| Age | Commit message (Collapse) | Author |
|
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 6.2.0 to 6.3.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/a309ff8b426b58ec0e2a45f0f869d46889d02405...ece7cb06caefa5fff74198d8649806c4678c61a1)
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-version: 6.3.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
Per OpenSSF Scorecard 'Pinned-Dependencies' guidance, third-party
GitHub Actions should be referenced by full commit SHA, not by tag.
Tags are mutable; a SHA is not.
Each pin keeps a '# vX.Y.Z' trailing comment so Dependabot can read
the current version and propose updates while still pinning by SHA.
- actions/checkout de0fac2 # v6.0.2
- actions/setup-python a309ff8 # v6.2.0
- astral-sh/setup-uv 0880764 # v8.1.0
- pypa/gh-action-pypi-publish cef2210 # v1.14.0
This commit does not change pyvyos HTTP payloads, request handling, or
response parsing.
|
|
|
|
GitHub deprecation notice: Node.js 20 will be removed from runners in
September 2026 and forced to Node 24 in June 2026. Pin to current
majors that already run on Node 24.
- actions/checkout@v4 -> v6
- actions/setup-python@v5 -> v6
- astral-sh/setup-uv@v3 -> v8
- pypa/gh-action-pypi-publish@v1.13.0 -> v1.14.0
- pre-commit/pre-commit-hooks@v5.0.0 -> v6.0.0
This commit does not change pyvyos HTTP payloads, request handling, or
response parsing.
|
|
The matrix job in commit 7aa4989 left astral-sh/setup-uv@v3 with its
default cache fingerprint of "**/uv.lock". This repo is a library
and intentionally does not commit uv.lock (commit a2df706), so the
glob matches nothing and the action errors out.
Switch the fingerprint to pyproject.toml, the actual source of truth
for dependencies. Cache hits remain across PRs that don't touch
dependencies; cache invalidates on dependency changes.
|
|
- requires-python: >=3.13 -> >=3.11. The code does not use any
3.13-only feature. typing.List/Dict/Union/Optional throughout, no
PEP 695 generics, no Self, no match. Classifiers updated to advertise
3.11/3.12/3.13.
- runtime dependencies: trim to requests only.
- python-dotenv is only used by examples; move to the dev extra.
- urllib3 is never imported by pyvyos directly; it remains available
transitively through requests.
- pre-existing dev tooling (pytest, pytest-cov, pytest-env) untouched.
- CI: PR validation runs on a 3.11/3.12/3.13 matrix.
- README: reword the Python requirement.
- .python-version: 3.13.0 -> 3.13 (CI uses the matrix).
- Wheel build verified to include pyvyos/py.typed and to declare
Requires-Python: >=3.11 with requests as the only runtime requirement.
|
|
This commit modernizes the project's tooling and packaging without
changing the runtime code. It addresses dead workflows, obsolete
helper scripts, duplicated configuration, and stale developer docs.
Removed:
- .github/workflows/python-app.yml: targeted Python 3.12, referenced a
non-existent requirements.txt, ran only flake8 with pytest commented out
- Makefile: hard-coded env/bin/python paths that do not work with uv
- run_tests.sh and run_tests.py: duplicated each other and referenced
removed modules (test_exceptions, test_quick)
- sphinx/ and .readthedocs.yaml: the RTD config pointed to
docs/source/conf.py while the sphinx tree lived under sphinx/source,
so the build never worked and no docs were ever published
- docs/development/architecture.md, refactor-roadmap.md, and
quality-and-utils.md: described the pre-cleanup proposal that
included specs/exceptions/request_id, now contradicted by the code
Edited:
- pyproject.toml:
- dropped the validation extra (Pydantic) — specs/ is gone
- dropped the duplicated [tool.hatch.metadata].dependencies block
- dropped the duplicated [dependency-groups].dev block
- declared the wheel package explicitly via
[tool.hatch.build.targets.wheel].packages
- bumped pytest floor to >=8.0 (Python 3.13 compatible)
- added richer classifiers (Development Status, audience, topic,
Typing :: Typed), keywords, license file pointer, and a Changelog URL
- .github/workflows/python-pr-validation.yml: upgraded to
actions/checkout@v4 and setup-python@v5, switched to astral-sh/setup-uv,
removed obsolete architecture argument
- .github/dependabot.yml: added the github-actions ecosystem so
workflow versions stay current
Added:
- pyvyos/py.typed: PEP 561 marker advertising the package as typed
- .pre-commit-config.yaml: neutral hooks only (whitespace, EOF, YAML/TOML
syntax, large-file guard); no formatters or linters yet
Kept:
- docs/development/vyos_api/: JSON reference for the VyOS HTTPS API,
useful for future contract tests
Tests still pass: 57/57.
|
|
|
|
|
|
|
|
version and dependencies
|
|
|
|
|
|
|
|
|
|
requests
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|