chore(deps-dev): bump langchain-core from 1.2.11 to 1.2.22

[dependabot]

Bumps langchain-core from 1.2.11 to 1.2.22.

Release notes

Sourced from langchain-core's releases.

langchain-core==1.2.22

Changes since langchain-core==1.2.21

release(core): 1.2.22 (#36201) fix(core): validate paths in prompt.save and load_prompt, deprecate methods (#36200)

langchain-core==1.2.21

Changes since langchain-core==1.2.20

release(core): 1.2.21 (#36179) fix(core,model-profiles): add missing ModelProfile fields, warn on schema drift (#36129) chore(core): remove stale blockbuster allowlist for deleted context module (#36168) ci: suppress pytest streaming output in CI (#36092)

langchain-core==1.2.20

Changes since langchain-core==1.2.19

release(core): 1.2.20 (#36085) fix(core): trace invocation params in metadata (#36080) feat: Add LangSmith integration metadata to create_agent and init_chat_model (#35810) feat(core): harden anti-ssrf (#35960) ci: avoid unnecessary dep installs in lint targets (#36046) docs(core): document base_url in mermaid api (#35961) chore: bump orjson from 3.11.5 to 3.11.6 in /libs/core (#35805) chore: housekeeping (#35850)

langchain-core==1.2.19

Changes since langchain-core==1.2.18

release(core): 1.2.19 (#35832) chore(core): move BaseCrossEncoder to langchain-core (#35809) chore: bump tornado from 6.5.2 to 6.5.5 in /libs/core (#35775)

langchain-core==1.2.18

Changes since langchain-core==1.2.17

release(core): 1.2.18 (#35704) fix(core): fix double backticks in deprecation docstring for alternative_import (#35658) fix(core): preserve default_factory when generating tool call schema (#35550) feat(openai): support tool search (#35582) chore: bump the minor-and-patch group across 3 directories with 7 updates (#35605)

langchain-core==1.2.17

Changes since langchain-core==1.2.16

release(core): 1.2.17 (#35527) fix(core): extract usage metadata from serialized tracer message outputs (#35526) chore: bump the langchain-deps group across 3 directories with 7 updates (#35513) chore: bump the langchain-deps group across 3 directories with 14 updates (#35441)

... (truncated)

Commits

• d22df94 release(core): 1.2.22 (#36201)
• 27add91 fix(core): validate paths in prompt.save and load_prompt, deprecate metho...
• 7563fce chore(model-profiles): refresh model profile data (#36195)
• 3e64c25 chore: use repo permissions instead of org membership for maintainer override...
• 1778b08 chore(partners): bump langchain-core min to 1.2.21 (#36183)
• ad574fc fix(openai): bump min core version (#36180)
• 19f81cf release(core): 1.2.21 (#36179)
• 6d07ef2 release(openai): 1.1.12 (#36178)
• 2f64d80 fix(core,model-profiles): add missing ModelProfile fields, warn on schema d...
• 5ffece5 chore(core): remove stale blockbuster allowlist for deleted context module (#...
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[claude]

LGTM — straightforward dev dependency bump with no logic changes.

Extended reasoning...

Overview\nThis PR updates a single entry in , bumping from 1.2.11 to 1.2.22 (a dev-only dependency). The diff is purely mechanical: version string and file hashes.\n\n### Security risks\nNone. This is a dev dependency not shipped in production. The upstream release notes show bug fixes, minor features, and one security-relevant hardening (anti-SSRF), all of which are improvements. No regressions were flagged.\n\n### Level of scrutiny\nLow. Lock file updates for dev dependencies are the most routine category of change — no production code paths are affected, and the hashes verify integrity of the downloaded package.\n\n### Other factors\nNo bugs were found by the automated bug hunting system. No prior reviews exist on this PR. The change follows the same pattern as the immediately preceding commit (another langchain-core bump, #1584).