fix: regenerate uv.lock for git_issue_agent after crewai bump#172
fix: regenerate uv.lock for git_issue_agent after crewai bump#172mrsabath merged 5 commits intokagenti:mainfrom
Conversation
The lockfile was not regenerated after a172fc9 updated crewai from 0.203.1 to 1.10.1, causing Shipwright builds to fail with "The lockfile at uv.lock needs to be updated". Regenerated with uv 0.9.30 (matching ghcr.io/astral-sh/uv:python3.12-bookworm-slim). Signed-off-by: Mariusz Sabath <mrsabath@gmail.com>
crewai 1.10.1 made litellm an optional dependency. Without it, the ollama/ibm/granite4 model string fails with "LiteLLM fallback package is not installed". Use crewai[litellm] to restore Ollama routing. Signed-off-by: Mariusz Sabath <mrsabath@gmail.com>
Pydantic v2 (used by crewai 1.10.1) enforces strict type validation. Fields typed as list[int] with default=None fail validation when the LLM returns None. Add explicit Optional (| None) annotations. Signed-off-by: Mariusz Sabath <mrsabath@gmail.com>
crewai 1.10.1 delegates to litellm which uses OLLAMA_API_BASE (not LLM_API_BASE) to locate the Ollama server. Without it, litellm defaults to localhost:11434 which is unreachable from inside a pod. Signed-off-by: Mariusz Sabath <mrsabath@gmail.com>
pdettori
left a comment
pdettori
left a comment
There was a problem hiding this comment.
This PR correctly fixes a broken Shipwright build by regenerating uv.lock after the crewai 0.203.1 → 1.10.1 bump that was missed in the previous commit. The three code-level fixes (litellm extra, Optional annotations, OLLAMA_API_BASE env var) are all well-motivated and correct.
Areas reviewed: Python, lockfile, env config, commit conventions
Commits: 4 commits, all signed-off ✓
CI: CodeQL ✓ · DCO ✓ · hadolint ✓ · lint ✓ · test ✓ · trivy-scan ✓ · Trivy ✗ (23 alerts, 10 HIGH — all in transitive deps from crewai 1.10.1)
The Trivy CVEs are real but come from crewai's transitive dependency tree, not code written in this PR. Recommend attempting selective --upgrade-package pinning (e.g. uv add --upgrade-package urllib3 --upgrade-package starlette); if crewai constraints block it, open a tracking issue for the HIGH CVEs so they are not lost.
- Improve .env.ollama comments to document both Docker Desktop and in-cluster Ollama URLs (addresses review feedback) - Upgrade pyjwt 2.10.1 -> 2.12.1 to fix CVE-2026-32597 (unknown crit header extensions accepted in violation of RFC 7515 §4.1.11) Signed-off-by: Mariusz Sabath <mrsabath@gmail.com>
2 participants
Summary
a2a/git_issue_agent/uv.lockafter the crewai 0.203.1 → 1.10.1 bump in a172fc9The lockfile at uv.lock needs to be updated, but --locked was providedghcr.io/astral-sh/uv:python3.12-bookworm-slimimage used in the Dockerfile)Test plan
uv sync --no-cache --locked --link-mode copypasses inside the Docker image