build(deps): bump langchain from 0.3.27 to 1.0.2

[dependabot]

Bumps langchain from 0.3.27 to 1.0.2.

Release notes

Sourced from langchain's releases.

langchain==1.0.2

What's Changed

Patch Changes

• 2e45c43: remove bad dynamic import for LS
• 28eceac: preserve full model name when deciding model provider

langchain==1.0.0

🎉 LangChain v1.0 is here! This release provides a focused, production-ready foundation for building agents. We've streamlined the framework around three core improvements: createAgent, standard content blocks, and a simplified package structure. See the release notes for complete details.

✨ Major Features

createAgent - A new standard for building agents

createAgent is the new standard way to build agents in LangChain 1.0. It provides a simpler interface than createReactAgent from LangGraph while offering greater customization potential through middleware.

Key features:

• Clean, intuitive API: Build agents with minimal boilerplate
• Built on LangGraph: Get persistence, streaming, human-in-the-loop, and time travel out of the box
• Middleware-first design: Highly customizable through composable middleware
• Improved structured output: Generate structured outputs in the main agent loop without additional LLM calls

Example:

import { createAgent } from "langchain";
const agent = createAgent({
model: "anthropic:claude-sonnet-4-5-20250929",
tools: [getWeather],
systemPrompt: "You are a helpful assistant.",
});
const result = await agent.invoke({
messages: [{ role: "user", content: "What is the weather in Tokyo?" }],
});
console.log(result.content);

Under the hood, createAgent is built on the basic agent loop—calling a model using LangGraph, letting it choose tools to execute, and then finishing when it calls no more tools.

Built on LangGraph features (work out of the box):

• Persistence: Conversations automatically persist across sessions with built-in checkpointing
• Streaming: Stream tokens, tool calls, and reasoning traces in real-time
• Human-in-the-loop: Pause agent execution for human approval before sensitive actions
• Time travel: Rewind conversations to any point and explore alternate paths

... (truncated)

Commits

• a4a60d2 release(langchain): 1.0.2 (#9274)
• 2e45c43 fix(langchain): remove bad dynamic import for LS (#9271)
• 28eceac fix(chat): enhance model name parsing to preserve full model name wit… (#9244)
• 6426eb6 fix(core): fix chunks constructed with tool calls + chunks (#9255)
• 3f750bc feat(examples): Add supervisor example (#9235)
• 619ae64 feat(core): Add BaseMessage.toFormattedString() (#9228)
• dda9ea4 chore: add missing changeset for #9242 (#9251)
• 053b278 feat(langchain): reinstate OpenAIModerationChain (#9242)
• f88cde5 fix(agents): improve middleware type inference with const type parameters (#9...
• bf158d2 chore(deps-dev): bump mammoth from 1.9.1 to 1.11.0 (#9224)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by hntrl, a new releaser for langchain since your current version.

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.