Bump langchain from 0.0.298 to 0.3.13

[dependabot]

Bumps langchain from 0.0.298 to 0.3.13.

Release notes

Sourced from langchain's releases.

langchain-core==0.3.13

Changes since langchain-core==0.3.12

core[patch]: Release 0.3.13 (#27651) core: remove mustache in extended deps (#27629) core: add flake8-bandit (S) ruff rules to core (#27368) core[patch]: fix repr and str for Serializable (#26786) core[patch]: convert_to_openai_tool Anthropic support (#27591) core: fix Image prompt template hardcoded template format (#27495)

langchain==0.3.13

Changes since langchain==0.3.12

langchain: release 0.3.13 (#28797)

langchain-community==0.3.13

Changes since langchain-community==0.3.12

community: bump core (#28819) Community : Add OpenAI prompt caching and reasoning tokens tracking (#27135) community: tablestore vector store check the dimension of the embedding when writing it to store. (#28812) community: add new parameter default_headers (#28700) community: release 0.3.13 (#28798) Community: Fix with_structured_output for ChatSambaNovaCloud (#28796) Fixed adding float values into DynamoDB (#26562) community: DocumentLoaderAsParser wrapper (#27749) [Community]: Image Extraction Fixed for PDFPlumberParser (#28491) Fixes: community: fix LanceDB return no metadata (#27024) Add OCI Generative AI new model and structured output support (#28754) community: adding haiku 3.5 and opus callbacks (#28783) langchain_community: Add default None values to DocumentAttributeValue class properties (#28785) community: add trust_env at web_base_loader (#28514) community: support Confluence cookies (#28760) community: Apache AGE wrapper. Ensure Node Uniqueness by ID. (#28759) cosmosdbnosql: Added Cosmos DB NoSQL Semantic Cache Integration with tests and jupyter notebook (#24424) community: Fix ChatLiteLLMRouter runtime issues (#28163) community: recommend RedisVectorStore over Redis (#28749) community: Correctly handle multi-element rich text (#25762) community: added FalkorDB vector store support i.e implementation, test, docs an… (#26245) chore(community): update to OpenLLM 0.6 (#24609) community: support Hunyuan Embedding (#23160) core: add kwargs support to VectorStore (#25934) community: correct return type of get_files_from_directory in github tool (#27885) community: Add configurable VisualFeatures to the AzureAiServicesImageAnalysisTool (#27444) Fix Azure National Cloud authentication using token (RBAC) (Generated by Ana - AI SDE) (#25843) community: Remove all other keys in ChatLiteLLM and add api_key (#28097) community: Apache AGE wrapper additional edge cases. (#28151) [community][fix] Compatibility support to bump up wikibase-rest-api-client version (#27316) community: refactor opensearch query constructor to use wildcard instead of match in the contain comparator (#26653) community[patch]: update dynamodb chat history to update instead of overwrite (#22397)

... (truncated)

Commits

• 079f1d9 langchain: release 0.3.13 (#28797)
• 3256b5d text-splitters: fix state persistence issue in ExperimentalMarkdownSyntaxText...
• 7c8f977 Community: Fix with_structured_output for ChatSambaNovaCloud (#28796)
• 684b146 Fixed adding float values into DynamoDB (#26562)
• 50ea1c3 [Core] respect tracing project name cvar (#28792)
• e6b41d0 community: DocumentLoaderAsParser wrapper (#27749)
• 9b024d0 text-splitters: release 0.3.4 (#28795)
• 5cf9650 core: release 0.3.26 (#28793)
• d49df48 [Community]: Image Extraction Fixed for PDFPlumberParser (#28491)
• f723a84 Fixes: community: fix LanceDB return no metadata (#27024)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
pip/langchain	0.0.298	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Code-Review 🟢 6 Found 18/30 approved changesets -- score normalized to 6 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo Packaging 🟢 10 packaging workflow detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 14 existing vulnerabilities detected
pip/langchain	0.3.13	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Code-Review 🟢 6 Found 18/30 approved changesets -- score normalized to 6 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo Packaging 🟢 10 packaging workflow detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 14 existing vulnerabilities detected

Scanned Manifest Files

requirements.txt

• [email protected]
• [email protected]

[dependabot]

Looks like langchain is up-to-date now, so this is no longer needed.