From f96db9c0dd31edabe77d1755ad0b37ae4486a7d5 Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Wed, 1 Apr 2026 21:06:22 +0000
Subject: [PATCH 1/2] Add exclude-newer to uv config to pin package resolution
 date

Pins uv package resolution to 2026-03-25 to mitigate risk from
recent package supply chain attacks.

https://claude.ai/code/session_01LXQH3dzc39q98gtVZ4TJuc
---
 pyproject.toml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pyproject.toml b/pyproject.toml
index 7317ef78..2719712a 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -64,5 +64,8 @@ target-version = "py310"
 select = ["E", "F", "I", "N"]
 ignore = []
 
+[tool.uv]
+exclude-newer = "2026-03-25T00:00:00Z"
+
 [tool.ruff.mccabe]
 max-complexity = 10

From 152a3076f423ce28e19ec0b537f7210026241b68 Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Wed, 1 Apr 2026 21:08:24 +0000
Subject: [PATCH 2/2] Use relative duration for uv exclude-newer instead of
 hardcoded date

Changes "2026-03-25T00:00:00Z" to "7d" so it always resolves to
7 days ago from the current time.

https://claude.ai/code/session_01LXQH3dzc39q98gtVZ4TJuc
---
 pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index 2719712a..bc3c08a7 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -65,7 +65,7 @@ select = ["E", "F", "I", "N"]
 ignore = []
 
 [tool.uv]
-exclude-newer = "2026-03-25T00:00:00Z"
+exclude-newer = "7d"
 
 [tool.ruff.mccabe]
 max-complexity = 10