chore: refresh uv lockfile

[nabinchha]

📋 Summary

Refreshes uv.lock after running uv sync from the latest main. This records the direct numpy dependency for data-designer-engine in the lockfile metadata.

🔗 Related Issue

N/A

🔄 Changes

• Updated uv.lock with the resolved numpy entries required by packages/data-designer-engine/pyproject.toml.

🧪 Testing

• uv sync
• uv lock --check
• git diff --check
• make test passes — not run; lockfile-only change
• Unit tests added/updated — N/A; no code changes
• E2E tests added/updated — N/A

✅ Checklist

• Follows commit message conventions
• Commits are signed off (DCO)
• Architecture docs updated — N/A; lockfile-only change

[github-actions]

Review: PR #692 — chore: refresh uv lockfile

Summary

This PR refreshes uv.lock to record numpy as a direct dependency of data-designer-engine, following PR #676 which added the numpy>=1.23.5,<3 specifier to packages/data-designer-engine/pyproject.toml (line 52). The change adds three lines: two numpy entries pinned by Python version (2.2.6 for <3.11, 2.4.3 for >=3.11) and the matching requires-dist entry. The diff is self-consistent with the upstream pyproject specifier.

Findings

Correctness

• Specifier matches source of truth. The requires-dist entry >=1.23.5,<3 is identical to the spec in packages/data-designer-engine/pyproject.toml:52. ✅
• Python-version-gated resolutions are coherent. numpy 2.2.6 for python<3.11 and numpy 2.4.3 for python>=3.11 are both released versions and consistent with the <3 upper bound.
• Lockfile-only change. No source code, no tests, no public API surface impacted. Existing test suites should continue to pass; the lockfile reflects what uv sync would already produce on a fresh checkout from main.

Project conventions

• Conventional commit prefix chore: is appropriate for a lockfile refresh.
• DCO sign-off present.
• PR scope is minimal and atomic — exactly the kind of mechanical change that should land as its own PR.

Risks / observations

• PR HEAD SHA (a316044e) matches the current main HEAD. gh pr view reports state: OPEN, mergedAt: null, but git log shows the same commit already on main as the most recent commit (a316044e chore: refresh uv lockfile). The PR appears effectively no-op against main now and can likely be closed. Worth verifying whether this was landed via a direct push or a squash that lost the PR association — either way no review action is needed on the diff itself.
• No test, security, or performance implications: this is metadata for the resolver only.

Suggestions

• None for the diff. If the PR is indeed already-applied to main, close it rather than merging.

Verdict

LGTM (lockfile-only). The change is correct, minimal, and consistent with the engine's declared numpy dependency. The only follow-up is administrative: confirm the PR's relationship to the already-merged commit on main and close if redundant.