LCORE-1890: Bump-up sentence transformers

[tisnik]

Description

LCORE-1890: Bump-up sentence transformers

Type of change

• Refactor
• New feature
• Bug fix
• CVE fix
• Optimization
• Documentation Update
• Configuration Update
• Bump-up service version
• Bump-up dependent library
• Bump-up library or tool used for development (does not change the final image)
• CI configuration change
• Konflux configuration change
• Unit tests improvement
• Integration tests improvement
• End to end tests improvement
• Benchmarks improvement

Tools used to create PR

• Assisted-by: N/A
• Generated by: N/A

Related Tickets & Documents

• Related Issue #LCORE-1890

Summary by CodeRabbit

• Chores
  • Updated the sentence-transformers dependency to version 5.4.1 for improved performance and compatibility.

[coderabbitai]

Walkthrough

Updated the pinned version of sentence-transformers from 5.3.0 to 5.4.1 in the dependencies lockfile, replacing the corresponding SHA256 package hashes with the new hashes for the updated version.

Changes

Cohort / File(s)	Summary
Dependency Version Update requirements.hashes.source.txt	Updated sentence-transformers from version 5.3.0 to 5.4.1 with corresponding SHA256 hash replacements.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: updating the sentence-transformers dependency version from 5.3.0 to 5.4.1 in the requirements file.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

✨ Simplify code

• Create PR with simplified code

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@requirements.hashes.source.txt`:
- Around line 1016-1018: The lockfile pins sentence-transformers==5.4.1 but
pyproject.toml still has the loose constraint "sentence-transformers>=5.0.0",
which will cause uv pip compile to re-resolve and possibly revert the bump;
update the pyproject.toml dependency for sentence-transformers to exactly
"sentence-transformers==5.4.1" to match the requirements.hashes.source.txt entry
(or alternatively change the requirements entry back to the loose ">=5.0.0" to
match pyproject.toml) so both source constraint and lockfile agree.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: de4fbef3-d35c-442d-8022-3ed0f91fba8e

📥 Commits

Reviewing files that changed from the base of the PR and between e6865cc and 3a1d00a.

📒 Files selected for processing (1)

• requirements.hashes.source.txt

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (14)

• GitHub Check: check_dependencies
• GitHub Check: mypy
• GitHub Check: black
• GitHub Check: radon
• GitHub Check: build-pr
• GitHub Check: bandit
• GitHub Check: Konflux kflux-prd-rh02 / lightspeed-stack-on-pull-request
• GitHub Check: E2E: library mode / ci / group 2
• GitHub Check: E2E: library mode / ci / group 3
• GitHub Check: E2E: library mode / ci / group 1
• GitHub Check: E2E: server mode / ci / group 2
• GitHub Check: E2E: server mode / ci / group 1
• GitHub Check: E2E: server mode / ci / group 3
• GitHub Check: E2E Tests for Lightspeed Evaluation job

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# 1) Find the source requirements file used to generate this lockfile
fd -a '^requirements\.source\.txt$' .

# 2) Verify sentence-transformers pin in source-of-truth file(s)
rg -n --no-heading '^\s*sentence-transformers\s*([=~!<>].*)?$' $(fd '^requirements\.source\.txt$')

# 3) Verify lockfile pin and hashes are present as expected
rg -n --no-heading '^\s*sentence-transformers==5\.4\.1\s*\\$|^\s*--hash=sha256:' requirements.hashes.source.txt -A2 -B1

Repository: lightspeed-core/lightspeed-stack

Length of output: 50388

---

🏁 Script executed:

# Check if requirements.source.txt exists and contains sentence-transformers==5.4.1
fd '^requirements\.source\.txt$' . && echo "=== Found requirements.source.txt ===" && rg -n 'sentence-transformers' $(fd '^requirements\.source\.txt$' .) || echo "No requirements.source.txt found"

Repository: lightspeed-core/lightspeed-stack

Length of output: 14135

---

Pin the source constraint to match the lockfile.

The lockfile bump to sentence-transformers==5.4.1 at lines 1016–1018 is structurally correct, but pyproject.toml line 157 specifies only "sentence-transformers>=5.0.0" (a loose constraint). On the next uv pip compile, this will resolve against the loose range and may pull a different version, reverting this change. Pin pyproject.toml to "sentence-transformers==5.4.1" or adjust the lockfile bump to match the looser source constraint.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@requirements.hashes.source.txt` around lines 1016 - 1018, The lockfile pins
sentence-transformers==5.4.1 but pyproject.toml still has the loose constraint
"sentence-transformers>=5.0.0", which will cause uv pip compile to re-resolve
and possibly revert the bump; update the pyproject.toml dependency for
sentence-transformers to exactly "sentence-transformers==5.4.1" to match the
requirements.hashes.source.txt entry (or alternatively change the requirements
entry back to the loose ">=5.0.0" to match pyproject.toml) so both source
constraint and lockfile agree.