chore(deps): update astral-sh/setup-uv action to v7

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
astral-sh/setup-uv	action	major	v6 -> v7

---

Release Notes

astral-sh/setup-uv (astral-sh/setup-uv)

v7

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[claude]

Code Review: LinkedIn Scraper Initial Implementation

Overview

Comprehensive review of the initial codebase. The implementation shows solid architectural decisions but needs improvements in several areas.

Critical Security Concerns

1. Browser Security Flags (config.py:20-32)

• Issue: Chrome args include --disable-web-security and --no-sandbox
• Risk: Disables same-origin policy (XSS vulnerabilities) and removes browser sandbox
• Fix: Remove --disable-web-security entirely, make --no-sandbox configurable for Docker only

2. Credentials in Environment (password.py:23-24)

• Issue: Plaintext credentials in environment variables
• Fix: Add security warnings, consider using system keychains, implement credential rotation

3. Cookie Validation (cookie.py:84-95)

• Issue: Weak validation with magic number (100 char minimum)
• Fix: Add base64 pattern validation, document format requirements

High Priority Issues

4. Silent Exception Handling (contacts.py:103, experience.py:144)

• Issue: Widespread except: pass blocks hide all errors
• Impact: Makes debugging impossible, masks critical failures
• Fix: Add logging throughout, log exceptions at appropriate levels

5. Resource Leaks (session.py:152-159)

• Issue: close() doesn't guarantee cleanup if aexit fails
• Risk: Browser processes remain open on errors
• Fix: Wrap cleanup in try-finally block

6. URL Construction Bug (experience.py:29)

• Issue: Uses os.path.join for URLs (produces backslashes on Windows)
• Fix: Use urllib.parse.urljoin or f-string formatting

Code Quality

7. Code Duplication

• Location: experience.py, contacts.py, multiple scrapers
• Issue: Repeated parsing logic for employment type, location, dates
• Fix: Extract to utility functions or FieldParser class

8. Magic Numbers

• Examples: max_connections=20, range(2), wait_for_timeout(2000)
• Fix: Move to BrowserConfig, make configurable, document choices

9. Complex Functions

• _scrape_connections_list(): 349 lines
• _parse_position_info(): 254 lines
• Issue: High cyclomatic complexity, hard to test
• Fix: Break into smaller single-responsibility functions

10. Type Hints

• Issue: Generic dict return types, missing Optional checks
• Fix: Use TypedDict for structured returns

Testing

11. Insufficient Coverage (3 test files / 41 source files = 7.3%)

• Missing: Unit tests, error path tests, auth tests
• Current: Only integration tests requiring real credentials
• Fix: Add mocks, fixture data, target 70% coverage

12. Test Dependencies

• Issue: Hardcoded usernames, requires live LinkedIn data
• Problems: Tests break if profiles deleted, can't run in CI
• Fix: Use mock fixtures, VCR.py, separate integration tests

Performance

13. Excessive Timeouts

• Location: Throughout scrapers (15+ seconds of waiting in contacts.py)
• Issue: Hardcoded wait_for_timeout() calls
• Fix: Use wait_for_selector() with specific elements, exponential backoff

14. Scroll Logic (contacts.py:251-253)

• Issue: Fixed 2 scroll iterations, doesn't detect when loading stops
• Fix: Check height changes, stop when content stops loading

15. Selector Performance

• Issue: Broad selectors query entire page repeatedly
• Fix: Use specific selectors, cache Locators, limit to containers

Positive Aspects

1. Clean architecture with separation of concerns
2. Excellent use of Pydantic models
3. Elegant flag-based field selection (PersonScrapingFields/CompanyScrapingFields)
4. Proper async context managers
5. Good inline documentation
6. Centralized browser configuration

Additional Recommendations

16. Add rate limiting with configurable delays
17. Implement structured logging throughout
18. Validate configuration at startup
19. Add retry logic with exponential backoff
20. Document LinkedIn ToS compliance requirements

Summary

Strengths: Well-structured with good architectural patterns

Critical Actions:

1. Fix security issues (remove --disable-web-security)
2. Add logging, stop swallowing exceptions
3. Fix URL construction bug
4. Add comprehensive testing with mocks
5. Optimize performance (reduce timeouts)

Estimated Effort: 26-52 hours total

• Security: 2-4h
• Error handling: 4-8h
• Testing: 8-16h
• Performance: 4-8h
• Refactoring: 8-16h

Solid foundation, needs these improvements before production use.