Bump the uv group across 2 directories with 3 updates

[dependabot]

Bumps the uv group with 2 updates in the / directory: langgraph and tornado.
Bumps the uv group with 1 update in the /server directory: graphiti-core.

Updates langgraph from 1.0.6 to 1.0.10rc1

Release notes

Sourced from langgraph's releases.

langgraph==1.0.10rc1

Changes since 1.0.9

• release: Candidate (#6947)
• Merge commit from fork
• chore: add tests to confirm expected subgraph persistence behavior (#6943)
• fix(langgraph): correct ParentCommand bubbling when checkpoint_ns includes numeric task segments (#6864)
• chore: add make type target for type checking (#6748)

langgraph==1.0.9

Changes since 1.0.8

• release: langgraph + prebuilt (#6875)
• fix: sequential interrupt handling w/ functional API (#6863)
• chore: state_updated_at sort by (#6857)
• chore: bump orjson (#6852)
• chore: conformance testing (#6842)
• chore(deps): bump the all-dependencies group in /libs/langgraph with 6 updates (#6815)
• chore(deps): bump protobuf from 6.33.4 to 6.33.5 in /libs/langgraph (#6833)
• chore(deps): bump cryptography from 46.0.3 to 46.0.5 in /libs/langgraph (#6837)
• chore(deps): bump nbconvert from 7.16.6 to 7.17.0 in /libs/langgraph (#6832)
• chore: server runtime type (#6774)
• refactor: replace bare except with BaseException in AsyncQueue (#6765)

langgraph==1.0.8

Changes since 1.0.7

• release(langgraph): 1.0.8 (#6757)
• chore: shallow copy futures (#6755)
• fix: pydantic messages double streaming (#6753)
• chore(deps-dev): bump ruff from 0.14.7 to 0.14.11 in /libs/sdk-py (#6673)
• chore: Omit lock when using connection pool (#6734)
• docs: enhance Runtime and ToolRuntime class descriptions for clarity (#6689)
• docs: add clarity to use of thread_id (#6515)
• docs: add docstrings to add_node overloads (#6514)
• docs: update notebook links and add archival notices for examples (#6720)
• release(cli): 0.4.12 (#6716)

langgraph-prebuilt==1.0.8

Changes since prebuilt==1.0.7

• release: langgraph + prebuilt (#6875)
• fix: inject ToolRuntime for dynamically registered tools (#6874)
• chore: bump orjson (#6852)
• chore(deps): bump langchain-core from 1.2.12 to 1.2.13 in /libs/prebuilt in the all-dependencies group (#6849)
• chore: conformance testing (#6842)
• chore(deps): bump the all-dependencies group in /libs/prebuilt with 3 updates (#6810)
• chore: server runtime type (#6774)
• docs(prebuilt): update warning for create_react_agent (#6760)
• release(langgraph): 1.0.8 (#6757)

... (truncated)

Commits

• a04ec5d release: Candidate (#6947)
• 50df7d4 Merge commit from fork
• c4a4a46 chore: add tests to confirm expected subgraph persistence behavior (#6943)
• f178eb8 fix(langgraph): correct ParentCommand bubbling when checkpoint_ns includes nu...
• 48167d7 chore(deps): bump the all-dependencies group in /libs/cli with 2 updates (#6920)
• 806878a chore(deps): bump the all-dependencies group in /libs/checkpoint-postgres wit...
• 8087e6a docs(sdk-py): update auth docstrings to default-deny pattern (#6933)
• 8fbdb14 release(sdk-py): 0.3.9 (#6932)
• 5093802 chore(deps): bump the all-dependencies group in /libs/checkpoint with 2 updat...
• b89ef60 feat(sdk-py): add extract parameter to threads.search() (#6880)
• Additional commits viewable in compare view

Updates tornado from 6.5.4 to 6.5.5

Changelog

Sourced from tornado's changelog.

Release notes

.. toctree:: :maxdepth: 2

releases/v6.5.5 releases/v6.5.4 releases/v6.5.3 releases/v6.5.2 releases/v6.5.1 releases/v6.5.0 releases/v6.4.2 releases/v6.4.1 releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1 releases/v3.2.0 releases/v3.1.1

... (truncated)

Commits

• 7d64650 Merge pull request #3586 from bdarnell/update-cibw
• d05d59b build: Bump cibuildwheel to 3.4.0
• c2f4673 Merge pull request #3585 from bdarnell/release-655
• e5f1aa4 Release notes and version bump for v6.5.5
• 78a046f httputil: Add CRLF to _FORBIDDEN_HEADER_CHARS_RE
• 24a2d96 web: Validate characters in all cookie attributes.
• 119a195 httputil: Add limits on multipart form data parsing
• See full diff in compare view

Updates graphiti-core from 0.28.1 to 0.28.2

Release notes

Sourced from graphiti-core's releases.

v0.28.2 - SECURITY: Harden Search Filters Against Cypher Injection

What's Changed

• chore: regenerate lockfiles to drop diskcache by @​prasmussen15 in getzep/graphiti#1244
• fix: replace edge name with uuid in debug log by @​prasmussen15 in getzep/graphiti#1261
• chore: update Docker images to graphiti-core 0.28.1 by @​prasmussen15 in getzep/graphiti#1292
• feat: Add GLiNER2 hybrid LLM client by @​danielchalef in getzep/graphiti#1284
• Refresh README content and fix image refs by @​danielchalef in getzep/graphiti#1313
• Restore README title and subtitle by @​danielchalef in getzep/graphiti#1314
• Harden search filters against Cypher injection by @​danielchalef in getzep/graphiti#1312

Full Changelog: v0.28.1...v0.28.2

Commits

• 77b1609 Bump graphiti-core version to 0.28.2 (#1315)
• 7d65d5e Harden search filters against Cypher injection (#1312)
• b10b488 Restore README title and subtitle (#1314)
• a9065fa Refresh README content and fix image refs (#1313)
• 5a334ec @​lvca has signed the CLA in getzep/graphiti#1310
• 45c8040 @​jawherkh has signed the CLA in getzep/graphiti#1309
• 9eb2c9e @​kraft87 has signed the CLA in getzep/graphiti#1305
• 334c8fa @​adsharma has signed the CLA in getzep/graphiti#1296
• b6f9d87 @​StephenBadger has signed the CLA in getzep/graphiti#1295
• 4b91076 feat: Add GLiNER2 hybrid LLM client (#1284)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #1329.