fix: uv lock#22323
Conversation
|
@codex review |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 54608e4369
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| [[package]] | ||
| name = "pydantic" | ||
| version = "2.13.1" | ||
| version = "2.13.4" |
There was a problem hiding this comment.
This lockfile now pins pydantic 2.13.4, whose artifacts in this same entry were uploaded on 2026-05-06, while sdk/python/pyproject.toml still declares [tool.uv] exclude-newer = "7 days" (with only openai-codex-cli-bin exempted). On May 12, 2026 that cooldown should exclude these May 6 artifacts; uv's own resolution docs say duration-based exclude-newer is materialized into the lockfile timestamp, but this commit removed the [options] block entirely. As a result, CI/dev uv sync --frozen will install packages that the project's cooldown policy is meant to hold back, defeating the supply-chain stabilization window.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Required for temp compilation fix
1 participant
Update the lock of UV