chore(deps): bump langgraph-checkpoint from 4.0.1 to 4.1.1

[dependabot]

Bumps langgraph-checkpoint from 4.0.1 to 4.1.1.

Release notes

Sourced from langgraph-checkpoint's releases.

langgraph-checkpoint==4.1.1

Changes since checkpoint==4.1.0

• release(checkpoint): 4.1.1 (#7890)
• fix(checkpoint): restrict lc:2 envelope revival to default constructor (#7892)
• chore(deps): bump idna from 3.11 to 3.15 in /libs/checkpoint (#7860)
• chore(deps): bump langsmith from 0.7.31 to 0.8.0 in /libs/checkpoint (#7784)

langgraph-checkpoint==4.1.0

Changes since checkpoint==4.1.0a4

• release: bump alpha packages to official versions (#7775)
• chore(deps): bump urllib3 from 2.6.3 to 2.7.0 in /libs/checkpoint (#7762)
• chore(deps): bump langchain-core from 1.3.2 to 1.3.3 in /libs/checkpoint (#7752)
• feat(checkpoint): force delta channel snapshot after max supersteps since last snapshot (#7746)
• fix(checkpoint): specify allowed_objects in Reviver (#7743)
• chore: remove keepset helper (#7745)
• chore(langgraph): add guide/conformance for delta channel checkpointer (#7736)
• docs(checkpoint): mark DeltaChannel and delta-history APIs as beta (#7732)
• chore(deps): bump the minor-and-patch group across 1 directory with 3 updates (#7670)
• chore: "chore: minor clean up around checkpoint and delta channel" (#7706)
• chore: minor clean up around checkpoint and delta channel (#7705)

langgraph-checkpoint==4.1.0a4

Changes since checkpoint==4.1.0a3

• release: alpha bump (a4) for langgraph, checkpoint, checkpoint-postgres (#7701)
• feat: public get_writes_history saver API + delta cadence rework (#7699)

langgraph-checkpoint==4.1.0a3

Changes since checkpoint==4.1.0a2

• release: alpha bump (a3) for langgraph, checkpoint, checkpoint-postgres (#7678)
• chore(langgraph): use two phase read to avoid unnecessary data transport (#7660)
• release: alpha for timers (#7647)
• feat(langgraph): DeltaChannel: store sentinel in blobs, reconstruct from checkpoint_writes (#7586)
• chore: dynamic push-task timeouts (#7646)
• chore: update x links to langchain_oss (#7645)
• release(checkpoint): 4.0.3 (#7625)
• fix(checkpoint): revive lc=2 JSON blobs for safe types without allowlist (#7582)

langgraph-checkpoint==4.1.0a2

Changes since checkpoint==4.1.0a1

langgraph-checkpoint==4.1.0a1

Changes since checkpoint==4.0.3

• release: alpha for timers (#7647)
• feat(langgraph): DeltaChannel: store sentinel in blobs, reconstruct from checkpoint_writes (#7586)
• chore: dynamic push-task timeouts (#7646)

... (truncated)

Commits

• d1e2ff0 release(checkpoint): 4.1.1 (#7890)
• e787af2 release(sdk-py): 0.3.15 (#7891)
• 604534e fix(sdk-py): percent-encode caller-supplied identifiers in URL paths (#7893)
• 346aa97 fix(checkpoint): restrict lc:2 envelope revival to default constructor (#7892)
• 82b3872 chore(deps): bump the uv group across 2 directories with 1 update (#7853)
• fcc4ab8 chore(deps): bump idna from 3.11 to 3.15 in /libs/checkpoint (#7860)
• 701d344 chore(deps): bump idna from 3.11 to 3.15 in /libs/checkpoint-postgres (#7861)
• 2c7967c chore(deps): bump idna from 3.11 to 3.15 in /libs/cli (#7865)
• bf7fec0 release(langgraph): 1.2.1 (#7883)
• 8215a9d feat(langgraph): add before_builtins opt-in for stream transformers (#7882)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[claude]

LGTM, transitive dependency lockfile bump from Dependabot.

Extended reasoning...

Overview

This PR is a Dependabot lockfile-only change that bumps langgraph-checkpoint from 4.0.1 to 4.1.1 in uv.lock. The package is a transitive dependency (not directly referenced anywhere in the source tree — only appears in uv.lock), pulled in by langgraph. The diff also updates the exclude-newer metadata field to a sentinel value with an explanatory comment, which is a uv-managed lock file artifact.

Security risks

None. This is a lockfile change for a transitive dependency. The new version is a minor+patch bump on the same major (4.x), with release notes showing internal fixes (lc:2 envelope revival restriction, idna/urllib3 bumps inside langgraph). No direct API surface in this repo touches langgraph_checkpoint.

Level of scrutiny

Minimal — this is the canonical 'low-risk Dependabot bump': lockfile-only, transitive dep, minor version on the same major, no source files modified. CI tests act as the safety net.

Other factors

Single-file change to uv.lock. No bug reports from the hunting system. The langfuse-python repo uses langgraph only via integration code, and this checkpoint package is a sub-dep. Safe to auto-approve.