Bump the pip group across 6 directories with 14 updates

[dependabot]

Bumps the pip group with 1 update in the /community/routing-multisource-rag directory: chainlit.
Bumps the pip group with 3 updates in the /nemo/retriever-synthetic-data-generation directory: tqdm, transformers and nltk.
Bumps the pip group with 3 updates in the /industries/healthcare/medical-device-training-assistant/src/rag_playground directory: gradio, jinja2 and protobuf.
Bumps the pip group with 5 updates in the /industries/healthcare/medical-device-training-assistant/src/chain_server directory:

Package	From	To
python-multipart	0.0.9	0.0.18
langchain-community	0.3.14	0.3.27
langchain-core	0.3.29	0.3.81
llama-index-core	0.12.10	0.13.0
opencv-python	4.8.0.74	4.8.1.78

Bumps the pip group with 2 updates in the /industries/healthcare/medical-device-training-assistant/evaluation directory: langchain and langchain-core.
Bumps the pip group with 4 updates in the /community/rag-developer-chatbot/notebooks directory: gradio, langchain, langchain-community and jupyterlab.

Updates chainlit from 1.2.0 to 2.9.4

Release notes

Sourced from chainlit's releases.

2.9.4

What's Changed

⚠️ This release contains:

• Breaking change, if you use persistence: you need to run ALTER TABLE steps ADD COLUMN IF NOT EXISTS modes JSONB; to migrate
• Security vulnerability fix

Added

• Added an icon for shared threads by @​Allaoua9 in Chainlit/chainlit#2715
• New option to allow disabling auto-scroll of assistant messages by @​jfperusse in Chainlit/chainlit#2724
• feat: Add Modes by @​hayescode in Chainlit/chainlit#2734

Fixed

• fix: tiny error avatar for long messages by @​jfperusse in Chainlit/chainlit#2725
• security: add sanitization for custom thread element update by @​asvishnyakov in Chainlit/chainlit#2737

Other

• chore: bump watchfiles by @​hayescode in Chainlit/chainlit#2733
• chore: update uv.lock after watchfiles changes by @​asvishnyakov in Chainlit/chainlit#2735
• chore: release by @​asvishnyakov in Chainlit/chainlit#2738

Full Changelog: Chainlit/chainlit@2.9.3...2.9.4

2.9.3

What's Changed

• test: add missing oauth providers test by @​codomposer in Chainlit/chainlit#2687
• test: add test for message by @​OxLeOx in Chainlit/chainlit#2664
• Update chainlit data layer with metadata merging by @​jfperusse in Chainlit/chainlit#2688
• Bug: Fix page blinking after login by @​ADWasHere in Chainlit/chainlit#2640
• Update useChatSession.ts by @​tosokr in Chainlit/chainlit#2657
• Fix: Fix CI issue introduced in #2640 by @​hayescode in Chainlit/chainlit#2711
• fix(socket): set environ when restoring websocket session by @​daniel-oronsi in Chainlit/chainlit#2689
• docs: Move hello.py to avoid import shadowing by @​RoyBA in Chainlit/chainlit#2702
• feat: Add native video support in markdown rendering by @​RoyBA in Chainlit/chainlit#2704
• Optimize chat message rendering and message-tree updates with memoization by @​SimonEOA in Chainlit/chainlit#2706
• fix: do not show share thread button if allow_threadsharing is set to false by @​eiseleMichael in Chainlit/chainlit#2708
• feat: Add language configuration option to override browser language by @​RoyBA in Chainlit/chainlit#2703
• fix: fix chainlit sets logging while act as a library by @​goatwu1993 in Chainlit/chainlit#2683
• fix: Update LangChain imports for v1.x compatibility by @​RoyBA in Chainlit/chainlit#2700
• feat: improve icon name formatting by @​eiseleMichael in Chainlit/chainlit#2693
• chore:release by @​hayescode in Chainlit/chainlit#2712

New Contributors

• @​OxLeOx made their first contribution in Chainlit/chainlit#2664
• @​daniel-oronsi made their first contribution in Chainlit/chainlit#2689
• @​SimonEOA made their first contribution in Chainlit/chainlit#2706
• @​goatwu1993 made their first contribution in Chainlit/chainlit#2683

Full Changelog: Chainlit/chainlit@2.9.2...2.9.3

... (truncated)

Changelog

Sourced from chainlit's changelog.

[2.9.4] - 2025-12-24

Added

• Add an icon for shared thread
• New option to allow disabling auto scroll of assistant messages
• Add modes: you may allow users to select an LLM model, a mode (for example, planning), allow to enable reasoning etc.
  • Breaking change: you need to run ALTER TABLE steps ADD COLUMN IF NOT EXISTS modes JSONB; for migration

Fixed

• Fix tiny avatar for long messages
• Security vulnerability in Chainlit: added missed sanitization to custom elements update endpoint

Changed

• Bumped watchfiles version

[2.9.3] - 2025-12-04

Added

• Add tests for oauth providers and messages
• Merge metadata in chainlit data layer
• Add native video support in markdown rendering
• Optimize chat message rendering
• Add language configuration option to config.toml
• Upgrade langchain imports for v1 compatibility
• Improve icon name formatting issues

Fixed

• Fixed page blinking issue with header_auth
• Set environ when restoring websocket session
• Move hello.py to avoid import issues
• Fix issue showing thread sharing when disabled
• Disable Chainlit from setting logging globally

[2.9.2] - 2025-11-22

Added

• Add tests for socket, chat context, cache, translations & oauth providers

Fixed

• Fix copilot breaking change introduced in 2.8.5

[2.9.1] - 2025-11-20

Added

• Add support for tabs in chat settings
• Support markdown in watermark
• Add italian translation to translations folder
• Add query param prefill for chat
• Add tests for utils, markdown, sidebar, chat settings, mcp, input widget, langchain, elements, steps, and actions

... (truncated)

Commits

• ffc3cce security: add sanitization for custom thread element update (#2737)
• 4a94924 chore: release (#2738)
• cddb7ac chore: update uv.lock after watchfiles changes (#2735)
• 16c9aa1 fix: tiny error avatar for long messages (#2725)
• 299181d feat: Add Modes (#2734)
• 2aedf18 chore: bump watchfiles (#2733)
• f8294fb New option to allow disabling auto-scroll of assistant messages (#2724)
• f4bcb69 Added an icon for shared threads (#2715)
• b04b720 chore:release (#2712)
• 9113e76 feat: improve icon name formatting (#2693)
• Additional commits viewable in compare view

Updates tqdm from 4.66.2 to 4.66.3

Release notes

Sourced from tqdm's releases.

tqdm v4.66.3 stable

• cli: eval safety (fixes CVE-2024-34062, GHSA-g7vv-2v7x-gj9p)

Commits

• 4e613f8 Merge pull request from GHSA-g7vv-2v7x-gj9p
• b53348c cli: eval safety
• See full diff in compare view

Updates transformers from 4.42.1 to 4.53.0

Release notes

Sourced from transformers's releases.

Release v4.53.0

Gemma3n

Gemma 3n models are designed for efficient execution on low-resource devices. They are capable of multimodal input, handling text, image, video, and audio input, and generating text outputs, with open weights for pre-trained and instruction-tuned variants. These models were trained with data in over 140 spoken languages.

Gemma 3n models use selective parameter activation technology to reduce resource requirements. This technique allows the models to operate at an effective size of 2B and 4B parameters, which is lower than the total number of parameters they contain. For more information on Gemma 3n's efficient parameter management technology, see the Gemma 3n page.

from transformers import pipeline
import torch
pipe = pipeline(
"image-text-to-text",
torch_dtype=torch.bfloat16,
model="google/gemma-3n-e4b",
device="cuda",
)
output = pipe(
"https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/bee.jpg",
text="<image_soft_token> in this image, there is"
)
print(output)

Dia

Dia is an opensource text-to-speech (TTS) model (1.6B parameters) developed by Nari Labs. It can generate highly realistic dialogue from transcript including nonverbal communications such as laughter and coughing. Furthermore, emotion and tone control is also possible via audio conditioning (voice cloning).

Model Architecture: Dia is an encoder-decoder transformer based on the original transformer architecture. However, some more modern features such as rotational positional embeddings (RoPE) are also included. For its text portion (encoder), a byte tokenizer is utilized while for the audio portion (decoder), a pretrained codec model DAC is used - DAC encodes speech into discrete codebook tokens and decodes them back into audio.

• Add Dia model by @​buttercrab in #38405

Kyutai Speech-to-Text

Kyutai STT is a speech-to-text model architecture based on the Mimi codec, which encodes audio into discrete tokens in a streaming fashion, and a Moshi-like autoregressive decoder. Kyutai’s lab has released two model checkpoints:

• kyutai/stt-1b-en_fr: a 1B-parameter model capable of transcribing both English and French

... (truncated)

Commits

• 67ddc82 Release: v4.53.0
• 0a8081b [Modeling] Fix encoder CPU offloading for whisper (#38994)
• c63cfd6 Gemma 3n (#39059)
• 3e5cc12 [tests] remove tests from libraries with deprecated support (flax, tensorflow...
• cfff7ca [Whisper] Pipeline: handle long form generation (#35750)
• 02ecdcf add _keep_in_fp32_modules_strict (#39058)
• d973e62 fix condition where torch_dtype auto collides with model_kwargs. (#39054)
• 44b2316 [qwen2-vl] fix vision attention scaling (#39043)
• ae15715 polishing docs: error fixes for clarity (#39042)
• 3abeaba Create test for #38916 (custom generate from local dir with imports) (#39015)
• Additional commits viewable in compare view

Updates nltk from 3.8.1 to 3.9

Changelog

Sourced from nltk's changelog.

Version 3.9.2 2025-10-01

• Update download checksums to use SHA256 in built index
• Fix percentage escape in new-style string formatting
• replace shortened URLs using goo.gl
• Make Wordnet interoperable with various taggers and tagged corpora
• Fix saving PerceptronTagger
• Document how to reproduce old Wordnet studies
• properly initialize Portuguese corpus reader
• support for mixed rules conversion into Chomsky Normal Form
• only import tkinter if a GUI is needed
• issue #2112 with Corenlp
• new environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL
• Lesk defaults to most frequent sense in case of ties

Thanks to the following contributors to 3.9.2: Jose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu, Samer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq, Christopher Smith, Ryan Mannion

Version 3.9.1 2024-08-19

• Fixed bug that prevented wordnet from loading

Version 3.9 2024-08-18

• Fix security vulnerability CVE-2024-39705 (breaking change)
• Replace pickled models (punkt, chunker, taggers) by new pickle-free "_tab" packages
• No longer sort Wordnet synsets and relations (sort in calling function when required)
• Only strip the last suffix in Wordnet Morphy, thus restricting synsets() results
• Add Python 3.12 support
• Many other minor fixes

Thanks to the following contributors to 3.8.2: Tom Aarsen, Cat Lee Ball, Veralara Bernhard, Carlos Brandt, Konstantin Chernyshev, Michael Higgins, Eric Kafe, Vivek Kalyan, David Lukes, Rob Malouf, purificant, Alex Rudnick, Liling Tan, Akihiro Yamazaki.

Version 3.8.1 2023-01-02

• Resolve RCE vulnerability in localhost WordNet Browser (#3100)
• Remove unused tool scripts (#3099)
• Resolve XSS vulnerability in localhost WordNet Browser (#3096)
• Add Python 3.11 support (#3090)

Thanks to the following contributors to 3.8.1: Francis Bond, John Vandenberg, Tom Aarsen

Version 3.8 2022-12-12

• Refactor dispersion plot (#3082)
• Provide type hints for LazyCorpusLoader variables (#3081)
• Throw warning when LanguageModel is initialized with incorrect vocabulary (#3080)

... (truncated)

Commits

• 24936a2 Bump version to 3.9
• c222897 Merge branch 'develop' of https://github.com/nltk/nltk into develop
• 34c3a4a Merge branch 'develop' of https://github.com/nltk/nltk into develop
• 253dd3a add black
• c43727f Update version
• 7137405 Merge pull request #3066 from asishm/bugfix-lambda-closure-leak
• 369cb9f Merge pull request #3245 from ekaf/hotfix-closuredup
• 501c70e Merge branch 'develop' into hotfix-closuredup
• bf05dc4 Merge pull request #3306 from ekaf/py3_compat
• 66539c7 Sorted output in unit/test_wordnet.py
• Additional commits viewable in compare view

Updates gradio from 4.43.0 to 5.31.0

Changelog

Sourced from gradio's changelog.

5.31.0

Features

• #11229 231ccfe - Chatbot autoscroll fix. Thanks @​dawoodkhan82!
• #11224 834e92c - Fix re-rendering with key when setting a value to None. Thanks @​aliabid94!
• #10832 d457438 - Screen recording. Thanks @​dawoodkhan82!

Fixes

• #11236 3a7750c - Add padding param to gr.Markdown. Thanks @​hannahblair!
• #11238 13c8510 - Fix DeepLink Query Parameters. Thanks @​freddyaboulton!
• #11228 0b7f753 - Improve slider alignment. Thanks @​hannahblair!
• #11227 4099700 - Check file validity even if preprocess=False. Thanks @​freddyaboulton!
• #11230 62a8d97 - Fix Model3D camera_position param. Thanks @​dawoodkhan82!
• #11231 78a3854 - Fix MCP server mounted path. Thanks @​abidlabs!
• #11244 ed97e39 - Ensure show_indices works as expected in gr.JSON. Thanks @​hannahblair!
• #11232 8ea7ce7 - Provide a workaround for the MCP integration for endpoints that have gr.State components. Thanks @​abidlabs!
• #11246 bfb9bcf - Remove Deep Link events from API page. Thanks @​freddyaboulton!

5.30.0

Features

• #11177 3068196 - Improved, smoother fullscreen mode for components. Thanks @​aliabid94!
• #11155 30a1d9e - Improvements to MCP page. Thanks @​abidlabs!
• #11192 a03736f - Add undo and redo to the ImageEditor component. Thanks @​pngwn!
• #11047 6d4b8a7 - Implement custom i18n. Thanks @​hannahblair!

Fixes

• #11221 5f3e84d - Ensure Clear sort works as expected. Thanks @​hannahblair!
• #11117 9b976b7 - Raise UI error if video not playable in the browser. Thanks @​freddyaboulton!
• #11222 b2a93e1 - Add xethub bridge to host whitelist. Thanks @​abidlabs!
• #11202 53688a2 - Fix Deep Link Issue. Thanks @​freddyaboulton!
• #11206 c196ac2 - Render key fixes. Thanks @​aliabid94!
• #11218 2f1c9d5 - for Interface, have DeepLink disabled by default and then enable it after first submission. Thanks @​freddyaboulton!

5.29.1

Features

• #11185 e64b83b - Evaluate index variable in argument description. Thanks @​emmanuel-ferdman!
• #11173 d023b2e - Adds docs for gr.api() which were previously missing from the website. Thanks @​abidlabs!
• #11159 cb9f21b - chore: Support Path type for the favicon. Thanks @​wdroz!
• #11183 ab0fbb3 - Plot brushing prevents chart refresh. Thanks @​aliabid94!
• #11156 a1d436f - Lazy import pandas in native_plot.py. Thanks @​whitphx!
• #11129 d5ddd85 - Ocean theme quickfix. Thanks @​aliabid94!

Fixes

... (truncated)

Commits

• 16c9b24 chore: update versions (#11226)
• ed97e39 Ensure show_indices works as expected in gr.JSON (#11244)
• bfb9bcf Remove Deep Link events from API page (#11246)
• 3a7750c Add padding param to gr.Markdown (#11236)
• 8ea7ce7 Provide a workaround for the MCP integration for endpoints that have `gr.Stat...
• 13c8510 Fix DeepLink Query Parameters (#11238)
• 4099700 Check file validity even if preprocess=False (#11227)
• 62a8d97 Fix Model3D camera_position param (#11230)
• 78a3854 Fix MCP server mounted path (#11231)
• 0b7f753 Improve slider alignment (#11228)
• Additional commits viewable in compare view

Updates jinja2 from 3.1.3 to 3.1.6

Release notes

Sourced from jinja2's releases.

3.1.6

This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.6/ Changes: https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6

• The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. GHSA-cpwx-vrp4-4pq7

3.1.5

This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.5/ Changes: https://jinja.palletsprojects.com/changes/#version-3-1-5 Milestone: https://github.com/pallets/jinja/milestone/16?closed=1

• The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. GHSA-q2x7-8rv6-6q7h
• Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. #1792, GHSA-gmj6-6f8f-6699
• Sandbox does not allow clear and pop on known mutable sequence types. #2032
• Calling sync render for an async template uses asyncio.run. #1952
• Avoid unclosed auto_aiter warnings. #1960
• Return an aclose-able AsyncGenerator from Template.generate_async. #1960
• Avoid leaving root_render_func() unclosed in Template.generate_async. #1960
• Avoid leaving async generators unclosed in blocks, includes and extends. #1960
• The runtime uses the correct concat function for the current environment when calling block references. #1701
• Make |unique async-aware, allowing it to be used after another async-aware filter. #1781
• |int filter handles OverflowError from scientific notation. #1921
• Make compiling deterministic for tuple unpacking in a {% set ... %} call. #2021
• Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. #2025
• Fix copy/pickle support for the internal missing object. #2027
• Environment.overlay(enable_async) is applied correctly. #2061
• The error message from FileSystemLoader includes the paths that were searched. #1661
• PackageLoader shows a clearer error message when the package does not contain the templates directory. #1705
• Improve annotations for methods returning copies. #1880
• urlize does not add mailto: to values like @a@b. #1870
• Tests decorated with @pass_context can be used with the |select filter. #1624
• Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. #1413
• Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. #1253

3.1.4

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

Changelog

Sourced from jinja2's changelog.

Version 3.1.6

Released 2025-03-05

• The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. :ghsa:cpwx-vrp4-4pq7

Version 3.1.5

Released 2024-12-21

• The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. :ghsa:q2x7-8rv6-6q7h
• Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:1792, :ghsa:gmj6-6f8f-6699
• Sandbox does not allow clear and pop on known mutable sequence types. :issue:2032
• Calling sync render for an async template uses asyncio.run. :pr:1952
• Avoid unclosed auto_aiter warnings. :pr:1960
• Return an aclose-able AsyncGenerator from Template.generate_async. :pr:1960
• Avoid leaving root_render_func() unclosed in Template.generate_async. :pr:1960
• Avoid leaving async generators unclosed in blocks, includes and extends. :pr:1960
• The runtime uses the correct concat function for the current environment when calling block references. :issue:1701
• Make |unique async-aware, allowing it to be used after another async-aware filter. :issue:1781
• |int filter handles OverflowError from scientific notation. :issue:1921
• Make compiling deterministic for tuple unpacking in a {% set ... %} call. :issue:2021
• Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. :issue:2025
• Fix copy/pickle support for the internal missing object. :issue:2027
• Environment.overlay(enable_async) is applied correctly. :pr:2061
• The error message from FileSystemLoader includes the paths that were searched. :issue:1661
• PackageLoader shows a clearer error message when the package does not contain the templates directory. :issue:1705
• Improve annotations for methods returning copies. :pr:1880
• urlize does not add mailto: to values like @a@b. :pr:1870

... (truncated)

Commits

• 1520688 release version 3.1.6
• 90457bb Merge commit from fork
• 065334d attr filter uses env.getattr
• 033c200 start version 3.1.6
• bc68d4e use global contributing guide (#2070)
• 247de5e use global contributing guide
• ab8218c use project advisory link instead of global
• b4ffc8f release version 3.1.5 (#2066)
• 877f6e5 release version 3.1.5
• 8d58859 remove test pypi
• Additional commits viewable in compare view

Updates protobuf from 4.25.3 to 4.25.8

Commits

• a4cbdd3 Updating version.json and repo version numbers to: 25.8
• 29445be Merge pull request #21880 from shaod2/py-25
• cc13b69 Remove debugging code and add EOLs
• d31100c Manually backport recursion limit enforcement to 25.x
• 88a3b90 Change pre-22 poison pill to only log once per affected message type. (#21754)
• 320eafa Weaken vulnerable gencode poison pills to warning by default.
• f584fe3 Merge branch 'protocolbuffers:25.x' into 25.x
• c710036 Update test_upb.yml to use ubuntu-22
• 9721758 Fix missing trailing newline.
• cca7b28 Update test_upb.yml to use ubuntu-22
• Additional commits viewable in compare view

Updates python-multipart from 0.0.9 to 0.0.18

Release notes

Sourced from python-multipart's releases.

Version 0.0.18

What's Changed

• Hard break if found data after last boundary on MultipartParser by @​Kludex in Kludex/python-multipart#189

---

Full Changelog: Kludex/python-multipart@0.0.17...0.0.18

Version 0.0.17

What's Changed

• Handle PermissionError in fallback code for old import name by @​defnull in Kludex/python-multipart#182

---

Full Changelog: Kludex/python-multipart@0.0.16...0.0.17

Version 0.0.16

What's Changed

• Add dunder attributes to multipart package by @​Kludex in Kludex/python-multipart#177

---

Full Changelog: Kludex/python-multipart@0.0.15...0.0.16

Version 0.0.15

What's Changed

• Replace FutureWarning to PendingDeprecationWarning #174.
• Add missing files to SDist #171.

---

Full Changelog: Kludex/python-multipart@0.0.14...0.0.15

Version 0.0.14

What's Changed

• fix: use alternate scheme for importing multipart by @​henryiii in Kludex/python-multipart#168

Full Changelog: Kludex/python-multipart@0.0.13...0.0.14

Version 0.0.13

What's Changed

• Rename import to python_multipart by @​henryiii in Kludex/python-multipart#166

New Contributors

• @​henryiii made their first contribution in Kludex/python-multipart#166

Full Changelog: Kludex/python-multipart@0.0.12...0.0.13

... (truncated)

Changelog

Sourced from python-multipart's changelog.

0.0.18 (2024-11-28)

• Hard break if found data after last boundary on MultipartParser #189.

0.0.17 (2024-10-31)

• Handle PermissionError in fallback code for old import name #182.

0.0.16 (2024-10-27)

• Add dunder attributes to multipart package #177.

0.0.15 (2024-10-27)

• Replace FutureWarning to PendingDeprecationWarning #174.
• Add missing files to SDist #171.

0.0.14 (2024-10-24)

• Fix import scheme for multipart module (#168).

0.0.13 (2024-10-20)

• Rename import to python_multipart #166.

0.0.12 (2024-09-29)

• Improve error message when boundary character does not match #124.
• Add mypy strict typing #140.
• Enforce 100% coverage #159.

0.0.11 (2024-09-28)

• Improve performance, especially in data with many CR-LF #137.
• Handle invalid CRLF in header name #141.

0.0.10 (2024-09-21)

• Support on_header_begin #103.
• Improve type hints on FormParser #104.
• Fix OnFileCallback type #106.
• Improve type hints #110.
• Improve type hints on File #111.
• Add type hint to helper functions #112.
• Minor fix for Field.repr #114.
• Fix use of chunk_size parameter #136.
• Allow digits and valid token chars in headers #134.
• Fix headers being carried between parts #135.

Commits

• 5b1aed8 Version 0.0.18 (#191)
• 9205a0e Hard break if found data after last boundary on MultipartParser (#189)
• 170e604 Update ruff & mypy (#188)
• e53b541 Create SECURITY.md (#187)
• 02d1ec1 fuzz: fix boundary error (#179)
• 616b81e Version 0.0.17 (#183)
• ca52662 Handle PermissionError in fallback code for old import name (#182)
• 8764067 Version 0.0.16 (#177)
• ce85154 Version 0.0.15 (#175)
• 73fb55d ci: check-sdist (#172)
• Additional commits viewable in compare view

Updates langchain-community from 0.3.14 to 0.3.27

Commits

• bdf1cd3 fix(langchain): update deps
• 77c9819 fix(text-splitters): update langchain-core version to 0.3.72
• 7f015b6 fix(text-splitters): update lock for release
• 71ad451 Merge branch 'master' of github.com:langchain-ai/langchain
• 2c42893 fix(langchain): update langchain-core version to 0.3.72
• 0e139fb release(langchain): 0.3.27 (#32227)
• 622bb05 fix(langchain): class HTMLSemanticPreservingSplitter ignores the text inside ...
• 56dde3a feat(langchain): v1 scaffolding (#32166)
• bd3d649 release(core): 0.3.72 (#32214)
• fb5da83 fix(core): Dereference Refs for pydantic schema fails in tool schema generati...
• Additional commits viewable in compare view

Updates langchain-core from 0.3.29 to 0.3.81

Release notes

Sourced from langchain-core's releases.

langchain-core==0.3.81

Changes since langchain-core==0.3.80

release(core): 0.3.81 (#34459) fix(core): serialization patch (#34458)

langchain-core==0.3.80

Changes since langchain-core==0.3.79

release(core): 0.3.80 (#34039) fix(core): fix validation for input variables in f-string templates, restrict functionality supported by jinja2, mustache templates (GHSA-6qv9-48xg-fc7f) (

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}