chore(deps): update dependency langgraph to v1 [security]

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
langgraph (source, changelog)	0.3.31 → 1.0.10

---

LangGraph checkpoint loading has unsafe msgpack deserialization

CVE-2026-28277 / GHSA-g48c-2wqr-h844

More information

Details

LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can modify checkpoint data in the backing store (for example, after a database compromise or other privileged write access to the persistence layer), they can potentially supply a crafted payload that triggers unsafe object reconstruction when the checkpoint is loaded.

This is a post-exploitation / defense-in-depth issue. Exploitation requires the ability to write attacker-controlled checkpoint bytes at rest. In most deployments that prerequisite already implies a serious incident; the additional risk is turning “checkpoint-store write access” into code execution in the application runtime, which can expand blast radius (for example by exposing environment variables or cloud credentials available to the runtime).

There is no evidence of exploitation in the wild, and LangGraph is not aware of a practical exploitation path in existing deployments today. This change is intended to reduce the blast radius of a checkpoint-store compromise.

Affected users / systems

Users may be affected if they:

• use a persistent checkpointer (database, remote store, shared filesystem, etc.),
• load/resume from checkpoints, and
• operate in an environment where an attacker could gain privileged write access to checkpoint data in the backing store.

This issue requires the attacker to be able to modify persisted checkpoint bytes (or to compromise a trusted component that writes them). It is generally not reachable by an unauthenticated remote attacker in a correctly configured deployment.

Impact

• Potential arbitrary code execution or other unsafe side effects during checkpoint deserialization.
• Escalation from “write access to checkpoint store” to “code execution in the application runtime,” which may expose runtime secrets or provide access to other systems the runtime can reach.

Exploitation scenario (high level)

1. Attacker gains privileged write access to the checkpoint store (for example, via database compromise, leaked credentials, or abuse of an administrative data path).
2. Attacker writes a crafted checkpoint payload containing msgpack data intended to reconstruct dangerous objects.
3. Application resumes and deserializes the checkpoint; unsafe reconstruction could execute attacker-controlled behavior.

Mitigation / remediation

LangGraph provides an allowlist-based hardening mechanism for msgpack checkpoint deserialization.

Strict mode (environment variable)

• LANGGRAPH_STRICT_MSGPACK
  • When set truthy (1, true, yes), the default msgpack deserialization policy becomes strict.
  • Concretely: JsonPlusSerializer() will default allowed_msgpack_modules to None (strict) instead of True (warn-and-allow), unless allowed_msgpack_modules=... is explicitly passed.

allowed_msgpack_modules (serializer/checkpointer config)

This setting controls what msgpack “ext” types are allowed to be reconstructed.

• True (default when strict mode is not enabled): allow all ext types, but log a warning when deserializing a type that is not explicitly registered.
• None (strict): only a built-in safe set is reconstructed; other ext types are blocked.
• [(module, class_name), ...] (strict allowlist): the built-in safe set plus exactly the listed symbols are reconstructed (exact-match).

Built-in safe set

A small set of types is always treated as safe to reconstruct (for example datetime types, uuid.UUID, decimal.Decimal, set/frozenset/deque, ipaddress types, pathlib paths, zoneinfo.ZoneInfo, compiled regex patterns, and selected LangGraph internal types).

Automatically derived allowlist (only when compiling graphs)

When LANGGRAPH_STRICT_MSGPACK is enabled and StateGraph is compiled, LangGraph derives an allowlist from the graph’s schemas and channels and applies it to the checkpointer.

• The allowlist is built by walking the state/input/output/context schemas (plus node/branch input schemas) and channel value/update types. It includes Pydantic v1/v2 models, dataclasses, enums, TypedDict field types, and common typing constructs (containers, unions, Annotated).
• LangGraph also includes a curated set of common LangChain message classes.

This derived allowlist is only applied if the selected checkpointer supports with_allowlist(...). If a user is constructing serializers/checkpointers manually (or using a checkpointer that does not support allowlist propagation), they will need to configure allowed_msgpack_modules themselves.

Operational guidance

• Treat checkpoint stores as integrity-sensitive. Restrict write access and rotate credentials if compromise is suspected.
• Enable strict mode (LANGGRAPH_STRICT_MSGPACK=true) in production if feasible, and rely on schema-driven allowlisting to reduce incompatibilities.
• Avoid providing custom msgpack deserialization hooks that reconstruct arbitrary types unless checkpoint data is fully trusted.

Limitations / important notes

• If a checkpointer implementation does not support allowlist application (i.e., does not implement with_allowlist), allowlist enforcement may be skipped (with a warning). In that situation, strict expectations may not hold.
• If an application supplies a custom msgpack unpack hook (ext_hook), the custom hook controls reconstruction and can bypass the default allowlist checks (intentional escape hatch, but it weakens the protection).

LangSmith / hosted deployments note

LangSmith is not aware of this issue presenting risk to existing LangSmith-hosted deployments. The described threat model requires an attacker to tamper with the checkpoint persistence layer used by the deployment; typical hosted configurations are designed to prevent such access.

First reported by: yardenporat353

Severity

• CVSS Score: 6.8 / 10 (Medium)
• Vector String: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References

• https://github.com/langchain-ai/langgraph/security/advisories/GHSA-g48c-2wqr-h844
• https://nvd.nist.gov/vuln/detail/CVE-2026-28277
• https://github.com/langchain-ai/langgraph

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

langchain-ai/langgraph (langgraph)

v1.0.10: langgraph==1.0.10

Compare Source

Changes since 1.0.10rc1

• release(langgraph) 1.0.10 (#​6967)
• release(checkpoint): 0.4.1 (#​6966)
• chore: add serde events (#​6954)
• chore: update defaults (#​6953)
• release: rc2 (#​6949)
• chore(deps-dev): bump the all-dependencies group across 1 directory with 3 updates (#​6946)

v1.0.9: langgraph==1.0.9

Compare Source

Changes since 1.0.8

• release: langgraph + prebuilt (#​6875)
• fix: sequential interrupt handling w/ functional API (#​6863)
• chore: state_updated_at sort by (#​6857)
• chore: bump orjson (#​6852)
• chore: conformance testing (#​6842)
• chore(deps): bump the all-dependencies group in /libs/langgraph with 6 updates (#​6815)
• chore(deps): bump protobuf from 6.33.4 to 6.33.5 in /libs/langgraph (#​6833)
• chore(deps): bump cryptography from 46.0.3 to 46.0.5 in /libs/langgraph (#​6837)
• chore(deps): bump nbconvert from 7.16.6 to 7.17.0 in /libs/langgraph (#​6832)
• chore: server runtime type (#​6774)
• refactor: replace bare except with BaseException in AsyncQueue (#​6765)

v1.0.8: langgraph==1.0.8

Compare Source

Changes since 1.0.7

• release(langgraph): 1.0.8 (#​6757)
• chore: shallow copy futures (#​6755)
• fix: pydantic messages double streaming (#​6753)
• chore(deps-dev): bump ruff from 0.14.7 to 0.14.11 in /libs/sdk-py (#​6673)
• chore: Omit lock when using connection pool (#​6734)
• docs: enhance Runtime and ToolRuntime class descriptions for clarity (#​6689)
• docs: add clarity to use of thread_id (#​6515)
• docs: add docstrings to add_node overloads (#​6514)
• docs: update notebook links and add archival notices for examples (#​6720)
• release(cli): 0.4.12 (#​6716)

v1.0.7: langgraph==1.0.7

Compare Source

Changes since 1.0.6

• release: langgraph and prebuilt 1.0.7 (#​6712)
• fix: aiosqlite's breaking change (#​6699)
• chore(deps): upgrade dependencies with uv lock --upgrade (#​6671)
• chore: update twitter URLs (#​6683)

v1.0.6: langgraph==1.0.6

Compare Source

Changes since 1.0.5

• fix: flip default on base cache (#​6677)
• fix: change default recursion limit (#​6676)
• fix: sanitize namespace for deeply nested graph jumps (#​6665)
• fix: typo: saved the world "BaseMessge" to "BaseMessage" (#​6639)
• release(cli): relax api bounds (#​6606)
• feat(checkpoint): Validate checkpointer type at compile time (#​6586)

v1.0.5: langgraph==1.0.5

Compare Source

Changes since 1.0.4

• release(langgraph): bump to 1.0.5 (#​6582)
• feat(sdk-py): emit id as part of stream events (#​6581)
• fix: update readme (#​6570)
• release(checkpoint-postgres): 3.0.1 (#​6568)
• release(checkpoint-sqlite): 3.0.1 (#​6566)
• chore(cli): Pass through webhook configuration in dev server (#​6557)
• feat: custom encryption at rest (#​6482)
• chore: fix links for docs (#​6538)
• chore: Bump lockfile (#​6537)
• feat: Include pagination in assistants search response (#​6526)

v1.0.4

Compare Source

Changes since 1.0.3

• release(langgraph): 1.0.4 (#​6502)
• chore: pop thread ID from configurable fields in remote graph (#​6497)
• chore: clean up some refs (#​6487)
• chore(sdk-py): Add more type checking. (#​6479)
• fix: interrupt stream mode values (#​6475)
• release: langgraph-prebuilt 1.0.5 (#​6473)
• refactor: separate prepare_push_* functions (#​6450)
• fix: dep warnings in prebuilt (#​6443)
• release: prebuilt 1.0.3 (#​6441)

v1.0.3

Compare Source

Changes since 1.0.2

• chore: langgraph patch release (#​6429)
• feat(docs): warn that StateGraph is a builder class (#​6417)
• fix(docs): PartialState rendering in MkDocs (#​6416)
• fix(docs): synchronize invoke and ainvoke docstrings (#​6415)
• fix(docs): synchronize stream and astream docstrings (#​6414)
• docs(langgraph): Fix docstring code examples of task function (#​6410)
• fix(langgraph): Unexpected behavior for stream_mode sequences that are not lists (#​6354)
• fix: fix previoius edge cases such as 0 (#​6379)
• fix(langgraph): export REMOVE_ALL_MESSAGES in all to fix linting (#​6375)
• style: update docstrings to reference StateGraph (#​6308)
• docs(langgraph): update streaming guide links (#​6314)
• chore: add pyproject.toml links (#​6364)
• docs(langgraph): Fix typo in docstring of PregelLoop.tick (#​6407)
• chore(checkpoint-postgres): bump to 3.0.1 (#​6402)
• fix(langgraph): do not apply pending writes when updating state (#​6389)
• chore: update ormsgpack minbound and add OPT_REPLACE_SURROGATES (#​6395)
• release(cli): 0.4.7 expand api bounds (#​6390)
• chore: style fixes for refs (#​6365)

v1.0.2

Compare Source

Changes since 0.6.11

• chore: bump prebuilt dep for lg (#​6361)
• chore: port tool node improvements back to langgraph (#​6321)
• chore: bump core dep for prebuilt (#​6323)
• fix(langgraph): dont persist UntrackedValue (#​6316)
• feat(langgraph): add Overwrite to bypass reducer (#​6286)
• fix: replace python.langchain links with new docs.langchain (#​6352)
• release: Checkpointers 3.0 (#​6313)
• chore: Restrict "json" type deserialization (#​6269)
• release: langgraph + langgraph-prebuilt v1.0.0 (#​6300)
• feat: adding cursory Python 3.14 support (#​6298)
• style: fixes for ref docs (#​6297)
• chore: release rcs for prebuilt + langgraph (#​6296)
• chore: drop Python 3.9 (and syntax) (#​6289)
• docs: style linting (#​6260)
• release(langgraph): v1 working branch (#​6093)
• fix: rename away from LangGraph Platform (#​6281)

v1.0.1

Compare Source

Changes since 1.0.0

• release: Checkpointers 3.0 (#​6313)
• chore: Restrict "json" type deserialization (#​6269)

v1.0.0

Compare Source

Changes since 1.0.0rc1

• release: langgraph + langgraph-prebuilt v1.0.0 (#​6300)
• feat: adding cursory Python 3.14 support (#​6298)
• style: fixes for ref docs (#​6297)

v0.6.11

Compare Source

Changes since 0.6.10

• chore: Allow checkpoint 3.0 in 0.6.* (#​6315)

v0.6.10

Compare Source

Changes since 0.6.9

• chore(langgraph): bump langgraph version (#​6257)
• fix(langgraph): revert selective interrupt task scheduling (#​6252)

v0.6.9

Compare Source

Changes since 1.0.0a4

• chore(langgraph): bump version (#​6245)
• chore(checkpoint): bump patch version (#​6244)
• fix(langgraph): selective interrupt task scheduling (#​6158)
• fix(langgraph): task result from stream mode debug / tasks should match format from get_state_history / get_state (#​6233)
• fix(langgraph): don't use rst code blocks in docstrings (#​6231)
• docs(langgraph): standardize version-added admonitions (#​6230)
• fix(langgraph): fix supersteps not populating task.result field (#​6195)
• fix(langgraph): revert -- reuse cached writes on nested resume to prevent task re-execution (#​6227)
• chore(checkpoint-postgres): bump version (#​6222)

v0.6.8

Compare Source

Changes since 1.0.0a3

• release(langgraph): 0.6.8 (#​6215)
• fix(langgraph): handle multiple annotations w/ BaseChannel detection (#​6210)
• fix(langgraph): CheckpointTask.state can be a StateSnapshot (#​6201)
• chore(langgraph): clean up ruff format config (#​6188)
• fix(langgraph): cleanup orphaned waiter task in AsyncPregelLoop (#​6167)
• fix(langgraph): fix graph rendering for defer=True (#​6130)
• fix(langgraph): reuse cached writes on nested resume to prevent task re-execution (#​6161)
• chore(sdk-py): allow UUIDs in config (#​6151)
• revert(langgraph): restore logic to surface interrupts for stream_mod… (#​6141)
• chore(langgraph): Log when no values event is emitted from RemoteGraph (#​6140)
• chore(cli): Add config schema (#​6142)
• fix(langgraph): get_graph generates unexpected conditional edge (#​6122)
• fix(langgraph): type checking for async w/ functional API (#​6126)
• feat(langgraph): prevent arbitrary resumes w/ multiple pending interrupts (#​6108)
• fix(langgraph): key error on runtime for config w/o configurable (#​6106)

v0.6.7

Compare Source

Changes since 1.0.0a2

• chore: update emphemeral local (#​6091)
• fix: Unwrap Required/NotRequired special forms before resolving channel/reducer annotations (#​6080)
• monorepo support in CLI (#​6028)

v0.6.6

Compare Source

Changes since 0.6.5

• fix(langgraph): Remote Baggage (#​5964)
• chore(langgraph): Add passthrough params/headers to invoke/stream/etc. (#​5940)
• feat(sdk-py): client qparams (#​5918)

v0.6.5

Compare Source

Changes since 0.6.4

• release(langgraph): 0.6.5 (#​5901)
• fix: Persist resume_map values (#​5898)
• feat(langgraph): implement redis node level cache (#​5834)

v0.6.4

Compare Source

Changes since 0.6.3

• release: langgraph + prebuilt 0.6.4 (#​5854)
• fix: mypy issue with conditional edges (#​5851)
• fix(langgraph): support emitting messages from subgraphs when messages mode explicitly requested (#​5836)
• perf(langgraph): Save updated_channels to checkpoint (#​5828)
• chore(langgraph): deprecate MessageGraph (#​5843)

v0.6.3

Compare Source

Changes since 0.6.2

• fix(langgraph): Tidy up AgentState (#​5801)
• release: langgraph + prebuilt 0.6.3 (#​5799)
• fix(langgraph): Add warning for incorrect node signature with mistyped config param (#​5798)
• fix(langgraph): fix up deprecation warnings (#​5796)
• feat(langgraph): add durability mode for invoke and ainvoke (#​5771)
• fix(docs): Add missing imports to make examples runnable (#​5477)
• fix(langgraph): Remove duplicate call to ensure_config (#​5768)

v0.6.2

Compare Source

Changes since 0.6.1

• fix(prebuilt): assign context_schema to config_schema with correct condition (#​5746)
• feat(langgraph): Add context coercion for LangGraph runtime (#​5736)

v0.6.1

Compare Source

Changes since 0.6.0

• fix(langgraph): use parent runtime when available (#​5707)
• fix(langgraph): inject config even when optional (#​5708)

v0.6.0

Compare Source

LangGraph v0.6

We’re excited to announce the release of LangGraph v0.6.0, another significant step toward our v1.0 milestone. This release emphasizes providing a cleaner, more intuitive developer experience for building agentic workflows. Below we’ll cover the headline improvements and minor changes.

🚀 New Context API: Simplified Runtime Context Injection

The biggest improvement in v0.6 is the introduction of the new Context API, which makes it easier to pass run-scoped context in an intuitive and type safe way.

This pattern replaces the previously recommended pattern of injecting run-scoped context into config['configurable'].

Before (v0.5):

from langchain_core.runnables import RunnableConfig
from langgraph.graph import StateGraph

def node(state: State, config: RunnableConfig):
    # verbose .get() access pattern for nested dicts    
    user_id = config.get("configurable", {}).get("user_id")
    db_conn = config.get("configurable", {}).get("db_connection")
    ...

builder = StateGraph(state_schema=State, config_schema=Config)

# add nodes, edges, compile the graph...

# nested runtime context passed to config's configurable key
result = graph.invoke(
    {'input': 'abc'}, 
    config={'configurable': {'user_id': '123', 'db_connection': 'conn_mock'}}
)

After (v0.6):

from dataclasses import dataclass

from langgraph.graph import StateGraph
from langgraph.runtime import Runtime

@​dataclass
class Context:
    """Context schema defined by the developer."""    
    user_id: str    
    db_connection: str
    
def node(state: State, runtime: Runtime[Context]):
    # type safe access to context attributes    
    user_id = runtime.context.user_id
    db_conn = runtime.context.db_connection
    ...

builder = StateGraph(state_schema=State, context_schema=Context)

# add nodes, edges, compile the graph...

# top level context arg is typed as Context for autocomplete and type checking
result = graph.invoke(
    {'input': 'abc'},
    context=Context(user_id='123', db_conn='conn_mock')
)

The Runtime class provides a single interface for accessing information like:

• context: static data passed at the start of a run
• store: storage mechanism for long term memories
• stream_writer: custom function for writing to the graph’s output stream
• for functional API users, previous is also available: the previous return value for the given thread

Now, instead of injecting all of the above as separate parameters to node functions,
developers can access them all through a single runtime parameter.

Migration Path

• config_schema is deprecated in favor of context_schema, and will be removed in v2.0.0
• The new API maintains backward compatibility for existing code
• Gradual migration is supported with deprecation warnings for config_schema
• get_config_jsonschema is deprecated in favor of get_context_jsonschema (though this is generally only used for graph introspection and not by most langgraph users)

🔀 Dynamic model & tool selection

create_react_agent can now dynamically choose both the model and tools at runtime using a custom context object:

from langgraph.prebuilt import create_react_agent

@​dataclass
class CustomContext:
    provider: Literal["anthropic", "openai"]
    tools: list[str]

def select_model(state, Runtime[Context]):
    model = {
        "openai": openai_model,
        "anthropic": anthropic_model,
    }[runtime.context.provider]

    selected_tools = [
        tool for tool in [weather, compass]
        if tool.name in runtime.context.tools
    ]

    return model.bind_tools(selected_tools)

agent = create_react_agent(
	select_model, 
         # Initialize the agent with all known tools
	tools=[weather, compass]
)

Then invoke the agent with your desired settings:

agent.invoke(
    some_input,
    context=CustomContext(provider="openai", tools=["compass"])
)

Now agents can flexibly adapt their behavior based on runtime context.

🏗️ Durability Mode Support

LangGraph v0.6 introduces a new durability ****argument that gives you fine-grained control over persistence behavior. This provides finer grained control than its predecessor, checkpoint_during.

This was predated

• Choose between three durability modes:
  • "exit" - Save checkpoint only when the graph exits
    • equivalent to checkpoint_during=False
    • Least durable, fastest
  • "async" - Save checkpoint asynchronously while next step executes
    • equivalent to checkpoint_during=True
    • Moderately durable, mid speed
  • "sync" - Save checkpoint synchronously before next step
    • New!
    • Highly durable, slowest

Migration Path

checkpoint_during is now deprecated in favor of the new durability argument. Backwards compatibility will be maintained until v2.0.0.

🛡️ Enhanced Type Safety and Validation

In an effort to make graph building easier for developers, we’ve enhanced the type safety of the
LangGraph APIs.

LangGraph’s StateGraph and Pregel interfaces are now generic over a graph’s:

• state_schema
• context_schema
• input_schema
• output_schema

This means that:

• Node signatures are type checked at graph creation time
• Input to invoke / stream is type checked against the relevant schema
• context available via the aforementioned Runtime class matches the context_schema

🔧 A Refined Interrupt Interface

In preparation for v1.0, we’ve made a few changes to the Interrupt interface.
Interrupts now have two attributes:

• id - a unique identifier for the interrupt
• value - the interrupt value

In v0.6, we’ve removed the following attributes from the Interrupt class:

• when - this was always "during" and offered no practical value
• resumable - functionally, this is always True
• ns - this information is now stored in a condensed format in the id attribute
• interrupt_id has been deprecated in favor of id, but is still usable for backward compatibility

🔒 Solidified Public API Surface

Gearing up for v1.0, we’ve solidified what’s public vs. private in the LangGraph API.
We’ve also deprecated some old import paths that have supported backports for ~1 year.

These changes make it easier to maintain a higher quality public API
and reduce the surface area for potential breaking changes.

The following table summarizes the changes:

Old Import	New Import	Status
from langgraph.pregel.types import ...	from langgraph.types import ...	⚠️ Deprecated - Will be removed in V2
from langgraph.constants import Send	from langgraph.types import Send	⚠️ Deprecated - Will be removed in V2
from langgraph.constants import Interrupt	from langgraph.types import Interrupt	⚠️ Deprecated - Will be removed in V2
from langgraph.channels import <ErrorClass>	from langgraph.errors import <ErrorClass>	❌ Removed - All errors now centralized in langgraph.errors
from langgraph.constants import TAG_NOSTREAM_ALT	from langgraph.constants import NOSTREAM	❌ Removed - Deprecated constant removed

🎯 Looking Toward v1.0

LangGraph v0.6 represents our final major changes before the stable v1.0 release.
We anticipate adhering strictly to SemVer post v1.0, leaning into a promise of stability and predictability.

Get Involved

LangGraph is an open source project, and we’d love to hear from you! We’ve rolled out a new LangChain forum for questions, feature requests, and discussions.

Please let us know what you think about the new Runtime API and other changes in v0.6, and if you have any difficulties with which we can help.

Full Changelog

• feat(sdk-py): sdk support for context API (#​5566)
• feat(langgraph): Implement durability mode argument (#​5432)
• refactor(langgraph): improve Runtime interface re patch/overrides (#​5546)
• refactor(langgraph): make constants generally private with a few select exports (#​5529)
• refactor(langgraph): move private typing constructs in constants.py -> _internal/_typing.py (#​5518)
• feat(langgraph): new context api (replacing config['configurable'] and config_schema) (#​5243)
• feat(langgraph): add type checking for matching node signatures vs input_schema for add_node (#​5424)
• change[langgraph]: clean up Interrupt interface for v1 (#​5405)
• langgraph[change]: solidify public/private differentiations (#​5252)

v0.5.4

Compare Source

Changes since 0.5.3

• feat(langgraph): Handle ParentCommand in RemoteGraph (#​5600)
• fix(langgraph): ignore write to END with Command (#​5601)
• fix(langgraph): add stacklevel=2 to the warnings to point to the caller’s codes (#​5457)

v0.5.3

Compare Source

Changes since 0.5.2

• release(langgraph): v0.5.3 (#​5498)
• chore[deps]: upgrade dependencies with uv lock --upgrade (#​5471)
• docs(checkpoint-postgres): fix typo in comment (#​5486)
• chore: add forum to readme (#​5488)
• fix(langgraph): remove ABC spec for PregelProtocol (#​5485)
• fix(langgraph): replace _state_schema to state_schema when accessing StateGraph (#​5436)
• fix(checkpoint-postgres): Remove python invalid escape warning (#​5441)

v0.5.2

Compare Source

Changes since 0.5.1

• patch[langgraph]: Fix hint for invoke/stream to allow for Command and None (#​5414)

v0.5.1

Compare Source

Changes since 0.5.0

• langgraph[fix]: remove deprecated pydantic logic + fix schema gen behavior for typed dicts (#​5296)
• prebuilt[patch]: import recognized tool message content block types from langchain-core (#​5275)

v0.5.0

Compare Source

LangGraph 0.5 – the “Getting-Ready-for-1.0” release 🎉

TL;DR – 0.5 is not a radical rewrite, but a scrub-down and tune-up of the LangGraph core.

APIs are a little stricter, you have more control over streaming, checkpoints are lighter, etc. 99 % of users can upgrade with nothing more than a pip install --upgrade langgraph==0.5.*.

---

Why 0.5?

The team’s next big milestone is a 1.0 release in a few months.

To get there we needed to:

• lock in the few API surfaces that still felt “fuzzy”
• prune internal code paths that made distributed execution harder
• land long-queued performance work

0.5 is that housekeeping release.

---

Headline changes

1. A leaner, stricter StateGraph

1. state_schema is now mandatory.

   “Untyped” graphs were never shown in the docs and produced surprising runtime errors. Requiring an explicit schema fixes that class of bugs and improves static analysis.

2. input/output → input_schema/output_schema

   The old names still work but raise a deprecation warning.

   graph = StateGraph(
       state_schema=MyState,
       input_schema=UserQuery,
       output_schema=AssistantResponse,
   )

3. New NodeBuilder utility

   A simpler, declarative way to create nodes and attach them to channels. The old Channel.subscribe_to helper keeps working but will be removed in 1.0.

2. Smarter streaming modes

• stream_mode="debug" is now an alias for the pair["tasks", "checkpoints"]. You can now turn them on individually:

graph.stream(stream_mode="tasks")        # only task-level updates
graph.stream(stream_mode="checkpoints")  # only checkpoint deltas

This makes it cheaper to subscribe only to the information you need.

3. Checkpointing overhaul

• Smaller blobs & faster restores
  Redundant keys have been dropped and per-task writes are stored directly.
• Seamless migrations
  Legacy “pending _sends” data is auto-migrated the first time it is loaded. Custom checkpointers continue to work unchanged.

4. Better serialization

• JsonPlusSerializer now handles NumPy arrays stored in your state (including Fortran-ordered ones) without falling back to pickle.

---

Minor breaking changes you might notice

1. state_schema required – add it if you were passing only input and output schemas instead (very rare).
2. input / output renaming – rename to input_schema / output_schema.
3. Subclassing internals – if you subclassed PregelNode and Runnable, drop the latter.

Nothing else should require code changes.

---

How to upgrade

pip install -U "langgraph>=0.5"

If you maintain a plugin / custom checkpointer, run your test suite once; the public interfaces are untouched.

---

What’s next?

We’re hard at work on LangGraph 1.0, chime in here with any comments, feedback or questions, we want to hear from everyone.

Detailed Changelog

• feat: crons sorting sdk (#​5197)
• feat(langgraph): task masquerading with update state
• Add print_mode= arg to invoke/stream (#​5201)
• Fix bug where Command(update=) could be ignored if there was a 2nd interrupt after it
• Reduce extraneous keys in checkpoint.metadata
• If FuturesDict callback has been GCed, don't call it
• Add migration for pending_sends (#​5106)
• Introduce "tasks" and "checkpoints" stream modes
• Add migration for pending_sends
• Restore compatibility with custom checkpointer classes created in prior versions
• Revert "Remove UntrackedValue channel"
• Revert "Remove MessageGraph (#​4875)"
• fix(langgraph): remove deprecated output usage in favor of output_schema (#​5095)
• refactor(langgraph): Remove PregelNode's inheritance from Runnable (#​5093)
• Remove support for node reading a single managed value
• PregelLoop: Simplify tick() method (#​5080)
• serialize/deserialize pandas with pickle fallback (#​5057)
• Remove code paths no longer needed
• Avoid saving checkpoints for subgraphs when checkpoint_during=False (#​5051)
• Remove gitmcp badge (#​5055)
• Avoid saving checkpoints for subgraphs when checkpoint_during=False
• Clean up things for Matt!
• Support numpy array serialization in JsonPlusSerializer (#​5035)
• Update ormsgpack (#​5034)
• deprecate input and output in favor of input_schema and output_schema (#​4983)
• using StateT as default for InputT
• lint: use pep 604 union syntax and pep 585 generic syntax (#​4963)
• docs: remove references to StateGraph(dict) (#​4964)
• rename retry -> retry_policy (#​4957)
• Fix step_timeout causing ParentCommand/GraphInterrupt exception to bubble up
• docs: fix a grammar issue in multiple files (#​4935)
• Make it possible to run test command without docker installed (#​4948)
• Fix async callback manager tag handling (#​4949)
• Pass tags when configuring async callback manager
• Allow same-name channels and nodes in StateGraph (#​4944)
• Make it possible to run test command without docker installed
• docs: fix ensure_config docstring
• Allow same-name channels and nodes in StateGraph
• Improve type checking on graph init and invoke/stream (#​4932)
• docs: fix a grammar issue in multiple files
• Fix makefile command file for dev server - pidfile was always empty
• Fix Command(graph=PARENT) when used together w checkpointer=True
• Remove unused deprecation decorator/warning (#​4917)
• Require state_schema in StateGraph.__init__ (#​4897)
• Remove add_conditional_edge(..., then=) (#​4893)
• Avoid repeated runtime calls to get_type_hints
• Remove MessageGraph (#​4875)
• Remove non-state Graph
• Remove UntrackedValue channel
• Remove UntrackedValue channel (#​4859)
• Flip default for checkpoint_during
• Remove Channel node builder
• Update managed value usage in local_read (#​4854)
• Modify stream mode messages and custom to respect subgraphs=False (#​4843)
• Remove Checkpoint.writes (#​4822)
• Remove Checkpoint.pending_sends (#​4820)
• Pregel: Add NodeBuilder class to replace Channel.subscribe_to (#​4819)
• Remove dict subclasses used for values/updates stream chunks (#​4816)
• Remove old checkpoint test fixtures (#​4814)
• Remove postgres shallow checkpointer (#​4813)
• Remove ChannelsManager, ManagedValues are now static classes and never instantiated (#​4812)
• Remove Context channel / managed value, Remove SharedValue (#​4857)
• Pregel: Add NodeBuilder class to replace Channel.subscribe_to
• Remove old checkpoint test fixtures
• Remove postgres shallow checkpointer
• Remove ChannelsManager, ManagedValues are now static classes and never instantiated
• Remove Context channel / managed value, Remove SharedValue

v0.4.10

Compare Source

Changes since 0.4.9

• Revert change to default value of checkpoint_during arg (#​5177)
• Revert change to default value of checkpoint_during arg
• Fix bug where Command(update=) could be ignored if there was a 2nd interrupt after it
• Reduce extraneous keys in checkpoint.metadata
• If FuturesDict callback has been GCed, don't call it
• langgraph 0.5.0rc1
• langgraph 0.5.0rc0
• Preparation for 0.5 release: langgraph-checkpoint (#​5124)
• Preparation for 0.5 release
• Add migration for pending_sends (#​5106)
• Lint
• Introduce "tasks" and "checkpoints" stream modes
• Add migration for pending_sends
• Restore compatibility with custom checkpointer classes created in prior versions
• Revert "Remove UntrackedValue channel"
• Revert "Remove MessageGraph (#​4875)"
• fix(langgraph): remove deprecated output usage in favor of output_schema (#​5095)
• refactor(langgraph): Remove PregelNode's inheritance from Runnable (#​5093)
• Remove support for node reading a single managed value
• PregelLoop: Simplify tick() method (#​5080)
• serialize/deserialize pandas with pickle fallback (#​5057)
• Remove code paths no longer needed
• Avoid saving checkpoints for subgraphs when checkpoint_during=False (#​5051)
• Remove gitmcp badge (#​5055)
• Update existing
• Add tests
• Avoid saving checkpoints for subgraphs when checkpoint_during=False
• Clean up things for Matt!
• Support numpy array serialization in JsonPlusSerializer (#​5035)
• Update ormsgpack (#​5034)
• deprecate input and output in favor of input_schema and output_schema (#​4983)
• using StateT as default for InputT
• lint: use pep 604 union syntax and pep 585 generic syntax (#​4963)
• docs: remove references to StateGraph(dict) (#​4964)
• rename retry -> retry_policy (#​4957)
• Fix step_timeout causing ParentCommand/GraphInterrupt exception to bubble up
• docs: fix a grammar issue in multiple files (#​4935)
• Make it possible to run test command without docker installed (#​4948)
• Fix async callback manager tag handling (#​4949)
• Pass tags when configuring async call

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.