chore: refresh the stale uv.lock so uv run stops dirtying working trees#541
chore: refresh the stale uv.lock so uv run stops dirtying working trees#541mattmillerai wants to merge 1 commit into
Conversation
The committed lockfile predates the bench optional-dependency group (anthropic>=0.40), so uv lock --check failed on a pristine main and any uv run / uv sync silently regenerated uv.lock, dirtying working trees and sweeping unrelated lock churn into subsequent commits. Regenerate with uv lock. Purely additive: anthropic and its transitive deps (annotated-types, docstring-parser, jiter, pydantic, pydantic-core, typing-inspection). No CI impact -- both CI jobs use pip install -e . and ignore uv.lock.
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Plus Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
✨ Simplify code
Comment |
There was a problem hiding this comment.
🔍 Cursor Review — Consolidated panel
Triggered by @mattmillerai.
✅ No high-signal findings.
Panel: 6/8 reviewers contributed findings.
Reviewers that did not contribute: kimi-k2.5:adversarial (empty), kimi-k2.5:edge-case (empty)
The lockfile refresh was swept in by a local 'uv run' (main's uv.lock is stale against pyproject's bench extra, so uv regenerates it on any run). It is unrelated to the sanitize-ext fix and is already the subject of dedicated PRs #541/#543, so it does not belong in this diff. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The lock refresh (adding anthropic/pydantic for the `bench` optional extra) was swept in accidentally by `uv run` regenerating the stale lock during local test runs. It has nothing to do with the per-operation `workflow_too_large` hints this PR is about, and the same re-lock is already covered by its own dedicated PRs (#534/#541/#543/#545). Keeps this PR scoped to comfy_cli/command/workflow.py + its tests. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
ELI-5
uv.lockonmaindidn't matchpyproject.toml. Because of that, anyuv runoruv syncquietly rewrote the lockfile, so your working tree went dirty just from running the tests — and that ~285-line diff then got swept into whatever you committed next. This PR regenerates the lockfile once, so it matches and stops moving.Problem
maingained thebenchoptional-dependency group (optional-dependencies.bench = [ "anthropic>=0.40" ]) but the committed lock never gainedanthropicor its transitive deps. On a pristine checkout ofmain:This already caused real damage once: PR #530 (a focused credential/redirect fix) accidentally carried the regenerated lock, dropping the whole
anthropic+pydanticsubtree into a security review's diff. That churn was reverted out of #530, so the stale lock onmainsurvived.Change
uv lock, committing onlyuv.lock. Purely additive — 7 new packages:anthropic,annotated-types,docstring-parser,jiter,pydantic,pydantic-core,typing-inspection.Verification
uv lock --checkexits 0 on a fresh checkout of this branch (was non-clean onmain).uv run -p 3.10 --extra dev pytest -q→ 2573 passed, 37 skipped, andgit statusis clean afterwards (the lockfile no longer regenerates).ruff format --check .→ 235 files already formatted.Reviewer notes — the two non-additive lines
The diff removes exactly two lines; both are worth a second look, so here is the evidence up front.
1.
provides-extras = ["dev", "preview"]→["bench", "dev", "preview"]— the point of the PR.2.
exceptiongroup's dep ontyping-extensionsloses itspython_full_version < '3.13'marker. This is the riskiest line in the diff, since it's a semantic edge change rather than an addition. It's safe:benchextra, not by lockfile-tool drift. Proof: removing thebenchextra frompyproject.tomland re-locking with the same uv reproducesmain's committed lock byte-for-byte identical. So the uv version used here (0.11.26) contributes zero churn of its own; 100% of the diff is the extra. It's uv's own marker simplification responding to the new resolution.typing-extensions>=4.7is already an unconditional root dependency ofcomfy-cli, so it is present on every supported Python regardless of this edge's marker.Risk / CI impact
None. Every CI job (
pytest.yml,test-windows.yml,test-mac.yml,build-and-test.yml,run-on-gpu.yml) installs viapip install -e .and ignoresuv.lockentirely — verified, not assumed. The benefit is purely developer-tree hygiene and keeping future diffs honest.Judgment call:
pylock.tomlis also stale, and deliberately NOT fixed hereWhile reviewing I found the repo's pre-commit
uv-exporthook regeneratespylock.toml, andpylock.tomlis stale onmaintoo (it's missingposthog,backoff,distro).I left it alone, deliberately:
mainwith thebenchextra absent.uv exportruns without--all-extras, so thebenchextra never reachespylock.toml. Proof: thepylock.tomlexported from this branch's refreshed lock is byte-for-byte identical to the one exported from pristinemain.pylock.tomlchurn into this PR would repeat exactly the fix: route authed urllib paths through a shared NoRedirectHandler opener (BE-3274) #530 mistake this PR exists to undo.Caveat this creates, stated plainly: the goal of "working trees stop going dirty" is fully achieved for
uv run/uv sync(verified above), but a developer runningpre-commitwill still seepylock.tomlrewritten by theuv-exporthook. That wants its own follow-up.Out of scope
ruff check .reports 14 errors — pre-existing and identical on pristinemain, and untouchable by a lockfile-only diff. Not addressed here.