build(deps): bump @langchain/core from 0.3.62 to 1.1.8

[dependabot]

Bumps @langchain/core from 0.3.62 to 1.1.8.

Release notes

Sourced from @​langchain/core's releases.

@​langchain/core@​1.1.8

Patch Changes

• #9707 e5063f9 Thanks @​hntrl! - add security hardening for load

• #9684 8996647 Thanks @​christian-bromann! - fix(core): document purpose of name in base message

@​langchain/core@​1.1.6

Patch Changes

• #9668 a7b2a7d Thanks @​bracesproul! - fix: Cannot merge two undefined objects error

• #9657 a496c5f Thanks @​dqbd! - fix(core): avoid writing to TransformStream in EventStreamCallbackHandler when underlying ReadableStream is closed

• #9658 1da1325 Thanks @​dqbd! - fix(core): ensure streaming test chat models respect AbortSignal

@​langchain/core@​1.1.5

Patch Changes

• #9641 005c729 Thanks @​christian-bromann! - fix(community/core): various security fixes

• #7907 ab78246 Thanks @​jasonphillips! - fix(core): handle subgraph nesting better in graph_mermaid

• #9589 8cc81c7 Thanks @​nathannewyen! - test(core): add test for response_metadata in streamEvents

• #9644 f32e499 Thanks @​hntrl! - add bindTools to FakeListChatModel

• #9508 a28d83d Thanks @​shubham-021! - Fix toFormattedString() to properly display nested objects in tool call arguments instead of [object Object]

• #9165 2e5ad70 Thanks @​pawel-twardziak! - fix(mcp-adapters): preserve timeout from RunnableConfig in MCP tool calls

• #9647 e456c66 Thanks @​hntrl! - handle missing parent runs in tracer to prevent LangSmith 400 errors

• #9597 1cfe603 Thanks @​hntrl! - use uuid7 for run ids

@​langchain/core@​1.1.4

Patch Changes

• #9575 0bade90 Thanks @​hntrl! - bin p-retry

• #9574 6c40d00 Thanks @​hntrl! - Revert "fix(@​langchain/core): update and bundle dependencies (#9534)"

@​langchain/core@​1.1.3

Patch Changes

• #9534 bd2c46e Thanks @​christian-bromann! - fix(@​langchain/core): update and bundle p-retry, ansi-styles, camelcase and decamelize dependencies

• #9544 487378b Thanks @​hntrl! - fix tool chunk concat behavior (#9450)

• #9505 138e7fb Thanks @​chosh-dev! - feat: replace btoa with toBase64Url for encoding in drawMermaidImage

... (truncated)

Commits

• de32b32 chore: version packages (#9697)
• e5063f9 fix!(core/langchain): hardening for load (#9707)
• 8b3e611 chore(turbopuffer): rollback version (#9698)
• 8996647 fix(core): document purpose of name in base message (#9684)
• 8df6264 chore: version packages (#9676)
• df9c42b feat(core): usage_metadata in extra.metadata (#9686)
• 4ea3a52 fix(ci): use appropriate path for core PR labels (#9696)
• ffb2402 feat(langchain): context (#9673)
• 8d2982b feat(core): Make runnable transform trace in a single payload in LangChainTra...
• 2b36431 fix(mcp-adapters): bump @​modelcontextprotocol/sdk to address CVE-2025-66414 (...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​langchain/core since your current version.

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[JiwaniZakir]

This is a major version bump (0.x → 1.x) for @langchain/core, not a minor dependency update — @langchain/core 1.0 introduced breaking changes to several core abstractions including message serialization, tool calling interfaces, and the Runnable API. The PR title claims the bump is "from 0.3.62 to 1.1.8," but the actual diff shows ^0.3.80 → ^1.1.17, which is a discrepancy worth noting. Given that packages/core directly depends on this and adapter packages like adapter-claude, adapter-openai, and adapter-gemini all build on top of it, any changed method signatures or removed exports in @langchain/core 1.x (e.g., changes to BaseMessage, BaseChatModel, or tool schema types) could silently break at runtime even if the build passes. It would be worth confirming that the source files in each adapter package — particularly around message construction and tool definitions — have been audited against the @langchain/core 1.x migration guide, and that integration tests cover at least one full request/response cycle per adapter.