Skip to content

Bump nemoguardrails from 0.9.1.1 to 0.18.0 #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump nemoguardrails from 0.9.1.1 to 0.18.0 #6

wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Nov 7, 2025

Bumps nemoguardrails from 0.9.1.1 to 0.18.0.

Release notes

Sourced from nemoguardrails's releases.

v0.18.0

What's Changed

This release introduces BotThinking events, allowing you to apply guardrails to an LLM's reasoning traces. We added support for embedding providers: Azure OpenAI, Cohere, and Google. We also added an integration with Cisco AI Defense. For performance, in-memory caching can be used for Nemoguard content-safety, topic-control, and jailbreak models to reduce latency. Other additions include automatic provider inference for LangChain LLMs and custom HTTP header support for ChatNVIDIA.

Reasoning trace extraction is refactored to use LangChain's additional_kwargs. Traces are no longer prepended to the bot's message but are now in a separate reasoning field. Please update any custom parsing logic. Additionally, stream_async will now correctly raise an error if output rail streaming is disabled.

We've fixed several stability bugs, especially for parallel execution. This includes ensuring the stop flag is now correctly set for policy violations and exceptions in parallel mode. We also added config validation at creation time for content-safety and topic-control rails. A fallback for legacy <think> tag extraction and a capitalization fix for Snowflake are also included.

We removed support for Python 3.9, ahead of its EOL in October 2025. We invested in code quality by adding type-annotations and pre-commit checks across a majority of the codebase.

🚀 Features

  • (bot-thinking) Implement BotThinking events to process reasoning traces in Guardrails (#1431), (#1432), (#1434).
  • (embeddings) Add Azure OpenAI embedding provider (#702).
  • (embeddings) Add Cohere embedding integration (#1305).
  • (embeddings) Add Google embedding integration (#1304).
  • (library) Add Cisco AI Defense integration (#1433).
  • (cache) Add in-memory LFU caches for content-safety, topic-control, and jailbreak detection models (#1436), (#1456), (#1457), (#1458).
  • (llm) Add automatic provider inference for LangChain LLMs (#1460).
  • (llm) Add custom HTTP headers support to ChatNVIDIA provider (#1461).

🐛 Bug Fixes

  • (config) Validate content safety and topic control configs at creation time (#1450).
  • (jailbreak) Capitalization of Snowflake in use of snowflake-arctic-embed-m-long name. (#1464).
  • (runtime) Ensure stop flag is set for policy violations in parallel rails (#1467).
  • (llm) [breaking] Extract reasoning traces to separate field instead of prepending (#1468).
  • (streaming) [breaking] Raise error when stream_async used with disabled output rails streaming (#1470).
  • (llm) Add fallback extraction for reasoning traces from tags (#1474).
  • (runtime) Set stop flag for exception-based rails in parallel mode (#1487).

🚜 Refactor

  • [breaking] Replace reasoning trace extraction with LangChain additional_kwargs (#1427)

📚 Documentation

  • (examples) Add Nemoguard in-memory cache configuration example (#1459), (#1480).
  • Add guide for bot reasoning guardrails (#1479).
  • Update LLM reasoning traces configuration (#1483).

🧪 Testing

  • Add mock embedding provider tests (#1446)
  • (cli) Add comprehensive CLI test suite and reorganize files (#1339)
  • Skip FastEmbed tests when not in live mode (#1462)
  • Fix flaky stats logging interval timing test (#1463)
  • Restore test that was skipped due to Colang 2.0 serialization issue (#1449)

... (truncated)

Changelog

Sourced from nemoguardrails's changelog.

[0.18.0] - 2025-11-06

🚀 Features

  • (bot-thinking) Implement BotThinking events to process reasoning traces in Guardrails (#1431), (#1432), (#1434).
  • (embeddings) Add Azure OpenAI embedding provider (#702).
  • (embeddings) Add Cohere embedding integration (#1305).
  • (embeddings) Add Google embedding integration (#1304).
  • (library) Add Cisco AI Defense integration (#1433).
  • (cache) Add in-memory LFU caches for content-safety, topic-control, and jailbreak detection models (#1436), (#1456), (#1457), (#1458).
  • (llm) Add automatic provider inference for LangChain LLMs (#1460).
  • (llm) Add custom HTTP headers support to ChatNVIDIA provider (#1461).

🐛 Bug Fixes

  • (config) Validate content safety and topic control configs at creation time (#1450).
  • (jailbreak) Capitalization of Snowflake in use of snowflake-arctic-embed-m-long name. (#1464).
  • (runtime) Ensure stop flag is set for policy violations in parallel rails (#1467).
  • (llm) [breaking] Extract reasoning traces to separate field instead of prepending (#1468).
  • (streaming) [breaking] Raise error when stream_async used with disabled output rails streaming (#1470).
  • (llm) Add fallback extraction for reasoning traces from tags (#1474).
  • (runtime) Set stop flag for exception-based rails in parallel mode (#1487).

🚜 Refactor

  • [breaking] Replace reasoning trace extraction with LangChain additional_kwargs (#1427)

📚 Documentation

  • (examples) Add Nemoguard in-memory cache configuration example (#1459), (#1480).
  • Add guide for bot reasoning guardrails (#1479).
  • Update LLM reasoning traces configuration (#1483).

🧪 Testing

  • Add mock embedding provider tests (#1446)
  • (cli) Add comprehensive CLI test suite and reorganize files (#1339)
  • Skip FastEmbed tests when not in live mode (#1462)
  • Fix flaky stats logging interval timing test (#1463)
  • Restore test that was skipped due to Colang 2.0 serialization issue (#1449)

⚙️ Miscellaneous Tasks

  • Resolve PyPI publish workflow trigger and reliability issues (#1443)
  • Fix sparse checkout for publish pypi workflow (#1444)
  • Drop Python 3.9 support ahead of October 2025 EOL (#1426)
  • (types) Add type-annotations and pre-commit checks for tracing (#1388), logging (#1395), kb (#1385), cli (#1380), embeddings (#1383), server (#1397), and llm (#1394) code.
  • Update insert licenser pe-commit-hooks to use current year (#1452).
  • (library) Remove unused vllm requirements.txt files (#1466).

... (truncated)

Commits
  • afb1bf0 chore: prepare for release v0.18.0 (#1491)
  • 1a27839 Update starlette version >= 0.49.1 to fix vulnerability (#1495)
  • b3b6237 docs: Add nemotron safety guard (#1494)
  • dda9521 docs: prepare 0.18 doc release (#1493)
  • b5b7579 docs: update LLM reasoning traces config guidance (#1483)
  • 01ab146 fix(runtime): set stop flag for exception-based rails in parallel mode (#1487)
  • 121fc8f docs(cache): Documentation on in-memory caching (#1480)
  • d380fe1 docs: add guide for bot reasoning guardrails (#1479)
  • 28826ec docs(examples): add nemoguards cache configuration example (#1459)
  • 6676990 feat(benchmark): Create mock LLM server for use in benchmarks (#1403)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump nemoguardrails from 0.9.1.1 to 0.18.0
ad2574e 
Bumps [nemoguardrails](https://github.com/NVIDIA/NeMo-Guardrails) from 0.9.1.1 to 0.18.0.
- [Release notes](https://github.com/NVIDIA/NeMo-Guardrails/releases)
- [Changelog](https://github.com/NVIDIA-NeMo/Guardrails/blob/develop/CHANGELOG.md)
- [Commits](NVIDIA-NeMo/Guardrails@v0.9.1.1...v0.18.0)

---
updated-dependencies:
- dependency-name: nemoguardrails
  dependency-version: 0.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Nov 7, 2025
@dependabot dependabot bot mentioned this pull request Nov 7, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant