ci(deps): bump astral-sh/setup-uv from 4 to 7#47
Merged
Conversation
Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 4 to 7. - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](astral-sh/setup-uv@v4...v7) --- updated-dependencies: - dependency-name: astral-sh/setup-uv dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Contributor
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
dependabot
Bot
deleted the
dependabot/github_actions/astral-sh/setup-uv-7
branch
isc-tdyar
added a commit
that referenced
this pull request
Feb 28, 2026
…apter, GraphRAGToolSet (#21) * fix: correct broken PyPI project URLs and README clone instructions - Update all 5 project.urls in pyproject.toml to point to correct repo: intersystems/rag-templates → intersystems-community/iris-vector-rag - Fix Documentation URL to use /tree/main/docs format - Fix README clone URL: iris-rag-templates → iris-vector-rag * Add disk-based LLM caching, automated connection hardening bypass, and unified evaluation framework * Enhance LLM caching, automate connection hardening, and implement unified evaluation framework * chore: bump version to 0.5.16 for PyPI release * ci: update deprecated GitHub Actions to latest versions - Update actions/upload-artifact v3 → v4 - Update actions/download-artifact v3 → v4 - Update github/codeql-action v2 → v3 Addresses GitHub security scan deprecation warnings. * ci: fix TDD compliance check for fork PRs - Add continue-on-error for PR comment step - Add try/catch to handle permission errors gracefully - Print results to console when commenting fails - Add workflow permissions declaration * security: fix Dependabot vulnerabilities in MCP server - Update @modelcontextprotocol/sdk 1.0.4 → 1.24.0 (HIGH: DNS rebinding) - Update transitive deps body-parser, js-yaml (prototype pollution, DoS) npm audit now reports 0 vulnerabilities. * ci: disable security scanning workflow for private repo Security scanning is overkill for private development repo. Community repo has its own security workflows. * ci: fix security workflow for community repo - Replace Poetry with uv for dependency management - Update CodeQL actions v3 → v4 - Add continue-on-error to prevent cascading failures - Fix TruffleHog config for scheduled runs - Make security policy check non-blocking - Add SECURITY.md with vulnerability disclosure process * ci: fix CI/CD workflows to use uv instead of Poetry - Replace Poetry with uv (astral-sh/setup-uv@v4) - Simplify CI pipeline, remove jobs requiring external services - Update Python versions to 3.10, 3.11, 3.12 - Add continue-on-error to prevent cascading failures - Update all GitHub Actions to latest versions (v4/v5) - Add SECURITY.md with vulnerability disclosure process * ci: remove complex workflows requiring missing infrastructure Remove workflows that depend on infrastructure not in the repo: - docker.yml - requires root Dockerfile and multi-stage targets - coverage.yml - requires Poetry and complex test setup - docs.yml - requires Poetry and documentation tooling - release.yml - requires Poetry and release infrastructure Keep simplified ci.yml, security.yml, and tdd-check.yml * fix: make OSSF Scorecard non-blocking, remove deprecated semgrep param * ci(deps): bump ossf/scorecard-action from 2.3.1 to 2.4.3 (#31) Bump ossf/scorecard-action from 2.3.1 to 2.4.3 for improved security scanning. * fix: remediate CI security scan failures and harden Dockerfiles (#17) * fix: remediate CI security scan failures and harden Dockerfiles * ci: update triggers to include master branch * ci: add current branch to triggers * docs: clarify infrastructure scan scope and task details * ci: disable CodeQL analysis due to repository settings --------- Co-authored-by: Thomas Dyar <thomas.dyar@intersystems.com> * deps-dev(deps-dev): bump gitpython from 3.1.43 to 3.1.46 (#46) Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.43 to 3.1.46. - [Release notes](https://github.com/gitpython-developers/GitPython/releases) - [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES) - [Commits](gitpython-developers/GitPython@3.1.43...3.1.46) --- updated-dependencies: - dependency-name: gitpython dependency-version: 3.1.46 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci(deps): bump actions/checkout from 4 to 6 (#50) Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci(deps): bump actions/download-artifact from 4 to 7 (#49) Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 7. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v4...v7) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci(deps): bump astral-sh/setup-uv from 4 to 7 (#47) Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 4 to 7. - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](astral-sh/setup-uv@v4...v7) --- updated-dependencies: - dependency-name: astral-sh/setup-uv dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci(deps): bump actions/upload-artifact from 4 to 6 (#48) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 6. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4...v6) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: update repository description and topics in pyproject.toml * chore: update repository description and topics in pyproject.toml (#19) Co-authored-by: Thomas Dyar <thomas.dyar@intersystems.com> * chore: update repository description and topics (#51) * fix: remediate CI security scan failures and harden Dockerfiles (#17) * fix: remediate CI security scan failures and harden Dockerfiles * ci: update triggers to include master branch * ci: add current branch to triggers * docs: clarify infrastructure scan scope and task details * ci: disable CodeQL analysis due to repository settings --------- Co-authored-by: Thomas Dyar <thomas.dyar@intersystems.com> * chore: update repository description and topics in pyproject.toml * chore: update repository description and topics in pyproject.toml (#19) Co-authored-by: Thomas Dyar <thomas.dyar@intersystems.com> --------- Co-authored-by: Thomas Dyar <thomas.dyar@intersystems.com> * fix: v0.5.4 critical bug fixes, idt cleanup integration, and repo-wide lint cleanup (#20) * fix: core v0.5.4 bug fixes — connection API, vector normalization, idt cleanup, embeddings fallback - Replace iris.connect() with supported connection APIs, add connection None guards - Add _normalize_vector_data() to prevent segfaults in IRIS native driver (float32, non-finite replacement) - Integrate iris-devtester SchemaResetter for e2e/fixture cleanup (replaces broken SET NAMESPACE) - Add stub fallback embedder when sentence-transformers import fails - Fix HybridGraphRAGPipeline.query() signature, similarity_score normalization - Add GraphRAG similarity_score in metadata, CRAG get_cloud_config - Add SchemaMismatch.issue property for contract tests - Pin sentence-transformers/transformers versions in pyproject.toml * test: add unit tests for connection API, schema detection/init, and integration helpers - test_connection_api.py: validates supported connection methods - test_schema_detection.py: validates schema mismatch detection - test_schema_initialization.py: validates automatic graph schema init - test_iris_llm_handler.py: MCP LLM handler tests - integration/helpers/timing.py: test timing utilities - fixtures/graphrag/test_run_service.py: GraphRAG fixture test runner * style: ruff lint cleanup across evaluation_framework, examples, scripts, contrib, docker, tools - Fix bare except clauses (replace with Exception) - Remove unused imports - Fix f-string syntax issues - Clean up import ordering - No functional changes * style: ruff lint cleanup across iris_vector_rag/ and tests/ - Fix bare except clauses, unused imports, f-string syntax - Clean up import ordering and remove redundant code - Fix undefined name references in test files - No functional changes * docs: add v0.5.4 changelog, specs, and development documentation - CHANGELOG.md: document all v0.5.4 fixes and improvements - specs/060-fix-users-tdyar: complete task list (T001-T029), plan, spec, contracts - docs/development: IDT RAG cleanup proposal, IRIS env guide - docs/api: schema manager API reference - docs/testing: v0.5.2 regression analysis - Update README, AGENTS.md, CLAUDE.md * chore: update .gitignore to exclude generated artifacts and stray modules - Ignore .opencode/, .mcp.json, .coveragerc, CODEX.md, TABNINE.md - Ignore stray top-level common/, iris_rag/, conftest.py - Ignore outputs/, and non-active feature spec dirs - Update .dockerignore * chore: lint fixes in pytest.ini and spec contract files (055, 058, 061) --------- Co-authored-by: Thomas Dyar <thomas.dyar@intersystems.com> * chore: bump version to 0.5.17 for PyPI release * fix: correct connection error handling and bump version to 0.5.18 - Ensure ConnectionError is raised when all connection attempts fail - Fix logic that was returning None instead of raising on failure - Bump version to 0.5.18 for PyPI release * spec: 065-iris-llm-substrate — iris_llm as IVR LLM substrate Documents architecture decisions, validation experiment results, and task breakdown for integrating iris_llm as the unified LLM provider in IVR pipelines (external + future embedded mode). Private branch only — do not merge to public until aicore/AI Hub architecture stabilizes. * feat(065): iris_llm as IVR LLM substrate — SqlExecutor protocol, IrisLLMDSPyAdapter, GraphRAGToolSet - Add SqlExecutor @runtime_checkable Protocol (executor.py) enabling executor injection into GraphRAGPipeline/HybridGraphRAGPipeline without hard DBAPI dependency - Add IrisLLMDSPyAdapter(dspy.BaseLM) in dspy_modules/iris_llm_lm.py wrapping the optional iris_llm wheel as a first-class DSPy LM provider - Add get_llm_func(provider='iris_llm') branch in common/utils.py with get_llm_func_for_embedded() fallback for no-API embedded deployments - Add iris_globals.py with gset/gget thin wrappers (graceful fallback when iris absent) - Add GraphRAGToolSet in tools/graphrag.py exposing search_entities, traverse_relationships, hybrid_search as @tool-decorated methods for agent use - Wire executor kwarg through HybridGraphRAGPipeline -> GraphRAGPipeline base - Add [iris_llm] optional extra to pyproject.toml - Add spec contracts, data model, plan, and tasks (all 44 tasks complete) - 33 unit tests + 3 skip-guarded integration tests; 37/37 graphrag e2e pass --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Thomas Dyar <thomas.dyar@intersystems.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps astral-sh/setup-uv from 4 to 7.
Release notes
Sourced from astral-sh/setup-uv's releases.
... (truncated)
Commits
681c641Bump actions/checkout from 5.0.0 to 6.0.1 (#712)2e85713Bump actions/setup-node from 6.0.0 to 6.1.0 (#715)58b6d7bfix: add OS version to cache key to prevent binary incompatibility (#716)e8b52afchore: update known checksums for 0.9.17 (#714)ed21f2fBump peter-evans/create-pull-request from 7.0.8 to 7.0.9 (#695)93202d8bump dependencies (#709)5ce0900set biome files.maxSize to 2MiB (#708)4180991allow cache-local-path w/o enable-cache (#707)0439606Bump github/codeql-action from 4.30.9 to 4.31.6 (#698)7dd56c1chore: update known checksums for 0.9.16 (#706)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)