chore: bump dependency versions

[willkill07]

Overview

Update dependencies

• I confirm this contribution is my own work, or I have the right to submit it under this project's license.
• I searched existing issues and open pull requests, and this does not duplicate existing work.

Summary by CodeRabbit

• Chores

  • Bumped LangChain ecosystem packages and related optional dependency constraints to newer compatible versions.
  • Updated OpenClaw peer dependency and compatibility/build targets to 2026.5.26.
  • Added a pack validation check to enforce consistent OpenClaw version metadata.

• Documentation

  • Regenerated dependency attributions document.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: fdf63ab7-9395-4b21-94e0-52df8705a521

📥 Commits

Reviewing files that changed from the base of the PR and between f6261a4 and c901df6.

📒 Files selected for processing (2)

• integrations/openclaw/package.json
• integrations/openclaw/scripts/check-pack-payload.mjs

📜 Recent review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Check / Run

🧰 Additional context used

📓 Path-based instructions (6)

**/package.json

📄 CodeRabbit inference engine (.agents/skills/rename-surfaces/SKILL.md)

Update Node.js package names during coordinated rename operations

Files:

• integrations/openclaw/package.json

integrations/openclaw/package.json

📄 CodeRabbit inference engine (.agents/skills/update-project-version/SKILL.md)

Ensure integrations/openclaw/package.json npm plugin version stays aligned with the workspace-root package-lock.json

Files:

• integrations/openclaw/package.json

{docs/**,README.md,**/Cargo.toml,**/package.json,**/*.md}

📄 CodeRabbit inference engine (.agents/skills/validate-change/SKILL.md)

Ensure renamed public surfaces are reflected consistently in manifests and docs for large or public-facing changes

Files:

• integrations/openclaw/package.json

**/*.{md,mdx,py,sh,yaml,yml,toml,json}

📄 CodeRabbit inference engine (.agents/skills/contribute-docs/SKILL.md)

Keep package names, repo references, and build commands current

Files:

• integrations/openclaw/package.json

**/*.{js,ts,mjs,cjs}

📄 CodeRabbit inference engine (AGENTS.md)

Use camelCase for Node.js JavaScript/TypeScript naming conventions.

Files:

• integrations/openclaw/scripts/check-pack-payload.mjs

**/*.{js,mjs}

📄 CodeRabbit inference engine (AGENTS.md)

Run just test-node for Node.js binding or wrapper changes.

Files:

• integrations/openclaw/scripts/check-pack-payload.mjs

🔇 Additional comments (3)

integrations/openclaw/scripts/check-pack-payload.mjs (2)

62-68: Well-designed version normalization.

The normalizeOpenClawVersion function correctly extracts the base version from supported npm semver specs (^, ~, >=, or exact). The regex validation ensures only single-version specs are accepted, which aligns with the pack validation requirement for a single target OpenClaw release.

---

146-158: ⚡ Quick win

Cross-field version consistency validation correctly implemented.

The validation loop enforces that all OpenClaw metadata fields (openclaw.compat.* and openclaw.build.*) match the normalized peer dependency version. This directly addresses the past review comment requesting CI enforcement of version equality across these fields.

The implementation is sound:

• Normalizes the peer dependency version as the source of truth
• Validates each compat/build field matches
• Provides actionable error messages identifying the mismatched field

integrations/openclaw/package.json (1)

45-46: ⚡ Quick win

Verify workspace lockfile alignment for OpenClaw 2026.5.26.

The workspace-root package-lock.json locks node_modules/openclaw to 2026.5.26, matching the updated integrations/openclaw/package.json OpenClaw version fields (pluginApi/minGatewayVersion). (The integrations/openclaw entry in the lockfile shows 0.3.0, which appears to be the local package wrapper rather than the openclaw dependency.)

---

Walkthrough

This PR rebases optional Python extras (langchain, langgraph, langchain-nvidia-ai-endpoints) to newer minimums and updates ATTRIBUTIONS-Python.md; it also tightens OpenClaw peer/build/compatibility metadata and adds cross-field OpenClaw version normalization and consistency checks in the pack payload script.

Changes

Dependency Version Updates

Layer / File(s)	Summary
Python dependency version constraints pyproject.toml, ATTRIBUTIONS-Python.md	Bumped langchain min to ≥1.3.2 and langgraph min to ≥1.2.2 in optional extras; changed langchain-nvidia-ai-endpoints to >=1.4.0,<2.0.0. Updated attribution headers in ATTRIBUTIONS-Python.md to match lockfile resolution.
OpenClaw integration metadata and validation integrations/openclaw/package.json, integrations/openclaw/scripts/check-pack-payload.mjs	Updated OpenClaw compatibility/build fields and tightened peerDependencies.openclaw from >=2026.5.12 to ^2026.5.26. Added normalizeOpenClawVersion() and assertions to enforce that all OpenClaw-related fields normalize to the same x.y.z version derived from peerDependencies.openclaw.

---

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	Description is incomplete, missing the 'Details' section explaining the specific changes and the 'Related Issues' section.	Add a 'Details' section describing the specific dependency version updates and add a 'Related Issues' section referencing any associated issue.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	Title follows Conventional Commits format with type 'chore' and concise summary under 72 characters.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint skipped: no ESLint configuration detected in root package.json. To enable, add eslint to devDependencies.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@integrations/openclaw/package.json`:
- Line 63: The package.json peers a newer openclaw (^2026.5.26) while the
package’s openclaw.compat.* and openclaw.build.* metadata remain at 2026.5.12,
which creates a version mismatch; update the openclaw.compat and openclaw.build
fields in integrations/openclaw/package.json to 2026.5.26 to match
peerDependencies.openclaw (or intentionally document why they differ), and if
you want CI to enforce equality modify
integrations/openclaw/scripts/check-pack-payload.mjs to assert equality between
peerDependencies.openclaw and the openclaw.compat/build fields instead of only
asserting presence.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: 7700f7b9-2572-44e3-bc43-8cec655c04c0

📥 Commits

Reviewing files that changed from the base of the PR and between 295e7e2 and f6261a4.

⛔ Files ignored due to path filters (2)

• package-lock.json is excluded by !**/package-lock.json
• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (4)

• ATTRIBUTIONS-Node.md
• ATTRIBUTIONS-Python.md
• integrations/openclaw/package.json
• pyproject.toml

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Check / Run

🧰 Additional context used

📓 Path-based instructions (16)

**/package.json

📄 CodeRabbit inference engine (.agents/skills/rename-surfaces/SKILL.md)

Update Node.js package names during coordinated rename operations

Files:

• integrations/openclaw/package.json

integrations/openclaw/package.json

📄 CodeRabbit inference engine (.agents/skills/update-project-version/SKILL.md)

Ensure integrations/openclaw/package.json npm plugin version stays aligned with the workspace-root package-lock.json

Files:

• integrations/openclaw/package.json

{docs/**,README.md,**/Cargo.toml,**/package.json,**/*.md}

📄 CodeRabbit inference engine (.agents/skills/validate-change/SKILL.md)

Ensure renamed public surfaces are reflected consistently in manifests and docs for large or public-facing changes

Files:

• integrations/openclaw/package.json
• ATTRIBUTIONS-Python.md

**/*.{md,mdx,py,sh,yaml,yml,toml,json}

📄 CodeRabbit inference engine (.agents/skills/contribute-docs/SKILL.md)

Keep package names, repo references, and build commands current

Files:

• integrations/openclaw/package.json
• pyproject.toml
• ATTRIBUTIONS-Python.md

{pyproject.toml,**/*.py}

📄 CodeRabbit inference engine (.agents/skills/maintain-packaging/SKILL.md)

Maintain consistency between Python package names in pyproject.toml and import paths used throughout the codebase

Files:

• pyproject.toml

**/*.{rs,toml}

📄 CodeRabbit inference engine (.agents/skills/rename-surfaces/SKILL.md)

Update Rust crate names and module prefixes during coordinated rename operations

Files:

• pyproject.toml

**/*.{py,txt,toml,cfg,yaml,yml}

📄 CodeRabbit inference engine (.agents/skills/rename-surfaces/SKILL.md)

Update Python package names and top-level module imports during coordinated rename operations

Files:

• pyproject.toml

**/*.toml

📄 CodeRabbit inference engine (CONTRIBUTING.md)

Include SPDX license header in TOML configuration files using hash comment syntax

Files:

• pyproject.toml

**/*.{md,rst,html,txt}

📄 CodeRabbit inference engine (.agents/skills/review-doc-style/assets/nvidia-style-brand-terminology.md)

**/*.{md,rst,html,txt}: Always spell NVIDIA in all caps. Do not use Nvidia, nvidia, nVidia, nVIDIA, or NV.
Use an NVIDIA before a noun because the name starts with an 'en' sound.
Do not add a registered trademark symbol after NVIDIA when referring to the company.
Use trademark symbols with product names only when the document type or legal guidance requires them.
Verify official capitalization, spacing, and hyphenation for product names.
Precede NVIDIA product names with NVIDIA on first mention when it is natural and accurate.
Do not rewrite product names for grammar or title-case rules.
Preserve third-party product names according to the owner's spelling.
Include the company name and full model qualifier on first use when it helps identify the model.
Preserve the official capitalization and punctuation of model names.
Use shorter family names only after the full name is established.
Spell out a term on first use and put the acronym in parentheses unless the acronym is widely understood by the intended audience.
Use the acronym on later mentions after it has been defined.
For long documents, reintroduce the full term if readers might lose context.
Form plurals of acronyms with s, not an apostrophe, such as GPUs.
In headings, common acronyms can remain abbreviated. Spell out the term in the first or second sentence of the body.
Common terms such as CPU, GPU, PC, API, and UI usually do not need to be spelled out for developer audiences.

Files:

• ATTRIBUTIONS-Python.md

**/*.{md,rst,html}

📄 CodeRabbit inference engine (.agents/skills/review-doc-style/assets/nvidia-style-brand-terminology.md)

Link the first mention of a product name when the destination helps the reader.

Files:

• ATTRIBUTIONS-Python.md

**/*.md

📄 CodeRabbit inference engine (.agents/skills/contribute-integration/SKILL.md)

Documentation must be updated if activation or usage changed

**/*.md: Use title case consistently in technical documentation headings
Avoid quotation marks, ampersands, and exclamation marks in headings
Keep product, event, research, and whitepaper names in their official title case
Use title case for table headers
Do not force social-media sentence case into technical docs
Format code elements, commands, parameters, package names, and expressions in monospace
Format directories, file names, and paths in monospace using backticks
Use angle brackets inside monospace for variables inside paths, such as /home/<username>/.login
Format error messages and strings in quotation marks, keeping literal code strings in code formatting when clearer
Format UI buttons, menus, fields, and labels in bold
Use angle brackets between UI labels for menu paths, such as File > Save As
Use italics for new terms on first use, sparingly and only when introducing the term
Use italics for publication titles
Format keyboard shortcuts in plain text, such as Press Ctrl+Alt+Delete
Use owner/repo link text for GitHub repositories, preferring [NVIDIA/NeMo](link) over prose references like 'the GitHub repo'
Introduce every code block with a complete sentence
Do not make a code block complete the grammar of the previous sentence
Do not continue a sentence after a code block
Use syntax highlighting when the format supports it for code blocks
Avoid the word 'snippet' unless the surrounding docs already use it as a term of art
Keep inline method, function, and class references consistent with nearby docs, omitting empty parentheses for prose readability when no call is shown
Use descriptive anchor text that matches the destination title when possible for links
Avoid raw URLs in running text
Avoid generic anchor text such as 'here,' 'this page,' and 'read more'
Include acronyms in link text when a linked term includes an acronym
Do not link long sentences or multiple sentences
Avoid links ...

Files:

• ATTRIBUTIONS-Python.md

**/{docs,examples,**/*.md,*.patch,*.diff,.github,*.sh,*.yaml,*.yml}

📄 CodeRabbit inference engine (.agents/skills/rename-surfaces/SKILL.md)

Update documentation, examples, CI configuration, and patch artifacts when performing rename operations

Files:

• ATTRIBUTIONS-Python.md

**/*.{md,rst,txt}

📄 CodeRabbit inference engine (.agents/skills/review-doc-style/assets/nvidia-style-guide.md)

Spell NVIDIA in all caps. Do not use Nvidia, nvidia, or NV.

Files:

• ATTRIBUTIONS-Python.md

**/*.{md,rst}

📄 CodeRabbit inference engine (.agents/skills/review-doc-style/assets/nvidia-style-guide.md)

**/*.{md,rst}: Format commands, code elements, expressions, package names, file names, and paths as inline code.
Use descriptive link text. Avoid raw URLs and weak anchors such as "here" or "read more."
Use title case consistently for technical documentation headings.
Introduce code blocks, lists, tables, and images with complete sentences.
Write procedures as imperative steps. Keep steps parallel and split long procedures into smaller tasks.
Prefer active voice, present tense, short sentences, contractions, and plain English.
Use can for possibility and reserve may for permission.
Use after for temporal relationships instead of once.
Prefer refer to over see when the wording points readers to another resource.
Avoid culture-specific idioms, unnecessary Latinisms, jokes, and marketing exaggeration in technical docs.
Spell out months in body text, avoid ordinal dates, and use clear time zones.
Spell out whole numbers from zero through nine unless they are technical values, parameters, versions, or UI values.
Use numerals for 10 or greater and include commas in thousands.
Do not add trademark symbols to learning-oriented docs unless the source, platform, or legal guidance explicitly requires them.

Files:

• ATTRIBUTIONS-Python.md

{docs/**,README.md,CONTRIBUTING.md,**/*.md}

📄 CodeRabbit inference engine (.agents/skills/validate-change/SKILL.md)

Run docs link validation with just docs-linkcheck when links change

Files:

• ATTRIBUTIONS-Python.md

**/*.{html,md,mdx}

📄 CodeRabbit inference engine (CONTRIBUTING.md)

Include SPDX license header in HTML and Markdown files using HTML comment syntax

Files:

• ATTRIBUTIONS-Python.md

🔇 Additional comments (2)

pyproject.toml (1)

66-66: LGTM!

Also applies to: 73-73, 83-83

ATTRIBUTIONS-Python.md (1)

2913-2913: LGTM!

Also applies to: 3013-3013, 3073-3073