Skip to content

chore(deps): bump openai from 1.102.0 to 2.3.0 #1402

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

chore(deps): bump openai from 1.102.0 to 2.3.0 #1402

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 10, 2025
edited
Loading

Bumps openai from 1.102.0 to 2.3.0.

Release notes

Sourced from openai's releases.

v2.3.0

2.3.0 (2025-10-10)

Full Changelog: v2.2.0...v2.3.0

Features

  • api: comparison filter in/not in (aa49f62)

Chores

  • package: bump jiter to >=0.10.0 to support Python 3.14 (#2618) (aa445ca)

v2.2.0

2.2.0 (2025-10-06)

Full Changelog: v2.1.0...v2.2.0

Features

  • api: dev day 2025 launches (38ac009)

Bug Fixes

  • client: add chatkit to beta resource (de3e561)

v2.1.0

2.1.0 (2025-10-02)

Full Changelog: v2.0.1...v2.1.0

Features

  • api: add support for realtime calls (7f7925b)

v2.0.1

2.0.1 (2025-10-01)

Full Changelog: v2.0.0...v2.0.1

Bug Fixes

  • api: add status, approval_request_id to MCP tool call (2a02255)

v2.0.0

2.0.0 (2025-09-30)

Full Changelog: v1.109.1...v2.0.0

... (truncated)

Changelog

Sourced from openai's changelog.

2.3.0 (2025-10-10)

Full Changelog: v2.2.0...v2.3.0

Features

  • api: comparison filter in/not in (aa49f62)

Chores

  • package: bump jiter to >=0.10.0 to support Python 3.14 (#2618) (aa445ca)

2.2.0 (2025-10-06)

Full Changelog: v2.1.0...v2.2.0

Features

  • api: dev day 2025 launches (38ac009)

Bug Fixes

  • client: add chatkit to beta resource (de3e561)

2.1.0 (2025-10-02)

Full Changelog: v2.0.1...v2.1.0

Features

  • api: add support for realtime calls (7f7925b)

2.0.1 (2025-10-01)

Full Changelog: v2.0.0...v2.0.1

Bug Fixes

  • api: add status, approval_request_id to MCP tool call (2a02255)

2.0.0 (2025-09-30)

Full Changelog: v1.109.1...v2.0.0

⚠ BREAKING CHANGES

  • api: ResponseFunctionToolCallOutputItem.output and ResponseCustomToolCallOutput.output now return string | Array<ResponseInputText | ResponseInputImage | ResponseInputFile> instead of string only. This may break existing callsites that assume output is always a string.

... (truncated)

Commits
  • e5f93f5 release: 2.3.0
  • 0448788 feat(api): comparison filter in/not in
  • 85a91ad chore(package): bump jiter to >=0.10.0 to support Python 3.14 (#2618)
  • d69edeb release: 2.2.0
  • ea3dcf8 [fix] readd realtime and chat
  • 8082367 fix(client): add chatkit to beta resource
  • 9ada2c7 feat(api): dev day 2025 launches
  • 53f7a74 release: 2.1.0
  • 86aaa1d feat(api): add support for realtime calls
  • 75a3aa4 release: 2.0.1
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Disclaimer: Experimental PR review

Greptile Overview

Updated On: 2025-10-10 05:11:52 UTC

Summary

This PR updates the openai package from 1.102.0 to 2.3.0, which includes a major version bump from v1 to v2. The upgrade also updates related dependencies:

  • openai: 1.102.0 → 2.3.0 (major version bump)
  • langchain-openai: 0.3.32 → 0.3.35 (now supports openai >=1.104.2, <3.0.0)
  • langchain-core: 0.3.75 → 0.3.79
  • jiter: >=0.4.0 → >=0.10.0 (for Python 3.14 support)

Key Considerations

OpenAI v2.0.0 Breaking Changes:
According to the release notes, v2.0.0 includes breaking changes where ResponseFunctionToolCallOutputItem.output and ResponseCustomToolCallOutput.output now return string | Array<ResponseInputText | ResponseInputImage | ResponseInputFile> instead of just string.

Compatibility Assessment:
The Langfuse OpenAI integration code (langfuse/openai.py) does not directly reference these breaking change types. The integration wraps OpenAI methods at a high level and handles responses generically through __dict__ access patterns, which should be resilient to these type changes.

Test Coverage:
The test suite (tests/test_openai.py) has comprehensive coverage including streaming, async, function calls, tool calls, structured outputs, embeddings, and the new Responses API.

Recommendations

  • Verify that existing tests pass with the new OpenAI v2.x
  • Check that langchain-openai 0.3.35 properly supports OpenAI 2.x (it explicitly allows openai <3.0.0)
  • Monitor for any runtime issues with response output handling, particularly for the Responses API methods

Confidence Score: 4/5

  • This PR is reasonably safe to merge with testing recommended
  • The dependency upgrade is a major version bump (v1 → v2) for OpenAI, which includes breaking changes. However, the Langfuse integration code appears to handle responses generically and should be resilient. The langchain-openai package was also updated to explicitly support OpenAI v2.x. The main risk is runtime behavior changes that may not be caught without executing the test suite.
  • No files require special attention - this is a dependency update only

Important Files Changed

File Analysis

Filename Score Overview
poetry.lock 4/5 Updated openai from 1.102.0 to 2.3.0 and related dependencies; includes major version bump with breaking changes

Sequence Diagram

sequenceDiagram
    participant D as Dependabot
    participant L as poetry.lock
    participant O as openai (1.102.0→2.3.0)
    participant LC as langchain-openai (0.3.32→0.3.35)
    participant LF as langfuse/openai.py
    
    D->>L: Update openai dependency
    L->>O: Bump to v2.3.0 (major version)
    Note over O: Breaking changes in v2.0.0<br/>Response output types changed
    L->>LC: Update to 0.3.35
    Note over LC: Now supports openai <3.0.0
    L->>L: Update jiter to >=0.10.0
    Note over L: Python 3.14 support
    
    Note over LF: Integration code uses generic<br/>__dict__ access patterns
    LF->>O: Wraps OpenAI API calls
    O-->>LF: Returns responses
    Note over LF: Should be resilient to<br/>type changes
Loading

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Oct 10, 2025
@dependabot dependabot bot mentioned this pull request Oct 10, 2025
Closed
greptile-apps[bot]
greptile-apps bot reviewed Oct 10, 2025
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No files reviewed, no comments

Edit Code Review Agent Settings | Greptile

@dependabot dependabot bot force-pushed the dependabot/pip/openai-2.3.0 branch from 92fb4fb to ab1b105 Compare October 13, 2025 05:08
@dependabot
chore(deps): bump openai from 1.102.0 to 2.3.0
1b4dc78 
Bumps [openai](https://github.com/openai/openai-python) from 1.102.0 to 2.3.0.
- [Release notes](https://github.com/openai/openai-python/releases)
- [Changelog](https://github.com/openai/openai-python/blob/main/CHANGELOG.md)
- [Commits](openai/openai-python@v1.102.0...v2.3.0)

---
updated-dependencies:
- dependency-name: openai
  dependency-version: 2.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/pip/openai-2.3.0 branch from ab1b105 to 1b4dc78 Compare October 15, 2025 05:08
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 17, 2025

Superseded by #1406.

@dependabot dependabot bot closed this Oct 17, 2025
@dependabot dependabot bot deleted the dependabot/pip/openai-2.3.0 branch October 17, 2025 05:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant