chore: update dependencies and improve project config

[PascalRepond]

Bump GitHub Actions (setup-node, docker actions), JS deps (daisyui, postcss, lru-cache, enhanced-resolve), and Python lock file. Also pin Python to 3.14, fix license identifier to AGPL-3.0-only, add authors field, and expand poe tasks with help text and new update-* shortcuts.

[coderabbitai]

Warning

Review limit reached

@PascalRepond, we couldn't start this review because you've used your available PR reviews for now.

Your plan includes 1 review of capacity. Refill in 51 minutes and 30 seconds.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more review capacity refills, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than trial, open-source, and free plans. In all cases, review capacity refills continuously over time.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 3d5cf307-d475-4ed8-a781-c7e26e2ce7cc

📥 Commits

Reviewing files that changed from the base of the PR and between d5f928e and c829232.

⛔ Files ignored due to path filters (2)

• src/theme/static_src/package-lock.json is excluded by !**/package-lock.json
• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (7)

• .github/workflows/ci.yml
• .github/workflows/docker-publish.yml
• CLAUDE.md
• pyproject.toml
• src/config/urls.py
• src/core/utils.py
• src/core/views.py

📝 Walkthrough

Walkthrough

This PR updates project metadata and maintainer information, adds a comprehensive contributor guide for the Datakult Django application, restructures Poe task definitions with help text, and bumps multiple GitHub Actions versions in CI and Docker publish workflows.

Changes

Project Setup, Documentation, and Workflow

Layer / File(s)	Summary
Project metadata and contributor guide pyproject.toml, CLAUDE.md	Project metadata specifies AGPL-3.0-only license, enforces Python 3.14–3.15 compatibility, and adds author information. CLAUDE.md introduces the full contributor guide documenting the tech stack (uv + Poe), common development commands, project architecture, translation support, testing approach, and behavioral development guidelines.
Poe task configuration restructuring pyproject.toml	Task definitions are converted from flat command strings to structured tables with cmd and help fields. All existing tasks (server, migrations, Django management, i18n, tests, format, lint, audits) are preserved and three new tasks are added: update-python, update-js, and a combined update sequence.
GitHub Actions workflow updates .github/workflows/ci.yml, .github/workflows/docker-publish.yml	Actions versions are bumped: actions/setup-node from v6.3.0 to v6.4.0 in the test job, and Docker actions upgraded to docker/login-action@v4.2.0, docker/metadata-action@v6.1.0, and docker/build-push-action@v7.2.0.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• PascalRepond/datakult#86: Overlaps with workflow action version updates in .github/workflows/ci.yml and .github/workflows/docker-publish.yml.
• PascalRepond/datakult#30: Both PRs modify task configuration and CI/release wiring in pyproject.toml and Docker workflows.
• PascalRepond/datakult#69: Overlaps with GitHub Actions version bumps in the same workflow files.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main changes: updating dependencies (GitHub Actions, Docker actions) and improving project configuration (Python version, license, authors, poe tasks).
Description check	✅ Passed	The description is directly related to the changeset, providing specific details about the dependency bumps, Python pinning, license fix, authors field, and poe task expansions.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch rep-dev

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/ci.yml:
- Line 21: Update the GitHub Actions usage to pin the setup action to the exact
commit SHA instead of the mutable tag: replace the tag reference
"actions/setup-node@v6.4.0" with the full commit SHA
"actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e" so the workflow
uses a fixed, immutable revision for the actions/setup-node step.

In @.github/workflows/docker-publish.yml:
- Line 33: The workflow uses tag-only action references which are mutable;
update the three actions to pinned immutable SHAs: replace
docker/login-action@v4.2.0 with
docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee,
docker/metadata-action@v6.1.0 with
docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9, and
docker/build-push-action@v7.2.0 with
docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf so the
workflow references immutable commits instead of mutable tags.

In `@pyproject.toml`:
- Line 11: The pyproject.toml currently pins requires-python = ">=3.14,<3.15"
which restricts installs to 3.14.x; either confirm that upper bound is
intentional or relax it—edit the requires-python field (symbol: requires-python)
to a wider range such as ">=3.14" or ">=3.14,<4.0" and then regenerate/update
the dependency lockfile (uv.lock) so it no longer pins to 3.14.*; ensure CI/test
matrix and any runtime checks are updated if you intentionally widen the
supported Python range.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 8801117a-2945-47b8-95ec-1325ada06db5

📥 Commits

Reviewing files that changed from the base of the PR and between 6e95bc4 and d5f928e.

⛔ Files ignored due to path filters (2)

• src/theme/static_src/package-lock.json is excluded by !**/package-lock.json
• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (4)

• .github/workflows/ci.yml
• .github/workflows/docker-publish.yml
• CLAUDE.md
• pyproject.toml