build: add supply chain hardening via uv exclude-newer and pip uploaded-prior-to#3258
build: add supply chain hardening via uv exclude-newer and pip uploaded-prior-to#3258julian-risch wants to merge 2 commits intomainfrom
Conversation
- Add uv.toml with exclude-newer = "24 hours" so all uv pip installs skip packages published within the last day - Add Dependabot cooldown (default-days: 1) for github-actions and pip - Upgrade pip before each pip install step and add --uploaded-prior-to=P1D (pip 26.1 relative duration) to all direct pip install commands in CI Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
github-actions
Bot
added
topic:CI
integration:chroma
integration:elasticsearch
integration:opensearch
integration:unstructured-fileconverter
integration:cohere
integration:jina
integration:qdrant
integration:pinecone
integration:amazon-bedrock
integration:ollama
integration:llama_cpp
integration:weaviate
integration:astra
integration:amazon-sagemaker
integration:supabase
integration:pgvector
integration:deepeval
integration:fastembed
integration:ragas
integration:mongodb-atlas
integration:mistral
integration:optimum
integration:nvidia
integration:anthropic
integration:langfuse
integration:snowflake
integration:azure-ai-search
integration:weave
Coverage report (unstructured)
This PR does not seem to contain any modification to coverable code. |
The previous pip entry pointed at '/' (root has no Python packages). Switch to directories: ["integrations/*"] so Dependabot actually scans all 62 integration pyproject.toml files in the monorepo. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Coverage report (qdrant)
This PR does not seem to contain any modification to coverable code. |
Coverage report (mongodb_atlas)
This PR does not seem to contain any modification to coverable code. |
Coverage report (meta_llama)
This PR does not seem to contain any modification to coverable code. |
Coverage report (togetherai)
This PR does not seem to contain any modification to coverable code. |
Coverage report (kreuzberg)
This PR does not seem to contain any modification to coverable code. |
Coverage report (pgvector)
This PR does not seem to contain any modification to coverable code. |
Coverage report (amazon_sagemaker)
This PR does not seem to contain any modification to coverable code. |
Coverage report (deepeval)
This PR does not seem to contain any modification to coverable code. |
Coverage report (stackit)
This PR does not seem to contain any modification to coverable code. |
Coverage report (snowflake)
This PR does not seem to contain any modification to coverable code. |
Coverage report (mcp)
This PR does not seem to contain any modification to coverable code. |
Coverage report (supabase)
This PR does not seem to contain any modification to coverable code. |
Coverage report (google_genai)
This PR does not seem to contain any modification to coverable code. |
Coverage report (valkey)
This PR does not seem to contain any modification to coverable code. |
Coverage report (oracle)
This PR does not seem to contain any modification to coverable code. |
Coverage report (opensearch)
This PR does not seem to contain any modification to coverable code. |
Coverage report (ragas)
This PR does not seem to contain any modification to coverable code. |
Coverage report (elasticsearch)
This PR does not seem to contain any modification to coverable code. |
Coverage report (paddleocr)
This PR does not seem to contain any modification to coverable code. |
Coverage report (libreoffice)
This PR does not seem to contain any modification to coverable code. |
Coverage report (ollama)
This PR does not seem to contain any modification to coverable code. |
Coverage report (hanlp)
This PR does not seem to contain any modification to coverable code. |
Coverage report (optimum)
This PR does not seem to contain any modification to coverable code. |
Coverage report (docling)
This PR does not seem to contain any modification to coverable code. |
Coverage report (chonkie)
This PR does not seem to contain any modification to coverable code. |
Coverage report (llama_cpp)
This PR does not seem to contain any modification to coverable code. |
Coverage report (vllm)
This PR does not seem to contain any modification to coverable code. |
Coverage report (unstructured)
This PR does not seem to contain any modification to coverable code. |
1 participant
Related Issues
Proposed Changes:
How did you test it?
Notes for the reviewer
Checklist
fix:,feat:,build:,chore:,ci:,docs:,style:,refactor:,perf:,test:.