langchain

vlangchain-model-profiles==0.0.6 scope: langchain-model-profiles Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 4d AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

agents ai ai-agents anthropic chatgpt deepagents

+11 more

enterprise gemini generative-ai langchain langgraph llm multiagent openai pydantic python typescript

Affected surfaces

deps

ReleasePort's take

Moderate signal

editorial:auto 4d

Bump pygments to version 2.20.0 or higher to remediate CVE‑2026‑4539.

Why it matters: CVE‑2026‑4539, a critical vulnerability affecting the pygments dependency across all packages, requires upgrading pygments ≥ 2.20.0 immediately.

Summary

AI summary

Security fix addresses CVE-2026-4539 by bumping pygments to >=2.20.0.

Changes in this release

Type	Severity	Summary	CVE
Security	Critical	Bump pygments to >=2.20.0 to address CVE-2026-4539. Bump pygments to >=2.20.0 to address CVE-2026-4539. Source: llm_adapter@2026-06-11 Confidence: high	—
Feature
Feature	Medium	Add `text_inputs` and `text_outputs` fields to model-profiles. Add `text_inputs` and `text_outputs` fields to model-profiles. Source: llm_adapter@2026-06-11 Confidence: high	—
Feature	Medium	Add content‑block‑centric streaming (v2) in core. Add content‑block‑centric streaming (v2) in core. Source: granite4.1:30b@2026-06-11-audit Confidence: low	—
Feature	Medium	Auto append relevant beta headers for Anthropic computer use (anthropic). Auto append relevant beta headers for Anthropic computer use (anthropic). Source: granite4.1:30b@2026-06-11-audit Confidence: low	—
Feature	Medium	Validate tool call chunks during streaming for standard tests. Validate tool call chunks during streaming for standard tests. Source: granite4.1:30b@2026-06-11-audit Confidence: low	—
Feature	Low	Introduce model profile bump tool (infra). Introduce model profile bump tool (infra). Source: granite4.1:30b@2026-06-11-audit Confidence: low	—
Dependency
Dependency	Low	Bump urllib3 from 2.6.3 to 2.7.0 in /libs/model-profiles. Bump urllib3 from 2.6.3 to 2.7.0 in /libs/model-profiles. Source: llm_adapter@2026-06-11 Confidence: high	—
Dependency	Low	Bump requests from 2.32.5 to 2.33.0 in /libs/model-profiles. Bump requests from 2.32.5 to 2.33.0 in /libs/model-profiles. Source: llm_adapter@2026-06-11 Confidence: high	—
Dependency	Low	Bump langgraph from 1.0.8 to 1.0.10rc1 in /libs/model-profiles. Bump langgraph from 1.0.8 to 1.0.10rc1 in /libs/model-profiles. Source: llm_adapter@2026-06-11 Confidence: high	—
Dependency	Low	Bump langgraph-checkpoint from 3.0.0 to 4.0.0 in /libs/model-profiles. Bump langgraph-checkpoint from 3.0.0 to 4.0.0 in /libs/model-profiles. Source: llm_adapter@2026-06-11 Confidence: high	—
Dependency	Low	Bump langsmith from 0.7.31 to 0.8.0 in /libs/model-profiles. Bump langsmith from 0.7.31 to 0.8.0 in /libs/model-profiles. Source: llm_adapter@2026-06-11 Confidence: high	—
Dependency	Low	Bump langchain-core from 1.3.2 to 1.3.3 in /libs/model-profiles. Bump langchain-core from 1.3.2 to 1.3.3 in /libs/model-profiles. Source: llm_adapter@2026-06-11 Confidence: high	—
Dependency	Low	Bump types-toml from 0.10.8.20240310 to 0.10.8.20260408 in /libs/model-profiles. Bump types-toml from 0.10.8.20240310 to 0.10.8.20260408 in /libs/model-profiles. Source: llm_adapter@2026-06-11 Confidence: high	—
Dependency	Low	Bump pytest to 9.0.3 globally and in /libs/model-profiles. Bump pytest to 9.0.3 globally and in /libs/model-profiles. Source: llm_adapter@2026-06-11 Confidence: high	—
Bugfix
Bugfix	Medium	Add missing `ModelProfile` fields and warn on schema drift across core and model‑profiles. Add missing `ModelProfile` fields and warn on schema drift across core and model‑profiles. Source: granite4.1:30b@2026-06-11-audit Confidence: low	—
Bugfix	Low	Fix trailing comma regex in profile generation script (infra). Fix trailing comma regex in profile generation script (infra). Source: granite4.1:30b@2026-06-11-audit Confidence: low	—
Bugfix	Low	Use posix‑compatible substitution in Makefile for model-profiles. Use posix‑compatible substitution in Makefile for model-profiles. Source: granite4.1:30b@2026-06-11-audit Confidence: low	—
Bugfix	Low	Honor `max_retries` setting in fireworks. Honor `max_retries` setting in fireworks. Source: granite4.1:30b@2026-06-11-audit Confidence: low	—
Other	Low	Release langchain-model-profiles 0.0.6, langchain 1.3.7/1.3.6/1.3.5, core 1.2.26/1.2.3, openai 1.2.1/1.2.0/1.1.6/1.1.5, perplexity 1.2.0, fireworks 1.2.1. Release langchain-model-profiles 0.0.6, langchain 1.3.7/1.3.6/1.3.5, core 1.2.26/1.2.3, openai 1.2.1/1.2.0/1.1.6/1.1.5, perplexity 1.2.0, fireworks 1.2.1. Source: granite4.1:30b@2026-06-11-audit Confidence: low	—

Full changelog

Changes since langchain-model-profiles==0.0.5

release(model-profiles): 0.0.6 (#38057)
feat(standard-tests): validate tool call chunks during streaming (#34707)
hotfix(core): bump lockfile(s) (#38032)
release(langchain): 1.3.7 (#38024)
release(langchain): 1.3.6 (#38001)
release(langchain): 1.3.5 (#37998)
hotfix(openai): min core dep (#37990)
chore: bump idna from 3.11 to 3.15 in /libs/model-profiles (#37538)
chore: bump the minor-and-patch group across 3 directories with 15 updates (#37515)
ci(infra): harden Dependabot version-bound preservation (#37510)
hotfix: bump lockfiles (#37508)
chore: bump langsmith from 0.7.31 to 0.8.0 in /libs/model-profiles (#37382)
chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/model-profiles (#37325)
chore: bump langchain-core from 1.3.2 to 1.3.3 in /libs/model-profiles (#37254)
chore: bump types-toml from 0.10.8.20240310 to 0.10.8.20260408 in /libs/model-profiles (#37124)
release(fireworks): 1.2.1 (#37113)
release(perplexity): 1.2.0 (#37091)
chore(docs): update x handle references (#37081)
fix(anthropic): restore cache_control on non-direct subclasses (#37057)
release(openai): 1.2.1 (#36995)
feat(core): add content-block-centric streaming (v2) (#36834)
fix(fireworks): honor max_retries (#36973)
release(openai): 1.2.0 (#36961)
chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/model-profiles (#36798)
chore(deps): bump pytest to 9.0.3 (#36801)
chore: bump pytest from 9.0.2 to 9.0.3 in /libs/model-profiles (#36716)
chore: add comment explaining pygments>=2.20.0 (#36570)
release(core): 1.2.26 (#36511)
chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385)
chore: bump requests from 2.32.5 to 2.33.0 in /libs/model-profiles (#36240)
chore(partners): bump langchain-core min to 1.2.21 (#36183)
fix(core,model-profiles): add missing ModelProfile fields, warn on schema drift (#36129)
ci: suppress pytest streaming output in CI (#36092)
ci: avoid unnecessary dep installs in lint targets (#36046)
fix(model-profiles): use posix-compatible substitution in makefile (#35957)
chore: bump orjson from 3.11.5 to 3.11.6 in /libs/model-profiles (#35857)
feat(model-profiles): new fields + Makefile target (#35788)
chore: bump langgraph from 1.0.8 to 1.0.10rc1 in /libs/model-profiles (#35611)
chore: bump the minor-and-patch group across 3 directories with 3 updates (#35589)
chore: add note to release workflow (#35583)
chore: bump the other-deps group across 3 directories with 2 updates (#35512)
chore: bump langgraph-checkpoint from 3.0.0 to 4.0.0 in /libs/model-profiles (#35446)
chore: bump the other-deps group across 3 directories with 2 updates (#35407)
fix(model-profiles): sort generated profiles by model ID for stable diffs (#35344)
fix(infra): fix trailing comma regex in profile generation script (#35333)
feat(infra): model profile bump tool (#35331)
chore: bump model profiles (#35294)
chore: bump the other-deps group across 3 directories with 2 updates (#35255)
feat(openrouter): add langchain-openrouter provider package (#35211)
style: bump ruff version to 0.15 (#35042)
chore(deps): bump langsmith from 0.4.38 to 0.6.3 in /libs/model-profiles (#35160)
chore(deps): bump the other-deps group across 3 directories with 12 updates (#35127)
chore(deps): bump the other-deps group across 3 directories with 8 updates (#35120)
feat(model-profiles): add text_inputs and text_outputs (#35084)
chore: add make type target (#35015)
revert: "chore: add typing target in Makefile" (#35013)
chore: add typing target in Makefile (#35012)
chore: enrich pyproject.toml files (#34980)
chore(deps): bump the uv group across 20 directories with 3 updates (#34941)
chore: upgrade urllib3 to 2.6.3 (#34940)
style(model-profiles): lint (#34864)
chore(deps): bump the uv group across 5 directories with 5 updates (#34785)
chore: update twitter URLs (#34736)
chore: ban relative imports on all packages (#34691)
release(core): 1.2.3 (#34421)
release(openai): 1.1.6: update max input tokens for gpt-5 series (#34419)
release(openai): 1.1.5 (#34409)
feat(infra): add CI check for out of date lockfiles (#34397)
feat(anthropic): auto append relevant beta headers for computer use (#34117)
revert(model-profiles): update docs link (#34162)
fix(model-profiles): update docs link (#34127)

Security Fixes

CVE-2026-4539 — Bump pygments from <2.20.0 to >=2.20.0 across all packages

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track langchain

Get notified when new releases ship.

About langchain

The agent engineering platform

All releases →

Related context

Related tools

Related CVEs

CVE-2026-4539 NVD KEV EPSS

Earlier breaking changes

vlangchain-core==1.4.0 Deletes schema items marked for removal in schemas.py
vlangchain-core==1.4.0 Deletes function_calling.py utils marked for removal
vlangchain-core==1.4.0 Deletes get_relevant_documents function from API
vlangchain-core==1.4.0 Deletes pydantic_v1 module entirely from codebase
vlangchain-core==1.4.0 Deletes BaseMemory module, moved to langchain-classic