chore(deps): bump langgraph-sdk from 0.3.12 to 0.3.15

[dependabot]

Bumps langgraph-sdk from 0.3.12 to 0.3.15.

Release notes

Sourced from langgraph-sdk's releases.

langgraph-sdk==0.3.15

Changes since sdk==0.3.14

• release(checkpoint): 4.1.1 (#7890)
• release(sdk-py): 0.3.15 (#7891)
• fix(sdk-py): percent-encode caller-supplied identifiers in URL paths (#7893)
• release(langgraph): 1.2.1 (#7883)
• chore(deps): bump idna from 3.11 to 3.15 in /libs/sdk-py (#7863)
• chore(deps): bump urllib3 from 2.6.3 to 2.7.0 in /libs/sdk-py (#7764)
• chore(deps): bump langsmith from 0.7.31 to 0.8.0 in /libs/sdk-py (#7789)
• release: bump alpha packages to official versions (#7775)
• chore(langgraph): bump langchain-core to 1.4.0 (#7767)
• feat(sdk-py): support metadata filter for crons search/count (#7737)
• chore(deps): bump ty from 0.0.23 to 0.0.33 in /libs/sdk-py (#7666)

langgraph-sdk==0.3.14

Changes since sdk==0.3.13

• release(sdk-py): 0.3.14 (#7712)
• feat(sdk-py): add return_minimal to threads update (#7704)
• release: alpha bump (a4) for langgraph, checkpoint, checkpoint-postgres (#7701)
• release: alpha bump langgraph 1.2.0a6 (#7697)
• release: alpha bump prebuilt 1.1.0a2, langgraph 1.2.0a5 (#7682)
• release: alpha bump prebuilt 1.1.0a1, langgraph 1.2.0a4 (#7679)
• feat(langgraph): dispatch stream_events(version='v3') on Pregel (#7677)
• release: alpha bump (a3) for langgraph, checkpoint, checkpoint-postgres (#7678)
• release: alpha for timers (#7647)
• chore: update x links to langchain_oss (#7645)
• feat(langgraph): add streaming transformer infrastructure and tests (#7519)
• chore(deps): bump the minor-and-patch group across 1 directory with 4 updates (ty held back) (#7635)
• release(prebuilt): 1.0.12, langgraph 1.1.10 (#7623)
• release(checkpoint): 4.0.3 (#7625)
• release(prebuilt): 1.0.11 (#7610)
• feat(prebuilt): allow ToolNode tools to return list[Command | ToolMessage] (#7596)
• chore(langgraph): bump version 1.1.8 -> 1.1.9 (#7563)
• release(langgraph): 1.1.8 (#7545)
• release(prebuilt): 1.0.10 (#7541)
• release(langgraph): 1.1.7 (#7540)
• chore(deps): bump langsmith from 0.7.20 to 0.7.31 in /libs/sdk-py (#7528)
• release(checkpoint): 4.0.2 (#7518)
• chore(deps-dev): bump pytest from 9.0.2 to 9.0.3 in /libs/sdk-py (#7504)
• release(langgraph): 1.1.7a2 (#7511)
• chore: allow passing some metadata only for tracing purposes (#7383)
• release(langgraph): 1.1.7a1 (#7476)
• chore(deps): bump langchain-core from 1.2.22 to 1.2.28 in /libs/sdk-py (#7449)

langgraph-sdk==0.3.13

Changes since sdk==0.3.12

• chore: validate reconnect url (#7434)

... (truncated)

Commits

• e1aa1a4 0.3.15
• 7a959f6 Fix assertion
• 9b5549f Fix flaky assertion
• fa96c0a One more
• 98b8ff9 Update test assertions for triggers
• 951131c Lint
• 8bcdba8 Reduce to 4.1s
• 60fc49b Speed up prepare_single_task
• 1d21b4b Improve prepare_single_task trigger checks to linear complexity (#3891)
• 55ec0d3 Speed up task triggers check (#3890)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[claude]

LGTM, transitive dep patch bump in the lockfile.

Extended reasoning...

Overview

This PR is a Dependabot-generated patch-level bump of langgraph-sdk from 0.3.12 to 0.3.15. Only uv.lock is modified — the source under langfuse/ and the pyproject.toml constraints are unchanged. langgraph-sdk is a transitive dependency (the repo declares langgraph>=1,<2 directly), pulled in via the langchain/langgraph integration paths.

Security risks

None observed. The version bump itself includes a relevant fix (fix(sdk-py): percent-encode caller-supplied identifiers in URL paths), which is a small hardening improvement. No new direct dependencies are added.

Level of scrutiny

Low. Lockfile-only changes for a patch-version bump of a transitive dependency need minimal review — semver expectation is bug fixes / non-breaking changes, and the bug-hunting pass found no issues. The incidental rewrite of exclude-newer to the 0001-01-01T00:00:00Z sentinel with an inline comment is uv's standard lockfile regeneration behavior and is documented as having no effect.

Other factors

No outstanding reviewer comments, no prior reviews from me on this PR, and the diff is contained entirely within a generated lockfile. Established pattern in this repo for Dependabot transitive bumps.