Morph MORPH
SIGN IN SIGN UP
langchain-ai / langchain UNCLAIMED

The agent engineering platform

131728 0 0 Python

chore: bump nltk from 3.9.3 to 3.9.4 in /libs/text-splitters (#36237)

Bumps [nltk](https://github.com/nltk/nltk) from 3.9.3 to 3.9.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/nltk/nltk/blob/develop/ChangeLog">nltk's
changelog</a>.</em></p>
<blockquote>
<p>Version 3.9.4 2026-03-24</p>
<ul>
<li>Support Python 3.14</li>
<li>Fix bug in Levenshtein distance when substitution_cost &gt; 2</li>
<li>Fix bug in Treebank detokeniser re quote ordering</li>
<li>Fix bug in Jaro similarity for empty strings</li>
<li>Several security enhancements</li>
<li>Fix GHSA-rf74-v2fm-23pw: unbounded recursion in
JSONTaggedDecoder</li>
<li>Implement TextTiling vocabulary introduction method (Hearst
1997)</li>
<li>Fix ALINE feature matrix errors and add comprehensive tests</li>
<li>Support multiple VerbNet versions, fix longid/shortid regex for
VerbNet ids</li>
<li>Let downloader fallback to md5 when sha256 is unavailable</li>
<li>Several other minor bugfixes and code cleanups</li>
</ul>
<p>Thanks to the following contributors to 3.9.4:
Min-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01,
jancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,</p>
<p>Version 3.9.3 2026-02-21</p>
<ul>
<li>Fix CVE-2025-14009: secure ZIP extraction in nltk.downloader (<a
href="https://redirect.github.com/nltk/nltk/issues/3468">#3468</a>)</li>
<li>Block path traversal/arbitrary reads in nltk.data for protocol-less
refs (<a
href="https://redirect.github.com/nltk/nltk/issues/3467">#3467</a>)</li>
<li>Block path traversal/abs paths in corpus readers and FS pointers (<a
href="https://redirect.github.com/nltk/nltk/issues/3479">#3479</a>, <a
href="https://redirect.github.com/nltk/nltk/issues/3480">#3480</a>)</li>
<li>Validate external StanfordSegmenter JARs using SHA256 (<a
href="https://redirect.github.com/nltk/nltk/issues/3477">#3477</a>)</li>
<li>Add optional sandbox enforcement for filestring() (<a
href="https://redirect.github.com/nltk/nltk/issues/3485">#3485</a>)</li>
<li>Maintenance: downloader/zipped models, CI/tooling updates</li>
</ul>
<p>Thanks to the following contributors to 3.9.3:
Chris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher
Smith</p>
<p>Version 3.9.2 2025-10-01</p>
<ul>
<li>Update download checksums to use SHA256 in built index</li>
<li>Fix percentage escape in new-style string formatting</li>
<li>replace shortened URLs using goo.gl</li>
<li>Make Wordnet interoperable with various taggers and tagged
corpora</li>
<li>Fix saving PerceptronTagger</li>
<li>Document how to reproduce old Wordnet studies</li>
<li>properly initialize Portuguese corpus reader</li>
<li>support for mixed rules conversion into Chomsky Normal Form</li>
<li>only import tkinter if a GUI is needed</li>
<li>issue <a
href="https://redirect.github.com/nltk/nltk/issues/2112">#2112</a> with
Corenlp</li>
<li>new environment variable
NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL</li>
<li>Lesk defaults to most frequent sense in case of ties</li>
</ul>
<p>Thanks to the following contributors to 3.9.2:
Jose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix,
Jason Liu,
Samer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram
Ul Haq,
Christopher Smith, Ryan Mannion</p>
<p>Version 3.9.1 2024-08-19</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/nltk/nltk/commit/ad9c96ba00a16923ffe917eacf63f1707bfa2d08"><code>ad9c96b</code></a>
Update copyright year</li>
<li><a
href="https://github.com/nltk/nltk/commit/7edcddfda566627b897397397cc4d10ae91cb86d"><code>7edcddf</code></a>
Updates for 3.9.4 release</li>
<li><a
href="https://github.com/nltk/nltk/commit/67a2736f89b286b028db08bd247134f17a11fc6b"><code>67a2736</code></a>
Merge pull request <a
href="https://redirect.github.com/nltk/nltk/issues/3180">#3180</a> from
yzhaoinuw/bug-on-edit_distance_align</li>
<li><a
href="https://github.com/nltk/nltk/commit/2b17ac5358a1c8d4b97455766efde0b786e6cdb2"><code>2b17ac5</code></a>
Fix edit_distance_align backtrace for high substitution costs</li>
<li><a
href="https://github.com/nltk/nltk/commit/4b72976a6ff3d180ed4012f11843e611a8f89516"><code>4b72976</code></a>
Merge pull request <a
href="https://redirect.github.com/nltk/nltk/issues/3018">#3018</a> from
JuanIMartinezB/bug/shortid-longid</li>
<li><a
href="https://github.com/nltk/nltk/commit/8a5619f53a281149e5342b1a00fe05fe2fc6517f"><code>8a5619f</code></a>
Merge pull request <a
href="https://redirect.github.com/nltk/nltk/issues/3222">#3222</a> from
Syzygy2048/feature/texttiling-vocabulary-introd...</li>
<li><a
href="https://github.com/nltk/nltk/commit/c6574d755e02b6163d9cd1d0b407076940e08864"><code>c6574d7</code></a>
Merge pull request <a
href="https://redirect.github.com/nltk/nltk/issues/3289">#3289</a> from
ihitamandal/codeflash/optimize-windowdiff-2024-...</li>
<li><a
href="https://github.com/nltk/nltk/commit/98ff5d9eaa1a81511873b9aef857944519c28dc4"><code>98ff5d9</code></a>
Merge pull request <a
href="https://redirect.github.com/nltk/nltk/issues/3435">#3435</a> from
Hrudhai01/fix-3260-detokenize-quotes</li>
<li><a
href="https://github.com/nltk/nltk/commit/aec4fce1b84ad725b8975f7365b23a4f626572a9"><code>aec4fce</code></a>
Merge pull request <a
href="https://redirect.github.com/nltk/nltk/issues/3522">#3522</a> from
ekaf/pathsec</li>
<li><a
href="https://github.com/nltk/nltk/commit/eec4ee3591cb9cb8b8c2989f08012608c841d532"><code>eec4ee3</code></a>
Merge pull request <a
href="https://redirect.github.com/nltk/nltk/issues/3526">#3526</a> from
nltk/update-contributing</li>
<li>Additional commits viewable in <a
href="https://github.com/nltk/nltk/compare/3.9.3...3.9.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=nltk&package-manager=uv&previous-version=3.9.3&new-version=3.9.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain/network/alerts).

</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
D
dependabot[bot] committed
7ed0eb3a1726427ecb28a88793ead30d59491dd7
Parent: 90d015c
Committed by GitHub <[email protected]> on 3/26/2026, 2:41:22 AM