fix: nightly now properly gets 1.9.0 branch by Adam-Aghili · Pull Request #12215 · langflow-ai/langflow (original) (raw)

@Adam-Aghili

before it was attempting to pull release-notes as letters are alphanumerically after numbers when we sort -V then grab tail now we only look at branch names that follow the pattern '^release-[0-9]+.[0-9]+.[0-9]+$'

@github-actions bot added the bug

Something isn't working

label

Mar 17, 2026

[coderabbitai[bot]](/apps/coderabbitai)

jordanrfrazier

erichare added a commit that referenced this pull request

Mar 17, 2026

before it was attempting to pull release-notes as letters are alphanumerically after numbers when we sort -V then grab tail now we only look at branch names that follow the pattern '^release-[0-9]+.[0-9]+.[0-9]+$'

When JSON schema has {"type": "object"} with no properties, treat it as a free-form dict instead of building a nested Pydantic model. This allows MCP servers expecting arbitrary key-value params to receive proper dicts, and enables str→dict conversion via _normalize_arguments_for_mcp.

Co-authored-by: Adam-Aghili 149833988+Adam-Aghili@users.noreply.github.com Co-authored-by: Eric Hare ericrhare@gmail.com

erichare added a commit that referenced this pull request

Mar 17, 2026

#12217)

before it was attempting to pull release-notes as letters are alphanumerically after numbers when we sort -V then grab tail now we only look at branch names that follow the pattern '^release-[0-9]+.[0-9]+.[0-9]+$'

add-back-svg

Previously, the apply_provider_variable_config_to_build_config function would automatically overwrite field values with environment variable keys whenever an env var was present, even if the user had already selected a different global variable.

This fix adds a check to only auto-set the environment variable if:

This preserves user selections while still providing automatic configuration for new/empty fields.

Added comprehensive unit tests to verify:

Fixed PERF403 Ruff style warning by replacing for-loop with dictionary comprehension in update_projects_components_with_latest_component_versions

These changes improve test coverage by documenting the no-op scenario and enhance security by avoiding logging of potentially sensitive data.

Co-authored-by: Adam-Aghili 149833988+Adam-Aghili@users.noreply.github.com Co-authored-by: Mendon Kissling 59585235+mendonk@users.noreply.github.com Co-authored-by: Steve Haertel shaertel@ca.ibm.com Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Eric Hare ericrhare@gmail.com

erichare added a commit that referenced this pull request

Mar 17, 2026

#12217)

before it was attempting to pull release-notes as letters are alphanumerically after numbers when we sort -V then grab tail now we only look at branch names that follow the pattern '^release-[0-9]+.[0-9]+.[0-9]+$'

add-back-svg

Previously, the apply_provider_variable_config_to_build_config function would automatically overwrite field values with environment variable keys whenever an env var was present, even if the user had already selected a different global variable.

This fix adds a check to only auto-set the environment variable if:

This preserves user selections while still providing automatic configuration for new/empty fields.

Added comprehensive unit tests to verify:

Fixed PERF403 Ruff style warning by replacing for-loop with dictionary comprehension in update_projects_components_with_latest_component_versions

These changes improve test coverage by documenting the no-op scenario and enhance security by avoiding logging of potentially sensitive data.

Co-authored-by: Adam-Aghili 149833988+Adam-Aghili@users.noreply.github.com Co-authored-by: Mendon Kissling 59585235+mendonk@users.noreply.github.com Co-authored-by: Steve Haertel shaertel@ca.ibm.com Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Eric Hare ericrhare@gmail.com

MateuszOssGit added a commit that referenced this pull request

Mar 17, 2026

…zation on watsonx test suite (#12212)

before it was attempting to pull release-notes as letters are alphanumerically after numbers when we sort -V then grab tail now we only look at branch names that follow the pattern '^release-[0-9]+.[0-9]+.[0-9]+$'

add-back-svg

This reverts commit 41eb034, reversing changes made to 4e51f4d.

This reverts commit 4e51f4d, reversing changes made to 530bddd.

Co-authored-by: Adam-Aghili 149833988+Adam-Aghili@users.noreply.github.com Co-authored-by: Mendon Kissling 59585235+mendonk@users.noreply.github.com

github-merge-queue bot pushed a commit that referenced this pull request

Mar 18, 2026

@mendonk @Adam-Aghili

before it was attempting to pull release-notes as letters are alphanumerically after numbers when we sort -V then grab tail now we only look at branch names that follow the pattern '^release-[0-9]+.[0-9]+.[0-9]+$'

add-back-svg

Co-authored-by: Adam-Aghili 149833988+Adam-Aghili@users.noreply.github.com

github-merge-queue bot pushed a commit that referenced this pull request

Mar 18, 2026

before it was attempting to pull release-notes as letters are alphanumerically after numbers when we sort -V then grab tail now we only look at branch names that follow the pattern '^release-[0-9]+.[0-9]+.[0-9]+$'

add-back-svg

Co-authored-by: Adam-Aghili 149833988+Adam-Aghili@users.noreply.github.com Co-authored-by: Debojit Kaushik Kaushik.debojit@gmail.com

github-merge-queue bot pushed a commit that referenced this pull request

Mar 19, 2026

Updated all langchain-* integration packages to versions compatible with langchain-core 1.0+.

LangChain 1.0 removed AgentExecutor and related classes to langchain-classic. This adds the dependency to maintain backward compatibility.

LangChain 1.0 no longer includes sqlalchemy as a transitive dependency. Move the import inside the function where it's used to avoid import errors when sqlalchemy is not installed.

nv-ingest 26.1.1 removes the openai dependency, resolving the conflict with langchain-openai>=1.0.0 (which requires openai>=1.109.1).

Co-Authored-By: Claude Opus 4.5 noreply@anthropic.com

opencv-python 4.13+ now supports numpy>=2, resolving the conflict with langchain-aws>=1.0.0 (which requires numpy>=2.2 on Python 3.12+).

Co-Authored-By: Claude Opus 4.5 noreply@anthropic.com

Co-Authored-By: Claude Opus 4.5 noreply@anthropic.com

Also simplified GoogleGenerativeAIEmbeddingsComponent to use native langchain-google-genai 4.x which now supports output_dimensionality.

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

Conflicts:

src/backend/base/langflow/initial_setup/starter_projects/Basic Prompt Chaining.json

src/backend/base/langflow/initial_setup/starter_projects/Basic Prompting.json

src/backend/base/langflow/initial_setup/starter_projects/Blog Writer.json

src/backend/base/langflow/initial_setup/starter_projects/Custom Component Generator.json

src/backend/base/langflow/initial_setup/starter_projects/Document Q&A.json

src/backend/base/langflow/initial_setup/starter_projects/Financial Report Parser.json

src/backend/base/langflow/initial_setup/starter_projects/Hybrid Search RAG.json

src/backend/base/langflow/initial_setup/starter_projects/Image Sentiment Analysis.json

src/backend/base/langflow/initial_setup/starter_projects/Instagram Copywriter.json

src/backend/base/langflow/initial_setup/starter_projects/Invoice Summarizer.json

src/backend/base/langflow/initial_setup/starter_projects/Knowledge Retrieval.json

src/backend/base/langflow/initial_setup/starter_projects/Market Research.json

src/backend/base/langflow/initial_setup/starter_projects/Meeting Summary.json

src/backend/base/langflow/initial_setup/starter_projects/Memory Chatbot.json

src/backend/base/langflow/initial_setup/starter_projects/News Aggregator.json

src/backend/base/langflow/initial_setup/starter_projects/Nvidia Remix.json

src/backend/base/langflow/initial_setup/starter_projects/Pokédex Agent.json

src/backend/base/langflow/initial_setup/starter_projects/Portfolio Website Code Generator.json

src/backend/base/langflow/initial_setup/starter_projects/Price Deal Finder.json

src/backend/base/langflow/initial_setup/starter_projects/Research Agent.json

src/backend/base/langflow/initial_setup/starter_projects/Research Translation Loop.json

src/backend/base/langflow/initial_setup/starter_projects/SEO Keyword Generator.json

src/backend/base/langflow/initial_setup/starter_projects/SaaS Pricing.json

src/backend/base/langflow/initial_setup/starter_projects/Search agent.json

src/backend/base/langflow/initial_setup/starter_projects/Sequential Tasks Agents.json

src/backend/base/langflow/initial_setup/starter_projects/Simple Agent.json

src/backend/base/langflow/initial_setup/starter_projects/Social Media Agent.json

src/backend/base/langflow/initial_setup/starter_projects/Text Sentiment Analysis.json

src/backend/base/langflow/initial_setup/starter_projects/Travel Planning Agents.json

src/backend/base/langflow/initial_setup/starter_projects/Twitter Thread Generator.json

src/backend/base/langflow/initial_setup/starter_projects/Vector Store RAG.json

src/backend/base/langflow/initial_setup/starter_projects/Youtube Analysis.json

Optimize LangFuseTracer.end

The optimized code achieves a 140% speedup (8.23ms → 3.42ms) through two complementary optimizations:

1. Fast-path for Common Primitives in serialize()

What changed: Added an early-exit check that returns immutable primitives (str, int, float, bool) directly when no truncation or special handling is needed:

if max_length is None and max_items is None and not to_str:
    if isinstance(obj, (str, int, float, bool)):
        return obj

Why it's faster:

When it helps: This optimization is particularly effective for workloads with many primitive values in dictionaries and lists—which is exactly what the tracing use case provides (metadata dicts with strings, numbers, booleans).

2. Eliminate Redundant Serialization in LangFuseTracer.end()

What changed: Serialize inputs, outputs, and metadata once each, then reuse the results:

inputs_ser = serialize(inputs)
outputs_ser = serialize(outputs)
metadata_ser = serialize(metadata) if metadata else None

Why it's faster:

Impact on workloads: The test_end_multiple_iterations_calls_end_each_time test (500 iterations) demonstrates this matters in hot paths. If LangFuseTracer.end() is called frequently during flow execution, avoiding duplicate serialization provides compounding benefits.

Combined Effect

Both optimizations target the serialization bottleneck from different angles:

Together, they deliver the observed 140% speedup, with the optimization being especially effective for the common case of metadata dictionaries containing mostly primitive types.

Co-authored-by: codeflash-ai[bot] <148906541+codeflash-ai[bot]@users.noreply.github.com>

z3-solver 4.15.7 dropped manylinux wheels, causing the Docker build to fail when trying to compile from source. Temporary pin until codeflash is removed.

before it was attempting to pull release-notes as letters are alphanumerically after numbers when we sort -V then grab tail now we only look at branch names that follow the pattern '^release-[0-9]+.[0-9]+.[0-9]+$'

add-back-svg

Old flows using removed langchain imports (e.g. langchain.memory, langchain.schema, langchain.chains) now resolve via langchain_classic at two levels: module-level for entirely removed modules, and attribute-level for removed attributes in modules that still exist in langchain 1.0. New langchain 1.0 imports are never affected since fallbacks only trigger on import failure.

Co-authored-by: Claude Opus 4.5 noreply@anthropic.com Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Harold Ship harold.ship@gmail.com Co-authored-by: codeflash-ai[bot] <148906541+codeflash-ai[bot]@users.noreply.github.com> Co-authored-by: Adam-Aghili 149833988+Adam-Aghili@users.noreply.github.com Co-authored-by: Mendon Kissling 59585235+mendonk@users.noreply.github.com Co-authored-by: Eric Hare ericrhare@gmail.com

github-merge-queue bot pushed a commit that referenced this pull request

Mar 19, 2026

…12025)

Co-authored-by: Gabriel Luiz Freitas Almeida gabriel@logspace.ai

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

v0 for traces includes:

Could add:

add sidebar buttons for logs and trace remove lods canvas control

hopefully fix duplicate trace ID insertion on windows

update tests and alembic tables for uts

address gabriel simple changes in traces.py and native.py

#11689 (comment) #11689 (comment)

model name is now set using name = f"{operation} {model_name}" if model_name else operation

Configure [tool.uv.sources] with pytorch-cpu index to avoid ~6GB CUDA dependencies in Docker images. This replaces hardcoded wheel URLs with a cleaner index-based approach.

The previous regex matched all lines starting with name = "...", which incorrectly renamed the UV index pytorch-cpu to langflow-nightly during nightly builds. This caused uv lock to fail with: "Package torch references an undeclared index: pytorch-cpu"

The new regex specifically targets the name field within the [project] section only, avoiding unintended replacements in other sections like [[tool.uv.index]].

The required-environments setting was causing hard failures when packages like torch didn't have wheels for specific platform/Python combinations. Without this setting, uv resolves optimistically and handles missing wheels gracefully at runtime instead of failing during resolution.

Ensures that only the necessary dependencies are required. For example, if OpenAI provider is used, it will now only import langchain_openai, rather than requiring langchain_anthropic, langchain_ibm, etc.

Dymanically picks dependency for LanguageM Comp. Requires separate change to remove eager loading.

Ensures that only the necessary dependencies are required. For example, if OpenAI provider is used, it will now only import langchain_openai, rather than requiring langchain_anthropic, langchain_ibm, etc.

address cris I1 comment

address cris I5

address cris I6

address cris R7

address cris R2

address gab otel model changes will need no migration tables

update alembic migration tables after model changes

update and add backend tests

address backend code rabbit comments

address code rabbit frontend comments

test_native_tracer minor fix address c1

address C2 + C3

address H1-H5

update test_native_tracer

address m2

address M1

fix 422 spam and clean comments

address M12

address M4

address M5

clean up for M7, M9, M11

address L2,L4,L5 and L6 + any test

alembic + comment clean up

remove depricated test_traces file. test have all been moved to test_traces_api.py

fix test_trace_api ge=0 is allowed now

remove unused traces cost flow

address gabriels otel coment latest

Co-authored-by: Olayinka Adelakun olayinkaadelakun@Olayinkas-MacBook-Pro.local Co-authored-by: Olayinka Adelakun olayinkaadelakun@mac.war.can.ibm.com Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Ram Gopal Srikar Katakam 44802869+RamGopalSrikar@users.noreply.github.com Co-authored-by: Claude Opus 4.5 noreply@anthropic.com Co-authored-by: olayinkaadelakun olayinka.adelakun@ibm.com Co-authored-by: Jordan Frazier 122494242+jordanrfrazier@users.noreply.github.com Co-authored-by: cristhianzl cristhian.lousa@gmail.com Co-authored-by: Hamza Rashid 74062092+HzaRashid@users.noreply.github.com Co-authored-by: Mendon Kissling 59585235+mendonk@users.noreply.github.com Co-authored-by: Lucas Oliveira 62335616+lucaseduoli@users.noreply.github.com Co-authored-by: Edwin Jose edwin.jose@datastax.com Co-authored-by: Himavarsha 40851462+HimavarshaVS@users.noreply.github.com

fix(test): Fix superuser timeout test errors by replacing heavy client fixture (#11972)

Co-authored-by: Cristhian Zanforlin Lousa cristhian.lousa@gmail.com Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

The migration file creates the trace table's flow_id foreign key with ondelete="CASCADE", but the model was missing this parameter. This mismatch caused the migration validator to block startup.

Co-Authored-By: Claude Opus 4.5 noreply@anthropic.com

Adds a migration that ensures the trace.flow_id foreign key has ondelete=CASCADE. While the original migration already creates it with CASCADE, this provides a safety net for any databases that may have gotten into an inconsistent state.

The original migration did not name the FK constraint, so it gets an auto-generated name that varies by database. This fix queries the database to find the actual constraint name before dropping it.

Co-authored-by: Claude Opus 4.5 noreply@anthropic.com

The "Stop building" title caused getByRole('button', { name: 'Stop' }) to match two elements, breaking Playwright tests in shards 19, 20, 22, 25.

Renamed to "Cancel" to avoid the collision with the no-input stop button.

pydantic fail because output is list, instead of a dict

Co-authored-by: Olayinka Adelakun olayinkaadelakun@Olayinkas-MacBook-Pro.local

Changing the heuristic threshold icons.

The field was using the default icons. I added icons related to the security theme.

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Viktor Avelino 64113566+viktoravelino@users.noreply.github.com

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

Co-authored-by: Claude Sonnet 4.6 noreply@anthropic.com

Co-authored-by: Claude Sonnet 4.6 noreply@anthropic.com

before it was attempting to pull release-notes as letters are alphanumerically after numbers when we sort -V then grab tail now we only look at branch names that follow the pattern '^release-[0-9]+.[0-9]+.[0-9]+$'

add-back-svg

Previously, the apply_provider_variable_config_to_build_config function would automatically overwrite field values with environment variable keys whenever an env var was present, even if the user had already selected a different global variable.

This fix adds a check to only auto-set the environment variable if:

This preserves user selections while still providing automatic configuration for new/empty fields.

Added comprehensive unit tests to verify:

Fixed PERF403 Ruff style warning by replacing for-loop with dictionary comprehension in update_projects_components_with_latest_component_versions

These changes improve test coverage by documenting the no-op scenario and enhance security by avoiding logging of potentially sensitive data.

Co-authored-by: Adam-Aghili 149833988+Adam-Aghili@users.noreply.github.com Co-authored-by: Mendon Kissling 59585235+mendonk@users.noreply.github.com Co-authored-by: Steve Haertel shaertel@ca.ibm.com Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Eric Hare ericrhare@gmail.com

Co-authored-by: Adam-Aghili 149833988+Adam-Aghili@users.noreply.github.com Co-authored-by: Gabriel Luiz Freitas Almeida gabriel@logspace.ai Co-authored-by: keval shah kevalvirat@gmail.com Co-authored-by: Antônio Alexandre Borges Lima 104531655+AntonioABLima@users.noreply.github.com Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Olayinka Adelakun olayinkaadelakun@Olayinkas-MacBook-Pro.local Co-authored-by: Olayinka Adelakun olayinkaadelakun@mac.war.can.ibm.com Co-authored-by: Ram Gopal Srikar Katakam 44802869+RamGopalSrikar@users.noreply.github.com Co-authored-by: Claude Opus 4.5 noreply@anthropic.com Co-authored-by: olayinkaadelakun olayinka.adelakun@ibm.com Co-authored-by: Jordan Frazier 122494242+jordanrfrazier@users.noreply.github.com Co-authored-by: cristhianzl cristhian.lousa@gmail.com Co-authored-by: Hamza Rashid 74062092+HzaRashid@users.noreply.github.com Co-authored-by: Mendon Kissling 59585235+mendonk@users.noreply.github.com Co-authored-by: Lucas Oliveira 62335616+lucaseduoli@users.noreply.github.com Co-authored-by: Edwin Jose edwin.jose@datastax.com Co-authored-by: Himavarsha 40851462+HimavarshaVS@users.noreply.github.com Co-authored-by: Viktor Avelino 64113566+viktoravelino@users.noreply.github.com Co-authored-by: Lucas Democh ldgoularte@gmail.com Co-authored-by: Steve Haertel stevehaertel@users.noreply.github.com Co-authored-by: Steve Haertel shaertel@ca.ibm.com

erichare added a commit that referenced this pull request

Mar 25, 2026

#12217)

before it was attempting to pull release-notes as letters are alphanumerically after numbers when we sort -V then grab tail now we only look at branch names that follow the pattern '^release-[0-9]+.[0-9]+.[0-9]+$'

add-back-svg

Previously, the apply_provider_variable_config_to_build_config function would automatically overwrite field values with environment variable keys whenever an env var was present, even if the user had already selected a different global variable.

This fix adds a check to only auto-set the environment variable if:

This preserves user selections while still providing automatic configuration for new/empty fields.

Added comprehensive unit tests to verify:

Fixed PERF403 Ruff style warning by replacing for-loop with dictionary comprehension in update_projects_components_with_latest_component_versions

These changes improve test coverage by documenting the no-op scenario and enhance security by avoiding logging of potentially sensitive data.

Co-Authored-By: Adam-Aghili 149833988+Adam-Aghili@users.noreply.github.com Co-Authored-By: Mendon Kissling 59585235+mendonk@users.noreply.github.com Co-Authored-By: Steve Haertel shaertel@ca.ibm.com Co-Authored-By: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-Authored-By: Eric Hare ericrhare@gmail.com

erichare added a commit that referenced this pull request

Mar 25, 2026

#12329)

before it was attempting to pull release-notes as letters are alphanumerically after numbers when we sort -V then grab tail now we only look at branch names that follow the pattern '^release-[0-9]+.[0-9]+.[0-9]+$'

add-back-svg

Previously, the apply_provider_variable_config_to_build_config function would automatically overwrite field values with environment variable keys whenever an env var was present, even if the user had already selected a different global variable.

This fix adds a check to only auto-set the environment variable if:

This preserves user selections while still providing automatic configuration for new/empty fields.

Added comprehensive unit tests to verify:

Fixed PERF403 Ruff style warning by replacing for-loop with dictionary comprehension in update_projects_components_with_latest_component_versions

These changes improve test coverage by documenting the no-op scenario and enhance security by avoiding logging of potentially sensitive data.

Co-Authored-By: Adam-Aghili 149833988+Adam-Aghili@users.noreply.github.com Co-Authored-By: Mendon Kissling 59585235+mendonk@users.noreply.github.com Co-Authored-By: Steve Haertel shaertel@ca.ibm.com Co-Authored-By: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-Authored-By: Eric Hare ericrhare@gmail.com

Co-authored-by: Adam-Aghili 149833988+Adam-Aghili@users.noreply.github.com Co-authored-by: Mendon Kissling 59585235+mendonk@users.noreply.github.com Co-authored-by: Steve Haertel shaertel@ca.ibm.com Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

github-merge-queue bot pushed a commit that referenced this pull request

Apr 8, 2026

…isable) (#12553)

Co-authored-by: Gabriel Luiz Freitas Almeida gabriel@logspace.ai

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

v0 for traces includes:

Could add:

add sidebar buttons for logs and trace remove lods canvas control

hopefully fix duplicate trace ID insertion on windows

update tests and alembic tables for uts

address gabriel simple changes in traces.py and native.py

#11689 (comment) #11689 (comment)

model name is now set using name = f"{operation} {model_name}" if model_name else operation

Configure [tool.uv.sources] with pytorch-cpu index to avoid ~6GB CUDA dependencies in Docker images. This replaces hardcoded wheel URLs with a cleaner index-based approach.

The previous regex matched all lines starting with name = "...", which incorrectly renamed the UV index pytorch-cpu to langflow-nightly during nightly builds. This caused uv lock to fail with: "Package torch references an undeclared index: pytorch-cpu"

The new regex specifically targets the name field within the [project] section only, avoiding unintended replacements in other sections like [[tool.uv.index]].

The required-environments setting was causing hard failures when packages like torch didn't have wheels for specific platform/Python combinations. Without this setting, uv resolves optimistically and handles missing wheels gracefully at runtime instead of failing during resolution.

Ensures that only the necessary dependencies are required. For example, if OpenAI provider is used, it will now only import langchain_openai, rather than requiring langchain_anthropic, langchain_ibm, etc.

Dymanically picks dependency for LanguageM Comp. Requires separate change to remove eager loading.

Ensures that only the necessary dependencies are required. For example, if OpenAI provider is used, it will now only import langchain_openai, rather than requiring langchain_anthropic, langchain_ibm, etc.

address cris I1 comment

address cris I5

address cris I6

address cris R7

address cris R2

address gab otel model changes will need no migration tables

update alembic migration tables after model changes

update and add backend tests

address backend code rabbit comments

address code rabbit frontend comments

test_native_tracer minor fix address c1

address C2 + C3

address H1-H5

update test_native_tracer

address m2

address M1

fix 422 spam and clean comments

address M12

address M4

address M5

clean up for M7, M9, M11

address L2,L4,L5 and L6 + any test

alembic + comment clean up

remove depricated test_traces file. test have all been moved to test_traces_api.py

fix test_trace_api ge=0 is allowed now

remove unused traces cost flow

address gabriels otel coment latest

Co-authored-by: Olayinka Adelakun olayinkaadelakun@Olayinkas-MacBook-Pro.local Co-authored-by: Olayinka Adelakun olayinkaadelakun@mac.war.can.ibm.com Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Ram Gopal Srikar Katakam 44802869+RamGopalSrikar@users.noreply.github.com Co-authored-by: Claude Opus 4.5 noreply@anthropic.com Co-authored-by: olayinkaadelakun olayinka.adelakun@ibm.com Co-authored-by: Jordan Frazier 122494242+jordanrfrazier@users.noreply.github.com Co-authored-by: cristhianzl cristhian.lousa@gmail.com Co-authored-by: Hamza Rashid 74062092+HzaRashid@users.noreply.github.com Co-authored-by: Mendon Kissling 59585235+mendonk@users.noreply.github.com Co-authored-by: Lucas Oliveira 62335616+lucaseduoli@users.noreply.github.com Co-authored-by: Edwin Jose edwin.jose@datastax.com Co-authored-by: Himavarsha 40851462+HimavarshaVS@users.noreply.github.com

fix(test): Fix superuser timeout test errors by replacing heavy client fixture (#11972)

Co-authored-by: Cristhian Zanforlin Lousa cristhian.lousa@gmail.com Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

The migration file creates the trace table's flow_id foreign key with ondelete="CASCADE", but the model was missing this parameter. This mismatch caused the migration validator to block startup.

Co-Authored-By: Claude Opus 4.5 noreply@anthropic.com

Adds a migration that ensures the trace.flow_id foreign key has ondelete=CASCADE. While the original migration already creates it with CASCADE, this provides a safety net for any databases that may have gotten into an inconsistent state.

The original migration did not name the FK constraint, so it gets an auto-generated name that varies by database. This fix queries the database to find the actual constraint name before dropping it.

Co-authored-by: Claude Opus 4.5 noreply@anthropic.com

The "Stop building" title caused getByRole('button', { name: 'Stop' }) to match two elements, breaking Playwright tests in shards 19, 20, 22, 25.

Renamed to "Cancel" to avoid the collision with the no-input stop button.

pydantic fail because output is list, instead of a dict

Co-authored-by: Olayinka Adelakun olayinkaadelakun@Olayinkas-MacBook-Pro.local

Changing the heuristic threshold icons.

The field was using the default icons. I added icons related to the security theme.

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Viktor Avelino 64113566+viktoravelino@users.noreply.github.com

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

fix reset button

Co-authored-by: Olayinka Adelakun olayinkaadelakun@Olayinkas-MacBook-Pro.local

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

Before LM span and ChatOpenAI span where both considered parents so they where being counted twice in token counts and other sumations Now LM span is properly the parent of ChatOpenAI span so they are not accidently counted twice

clean up comments

incase -> incase

Before LM span and ChatOpenAI span where both considered parents so they where being counted twice in token counts and other sumations Now LM span is properly the parent of ChatOpenAI span so they are not accidently counted twice

clean up comments

incase -> incase

Co-authored-by: Adam Aghili Adam.Aghili@ibm.com Co-authored-by: Olayinka Adelakun olayinkaadelakun@Olayinkas-MacBook-Pro.local Co-authored-by: Olayinka Adelakun olayinkaadelakun@mac.war.can.ibm.com

fix: playground does not scroll down to the latest user message upon sending (Regression) (#12006)

Add custom event 'langflow-scroll-to-bottom' to force SafariScrollFix back into sticky mode when user sends a new message. This ensures the chat scrolls to bottom even if user had scrolled up, fixing behavior where Safari's scroll fix would remain disengaged after manual scrolling.

Co-authored-by: Deon Sanchez 69873175+deon-sanchez@users.noreply.github.com

fix: knowledge Base Table — Row Icon Appears Clipped/Cut for Some Entries (#12009)

Co-authored-by: Deon Sanchez 69873175+deon-sanchez@users.noreply.github.com

Co-authored-by: Deon Sanchez 69873175+deon-sanchez@users.noreply.github.com

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

Co-authored-by: Deon Sanchez 69873175+deon-sanchez@users.noreply.github.com Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

Co-authored-by: Janardan S Kavia janardanskavia@Janardans-MacBook-Pro.local Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

In json_schema_from_flow, guard access to template field properties by checking isinstance(field_data, dict) before calling .get(). This replaces the previous comparison to the string "Component" and prevents attribute errors when template entries are non-dict values, ensuring only dict-type fields with show=True and not advanced are included in the generated schema.

When skipping creation of an existing MCP server for a user's starter projects, first compute the expected project URL and compare it to URLs found in the existing config args. If the URL matches, keep skipping and log that the server is correctly configured; if the URL differs (e.g., port changed on restart), log the difference and allow the flow to update the server configuration. Adds URL extraction and improved debug messages to support automatic updates when server endpoints change.

Co-authored-by: Ram Gopal Srikar Katakam 44802869+RamGopalSrikar@users.noreply.github.com

Langflow breaks when we click on the last level of the chain.

Co-authored-by: Olayinka Adelakun olayinkaadelakun@mac.war.can.ibm.com

fix: standardize "README" title and update API key configuration notes in 3 main flow templates (#12005)

Co-authored-by: Deon Sanchez 69873175+deon-sanchez@users.noreply.github.com

Extract page input validation and commit logic from handlePageInputBlur and handlePageInputKeyDown into a shared commitPageInput function to eliminate code duplication.

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

Only process dict template fields

In json_schema_from_flow, guard access to template field properties by checking isinstance(field_data, dict) before calling .get(). This replaces the previous comparison to the string "Component" and prevents attribute errors when template entries are non-dict values, ensuring only dict-type fields with show=True and not advanced are included in the generated schema.

Co-authored-by: Ram Gopal Srikar Katakam 44802869+RamGopalSrikar@users.noreply.github.com

Move ingestion component to deactivated folder so it's excluded from dynamic discovery. Rename KnowledgeRetrievalComponent to KnowledgeBaseComponent with display_name "Knowledge Base". Update all exports, component index, starter project, frontend sidebar filter, and tests.

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

fix(test): Reduce response length assertions in flaky integration tests (#12057)

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Cristhian Zanforlin Lousa cristhian.lousa@gmail.com fix(test): Reduce response length assertions in flaky integration tests (#12057)

Import and use apply_provider_variable_config_to_build_config in the Agent component so provider-specific variable settings (advanced/required/info/env fallbacks) are applied to the build_config. Provider-specific fields (e.g. base_url_ibm_watsonx, project_id) are hidden/disabled by default before applying the provider config. Updated embedded agent code in starter project JSONs and bumped their code_hashes accordingly.

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Himavarsha 40851462+HimavarshaVS@users.noreply.github.com Co-authored-by: himavarshagoutham himavarshajan17@gmail.com

Fixed metric calculator to be more robust and scalable.

Co-authored-by: Claude noreply@anthropic.com Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

update fastapi dependency

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

add uv/uvx to runtime image so uvx is available in container i did this for all images which might be too much

addres ram's supply chain attack comment

upgrade pyproject versions

Made-with: Cursor

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Eric Hare ericrhare@gmail.com

Modified tweak behaviour to be overridable if env variable is set on the GUI.

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

before it was attempting to pull release-notes as letters are alphanumerically after numbers when we sort -V then grab tail now we only look at branch names that follow the pattern '^release-[0-9]+.[0-9]+.[0-9]+$'

add-back-svg

upgrade pyproject and package.json versions

Fixes LE-566

Addresses CodeRabbit feedback on PR #12264

Co-authored-by: April I. Murphy 36110273+aimurphy@users.noreply.github.com Co-authored-by: Mendon Kissling 59585235+mendonk@users.noreply.github.com

Co-authored-by: April I. Murphy 36110273+aimurphy@users.noreply.github.com

docs-contribute-to-rc-not-main

docs-gemini3-toolcalling-disabled

The grep -oP (PCRE regex) command fails in the python:3.12.12-slim-trixie Docker base image because PCRE support is not available in the slim variant.

This replaces grep -oP with portable sed -nE in all 5 Dockerfiles and adds an empty version guard to fail fast with a clear error message instead of producing a broken download URL.

Fixes the Docker base build failure in the v1.8.2 release workflow.

Node.js 22.x now bundles npm 11.x which fails when trying to self-upgrade via 'npm install -g npm@latest' in the slim Docker image. The bundled npm version is sufficient.

This is the same fix as PR #12309 on release-1.9.0.

Co-authored-by: vjgit96 vijay.katuri@ibm.com Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> fix: replace grep -oP with sed for Node.js version extraction in Docker images (#12330) fix as PR #12309 on release-1.9.0.

before it was attempting to pull release-notes as letters are alphanumerically after numbers when we sort -V then grab tail now we only look at branch names that follow the pattern '^release-[0-9]+.[0-9]+.[0-9]+$'

add-back-svg

Previously, the apply_provider_variable_config_to_build_config function would automatically overwrite field values with environment variable keys whenever an env var was present, even if the user had already selected a different global variable.

This fix adds a check to only auto-set the environment variable if:

This preserves user selections while still providing automatic configuration for new/empty fields.

Added comprehensive unit tests to verify:

Fixed PERF403 Ruff style warning by replacing for-loop with dictionary comprehension in update_projects_components_with_latest_component_versions

These changes improve test coverage by documenting the no-op scenario and enhance security by avoiding logging of potentially sensitive data.

Co-Authored-By: Adam-Aghili 149833988+Adam-Aghili@users.noreply.github.com Co-Authored-By: Mendon Kissling 59585235+mendonk@users.noreply.github.com Co-Authored-By: Steve Haertel shaertel@ca.ibm.com Co-Authored-By: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-Authored-By: Eric Hare ericrhare@gmail.com

Co-authored-by: Adam-Aghili 149833988+Adam-Aghili@users.noreply.github.com Co-authored-by: Mendon Kissling 59585235+mendonk@users.noreply.github.com Co-authored-by: Steve Haertel shaertel@ca.ibm.com Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

The grep -oP (PCRE regex) command fails in the python:3.12.12-slim-trixie Docker base image because PCRE support is not available in the slim variant.

This replaces grep -oP with portable sed -nE in all 5 Dockerfiles and adds an empty version guard to fail fast with a clear error message instead of producing a broken download URL.

Fixes the Docker base build failure in the v1.8.2 release workflow.

Node.js 22.x now bundles npm 11.x which fails when trying to self-upgrade via 'npm install -g npm@latest' in the slim Docker image. The bundled npm version is sufficient.

This is the same fix as PR #12309 on release-1.9.0.

bump version to 1.8.3, 0.8.3 and 0.3.3 merge changes added to 1.8.2 into 1.8.3

Co-authored-by: vjgit96 vijay.katuri@ibm.com

Change the default value of allow_dangerous_deserialization from True to False to prevent remote code execution via malicious pickle files.

This addresses a security vulnerability where an attacker could upload a crafted pickle file and trigger arbitrary code execution when the FAISS component loads the index.

Co-Authored-By: Claude Opus 4.5 noreply@anthropic.com

Co-authored-by: Claude Opus 4.5 noreply@anthropic.com Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Janardan Singh Kavia janardankavia@ibm.com

Co-authored-by: Ram Gopal Srikar Katakam 44802869+RamGopalSrikar@users.noreply.github.com Co-authored-by: Claude Opus 4.5 noreply@anthropic.com Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Janardan Singh Kavia janardankavia@ibm.com

Runner group has been restored by Chris. Reverting ubuntu-latest back to Langflow-runner for faster Docker image builds.

fix(deps): pin tar-fs to >=2.1.4 to fix symlink following vulnerability (#12078)

Adds override for tar-fs in package.json to ensure versions prior to 2.1.4 are never resolved. Addresses CVE in tar-fs <2.1.4 (PVR0686558) where symlink validation bypass was possible with a crafted tarball.

Co-authored-by: Ram Gopal Srikar Katakam 44802869+RamGopalSrikar@users.noreply.github.com

bump versions

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

The grep -oP (PCRE regex) command fails in the python:3.12.12-slim-trixie Docker base image because PCRE support is not available in the slim variant.

This replaces grep -oP with portable sed -nE in all 5 Dockerfiles and adds an empty version guard to fail fast with a clear error message instead of producing a broken download URL.

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Cristhian Zanforlin Lousa cristhian.lousa@gmail.com Co-authored-by: vjgit96 vijay.katuri@ibm.com

Co-authored-by: Adam-Aghili 149833988+Adam-Aghili@users.noreply.github.com Co-authored-by: Gabriel Luiz Freitas Almeida gabriel@logspace.ai Co-authored-by: keval shah kevalvirat@gmail.com Co-authored-by: Antônio Alexandre Borges Lima 104531655+AntonioABLima@users.noreply.github.com Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Olayinka Adelakun olayinkaadelakun@Olayinkas-MacBook-Pro.local Co-authored-by: Olayinka Adelakun olayinkaadelakun@mac.war.can.ibm.com Co-authored-by: Ram Gopal Srikar Katakam 44802869+RamGopalSrikar@users.noreply.github.com Co-authored-by: Claude Opus 4.5 noreply@anthropic.com Co-authored-by: olayinkaadelakun olayinka.adelakun@ibm.com Co-authored-by: Jordan Frazier 122494242+jordanrfrazier@users.noreply.github.com Co-authored-by: cristhianzl cristhian.lousa@gmail.com Co-authored-by: Hamza Rashid 74062092+HzaRashid@users.noreply.github.com Co-authored-by: Mendon Kissling 59585235+mendonk@users.noreply.github.com Co-authored-by: Lucas Oliveira 62335616+lucaseduoli@users.noreply.github.com Co-authored-by: Edwin Jose edwin.jose@datastax.com Co-authored-by: Himavarsha 40851462+HimavarshaVS@users.noreply.github.com Co-authored-by: Viktor Avelino 64113566+viktoravelino@users.noreply.github.com Co-authored-by: Lucas Democh ldgoularte@gmail.com Co-authored-by: Eric Hare ericrhare@gmail.com Co-authored-by: Adam Aghili Adam.Aghili@ibm.com Co-authored-by: Debojit Kaushik Kaushik.debojit@gmail.com Co-authored-by: Deon Sanchez 69873175+deon-sanchez@users.noreply.github.com Co-authored-by: Janardan Singh Kavia janardankavia@ibm.com Co-authored-by: Janardan S Kavia janardanskavia@Janardans-MacBook-Pro.local Co-authored-by: himavarshagoutham himavarshajan17@gmail.com Co-authored-by: April I. Murphy 36110273+aimurphy@users.noreply.github.com Co-authored-by: Steve Haertel shaertel@ca.ibm.com Co-authored-by: Tarcio rodriguestarcio.adv@gmail.com

This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters

[ Show hidden characters]({{ revealButtonHref }})