Bump astral-sh/setup-uv from 5 to 7#1
Open
dependabot[bot] wants to merge 1 commit into
Open
Conversation
Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 5 to 7. - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](astral-sh/setup-uv@v5...v7) --- updated-dependencies: - dependency-name: astral-sh/setup-uv dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
rafael5
added a commit
that referenced
this pull request
Apr 15, 2026
Tasks 17+18 complete. Live broker recording revealed two critical findings now documented in LESSONS-LEARNED L31-L32. Recording harness (scripts/record_fixtures.py): - Connects to live VEHU broker (localhost:9430) via VistARpcBroker. - Calls every allow-listed RPC; writes raw response to tests/contract/fixtures/*.json with provenance. - Resilient to auth failure — continues with unauthenticated fixtures. - Credentials via --access/--verify flags + env VEHU_ACCESS/VEHU_VERIFY. L31 — DDR GET DD and DDR GET DD HASH do NOT exist on VEHU. Server returns "Remote Procedure 'DDR GET DD' doesn't exist on the server." Removed from allow-list (12 RPCs -> 10). DD browsing must instead use DDR LISTER + DDR GETS on file #1 (FILE) and its FIELD subfile — more portable (core FileMan, every site). ARCHITECTURE.md §5 needs phase-2 revision; LESSONS-LEARNED is authority until then. L32 — Documented VEHU creds fakedoc1/1Doc!@#$ fail. NEW PERSON dump shows only POSTMASTER/PROGRAMMER defaults. Contract tests assert response shapes not content values, so fixture drift is tolerable. Setup helper deferred to phase 1.1. Fixtures (11 JSON files): - xus_signon_setup, xus_av_code, xus_get_user_info - orwu_dt, ddr_lister x2, ddr_gets_entry_data, ddr_find1, ddr_finder - ddr_get_dd, ddr_get_dd_hash (rejection shape — proof for L31) Contract tests (tests/contract/test_vehu_fixtures.py): - Fixture inventory completeness - XUS SIGNON SETUP shape (pre-auth real response) - XUS AV CODE failure replay through FakeRPCBroker - Unauthenticated-rejection shape (6 RPCs) - Absent-RPC rejection for DDR GET DD variants - DDR parsers robust against error responses Test suite: 85 unit + 26 contract = 111 passing. Phase 1 EXIT met. Phase 2 (services + API routes) unblocked. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
rafael5
added a commit
that referenced
this pull request
Apr 16, 2026
Prep (task #20): ARCHITECTURE.md §4.1 + §5 for L31 - Allow-list drops DDR GET DD and DDR GET DD HASH (absent on VEHU). - §5 rewrites DD browsing patterns on DDR LISTER FILE=1 + DDR GETS ENTRY DATA FILE=1 IENS=n, (file #1 FILE registry + FIELD subfile). - "DD hash" renamed to "client-side DD fingerprint" throughout. Phase 1.1: VEHU now authenticates + DDR* happy-path works (L32-L35) Four distinct blockers found and fixed; each left a lesson: L32 rewritten — fakedoc1 is recreated idempotently by scripts/setup_vehu_user.py via direct global manipulation. ACCESS → zero-node piece 3, VERIFY → subnode .1 piece 2, "A" xref uppercased. EN^XUSHSH is identity in VEHU. MUMPS env quirks documented (unset ydb_routines; set ydb_chset=M). L33 — XWB CREATE CONTEXT required after signon. TCPConnect's app field is cosmetic; broker starts in XUS SIGNON context which rejects DDR*. signon() now runs SIGNON SETUP → AV CODE → CREATE CONTEXT. L34 — OR CPRS GUI CHART option doesn't include DDR* in its RPC subfile by default. setup_vehu_user.py attaches DDR LISTER/FINDER/ FIND1/GETS ENTRY DATA + XWB CREATE CONTEXT + XUS GET USER INFO to ^DIC(19, 10989, "RPC", ...). L35 — VEHU's DDR.m has fewer formal params than fm-web sends. LISTER/FIND1/FINDER reject with ACTLSTTOOLONG. Phase-2 follow-up: probe signature per-site. Captured as error-shape fixtures. Code changes - allowlist.py: added XWB CREATE CONTEXT. - client.py: DEFAULT_APP → "OR CPRS GUI CHART"; signon() now calls XWB CREATE CONTEXT with XUSRB1-encrypted option name. - scripts/setup_vehu_user.py: idempotent Python+ydb dev-user setup. - scripts/record_fixtures.py: resilient to server M errors; calls XWB CREATE CONTEXT after auth. Fixtures (post-fix shapes) - xus_av_code: DUZ=1497 (success) - xwb_create_context: "1" (success) - xus_get_user_info: real FAKEDOC,ONE metadata - ddr_gets_entry_data: real PROGRAMMER,ONE data - ddr_lister / find1 / finder: M-error (signature mismatch, L35) - orwu_dt: VEHU-side M error (pre-existing ORWU DT bug) - ddr_get_dd / ddr_get_dd_hash: allow-list rejection (new behaviour) Tests: 114 passing (85 unit + 29 contract). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps astral-sh/setup-uv from 5 to 7.
Release notes
Sourced from astral-sh/setup-uv's releases.
... (truncated)
Commits
37802adFetch uv from Astral's mirror by default (#809)9f00d18chore(deps): bump zizmorcore/zizmor-action from 0.5.0 to 0.5.2 (#808)fd8f376Switch to ESM for source and test, use CommonJS for dist (#806)f9070deBump deps (#805)cadb67bchore: update known checksums for 0.10.10 (#804)e06108dUse astral-sh/versions as primary version provider (#802)0f6ec07docs: replace copilot instructions with AGENTS.md (#794)821e5c9docs: add cross-client dependabot rollup skill (#793)6ee6290chore(deps): bump versions (#792)9f332a1Add riscv64 architecture support to platform detection (#791)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)