From cf0dcc39098be37ef94d0dc2a921f1ed39a8144e Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Wed, 1 Apr 2026 21:06:20 +0000
Subject: [PATCH 1/2] Add exclude-newer to uv config to pin package resolution
 date

Pins uv package resolution to 2026-03-25 to mitigate risk from
recent package supply chain attacks.

https://claude.ai/code/session_01LXQH3dzc39q98gtVZ4TJuc
---
 pyproject.toml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pyproject.toml b/pyproject.toml
index 5f27fb3..db4646d 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -54,3 +54,4 @@ exclude = [".claude/worktrees"]
 [tool.uv]
 # Pre-release needed for og-test-v2-x402==0.0.11.dev5
 prerelease = "allow"
+exclude-newer = "2026-03-25T00:00:00Z"

From 2e25641f51765f182e4f3f44e63a7c89f31c7481 Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Wed, 1 Apr 2026 21:08:23 +0000
Subject: [PATCH 2/2] Use relative duration for uv exclude-newer instead of
 hardcoded date

Changes "2026-03-25T00:00:00Z" to "7d" so it always resolves to
7 days ago from the current time.

https://claude.ai/code/session_01LXQH3dzc39q98gtVZ4TJuc
---
 pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index db4646d..0ac24a1 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -54,4 +54,4 @@ exclude = [".claude/worktrees"]
 [tool.uv]
 # Pre-release needed for og-test-v2-x402==0.0.11.dev5
 prerelease = "allow"
-exclude-newer = "2026-03-25T00:00:00Z"
+exclude-newer = "7d"