LCORE-1441: Updated Konflux dependencies

[tisnik]

Description

LCORE-1441: Updated Konflux dependencies

Type of change

• Refactor
• New feature
• Bug fix
• CVE fix
• Optimization
• Documentation Update
• Configuration Update
• Bump-up service version
• Bump-up dependent library
• Bump-up library or tool used for development (does not change the final image)
• CI configuration change
• Konflux configuration change
• Unit tests improvement
• Integration tests improvement
• End to end tests improvement
• Benchmarks improvement

Tools used to create PR

• Assisted-by: N/A
• Generated by: N/A

Related Tickets & Documents

• Related Issue #LCORE-1441

Summary by CodeRabbit

• Chores
  • Updated uvicorn dependency to version 0.44.0
  • Updated python-multipart dependency to version 0.0.24
  • Updated build pipeline configurations

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 433d1db3-02b3-4a48-aff4-b9e71590cd33

📥 Commits

Reviewing files that changed from the base of the PR and between 4961334 and 5704d1c.

📒 Files selected for processing (5)

• .tekton/lightspeed-stack-pull-request.yaml
• .tekton/lightspeed-stack-push.yaml
• requirements-build.txt
• requirements.hashes.source.txt
• requirements.hashes.wheel.txt

💤 Files with no reviewable changes (1)

• requirements.hashes.wheel.txt

📜 Recent review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: build-pr
• GitHub Check: Konflux kflux-prd-rh02 / lightspeed-stack-on-pull-request
• GitHub Check: E2E Tests for Lightspeed Evaluation job
• GitHub Check: E2E: library mode / ci
• GitHub Check: E2E: server mode / ci

🔇 Additional comments (5)

requirements.hashes.source.txt (2)

883-885: Hash-pinned python-multipart upgrade looks correct.

Line 883 updates to python-multipart==0.0.24 and Lines 884-885 include matching SHA256 pins, preserving reproducibility.

---

1042-1044: uvicorn pin refresh is clean and consistent.

Line 1042 bumps to uvicorn==0.44.0 with refreshed hashes on Lines 1043-1044, which matches lockfile expectations.

requirements-build.txt (1)

57-57: Build dependency provenance annotation is consistent.

Line 57 adds python-multipart to the hatchling “via” list, aligning this autogenerated file with the updated dependency graph.

.tekton/lightspeed-stack-push.yaml (1)

53-53: Push pipeline prefetch update is coherent.

Line 53 cleanly removes python-multipart from binary.packages while leaving the rest of the prefetch contract intact.

.tekton/lightspeed-stack-pull-request.yaml (1)

61-61: PR pipeline prefetch list stays aligned with push pipeline.

Line 61 applies the same binary.packages update, which helps avoid pipeline drift across PR vs push builds.

---

Walkthrough

The changes remove python-multipart from Tekton pipeline prefetch inputs in two pipeline configuration files, update the pinned python-multipart version in source requirements (from 0.0.22 to 0.0.24) with new SHA256 hashes, and remove the older wheel version. Additionally, uvicorn is updated from 0.43.0 to 0.44.0 with corresponding hash updates.

Changes

Cohort / File(s)	Summary
Tekton Pipeline Configuration .tekton/lightspeed-stack-pull-request.yaml, .tekton/lightspeed-stack-push.yaml	Removed python-multipart from the prefetch-input → pip → binary.packages comma-separated dependency list in both pipeline definitions.
Dependency Hash Files requirements.hashes.source.txt	Added python-multipart==0.0.24 with SHA256 hashes; updated uvicorn from 0.43.0 to 0.44.0 with new hashes.
Dependency Hash Files requirements.hashes.wheel.txt	Removed outdated python-multipart==0.0.22 wheel entry with its SHA256 hash.
Build Requirements requirements-build.txt	Added comment documentation indicating python-multipart as a transitive dependency via hatchling==1.29.0.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• LCORE-1069: Updated Konflux dependencies #1379: Modifies the same Tekton pip prefetch configuration field while updating pinned packages and their corresponding SHA256 hashes in requirements files.
• LCORE-1326: Updated Konflux dependencies #1296: Changes the same Tekton pipeline fields by removing package entries from the prefetch-input → pip → binary.packages list.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the primary change: updating Konflux dependencies across multiple configuration and requirement files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

✨ Simplify code

• Create PR with simplified code

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}