Merge branch 'master' into master

.github/scripts/get_min_versions.py

@@ -4,7 +4,12 @@
 from packaging.version import parse as parse_version
 import re
 
-MIN_VERSION_LIBS = ["langchain-core", "langchain-community", "langchain", "langchain-text-splitters"]
+MIN_VERSION_LIBS = [
+    "langchain-core",
+    "langchain-community",
+    "langchain",
+    "langchain-text-splitters",
+]
 
 
 def get_min_version(version: str) -> str:
@@ -56,12 +61,13 @@ def get_min_version_from_toml(toml_path: str):
     return min_versions
 
 
-# Get the TOML file path from the command line argument
-toml_file = sys.argv[1]
+if __name__ == "__main__":
+    # Get the TOML file path from the command line argument
+    toml_file = sys.argv[1]
 
-# Call the function to get the minimum versions
-min_versions = get_min_version_from_toml(toml_file)
+    # Call the function to get the minimum versions
+    min_versions = get_min_version_from_toml(toml_file)
 
-print(
-    " ".join([f"{lib}=={version}" for lib, version in min_versions.items()])
-)  # noqa: T201
+    print(
+        " ".join([f"{lib}=={version}" for lib, version in min_versions.items()])
+    )  # noqa: T201

.github/workflows/_integration_test.yml

@@ -75,6 +75,7 @@ jobs:
           ES_API_KEY: ${{ secrets.ES_API_KEY }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # for airbyte
           MONGODB_ATLAS_URI: ${{ secrets.MONGODB_ATLAS_URI }}
+          VOYAGE_API_KEY: ${{ secrets.VOYAGE_API_KEY }}
         run: |
           make integration_tests
 

.github/workflows/_release.yml

@@ -157,6 +157,24 @@ jobs:
         run: make tests
         working-directory: ${{ inputs.working-directory }}
 
+      - name: Get minimum versions
+        working-directory: ${{ inputs.working-directory }}
+        id: min-version
+        run: |
+          poetry run pip install packaging
+          min_versions="$(poetry run python $GITHUB_WORKSPACE/.github/scripts/get_min_versions.py pyproject.toml)"
+          echo "min-versions=$min_versions" >> "$GITHUB_OUTPUT"
+          echo "min-versions=$min_versions"
+
+      - name: Run unit tests with minimum dependency versions
+        if: ${{ steps.min-version.outputs.min-versions != '' }}
+        env:
+          MIN_VERSIONS: ${{ steps.min-version.outputs.min-versions }}
+        run: |
+          poetry run pip install $MIN_VERSIONS
+          make tests
+        working-directory: ${{ inputs.working-directory }}
+
       - name: 'Authenticate to Google Cloud'
         id: 'auth'
         uses: google-github-actions/auth@v2
@@ -196,27 +214,10 @@ jobs:
           ES_API_KEY: ${{ secrets.ES_API_KEY }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # for airbyte
           MONGODB_ATLAS_URI: ${{ secrets.MONGODB_ATLAS_URI }}
+          VOYAGE_API_KEY: ${{ secrets.VOYAGE_API_KEY }}
         run: make integration_tests
         working-directory: ${{ inputs.working-directory }}
 
-      - name: Get minimum versions
-        working-directory: ${{ inputs.working-directory }}
-        id: min-version
-        run: |
-          poetry run pip install packaging
-          min_versions="$(poetry run python $GITHUB_WORKSPACE/.github/scripts/get_min_versions.py pyproject.toml)"
-          echo "min-versions=$min_versions" >> "$GITHUB_OUTPUT"
-          echo "min-versions=$min_versions"
-
-      - name: Run unit tests with minimum dependency versions
-        if: ${{ steps.min-version.outputs.min-versions != '' }}
-        env:
-          MIN_VERSIONS: ${{ steps.min-version.outputs.min-versions }}
-        run: |
-          poetry run pip install $MIN_VERSIONS
-          make tests
-        working-directory: ${{ inputs.working-directory }}
-
   publish:
     needs:
       - build

.github/workflows/check-broken-links.yml

@@ -0,0 +1,24 @@
+name: Check Broken Links
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron:  '0 13 * * *'
+
+jobs:
+  check-links:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Use Node.js 18.x
+        uses: actions/setup-node@v3
+        with:
+          node-version: 18.x
+          cache: "yarn"
+          cache-dependency-path: ./docs/yarn.lock
+      - name: Install dependencies
+        run: yarn install --immutable --mode=skip-build
+        working-directory: ./docs
+      - name: Check broken links
+        run: yarn check-broken-links
+        working-directory: ./docs

SECURITY.md

@@ -1,6 +1,61 @@
 # Security Policy
 
-## Reporting a Vulnerability
+## Reporting OSS Vulnerabilities
 
-Please report security vulnerabilities by email to `[email protected]`.
-This email is an alias to a subset of our maintainers, and will ensure the issue is promptly triaged and acted upon as needed.
+LangChain is partnered with [huntr by Protect AI](https://huntr.com/) to provide 
+a bounty program for our open source projects. 
+
+Please report security vulnerabilities associated with the LangChain 
+open source projects by visiting the following link:
+
+[https://huntr.com/bounties/disclose/](https://huntr.com/bounties/disclose/?target=https%3A%2F%2Fgithub.com%2Flangchain-ai%2Flangchain&validSearch=true)
+
+Before reporting a vulnerability, please review:
+
+1) In-Scope Targets and Out-of-Scope Targets below.
+2) The [langchain-ai/langchain](https://python.langchain.com/docs/contributing/repo_structure) monorepo structure.
+3) LangChain [security guidelines](https://python.langchain.com/docs/security) to
+   understand what we consider to be a security vulnerability vs. developer
+   responsibility.
+
+### In-Scope Targets
+
+The following packages and repositories are eligible for bug bounties:
+
+- langchain-core
+- langchain (see exceptions)
+- langchain-community (see exceptions)
+- langgraph
+- langserve
+
+### Out of Scope Targets
+
+All out of scope targets defined by huntr as well as:
+
+- **langchain-experimental**: This repository is for experimental code and is not
+  eligible for bug bounties, bug reports to it will be marked as interesting or waste of
+  time and published with no bounty attached.
+- **tools**: Tools in either langchain or langchain-community are not eligible for bug
+  bounties. This includes the following directories
+  - langchain/tools
+  - langchain-community/tools
+  - Please review our [security guidelines](https://python.langchain.com/docs/security)
+    for more details, but generally tools interact with the real world. Developers are
+    expected to understand the security implications of their code and are responsible
+    for the security of their tools.
+- Code documented with security notices. This will be decided done on a case by
+  case basis, but likely will not be eligible for a bounty as the code is already
+  documented with guidelines for developers that should be followed for making their
+  application secure.
+- Any LangSmith related repositories or APIs see below.
+
+## Reporting LangSmith Vulnerabilities
+
+Please report security vulnerabilities associated with LangSmith by email to `[email protected]`.
+
+- LangSmith site: https://smith.langchain.com
+- SDK client: https://github.com/langchain-ai/langsmith-sdk
+
+### Other Security Concerns
+
+For any other security concerns, please contact us at `[email protected]`.

docs/docs/expression_language/streaming.ipynb

@@ -55,7 +55,7 @@
    "id": "9eb73e8b",
    "metadata": {},
    "source": [
-    "We will show examples of streaming using the chat model from [Anthropic](https://python.langchain.com/docs/integrations/platforms/anthropic). To use the model, you will need to install the `langchain-anthropic` package. You can do this with the following command:"
+    "We will show examples of streaming using the chat model from [Anthropic](/docs/integrations/platforms/anthropic). To use the model, you will need to install the `langchain-anthropic` package. You can do this with the following command:"
    ]
   },
   {
@@ -658,7 +658,7 @@
     "\n",
     "This is a **beta API**, and we're almost certainly going to make some changes to it.\n",
     "\n",
-    "This version parameter will allow us to mimimize such breaking changes to your code. \n",
+    "This version parameter will allow us to minimize such breaking changes to your code. \n",
     "\n",
     "In short, we are annoying you now, so we don't have to annoy you later.\n",
     ":::"

docs/docs/guides/evaluation/string/json.ipynb

@@ -7,7 +7,7 @@
    "source": [
     "# JSON Evaluators\n",
     "\n",
-    "Evaluating [extraction](https://python.langchain.com/docs/use_cases/extraction) and function calling applications often comes down to validation that the LLM's string output can be parsed correctly and how it compares to a reference object. The following `JSON` validators provide functionality to check your model's output consistently.\n",
+    "Evaluating [extraction](/docs/use_cases/extraction) and function calling applications often comes down to validation that the LLM's string output can be parsed correctly and how it compares to a reference object. The following `JSON` validators provide functionality to check your model's output consistently.\n",
     "\n",
     "## JsonValidityEvaluator\n",
     "\n",

docs/docs/guides/privacy/presidio_data_anonymization/qa_privacy_protection.ipynb

@@ -24,7 +24,7 @@
     "<img src=\"/img/qa_privacy_protection.png\" width=\"900\"/>\n",
     "\n",
     "\n",
-    "In the following notebook, we will not go into the details of how the anonymizer works. If you are interested, please visit [this part of the documentation](https://python.langchain.com/docs/guides/privacy/presidio_data_anonymization/).\n",
+    "In the following notebook, we will not go into the details of how the anonymizer works. If you are interested, please visit [this part of the documentation](/docs/guides/privacy/presidio_data_anonymization/).\n",
     "\n",
     "## Quickstart\n",
     "\n",

docs/docs/integrations/callbacks/promptlayer.ipynb

@@ -9,7 +9,7 @@
     "\n",
     ">[PromptLayer](https://docs.promptlayer.com/introduction) is a platform for prompt engineering. It also helps with the LLM observability to visualize requests, version prompts, and track usage.\n",
     ">\n",
-    ">While `PromptLayer` does have LLMs that integrate directly with LangChain (e.g. [`PromptLayerOpenAI`](https://python.langchain.com/docs/integrations/llms/promptlayer_openai)), using a callback is the recommended way to integrate `PromptLayer` with LangChain.\n",
+    ">While `PromptLayer` does have LLMs that integrate directly with LangChain (e.g. [`PromptLayerOpenAI`](/docs/integrations/llms/promptlayer_openai)), using a callback is the recommended way to integrate `PromptLayer` with LangChain.\n",
     "\n",
     "In this guide, we will go over how to setup the `PromptLayerCallbackHandler`. \n",
     "\n",

docs/docs/integrations/callbacks/trubrics.ipynb

@@ -124,7 +124,7 @@
     "tags": []
    },
    "source": [
-    "Here are two examples of how to use the `TrubricsCallbackHandler` with Langchain [LLMs](https://python.langchain.com/docs/modules/model_io/llms/) or [Chat Models](https://python.langchain.com/docs/modules/model_io/chat/). We will use OpenAI models, so set your `OPENAI_API_KEY` key here:"
+    "Here are two examples of how to use the `TrubricsCallbackHandler` with Langchain [LLMs](/docs/modules/model_io/llms/) or [Chat Models](/docs/modules/model_io/chat/). We will use OpenAI models, so set your `OPENAI_API_KEY` key here:"
    ]
   },
   {