deps(deps): bump the runtime-minor group with 3 updates

[dependabot]

Bumps the runtime-minor group with 3 updates: langchain-core, langchain-openai and requests.

Updates langchain-core from 1.2.20 to 1.2.23

Release notes

Sourced from langchain-core's releases.

langchain-core==1.2.23

Changes since langchain-core==1.2.22

release(core): 1.2.23 (#36323) revert: Revert "fix(core): trace invocation params in metadata" (#36322) chore: bump requests from 2.32.5 to 2.33.0 in /libs/core (#36243)

langchain-core==1.2.22

Changes since langchain-core==1.2.21

release(core): 1.2.22 (#36201) fix(core): validate paths in prompt.save and load_prompt, deprecate methods (#36200)

langchain-core==1.2.21

Changes since langchain-core==1.2.20

release(core): 1.2.21 (#36179) fix(core,model-profiles): add missing ModelProfile fields, warn on schema drift (#36129) chore(core): remove stale blockbuster allowlist for deleted context module (#36168) ci: suppress pytest streaming output in CI (#36092)

Commits

• d483641 release(core): 1.2.23 (#36323)
• 389f7ad revert: Revert "fix(core): trace invocation params in metadata" (#36322)
• 475408f fix(langchain): recognize ChatAnthropicVertex in _get_approximate_token_count...
• 1545dbf chore(langchain): remove unnecessary description for toods list as a group (#...
• 494b760 fix(chroma): fix Python 3.14 support in langchain-chroma (#36199)
• c7a677b chore(langchain): add async implementation to todolist and test (#36313)
• 0351588 chore: harden language in ci (#36314)
• 954a230 chore(langchain): speed up todo list middleware init (#36311)
• 89cd0ca docs: fix grammatical error in development guidelines (#36225)
• 2aeeb58 chore: bump requests from 2.32.5 to 2.33.0 in /libs/core (#36243)
• Additional commits viewable in compare view

Updates langchain-openai from 1.1.11 to 1.1.12

Release notes

Sourced from langchain-openai's releases.

langchain-openai==1.1.12

Changes since langchain-openai==1.1.11

fix(openai): bump min core version (#36180) release(openai): 1.1.12 (#36178) fix(core,model-profiles): add missing ModelProfile fields, warn on schema drift (#36129) fix(openai): support phase parameter (#36161) fix(openai): preserve namespace field in streaming function_call chunks (#36108) ci: suppress pytest streaming output in CI (#36092) ci: avoid unnecessary dep installs in lint targets (#36046) chore(model-profiles): refresh model profile data (#36039) chore: bump orjson from 3.11.5 to 3.11.6 in /libs/partners/openai (#35860) fix(openai): add type: message to Responses API input items (#35693) perf(.github): set a timeout on get min versions HTTP calls (#35851) feat(model-profiles): new fields + Makefile target (#35788) fix(openai): close PIL Image handles in token counting to prevent fd leak (#35742) fix(openai): typo (#35763) chore(model-profiles): refresh model profile data (#35754)

Commits

• ad574fc fix(openai): bump min core version (#36180)
• 19f81cf release(core): 1.2.21 (#36179)
• 6d07ef2 release(openai): 1.1.12 (#36178)
• 2f64d80 fix(core,model-profiles): add missing ModelProfile fields, warn on schema d...
• 5ffece5 chore(core): remove stale blockbuster allowlist for deleted context module (#...
• 936b0a6 chore(model-profiles): refresh model profile data (#36152)
• 900f8a3 fix(openai): support phase parameter (#36161)
• 64a848a ci: add maintainer override to require-issue-link workflow (#36147)
• 7d05cfb fix(openai): preserve namespace field in streaming function_call chunks (#36108)
• 74ade80 chore(model-profiles): refresh model profile data (#36123)
• Additional commits viewable in compare view

Updates requests from 2.32.5 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

• 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

• CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

• Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

• Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

• Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

• Various typo fixes and doc improvements.

New Contributors

• @​M0d3v1 made their first contribution in psf/requests#6865
• @​aminvakil made their first contribution in psf/requests#7220
• @​E8Price made their first contribution in psf/requests#6960
• @​mitre88 made their first contribution in psf/requests#7244
• @​magsen made their first contribution in psf/requests#6553
• @​Rohan5commit made their first contribution in psf/requests#7227

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

• 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

• CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

• Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

• Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

• Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

• Various typo fixes and doc improvements.

Commits

• bc04dfd v2.33.0
• 66d21cb Merge commit from fork
• 8b9bc8f Move badges to top of README (#7293)
• e331a28 Remove unused extraction call (#7292)
• 753fd08 docs: fix FAQ grammar in httplib2 example
• 774a0b8 docs(socks): same block as other sections
• 9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
• ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
• 0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
• d568f47 docs: clarify Quickstart POST example (#6960)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

⚠️ Action Required: Unable to determine source issue for PR #778. The PR title, branch name, or body must contain the issue number (e.g. #123, branch: issue-123, or the hidden marker ).

[agents-workflows-bot]

🤖 Keepalive Loop Status

PR #778 | Agent: Codex | Iteration 0/5

Current State

Metric	Value
Iteration progress	[----------] 0/5
Action	wait (missing-agent-label)
Disposition	skipped (transient)
Gate	success
Tasks	0/8 complete
Timeout	45 min (default)
Timeout usage	0m elapsed (2%, 45m remaining)
Keepalive	❌ disabled
Autofix	❌ disabled

🔍 Failure Classification

| Error type | infrastructure |
| Error category | resource |
| Suggested recovery | Confirm the referenced resource exists (repo, PR, branch, workflow, or file). |

[agents-workflows-bot]

Keepalive Work Log (click to expand)

#	Time (UTC)	Agent	Action	Result	Files	Tasks	Progress	Commit	Gate
0	2026-03-30 14:12:35	Codex	wait (missing-agent-label-transient)	skipped	—	0	0/8	—	success
0	2026-03-31 03:06:19	Codex	wait (missing-agent-label-transient) retry	skipped	—	0	0/8	—	success
0	2026-03-31 04:50:36	Codex	wait (missing-agent-label-transient) retry	skipped	—	0	0/8	—	success
0	2026-03-31 05:35:54	Codex	wait (missing-agent-label-transient) retry	skipped	—	0	0/8	—	success
0	2026-03-31 06:31:24	Codex	wait (missing-agent-label-transient) retry	skipped	—	0	0/8	—	success
0	2026-03-31 07:33:34	Codex	wait (missing-agent-label-transient) retry	skipped	—	0	0/8	—	success
0	2026-03-31 08:25:42	Codex	wait (missing-agent-label-transient) retry	skipped	—	0	0/8	—	success
0	2026-03-31 09:26:52	Codex	wait (missing-agent-label-transient) retry	skipped	—	0	0/8	—	success
0	2026-03-31 10:23:30	Codex	wait (missing-agent-label-transient) retry	skipped	—	0	0/8	—	success
0	2026-03-31 11:20:47	Codex	wait (missing-agent-label-transient) retry	skipped	—	0	0/8	—	success
0	2026-03-31 12:21:28	Codex	wait (missing-agent-label-transient) retry	skipped	—	0	0/8	—	success
0	2026-03-31 13:34:49	Codex	wait (missing-agent-label-transient) retry	skipped	—	0	0/8	—	success