Skip to content

Bump mem0ai from 2.0.2 to 2.0.12#13

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/mem0ai-2.0.12
Open

Bump mem0ai from 2.0.2 to 2.0.12#13
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/mem0ai-2.0.12

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 15, 2026

Copy link
Copy Markdown

Bumps mem0ai from 2.0.2 to 2.0.12.

Release notes

Sourced from mem0ai's releases.

Mem0 Python SDK (v2.0.12)

New Features:

  • Memory (OSS): Accept text in Memory.update() and AsyncMemory.update(). data still works but is now deprecated, so prefer text in new code (#6044)

Bug Fixes:

  • Core: Coerce non-string entity IDs (user_id, agent_id, run_id) instead of crashing on .strip(), so passing an integer ID no longer raises AttributeError (#6206)
  • Core: Stop requiring langchain-core for the default async procedural memory path. The optional dependency is now only imported when you pass a custom LangChain LLM, matching the sync behavior (#6209)
  • Client: Encode dynamic URL path segments so IDs containing special characters no longer produce malformed requests (#5963)
  • LLMs: Skip temperature and top_p for newer Anthropic models that reject sampling parameters. Detection is automatic per model family and version, and the new enable_sampling_parameters config flag overrides it (#6211)
  • Vector Stores: Stop writing internal OutputData model fields as properties on Weaviate update() (#6149)
  • Vector Stores: Improve wildcard search handling in Milvus (#6187)
  • Vector Stores: Keep env-resolved Upstash Vector credentials after config validation. An env-var-only config previously passed validation and then failed to build (#5811)
  • Vector Stores: Restore the previous payload when a Neptune Analytics vector upsert fails inside update(), so a partial write can no longer leave the payload and embedding out of sync (#5824)

Changes:

  • LLMs: The Together default model is now MiniMaxAI/MiniMax-M3 (was mistralai/Mixtral-8x7B-Instruct-v0.1) (#6049)
  • LLMs: The xAI default model is now grok-4.3 (was grok-2-latest) (#6115)
  • Embeddings: The Together default embedding model is now intfloat/multilingual-e5-large-instruct at 1024 dimensions (was togethercomputer/m2-bert-80M-8k-retrieval at 768). If you use the Together embedder without pinning model, existing vectors were written at the old dimension: either re-embed them, or pin model and embedding_dims to the old values (#5989)
  • Rerankers: The Cohere default rerank model is now rerank-v3.5 (was rerank-english-v3.0) (#6055)

Security:

  • Vector Stores: Fix SQL and Cypher injection vulnerabilities in the PGVector, Azure MySQL, and Neptune providers (#4878)
  • Vector Stores: Validate Elasticsearch filter keys and values to prevent term query injection (#5980)
  • Dependencies: Require transformers>=5.3.0 to remediate GHSA-29pf-2h5f-8g72 (CVE-2026-4372) (#6110)

Mem0 Python SDK (v2.0.11)

Bug Fixes:

  • Embeddings: Guard against an embed_batch count mismatch in the OpenAI and Azure OpenAI embedders (#5966)
  • Memory: Re-raise LLM extraction failures instead of silently returning [] (#5878)
  • Vector Stores: Normalize vectors for the cosine distance strategy in FAISS (#5960)

Security:

  • Vector Stores: Validate OpenSearch filter values to prevent term query injection (#5986)
  • Vector Stores: Validate value types and escape quotes in Azure AI Search OData filters (#5983)
  • Vector Stores: Validate Databricks catalog/schema/table identifiers to prevent SQL injection (#5988)
  • Graph: Escape Neptune filter values in openCypher queries to prevent injection (#5982)

Mem0 Python SDK (v2.0.10)

New Features:

  • Client: Expose expiration_date on MemoryClient.update() and AsyncMemoryClient.update() — callers can now set or clear a memory's expiration date; None is preserved and forwarded to the API (#5874)

Bug Fixes:

  • Memory (OSS): Apply remove_code_blocks() to the LangChain path in async _create_procedural_memory so code fences are stripped consistently (#5711)
  • Rerankers: Score HuggingFace cross-encoder results with per-document sigmoid instead of set-relative min-max, preventing a single low-score document from collapsing all relevance scores to zero (#5715)
  • Core: Validate and trim entity IDs (user_id, agent_id, run_id) in delete_all() for both sync and async Memory (#5735)
  • Vector Stores: Use .get() for hash and created_at in the Redis insert() and update() paths so entity payloads that omit those fields no longer raise KeyError (#5709)
  • Memory: Fix scale-threshold notices not firing for Redis and search-engine backends by resolving col_info() signature differences and adding num_docs to the count-extraction lookup (#5687)

... (truncated)

Commits
  • 42cf18c chore: update changelog, bump SDK versions to Python 2.0.12 and TypeScript 3....
  • d89793b refactor(ts-sdk): lazy-load optional provider SDKs so importing mem0ai/oss ne...
  • 1783674 feat(vector-stores): add Databricks provider to TypeScript OSS SDK (#5824)
  • c9af559 fix(anthropic): Remove sampling parameters when using new model. (#6211)
  • f69f8dc fix(weaviate): don't write OutputData model fields as properties on update (#...
  • 28e4d81 fix(ts-sdk): re-raise LLM extraction transport failures instead of returning ...
  • 1d383c4 fix(vector-stores): improve milvus wildcard search (#6187)
  • 8488abe docs: correct custom categories, per-call custom_categories is supported (#6218)
  • 49863e9 docs: add a dedicated Memory Expiration page (#6194)
  • 770ce97 fix(core): coerce non-string entity ids instead of crashing on .strip() (#6206)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [mem0ai](https://github.com/mem0ai/mem0) from 2.0.2 to 2.0.12.
- [Release notes](https://github.com/mem0ai/mem0/releases)
- [Commits](mem0ai/mem0@v2.0.2...v2.0.12)

---
updated-dependencies:
- dependency-name: mem0ai
  dependency-version: 2.0.12
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jul 15, 2026
@dependabot
dependabot Bot requested a review from JackCGardner as a code owner July 15, 2026 03:54
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jul 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants