items and surface it on text content blocks
  • Support phase in streaming via response.output_item.added events
  • Round-trip phase through both raw provider and standard content paths
  • Move phase into extras dict in the core standard content translator

Patch Changes

• Updated dependencies [6933769, 50d5f32, 5552999, 8331833]:
  • @​langchain/core@​1.1.37

@​langchain/openai@​1.3.1

Patch Changes

• #10481 478652c Thanks @​hnustwjj! - fix(openai): detect DeepSeek context overflow errors as ContextOverflowError

  DeepSeek returns maximum context length in 400 error messages when the context limit is exceeded. These are now recognized by wrapOpenAIClientError, so downstream code (e.g. summarization middleware fallback) can handle them correctly.

• #10507 52e501b Thanks @​App-arently! - fix(openai): guard JSON.parse in streaming json_schema when text is empty

• Updated dependencies [bbbfea1]:

... (truncated)

Commits

• e5b6e1c chore: version packages (#10682)
• 2301260 fix(openai): add index to streaming reasoning content blocks for proper chunk...
• 9a65edf chore: version packages (#10671)
• f069365 chore(langchain): bump langgraph (#10673)
• 6b8ef6c fix(openai): preserve plain string responses content (#10670)
• 80561a0 chore: remove community package, relocate providers (#10667)
• f09cb65 fix: patch 10 critical+high security alerts (#10557)
• 47cc3ec fix: patch 16 security alerts (all severities) (#10663)
• daece6d chore: version packages (#10560)
• 9781bff fix(google): align ChatGoogle mediaResolution with Gemini scalar type (#10550)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​langchain/openai since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[MattB-msft]

@dependabot rebase

[dependabot]

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[MattB-msft]

@dependabot recreate

[dependabot]

The dependabot.yml entry that created this PR has been deleted so this PR can't be recreated. Please close the PR so Dependabot can create a new one with the current dependabot.yml.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.