diff --git a/.github/workflows/autofix-versions.env b/.github/workflows/autofix-versions.env index 9be76e15e..69393f917 100644 --- a/.github/workflows/autofix-versions.env +++ b/.github/workflows/autofix-versions.env @@ -5,7 +5,7 @@ # Runtime dependencies (PyYAML, Pydantic, Hypothesis) should be managed via Dependabot # in each consumer repo's pyproject.toml directly, NOT synced from this file. BLACK_VERSION=25.12.0 -RUFF_VERSION=0.14.11 +RUFF_VERSION=0.14.12 ISORT_VERSION=7.0.0 DOCFORMATTER_VERSION=1.7.7 MYPY_VERSION=1.19.1 diff --git a/.github/workflows/maint-51-dependency-refresh.yml b/.github/workflows/maint-51-dependency-refresh.yml index e4223e912..e1fa7ed53 100644 --- a/.github/workflows/maint-51-dependency-refresh.yml +++ b/.github/workflows/maint-51-dependency-refresh.yml @@ -52,7 +52,7 @@ jobs: - name: Refresh requirements.lock run: | set -euo pipefail - uv pip compile --upgrade pyproject.toml --extra dev -o requirements.lock + uv pip compile --upgrade pyproject.toml --extra dev --extra langchain -o requirements.lock - name: Verify lockfile aligns with current compile env: @@ -74,7 +74,7 @@ jobs: if re.match(r'^#.*autogenerated.*by.*', stripped, re.IGNORECASE): continue if re.match(r'^#\s*uv pip compile.*', stripped): - lines.append('# uv pip compile pyproject.toml --extra dev -o requirements.lock') + lines.append('# uv pip compile pyproject.toml --extra dev --extra langchain -o requirements.lock') continue if re.search(r'\d{4}-\d{2}-\d{2}', stripped) or re.search(r'\d{2}:\d{2}', stripped): continue @@ -90,7 +90,7 @@ jobs: return '\n'.join(lines) + ('\n' if lines else '') compiled_proc = subprocess.run( - ['uv', 'pip', 'compile', 'pyproject.toml', '--extra', 'dev'], + ['uv', 'pip', 'compile', 'pyproject.toml', '--extra', 'dev', '--extra', 'langchain'], check=True, capture_output=True, text=True, diff --git a/DEPENDENCY_TESTING.md b/DEPENDENCY_TESTING.md index f67da9f78..40ebc9651 100644 --- a/DEPENDENCY_TESTING.md +++ b/DEPENDENCY_TESTING.md @@ -14,19 +14,15 @@ When dependabot updates dependencies in `pyproject.toml`, it can cause cascading ### 1. Complete Lock File Generation The `requirements.lock` file **must** include ALL optional dependency groups: -- `app` - Application dependencies (Streamlit, FastAPI) -- `llm` - LLM/AI dependencies (langchain, openai) -- `notebooks` - Jupyter notebook dependencies - `dev` - Development tools (black, mypy, pytest) +- `langchain` - LangChain integration for LLM-enhanced task analysis -**Workflow**: `.github/workflows/dependabot-auto-lock.yml` automatically regenerates the lock file when dependabot updates `pyproject.toml`: +**Workflow**: `.github/workflows/maint-51-dependency-refresh.yml` automatically regenerates the lock file when dependencies need updating: ```yaml uv pip compile pyproject.toml \ - --extra app \ - --extra llm \ - --extra notebooks \ --extra dev \ + --extra langchain \ --universal \ --output-file requirements.lock ``` diff --git a/pyproject.toml b/pyproject.toml index be7eae69d..2be879d6c 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -30,7 +30,7 @@ Issues = "https://github.com/stranske/Workflows/issues" dev = [ "pre-commit==4.5.1", "black==25.12.0", - "ruff==0.14.11", + "ruff==0.14.12", "isort==7.0.0", "docformatter==1.7.7", "mypy==1.19.1", diff --git a/requirements.lock b/requirements.lock index 862dab950..25d3e8a3a 100644 --- a/requirements.lock +++ b/requirements.lock @@ -1,5 +1,5 @@ # This file was autogenerated by uv via the following command: -# uv pip compile pyproject.toml --extra dev --extra langchain --universal --output-file requirements.lock +# uv pip compile pyproject.toml --extra dev --extra langchain -o requirements.lock aiohappyeyeballs==2.6.1 # via aiohttp aiohttp==3.13.3 @@ -8,7 +8,7 @@ aiosignal==1.4.0 # via aiohttp annotated-types==0.7.0 # via pydantic -anyio==4.12.0 +anyio==4.12.1 # via # httpx # openai @@ -32,11 +32,6 @@ charset-normalizer==3.4.4 # requests click==8.3.1 # via black -colorama==0.4.6 ; sys_platform == 'win32' - # via - # click - # pytest - # tqdm coverage==7.13.1 # via # workflows (pyproject.toml) @@ -53,7 +48,7 @@ execnet==2.1.2 # via pytest-xdist faiss-cpu==1.13.2 # via workflows (pyproject.toml) -filelock==3.20.2 +filelock==3.20.3 # via virtualenv flake8==7.3.0 # via workflows (pyproject.toml) @@ -61,7 +56,7 @@ frozenlist==1.8.0 # via # aiohttp # aiosignal -greenlet==3.3.0 ; platform_machine == 'AMD64' or platform_machine == 'WIN32' or platform_machine == 'aarch64' or platform_machine == 'amd64' or platform_machine == 'ppc64le' or platform_machine == 'win32' or platform_machine == 'x86_64' +greenlet==3.3.0 # via sqlalchemy h11==0.16.0 # via httpcore @@ -74,9 +69,9 @@ httpx==0.28.1 # openai httpx-sse==0.4.3 # via langchain-community -hypothesis==6.149.0 +hypothesis==6.150.2 # via workflows (pyproject.toml) -identify==2.6.15 +identify==2.6.16 # via pre-commit idna==3.11 # via @@ -94,17 +89,17 @@ jsonpatch==1.33 # via langchain-core jsonpointer==3.0.0 # via jsonpatch -jsonschema==4.25.1 +jsonschema==4.26.0 # via workflows (pyproject.toml) jsonschema-specifications==2025.9.1 # via jsonschema -langchain==1.2.0 +langchain==1.2.4 # via workflows (pyproject.toml) langchain-classic==1.0.1 # via langchain-community langchain-community==0.4.1 # via workflows (pyproject.toml) -langchain-core==1.2.6 +langchain-core==1.2.7 # via # workflows (pyproject.toml) # langchain @@ -115,26 +110,26 @@ langchain-core==1.2.6 # langgraph # langgraph-checkpoint # langgraph-prebuilt -langchain-openai==1.1.6 +langchain-openai==1.1.7 # via workflows (pyproject.toml) langchain-text-splitters==1.1.0 # via langchain-classic -langgraph==1.0.5 +langgraph==1.0.6 # via langchain -langgraph-checkpoint==3.0.1 +langgraph-checkpoint==4.0.0 # via # langgraph # langgraph-prebuilt -langgraph-prebuilt==1.0.5 +langgraph-prebuilt==1.0.6 # via langgraph -langgraph-sdk==0.3.1 +langgraph-sdk==0.3.3 # via langgraph -langsmith==0.6.0 +langsmith==0.6.3 # via # langchain-classic # langchain-community # langchain-core -librt==0.7.7 ; platform_python_implementation != 'PyPy' +librt==0.7.8 # via mypy marshmallow==3.26.2 # via dataclasses-json @@ -153,13 +148,13 @@ mypy-extensions==1.1.0 # typing-inspect nodeenv==1.10.0 # via pre-commit -numpy==2.4.0 +numpy==2.4.1 # via # workflows (pyproject.toml) # faiss-cpu # langchain-community # pandas -openai==2.14.0 +openai==2.15.0 # via langchain-openai orjson==3.11.5 # via @@ -177,7 +172,7 @@ packaging==25.0 # pytest pandas==2.3.3 # via workflows (pyproject.toml) -pathspec==0.12.1 +pathspec==1.0.3 # via # black # mypy @@ -243,7 +238,7 @@ referencing==0.37.0 # via # jsonschema # jsonschema-specifications -regex==2025.11.3 +regex==2026.1.15 # via tiktoken requests==2.32.5 # via @@ -259,7 +254,7 @@ rpds-py==0.30.0 # via # jsonschema # referencing -ruff==0.14.11 +ruff==0.14.12 # via workflows (pyproject.toml) six==1.17.0 # via python-dateutil @@ -277,9 +272,7 @@ tenacity==9.1.2 # langchain-core tiktoken==0.12.0 # via langchain-openai -tomli==2.3.0 ; python_full_version <= '3.11' - # via coverage -tomlkit==0.13.3 +tomlkit==0.14.0 # via workflows (pyproject.toml) tqdm==4.67.1 # via openai @@ -306,13 +299,13 @@ tzdata==2025.3 # via pandas untokenize==0.1.1 # via docformatter -urllib3==2.6.2 +urllib3==2.6.3 # via requests -uuid-utils==0.12.0 +uuid-utils==0.13.0 # via # langchain-core # langsmith -virtualenv==20.35.4 +virtualenv==20.36.1 # via pre-commit xxhash==3.6.0 # via langgraph diff --git a/templates/dependency-refresh.yml b/templates/dependency-refresh.yml index bbbe41373..c95df38a5 100644 --- a/templates/dependency-refresh.yml +++ b/templates/dependency-refresh.yml @@ -56,6 +56,7 @@ jobs: --upgrade \ pyproject.toml \ --extra dev \ + --extra langchain \ -o requirements.lock - name: Check for changes