Skip to content

chore: remove unsupported setup-uv input#545

Merged
marandaneto merged 1 commit intomainfrom
chore/remove-setup-uv-pyproject-file
Apr 30, 2026
Merged

chore: remove unsupported setup-uv input#545
marandaneto merged 1 commit intomainfrom
chore/remove-setup-uv-pyproject-file

Conversation

@marandaneto
Copy link
Copy Markdown
Member

@marandaneto marandaneto commented Apr 30, 2026

💡 Motivation and Context

astral-sh/setup-uv@v8 no longer supports the pyproject-file input, which causes GitHub Actions to warn about an unexpected input in CI, reference generation, and release workflows.

This removes the unsupported input from all setup-uv steps. Root pyproject.toml discovery and default cache dependency handling are already covered by setup-uv itself.

💚 How did you test it?

  • Verified no workflow references to pyproject-file remain with rg -n "pyproject-file" .github/workflows.

📝 Checklist

  • I reviewed the submitted code.
  • I added tests to verify the changes.
  • I updated the docs if needed.
  • No breaking change or entry added to the changelog.

If releasing new changes

  • Ran sampo add to generate a changeset file
  • Added the release label to the PR

@marandaneto marandaneto requested a review from a team as a code owner April 30, 2026 09:12
@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps Bot commented Apr 30, 2026

Reviews (1): Last reviewed commit: "chore: remove unsupported setup-uv input" | Re-trigger Greptile

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 30, 2026

posthog-python Compliance Report

Date: 2026-04-30 09:15:17 UTC
Duration: 160004ms

✅ All Tests Passed!

30/30 tests passed

Capture Tests

29/29 tests passed

View Details
Test Status Duration
Format Validation.Event Has Required Fields 518ms
Format Validation.Event Has Uuid 1507ms
Format Validation.Event Has Lib Properties 1507ms
Format Validation.Distinct Id Is String 1508ms
Format Validation.Token Is Present 1507ms
Format Validation.Custom Properties Preserved 1507ms
Format Validation.Event Has Timestamp 1507ms
Retry Behavior.Retries On 503 9519ms
Retry Behavior.Does Not Retry On 400 3506ms
Retry Behavior.Does Not Retry On 401 3508ms
Retry Behavior.Respects Retry After Header 9510ms
Retry Behavior.Implements Backoff 23535ms
Retry Behavior.Retries On 500 7505ms
Retry Behavior.Retries On 502 7513ms
Retry Behavior.Retries On 504 7512ms
Retry Behavior.Max Retries Respected 23530ms
Deduplication.Generates Unique Uuids 1496ms
Deduplication.Preserves Uuid On Retry 7516ms
Deduplication.Preserves Uuid And Timestamp On Retry 14521ms
Deduplication.Preserves Uuid And Timestamp On Batch Retry 7510ms
Deduplication.No Duplicate Events In Batch 1504ms
Deduplication.Different Events Have Different Uuids 1507ms
Compression.Sends Gzip When Enabled 1507ms
Batch Format.Uses Proper Batch Structure 1507ms
Batch Format.Flush With No Events Sends Nothing 1005ms
Batch Format.Multiple Events Batched Together 1505ms
Error Handling.Does Not Retry On 403 3509ms
Error Handling.Does Not Retry On 413 3509ms
Error Handling.Retries On 408 7514ms

Feature_Flags Tests

1/1 tests passed

View Details
Test Status Duration
Request Payload.Request With Person Properties Device Id 515ms

@marandaneto marandaneto enabled auto-merge (squash) April 30, 2026 09:19
@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 30, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedautogen-ext@​0.7.597100100100100
Addedboto3@​1.42.7599100100100100
Addedboto3@​1.42.7699100100100100
Addedautogen-agentchat@​0.7.5100100100100100

View full report

@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 30, 2026

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
High CVE: AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb

CVE: GHSA-6mq8-rvhq-8wgg AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb (HIGH)

Affected versions: < 3.13.3

Patched version: 3.13.3

From: ?pypi/aiohttp@3.12.13

ℹ Read more on: This package | This alert | What is a CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore pypi/aiohttp@3.12.13. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@marandaneto marandaneto merged commit 33ebe3b into main Apr 30, 2026
27 checks passed
@marandaneto marandaneto deleted the chore/remove-setup-uv-pyproject-file branch April 30, 2026 10:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ioannisj ioannisj ioannisj approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@marandaneto @ioannisj