From d13162a3bbef6b69a5730309acc1b0dad19d18b6 Mon Sep 17 00:00:00 2001
From: Paul Calnon <paul.calnon@gmail.com>
Date: Mon, 4 May 2026 20:22:34 -0500
Subject: [PATCH] ci(lockfile): pin uv to 0.11.8
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The Lockfile Freshness gate was unpinned (`pip install uv`), meaning
uv resolver/output changes between runs could silently flip CI from
green to red without any repo change. Pin uv to 0.11.8 (current
stable) to make the gate reproducible. Dependabot's pip ecosystem
already monitors this; bumps will arrive as ordinary PRs.

Part of the ecosystem-wide lockfile freshness redesign — see
juniper-ml notes/LOCKFILE_FRESHNESS_REDESIGN_2026-05-04.md for the
full analysis.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .github/workflows/lockfile-update.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lockfile-update.yml b/.github/workflows/lockfile-update.yml
index 2058e59..0fa6764 100644
--- a/.github/workflows/lockfile-update.yml
+++ b/.github/workflows/lockfile-update.yml
@@ -68,7 +68,7 @@ jobs:
           python-version: "3.12"
 
       - name: Install uv
-        run: pip install uv
+        run: pip install uv==0.11.8
 
       - name: Regenerate requirements.lock (if present)
         run: |