[Release] langchain-ai/langchain langchain==0.3.28: langchain==0.3.28

LangChain v0.3.28 is a maintenance and security release that addresses a critical ReDoS vulnerability (CVE-2024-58340) in MRKL and ReAct action regex patterns. The release includes improvements to UUID7 for run IDs, enhanced OpenAI streaming support, better Anthropic model integration, and extensive code quality improvements including Pydantic deprecation fixes, Ruff linting enhancements, and documentation standardization.

Key Points

• •Security patch: Fixed ReDoS vulnerability in MRKL and ReAct action regex (CVE-2024-58340) - critical for production systems
• •Bumped minimum langchain-core dependency to 0.3.73 for compatibility and security fixes
• •Implemented UUID7 for run IDs across core, langchain, and text-splitters modules for better distributed tracing
• •Enhanced OpenAI integration: enabled stream_usage by default and added async support with _aget_response
• •Improved Anthropic chat model initialization with context_management parameter support
• •Resolved Pydantic v2 deprecation warnings by updating dict() calls to model_dump() in Chain classes
• •Added comprehensive Ruff linting rules (D, N, ARG, TC, SLF, ERA, BLE) for code quality and consistency
• •Updated model references to latest versions (Claude-3.5 Sonnet, removed deprecated Claude-3 Sonnet-20240229)
• •Enhanced PostgreSQL Manager with improved SQLAlchemy API calls for upsert operations
• •Dropped Python version caps and restored optional dependencies for broader compatibility

Workflow Diagram

Concepts