Bump the pip group across 1 directory with 4 updates

[dependabot]

Bumps the pip group with 4 updates in the /backend directory: langchain, python-multipart, langchain-community and pypdf.

Updates langchain from 0.1.9 to 0.3.0.dev1

Commits

• 933f4ab bump core dep in langchain
• 42d8b36 core: release 0.3.0.dev2 (#26120)
• 4200876 Merge branch 'v0.3rc' into v0.3/dev_releases
• 5bbd536 core[patch]: call RunnableConfigurableFields.model_rebuild() (#26118)
• f3b12f8 vbump langchain
• e02b093 community[patch]: Fix more issues (#26116)
• 522203c Merge branch 'v0.3/dev_releases' of github.com:langchain-ai/langchain into v0...
• c492b7d vbump
• 8c4a52a poetry
• 0cc6584 community[patch]: Resolve more linting issues (#26115)
• Additional commits viewable in compare view

Updates python-multipart from 0.0.9 to 0.0.18

Release notes

Sourced from python-multipart's releases.

Version 0.0.18

What's Changed

• Hard break if found data after last boundary on MultipartParser by @​Kludex in Kludex/python-multipart#189

---

Full Changelog: Kludex/python-multipart@0.0.17...0.0.18

Version 0.0.17

What's Changed

• Handle PermissionError in fallback code for old import name by @​defnull in Kludex/python-multipart#182

---

Full Changelog: Kludex/python-multipart@0.0.16...0.0.17

Version 0.0.16

What's Changed

• Add dunder attributes to multipart package by @​Kludex in Kludex/python-multipart#177

---

Full Changelog: Kludex/python-multipart@0.0.15...0.0.16

Version 0.0.15

What's Changed

• Replace FutureWarning to PendingDeprecationWarning #174.
• Add missing files to SDist #171.

---

Full Changelog: Kludex/python-multipart@0.0.14...0.0.15

Version 0.0.14

What's Changed

• fix: use alternate scheme for importing multipart by @​henryiii in Kludex/python-multipart#168

Full Changelog: Kludex/python-multipart@0.0.13...0.0.14

Version 0.0.13

What's Changed

• Rename import to python_multipart by @​henryiii in Kludex/python-multipart#166

New Contributors

• @​henryiii made their first contribution in Kludex/python-multipart#166

Full Changelog: Kludex/python-multipart@0.0.12...0.0.13

... (truncated)

Changelog

Sourced from python-multipart's changelog.

0.0.18 (2024-11-28)

• Hard break if found data after last boundary on MultipartParser #189.

0.0.17 (2024-10-31)

• Handle PermissionError in fallback code for old import name #182.

0.0.16 (2024-10-27)

• Add dunder attributes to multipart package #177.

0.0.15 (2024-10-27)

• Replace FutureWarning to PendingDeprecationWarning #174.
• Add missing files to SDist #171.

0.0.14 (2024-10-24)

• Fix import scheme for multipart module (#168).

0.0.13 (2024-10-20)

• Rename import to python_multipart #166.

0.0.12 (2024-09-29)

• Improve error message when boundary character does not match #124.
• Add mypy strict typing #140.
• Enforce 100% coverage #159.

0.0.11 (2024-09-28)

• Improve performance, especially in data with many CR-LF #137.
• Handle invalid CRLF in header name #141.

0.0.10 (2024-09-21)

• Support on_header_begin #103.
• Improve type hints on FormParser #104.
• Fix OnFileCallback type #106.
• Improve type hints #110.
• Improve type hints on File #111.
• Add type hint to helper functions #112.
• Minor fix for Field.repr #114.
• Fix use of chunk_size parameter #136.
• Allow digits and valid token chars in headers #134.
• Fix headers being carried between parts #135.

Commits

• 5b1aed8 Version 0.0.18 (#191)
• 9205a0e Hard break if found data after last boundary on MultipartParser (#189)
• 170e604 Update ruff & mypy (#188)
• e53b541 Create SECURITY.md (#187)
• 02d1ec1 fuzz: fix boundary error (#179)
• 616b81e Version 0.0.17 (#183)
• ca52662 Handle PermissionError in fallback code for old import name (#182)
• 8764067 Version 0.0.16 (#177)
• ce85154 Version 0.0.15 (#175)
• 73fb55d ci: check-sdist (#172)
• Additional commits viewable in compare view

Updates langchain-community from 0.0.27 to 0.3.27

Commits

• bdf1cd3 fix(langchain): update deps
• 77c9819 fix(text-splitters): update langchain-core version to 0.3.72
• 7f015b6 fix(text-splitters): update lock for release
• 71ad451 Merge branch 'master' of github.com:langchain-ai/langchain
• 2c42893 fix(langchain): update langchain-core version to 0.3.72
• 0e139fb release(langchain): 0.3.27 (#32227)
• 622bb05 fix(langchain): class HTMLSemanticPreservingSplitter ignores the text inside ...
• 56dde3a feat(langchain): v1 scaffolding (#32166)
• bd3d649 release(core): 0.3.72 (#32214)
• fb5da83 fix(core): Dereference Refs for pydantic schema fails in tool schema generati...
• Additional commits viewable in compare view

Updates pypdf from 4.0.1 to 6.6.0

Release notes

Sourced from pypdf's releases.

Version 6.6.0, 2026-01-09

What's new

Security (SEC)

• Improve handling of partially broken PDF files (#3594) by @​stefan6419846

Deprecations (DEP)

• Block common page content modifications when assigned to reader (#3582) by @​stefan6419846

New Features (ENH)

• Embellishments to generated text appearance streams (#3571) by @​PJBrs

Bug Fixes (BUG)

• Do not consider multi-byte BOM-like sequences as BOMs (#3589) by @​stefan6419846

Robustness (ROB)

• Avoid empty FlateDecode outputs without warning (#3579) by @​stefan6419846

Documentation (DOC)

• Add outlines documentation and link it in User Guide (#3511) by @​mainuddin-md

Developer Experience (DEV)

• Add PyPy 3.11 to test matrix and benchmarks (#3574) by @​rassie

Maintenance (MAINT)

• Fix compatibility with Pillow >= 12.1.0 (#3590) by @​stefan6419846

Full Changelog

Version 6.5.0, 2025-12-21

What's new

New Features (ENH)

• Limit jbig2dec memory usage (#3576) by @​stefan6419846
• FontDescriptor: Initiate from embedded font resource (#3551) by @​PJBrs

Robustness (ROB)

• Allow fallback to PBM files for jbig2dec without PNG support (#3567) by @​stefan6419846
• Use warning instead of error for early EOD for RunLengthDecode (#3548) by @​stefan6419846

Developer Experience (DEV)

• Test with macOS as well (#3401) by @​stefan6419846

Full Changelog

Version 6.4.2, 2025-12-14

What's new

Bug Fixes (BUG)

• Fix KeyError when flattening form field without /Font in resources (#3554) by @​jgillard

... (truncated)

Changelog

Sourced from pypdf's changelog.

Version 6.6.0, 2026-01-09

Security (SEC)

• Improve handling of partially broken PDF files (#3594)

Deprecations (DEP)

• Block common page content modifications when assigned to reader (#3582)

New Features (ENH)

• Embellishments to generated text appearance streams (#3571)

Bug Fixes (BUG)

• Do not consider multi-byte BOM-like sequences as BOMs (#3589)

Robustness (ROB)

• Avoid empty FlateDecode outputs without warning (#3579)

Documentation (DOC)

• Add outlines documentation and link it in User Guide (#3511)

Developer Experience (DEV)

• Add PyPy 3.11 to test matrix and benchmarks (#3574)

Maintenance (MAINT)

• Fix compatibility with Pillow >= 12.1.0 (#3590)

Full Changelog

Version 6.5.0, 2025-12-21

New Features (ENH)

• Limit jbig2dec memory usage (#3576)
• FontDescriptor: Initiate from embedded font resource (#3551)

Robustness (ROB)

• Allow fallback to PBM files for jbig2dec without PNG support (#3567)
• Use warning instead of error for early EOD for RunLengthDecode (#3548)

Developer Experience (DEV)

• Test with macOS as well (#3401)

Full Changelog

Version 6.4.2, 2025-12-14

Bug Fixes (BUG)

• Fix KeyError when flattening form field without /Font in resources (#3554)

Robustness (ROB)

• Allow deleting non-existent annotations (#3559)

... (truncated)

Commits

• 10df9c7 REL: 6.6.0
• 2941657 SEC: Improve handling of partially broken PDF files (#3594)
• 7126880 DEV: Update to urllib3 2.6.3 (#3593)
• f189f07 DOC: Add outlines documentation and link it in User Guide (#3511)
• a29e532 BUG: Do not consider multi-byte BOM-like sequences as BOMs (#3589)
• d9ce594 MAINT: Converge on one shared Font class for text extraction and appearance s...
• a65708c DEV: Check for JavaScript library updates on GitHub Pages (#3592)
• 6951bb7 MAINT: Fix compatibility with Pillow >= 12.1.0 (#3590)
• 97d47a0 TST: Improve test coverage (#3584)
• bda80a4 DEV: Add PyPy 3.11 to test matrix and benchmarks (#3574)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.