[Release] langchain-ai/langchain langchain-classic==1.0.2: langchain-classic==1.0.2

LangChain Classic version 1.0.2 was released with a critical security patch fixing a ReDoS vulnerability in MRKL and ReAct action regex (CVE-2024-58340). The release includes multiple dependency updates, bug fixes for ensemble retriever weights validation and configuration handling, documentation improvements, and various code quality enhancements including ruff upgrades and mypy fixes.

Key Points

• •Critical security patch: Fixed ReDoS vulnerability in MRKL and ReAct action regex (CVE-2024-58340) — update immediately for production systems
• •Deprecated function warnings added: `create_react_agent` and `initialize_agent` now include deprecation notices to guide users toward newer alternatives
• •Ensemble retriever validation improved: Added weight validation to prevent misconfiguration of ensemble retrievers
• •OpenAI integration enhanced: Automatic server-side compaction support added for improved performance
• •Dependency updates: Bumped 40+ dependencies including google-cloud-aiplatform (1.117.0→1.133.0), pillow, cryptography, and langchainhub for security and stability
• •Documentation improvements: Fixed docstring inaccuracies, updated LangSmith URLs, and clarified MultiVectorRetriever usage patterns
• •Code quality enhancements: Upgraded ruff to v0.15, mypy to v1.19, replaced print statements with logger.info, and enforced non-relative imports across packages
• •Configuration fixes: Corrected `config.getoption` default parameter handling and fixed typos in error messages for better debugging

Concepts