build(deps): bump langsmith from 0.4.53 to 0.8.18

[dependabot]

Bumps langsmith from 0.4.53 to 0.8.18.

Release notes

Sourced from langsmith's releases.

v0.8.18

What's Changed

• chore(deps-dev): bump vitest from 3.2.4 to 3.2.6 in /js by @​dependabot[bot] in langchain-ai/langsmith-sdk#3002
• chore(deps): bump pyjwt from 2.12.1 to 2.13.0 in /python by @​dependabot[bot] in langchain-ai/langsmith-sdk#3030
• chore(deps): bump python-multipart from 0.0.27 to 0.0.31 in /python by @​dependabot[bot] in langchain-ai/langsmith-sdk#3036
• chore(deps): bump aiohttp from 3.14.0 to 3.14.1 in /python by @​dependabot[bot] in langchain-ai/langsmith-sdk#3037
• chore(deps): bump cryptography from 46.0.7 to 48.0.1 in /python by @​dependabot[bot] in langchain-ai/langsmith-sdk#3038
• chore(deps): bump starlette from 1.0.1 to 1.3.1 in /python by @​dependabot[bot] in langchain-ai/langsmith-sdk#3039
• chore(deps-dev): bump langchain-anthropic from 1.4.4 to 1.4.6 in /python by @​dependabot[bot] in langchain-ai/langsmith-sdk#3044
• chore(deps): bump the npm_and_yarn group across 4 directories with 4 updates by @​dependabot[bot] in langchain-ai/langsmith-sdk#3046
• chore(deps): bump the npm_and_yarn group across 2 directories with 2 updates by @​dependabot[bot] in langchain-ai/langsmith-sdk#3060
• test(python): fix integration assertions for updated attachment error message by @​QuentinBrosse in langchain-ai/langsmith-sdk#3061
• chore: reconcile bumpversion config and mandate release process for agents by @​QuentinBrosse in langchain-ai/langsmith-sdk#3062
• release(py): 0.8.18 by @​QuentinBrosse in langchain-ai/langsmith-sdk#3063

Full Changelog: langchain-ai/langsmith-sdk@v0.8.17...v0.8.18

v0.8.17

What's Changed

• feat: expose the resources from the generated openapi client in the langsmith client by @​sineha-mani in langchain-ai/langsmith-sdk#3018
• feat(js): port isTracingEnabled utility from Python by @​dqbd in langchain-ai/langsmith-sdk#3032
• Add sandbox mount support to JS SDK by @​DanielKneipp in langchain-ai/langsmith-sdk#3010
• release(js): bump to 0.7.9 by @​dqbd in langchain-ai/langsmith-sdk#3035
• Add sandbox mount support to Python SDK by @​DanielKneipp in langchain-ai/langsmith-sdk#3009
• docs: note that _openapi_client directories are auto-generated by @​KiewanVillatel in langchain-ai/langsmith-sdk#3034
• fix: update JS SDK type declarations with skipLibCheck disabled by @​sineha-mani in langchain-ai/langsmith-sdk#3043
• release(js): 0.7.10 by @​dqbd in langchain-ai/langsmith-sdk#3045
• feat: adding python async for online evals by @​sineha-mani in langchain-ai/langsmith-sdk#3048
• Add sandbox Git mount SDK helpers by @​DanielKneipp in langchain-ai/langsmith-sdk#3040
• fix: use insights tab in sdk report links [closes LSO-2936] by @​eric-langchain in langchain-ai/langsmith-sdk#3050
• feat(client): warn when backend version is below minimum required by @​KiewanVillatel in langchain-ai/langsmith-sdk#3041
• chore: bump _MIN_BACKEND_VERSION to 0.16.5rc1 by @​langtions-bot[bot] in langchain-ai/langsmith-sdk#3053
• fix(sandbox): use built-in gcp auth host matching by @​DanielKneipp in langchain-ai/langsmith-sdk#3055
• chore(python): py to 0.8.17 by @​sineha-mani in langchain-ai/langsmith-sdk#3056

New Contributors

• @​sineha-mani made their first contribution in langchain-ai/langsmith-sdk#3018
• @​eric-langchain made their first contribution in langchain-ai/langsmith-sdk#3050

Full Changelog: langchain-ai/langsmith-sdk@v0.8.16...v0.8.17

v0.8.16

What's Changed

• feat(py): add sync/async conversion for Sandbox and SandboxClient [INF-0000] by @​ramon-langchain in langchain-ai/langsmith-sdk#3019
• fix(experiments): extract keys from wrapped evaluator function by @​shamikkarkhanis in langchain-ai/langsmith-sdk#3014
• chore: repoint support@langchain.dev mentions to the Support Portal by @​lutan-langchain in langchain-ai/langsmith-sdk#3024
• fix(python): derive create_child run id from start_time [LSDK-220] by @​harisaiharish in langchain-ai/langsmith-sdk#3027
• chore: sync langsmith_api by @​langtions-bot[bot] in langchain-ai/langsmith-sdk#3020
• chore: js to 0.7.8 and py to 0.8.16 by @​shamikkarkhanis in langchain-ai/langsmith-sdk#3029

... (truncated)

Commits

• 31c2bf6 release(py): 0.8.18 (#3063)
• 8955b68 chore: reconcile bumpversion config and mandate release process for agents (#...
• 411401f test(python): fix integration assertions for updated attachment error message...
• 9c55156 Merge commit from fork
• 5b2bd8d chore(deps): bump the npm_and_yarn group across 2 directories with 2 updates ...
• d8642f9 chore(deps): bump the npm_and_yarn group across 4 directories with 4 updates ...
• 953c2e5 chore(deps-dev): bump langchain-anthropic from 1.4.4 to 1.4.6 in /python (#3044)
• 5513699 chore(deps): bump starlette from 1.0.1 to 1.3.1 in /python (#3039)
• 8becdef chore(deps): bump cryptography from 46.0.7 to 48.0.1 in /python (#3038)
• 1a9c522 chore(deps): bump aiohttp from 3.14.0 to 3.14.1 in /python (#3037)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

Note

Medium Risk
Large version jump on the LangSmith SDK used for LangChain tracing, with new transitive deps and no code changes to validate behavior—regression risk is mainly in observability/tracing paths.

Overview
Updates uv.lock only: bumps langsmith from 0.4.53 to 0.8.18 (a large minor-line jump within the 0.x series). The resolved package now lists two new transitive dependencies—websockets (16.0) and xxhash—along with updated wheel/sdist hashes.

There are no application or dependency manifest edits in this diff; LangChain packages (langchain-core, etc.) continue to pull in langsmith for tracing. Reviewers should treat this as inheriting whatever client, tracing, and API changes shipped between 0.4.53 and 0.8.18 upstream, and run the usual install/test path after merge.

^{Reviewed by Cursor Bugbot for commit 987c1b5. Bugbot is set up for automated code reviews on this repo. Configure here.}

[jit-ci]

🛡️ Jit Security Scan Results

✅ No security findings were detected in this PR

---

^{Security scan by Jit}