Skip to content

Release: rename to unify-sdk + dependency CVE fixes#129

Merged
djl11 merged 3 commits intomainfrom
staging
Apr 20, 2026
Merged

Release: rename to unify-sdk + dependency CVE fixes#129
djl11 merged 3 commits intomainfrom
staging

Conversation

@djl11
Copy link
Copy Markdown
Member

@djl11 djl11 commented Apr 20, 2026

Summary

Staging → main release.

  • PyPI distribution rename: unifyunify-sdk at v0.1.0. Import name (unify) and package layout unchanged. Distinct from the stale unifyai==0.9.191 on the old account.
  • Dependency CVE fixes: aiohttp 3.13.3 → 3.13.5 (8 CVEs), requests → 2.33.1 (CVE-2026-25645), Pygments → 2.20.0 (CVE-2026-4539), pytest dev → 9.0.3 (CVE-2025-71176).
  • Pre-existing fix: RequestError export alignment after http reloads.

Risk

Lock + pyproject changes only (no code). Fresh-venv install of the built wheel + import unify + create_project presence all verified locally before push.

djl11 added 3 commits April 12, 2026 12:24
@djl11
fix: keep RequestError export aligned after http reloads
8e043d7 
Resolve unify.RequestError from the current http module so reload-heavy tests keep catching the right exception class instead of a stale export.
@djl11
chore: rename PyPI distribution to unify-sdk (0.1.0)
fc0cb80 
Part of the unify-* PyPI family rename. The import name (unify) and
the Python package layout are unchanged; only the distribution name
that pip resolves changes. The version resets to 0.1.0 to signal a
fresh distribution, distinct from the stale unifyai==0.9.191 published
under the old account.
@djl11
chore(deps): bump aiohttp, requests, pygments, pytest for CVE fixes
9688346 
Addresses dependabot alerts:
- aiohttp 3.13.3 -> 3.13.5 (8 CVEs incl. CVE-2026-34525 duplicate Host)
- requests 2.32.5 -> 2.33.1 (CVE-2026-25645 temp file reuse)
- Pygments 2.19.2 -> 2.20.0 (CVE-2026-4539 ReDoS)
- pytest 9.0.2 -> 9.0.3 dev (CVE-2025-71176 tmpdir handling)

Lock-only change; pyproject constraints already allowed these versions.
@djl11 djl11 merged commit 8468136 into main Apr 20, 2026
2 of 4 checks passed
djl11 added a commit that referenced this pull request Apr 21, 2026
@djl11
Revert "chore: rename PyPI distribution to unify-sdk (0.1.0)"
aaf08a2 
Pivoting to a Hermes-style install script instead of publishing to PyPI,
so the unify-* family-naming hygiene is no longer needed.

Reverts the name/version rename in pyproject.toml. Lock regenerated;
CVE fixes from 9688346 are preserved.

Original change: #129
@djl11 djl11 mentioned this pull request Apr 21, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@djl11