chore(deps): bump langchain-core from 1.2.21 to 1.2.22#1601
Conversation
Bumps [langchain-core](https://github.com/langchain-ai/langchain) from 1.2.21 to 1.2.22. - [Release notes](https://github.com/langchain-ai/langchain/releases) - [Commits](langchain-ai/langchain@langchain-core==1.2.21...langchain-core==1.2.22) --- updated-dependencies: - dependency-name: langchain-core dependency-version: 1.2.22 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
LGTM — routine patch bump of langchain-core (1.2.21 → 1.2.22) with only lock file changes.
Extended reasoning...
Overview
This is a Dependabot-generated PR that bumps langchain-core from 1.2.21 to 1.2.22. The only changed file is uv.lock, with updated version strings, URLs, and cryptographic hashes for the package sdist and wheel.
Security Risks
The upstream release notes indicate the 1.2.22 change is a security-oriented fix: path validation in prompt.save and load_prompt. This is a defensive improvement in langchain-core itself, not in this repo. No new attack surface is introduced by updating the lock file.
Level of Scrutiny
This is a mechanical lock file update for a patch-level dependency bump. The diff contains no logic changes — only updated hashes, URLs, and the exclude-newer timestamp. This is exactly the kind of change that can be approved without human review.
Other Factors
No bugs were found by the automated bug hunting system. No prior reviews or outstanding comments exist on this PR. The compatibility score badge and Dependabot provenance provide additional confidence.
1 participant
Bumps langchain-core from 1.2.21 to 1.2.22.
Release notes
Sourced from langchain-core's releases.
Commits
d22df94release(core): 1.2.22 (#36201)27add91fix(core): validate paths inprompt.saveandload_prompt, deprecate metho...7563fcechore(model-profiles): refresh model profile data (#36195)3e64c25chore: use repo permissions instead of org membership for maintainer override...1778b08chore(partners): bumplangchain-coremin to1.2.21(#36183)ad574fcfix(openai): bump min core version (#36180)You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.