Skip to content

chore(deps): bump langsmith from 0.7.22 to 0.8.0#1653

Merged
hassiebp merged 1 commit into
mainfrom
dependabot/uv/langsmith-0.8.0
May 18, 2026
Merged

chore(deps): bump langsmith from 0.7.22 to 0.8.0#1653
hassiebp merged 1 commit into
mainfrom
dependabot/uv/langsmith-0.8.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 14, 2026

Copy link
Copy Markdown
Contributor

Bumps langsmith from 0.7.22 to 0.8.0.

Release notes

Sourced from langsmith's releases.

v0.8.0

What's Changed

Full Changelog: langchain-ai/langsmith-sdk@v0.7.38...v0.8.0

v0.7.38

What's Changed

Full Changelog: langchain-ai/langsmith-sdk@v0.7.37...v0.7.38

v0.7.37

What's Changed

Full Changelog: langchain-ai/langsmith-sdk@v0.7.36...v0.7.37

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 14, 2026

@claude claude Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM — transitive dependency lock-file bump; langsmith is not directly imported by langfuse.

Extended reasoning...

Overview

This is a Dependabot-generated PR bumping langsmith from 0.7.22 to 0.8.0 in uv.lock only. It also includes a metadata tweak from uv itself: exclude-newer switched to a no-op sentinel value with a comment noting backwards compatibility for relative exclude-newer-span values.

Security risks

None apparent. langsmith is a transitive dependency (pulled in via langchain) and is not directly imported by langfuse — the only repo reference is the string literal "langsmith:hidden" used as a tag in the langchain CallbackHandler. The upgrade includes maintenance fixes and additive features (strands OTEL exporter, Pydantic input/output fix, Claude Agent SDK concurrency fix); nothing in the release notes appears security-sensitive.

Level of scrutiny

Low. This is a routine, mechanical bot dependency bump touching only uv.lock. No runtime code, no public API, no security-sensitive surfaces are affected.

Other factors

The exclude-newer lockfile metadata change looks unusual at first glance but is a known no-op marker emitted by recent uv versions; the inline comment in the lock confirms the intent. CI on the PR will exercise the langchain integration test paths.

Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from 0.7.22 to 0.8.0.
- [Release notes](https://github.com/langchain-ai/langsmith-sdk/releases)
- [Commits](langchain-ai/langsmith-sdk@v0.7.22...v0.8.0)

---
updated-dependencies:
- dependency-name: langsmith
  dependency-version: 0.8.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/uv/langsmith-0.8.0 branch from 6c2e25e to c7c0f8f Compare May 18, 2026 08:18
@hassiebp hassiebp merged commit b59a611 into main May 18, 2026
19 checks passed
@hassiebp hassiebp deleted the dependabot/uv/langsmith-0.8.0 branch May 18, 2026 12:50
hassiebp pushed a commit that referenced this pull request May 19, 2026
Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from 0.7.22 to 0.8.0.
- [Release notes](https://github.com/langchain-ai/langsmith-sdk/releases)
- [Commits](langchain-ai/langsmith-sdk@v0.7.22...v0.8.0)

---
updated-dependencies:
- dependency-name: langsmith
  dependency-version: 0.8.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant