3471 commits

This branch

This branch

All branches

Author	SHA1	Message	Date
Ashwin Bharambe	85887d724f	Revert "fix(mypy): resolve OpenTelemetry typing issues in telemetry.py (#3931)" ... This reverts commit 9afc52a36a.	2025-10-28 09:48:46 -07:00
Ashwin Bharambe	9afc52a36a	fix(mypy): resolve OpenTelemetry typing issues in telemetry.py (#3931) ... ## Summary Fix all 11 mypy type checking errors in `telemetry.py` without using any type suppressions. **Changes:** - Add type aliases for OpenTelemetry attribute types (`AttributeValue`, `Attributes`) - Create `_clean_attributes()` helper to filter None values from attribute dicts - Use `cast()` for TracerProvider methods (`add_span_processor`, `force_flush`) - Use `cast()` for metric creation methods returning from global storage - Fix variable reuse by renaming `span` to `end_span` in SpanEndPayload branch - Add None check for `parent_span` before `set_span_in_context` **Errors Fixed:** - TracerProvider attribute access: 2 errors - Counter/UpDownCounter/ObservableGauge return types: 3 errors - Attribute dict type mismatches: 4 errors - Span assignment type conflicts: 2 errors **Testing:** ```bash uv run mypy src/llama_stack/core/telemetry/telemetry.py # Success: no issues found ``` **Part of:** Mypy suppression removal plan (Phase 2a/4) **Stack:** - [Phase 1] Add type stubs (#3930) - [Phase 2a] Fix OpenTelemetry types (this PR) - [Phase 2b+] Fix remaining errors (upcoming) - [Phase 3] Remove inline suppressions (upcoming) - [Phase 4] Un-exclude files from mypy (upcoming)	2025-10-28 09:47:20 -07:00
Ian Miller	5598f61e12	feat(responses)!: introduce OpenAI compatible prompts to Responses API (#3942) ... # What does this PR do? <!-- Provide a short summary of what this PR does and why. Link to relevant issues if applicable. --> This PR is responsible for making changes to Responses API scheme to introduce OpenAI compatible prompts there. Change to the API only, therefore currently no implementation at all. However, the follow up PR with actual implementation will be submitted after current PR lands. The need of this functionality was initiated in #3514. > Note, #3514 is divided on three separate PRs. Current PR is the second of three. <!-- If resolving an issue, uncomment and update the line below --> <!-- Closes #[issue-number] --> ## Test Plan <!-- Describe the tests you ran to verify your changes with result summaries. *Provide clear instructions so the plan can be easily re-executed.* --> CI	2025-10-28 09:31:27 -07:00
Ashwin Bharambe	e5ca7e6450	chore(mypy): add mypy and type stub packages to dev deps (#3930) ... ## Summary This PR adds mypy and essential type stub packages to dev dependencies as Phase 1 of the mypy suppression removal plan. **Changes:** - Add `mypy` to dev dependencies - Add type stubs: `types-jsonschema`, `pandas-stubs`, `types-psutil`, `types-tqdm`, `boto3-stubs` **Impact:** - Enables static type checking across the codebase - Eliminates ~30 type checking errors related to missing type information for third-party packages - Provides foundation for subsequent PRs to remove type suppressions **Part of:** Mypy suppression removal plan (Phase 1/4) **Testing:** ```bash uv sync --group dev uv run mypy ```	2025-10-28 06:02:38 -07:00
Sébastien Han	d10bfb5121	chore: remove leftover llama_stack directory (#3940) ... # What does this PR do? Followup on https://github.com/llamastack/llama-stack/pull/3920 where the llama_stack directory was moved under src. Signed-off-by: Sébastien Han <seb@redhat.com>	2025-10-28 05:09:08 -07:00
Sébastien Han	b47afac7c2	chore: bump openai package version (#3918) ... # What does this PR do? To match https://github.com/llamastack/llama-stack/pull/3847 We must not update the lock manually, but always reflect the update in the pyproject.toml. The lock is a state at build time. Signed-off-by: Sébastien Han <seb@redhat.com>	2025-10-28 09:18:48 +01:00
Ashwin Bharambe	4e6c769cc4	fix(context): prevent provider data leak between streaming requests (#3924) ... ## Summary - `preserve_contexts_async_generator` left `PROVIDER_DATA_VAR` (and other context vars) populated after a streaming generator completed on HEAD~1, so the asyncio context for request N+1 started with request N's provider payload. - FastAPI dependencies and middleware execute before `request_provider_data_context` rebinds the header data, meaning auth/logging hooks could observe a prior tenant's credentials or treat them as authenticated. Traces and any background work that inspects the context outside the `with` block leak as well—this is a real security regression, not just a CLI artifact. - The wrapper now restores each tracked `ContextVar` to the value it held before the iteration (falling back to clearing when necessary) after every yield and when the generator terminates, so provider data is wiped while callers that set their own defaults keep them. ## Test Plan - `uv run pytest tests/unit/core/test_provider_data_context.py -q` - `uv run pytest tests/unit/distribution/test_context.py -q` Both suites fail on HEAD~1 and pass with this change.	2025-10-27 23:01:12 -07:00
ehhuang	c077d01ddf	chore(telemetry): more cleanup: remove apis.telemetry (#3919) ... # What does this PR do? ## Test Plan CI	2025-10-27 22:20:15 -07:00
Eric Huang	d93ca96bf5	merge commit for archive created by Sapling	2025-10-27 15:58:09 -07:00
Eric Huang	7eed264070	tele tests ... # What does this PR do? ## Test Plan	2025-10-27 15:58:03 -07:00
ehhuang	50cab73504	Merge 0c488b6b63 into sapling-pr-archive-ehhuang	2025-10-27 15:57:14 -07:00
Eric Huang	0c488b6b63	chore(telemetry): more cleanup: remove apis.telemetry ... # What does this PR do? ## Test Plan	2025-10-27 15:57:09 -07:00
ehhuang	045ea154fd	Merge 11b076810f into sapling-pr-archive-ehhuang	2025-10-27 15:56:18 -07:00
Eric Huang	11b076810f	chore(telemetry): more cleanup: remove apis.telemetry ... # What does this PR do? ## Test Plan	2025-10-27 15:56:14 -07:00
ehhuang	f0ac4e7ca9	Merge c7b3b10ef2 into sapling-pr-archive-ehhuang	2025-10-27 15:33:36 -07:00
Eric Huang	c7b3b10ef2	chore(telemetry): more cleanup: remove apis.telemetry ... # What does this PR do? ## Test Plan	2025-10-27 15:33:32 -07:00
ehhuang	e9a8967ed5	Merge 9aef325934 into sapling-pr-archive-ehhuang	2025-10-27 15:32:50 -07:00
Eric Huang	9aef325934	chore(telemetry): more cleanup: remove apis.telemetry ... # What does this PR do? ## Test Plan	2025-10-27 15:32:41 -07:00
Eric Huang	a0b6c424de	merge commit for archive created by Sapling	2025-10-27 15:31:46 -07:00
Eric Huang	9a04f7b646	tele tests ... # What does this PR do? ## Test Plan	2025-10-27 15:31:41 -07:00
Eric Huang	d8ce23df30	merge commit for archive created by Sapling	2025-10-27 15:07:59 -07:00
Eric Huang	2c0aad4dba	tele tests ... # What does this PR do? ## Test Plan	2025-10-27 15:07:52 -07:00
Eric Huang	f4f8c7e8fe	merge commit for archive created by Sapling	2025-10-27 15:02:33 -07:00
Eric Huang	e5370ffa74	tele tests ... # What does this PR do? ## Test Plan	2025-10-27 15:02:25 -07:00
ehhuang	1c9a31d8bd	chore(telemetry): add grafana dashboards (#3921) ... # What does this PR do? - add a dashboard in grafana (vibe-coded) ## Test Plan <img width="2416" height="1114" alt="image" src="https://github.com/user-attachments/assets/8927aad2-cc14-4a1d-847e-350522cac02f" />	2025-10-27 14:58:27 -07:00
ehhuang	4670264b89	Merge d9a4f016d0 into sapling-pr-archive-ehhuang	2025-10-27 14:58:20 -07:00
Eric Huang	d9a4f016d0	tele tests ... # What does this PR do? ## Test Plan	2025-10-27 14:58:14 -07:00
ehhuang	b7dd3f5c56	chore!: BREAKING CHANGE: vector_db_id -> vector_store_id (#3923) ... # What does this PR do? ## Test Plan CI vector_io tests will fail until next client sync passed with https://github.com/llamastack/llama-stack-client-python/pull/286 checked out locally	2025-10-27 14:26:06 -07:00
Nathan Weinberg	b6954c9882	fix: add missing shutdown methods to PromptServiceImpl and ConversationServiceImpl (#3925) ... Change is visible in server shutdown logs, changes `WARNING` loglines to `INFO` Signed-off-by: Nathan Weinberg <nweinber@redhat.com>	2025-10-27 13:41:38 -07:00
ehhuang	bf8f6b6914	Merge 960f5e4cd4 into sapling-pr-archive-ehhuang	2025-10-27 13:23:09 -07:00
Eric Huang	960f5e4cd4	chore!: BREAKING CHANGE: vector_db_id -> vector_store_id ... # What does this PR do? ## Test Plan	2025-10-27 13:22:58 -07:00
Matthew Farrellee	a9b00db421	feat: add provider data keys for Cerebras, Databricks, NVIDIA, and RunPod (#3734) ... # What does this PR do? add provider-data key passing support to Cerebras, Databricks, NVIDIA and RunPod also, added missing tests for Fireworks, Anthropic, Gemini, SambaNova, and vLLM addresses #3517 ## Test Plan ci w/ new tests --------- Co-authored-by: Ashwin Bharambe <ashwin.bharambe@gmail.com>	2025-10-27 13:09:35 -07:00
ehhuang	075990d5e5	Merge 4db31e1c59 into sapling-pr-archive-ehhuang	2025-10-27 12:04:10 -07:00
Eric Huang	4db31e1c59	chore(telemetry): more cleanup: remove apis.telemetry ... # What does this PR do? ## Test Plan	2025-10-27 12:04:00 -07:00
Eric Huang	95c3e5de54	merge commit for archive created by Sapling	2025-10-27 12:03:40 -07:00
Eric Huang	cfcf371deb	chore(telemetry): add grafana dashboards ... # What does this PR do? ## Test Plan	2025-10-27 12:03:30 -07:00
Ashwin Bharambe	471b1b248b	chore(package): migrate to src/ layout (#3920) ... Migrates package structure to src/ layout following Python packaging best practices. All code moved from `llama_stack/` to `src/llama_stack/`. Public API unchanged - imports remain `import llama_stack.*`. Updated build configs, pre-commit hooks, scripts, and GitHub workflows accordingly. All hooks pass, package builds cleanly. **Developer note**: Reinstall after pulling: `pip install -e .`	2025-10-27 12:02:21 -07:00
ehhuang	0b9736b6c1	Merge bfe06ae00f into sapling-pr-archive-ehhuang	2025-10-27 12:01:12 -07:00
Eric Huang	bfe06ae00f	chore(telemetry): add grafana dashboards ... # What does this PR do? ## Test Plan	2025-10-27 12:01:03 -07:00
ehhuang	bf3a821247	Merge ef9cb7519f into sapling-pr-archive-ehhuang	2025-10-27 11:20:38 -07:00
Eric Huang	ef9cb7519f	chore(telemetry): more cleanup: remove apis.telemetry ... # What does this PR do? ## Test Plan	2025-10-27 11:20:07 -07:00
IAN MILLER	98a5047f9d	feat(prompts): attach prompts to storage stores in run configs (#3893) ... # What does this PR do? <!-- Provide a short summary of what this PR does and why. Link to relevant issues if applicable. --> This PR is responsible for attaching prompts to storage stores in run configs. It allows to specify prompts as stores in different distributions. The need of this functionality was initiated in #3514 > Note, #3514 is divided on three separate PRs. Current PR is the first of three. <!-- If resolving an issue, uncomment and update the line below --> <!-- Closes #[issue-number] --> ## Test Plan <!-- Describe the tests you ran to verify your changes with result summaries. *Provide clear instructions so the plan can be easily re-executed.* --> Manual testing and updated CI unit tests Prerequisites: 1. `uv run --with llama-stack llama stack list-deps starter | xargs -L1 uv pip install` 2. `llama stack run starter ` ``` INFO 2025-10-23 15:36:17,387 llama_stack.cli.stack.run:100 cli: Using run configuration: /Users/ianmiller/llama-stack/llama_stack/distributions/starter/run.yaml INFO 2025-10-23 15:36:17,423 llama_stack.cli.stack.run:157 cli: HTTPS enabled with certificates: Key: None Cert: None INFO 2025-10-23 15:36:17,424 llama_stack.cli.stack.run:159 cli: Listening on ['::', '0.0.0.0']:8321 INFO 2025-10-23 15:36:17,749 llama_stack.core.server.server:521 core::server: Run configuration: INFO 2025-10-23 15:36:17,756 llama_stack.core.server.server:524 core::server: apis: - agents - batches - datasetio - eval - files - inference - post_training - safety - scoring - tool_runtime - vector_io image_name: starter providers: agents: - config: persistence: agent_state: backend: kv_default namespace: agents responses: backend: sql_default max_write_queue_size: 10000 num_writers: 4 table_name: responses provider_id: meta-reference provider_type: inline::meta-reference batches: - config: kvstore: backend: kv_default namespace: batches provider_id: reference provider_type: inline::reference datasetio: - config: kvstore: backend: kv_default namespace: datasetio::huggingface provider_id: huggingface provider_type: remote::huggingface - config: kvstore: backend: kv_default namespace: datasetio::localfs provider_id: localfs provider_type: inline::localfs eval: - config: kvstore: backend: kv_default namespace: eval provider_id: meta-reference provider_type: inline::meta-reference files: - config: metadata_store: backend: sql_default table_name: files_metadata storage_dir: /Users/ianmiller/.llama/distributions/starter/files provider_id: meta-reference-files provider_type: inline::localfs inference: - config: api_key: '********' url: https://api.fireworks.ai/inference/v1 provider_id: fireworks provider_type: remote::fireworks - config: api_key: '********' url: https://api.together.xyz/v1 provider_id: together provider_type: remote::together - config: {} provider_id: bedrock provider_type: remote::bedrock - config: api_key: '********' base_url: https://api.openai.com/v1 provider_id: openai provider_type: remote::openai - config: api_key: '********' provider_id: anthropic provider_type: remote::anthropic - config: api_key: '********' provider_id: gemini provider_type: remote::gemini - config: api_key: '********' url: https://api.groq.com provider_id: groq provider_type: remote::groq - config: api_key: '********' url: https://api.sambanova.ai/v1 provider_id: sambanova provider_type: remote::sambanova - config: {} provider_id: sentence-transformers provider_type: inline::sentence-transformers post_training: - config: checkpoint_format: meta provider_id: torchtune-cpu provider_type: inline::torchtune-cpu safety: - config: excluded_categories: [] provider_id: llama-guard provider_type: inline::llama-guard - config: {} provider_id: code-scanner provider_type: inline::code-scanner scoring: - config: {} provider_id: basic provider_type: inline::basic - config: {} provider_id: llm-as-judge provider_type: inline::llm-as-judge - config: openai_api_key: '********' provider_id: braintrust provider_type: inline::braintrust tool_runtime: - config: api_key: '********' max_results: 3 provider_id: brave-search provider_type: remote::brave-search - config: api_key: '********' max_results: 3 provider_id: tavily-search provider_type: remote::tavily-search - config: {} provider_id: rag-runtime provider_type: inline::rag-runtime - config: {} provider_id: model-context-protocol provider_type: remote::model-context-protocol vector_io: - config: persistence: backend: kv_default namespace: vector_io::faiss provider_id: faiss provider_type: inline::faiss - config: db_path: /Users/ianmiller/.llama/distributions/starter/sqlite_vec.db persistence: backend: kv_default namespace: vector_io::sqlite_vec provider_id: sqlite-vec provider_type: inline::sqlite-vec registered_resources: benchmarks: [] datasets: [] models: [] scoring_fns: [] shields: [] tool_groups: - provider_id: tavily-search toolgroup_id: builtin::websearch - provider_id: rag-runtime toolgroup_id: builtin::rag vector_stores: [] server: port: 8321 storage: backends: kv_default: db_path: /Users/ianmiller/.llama/distributions/starter/kvstore.db type: kv_sqlite sql_default: db_path: /Users/ianmiller/.llama/distributions/starter/sql_store.db type: sql_sqlite stores: conversations: backend: sql_default table_name: openai_conversations inference: backend: sql_default max_write_queue_size: 10000 num_writers: 4 table_name: inference_store metadata: backend: kv_default namespace: registry prompts: backend: kv_default namespace: prompts telemetry: enabled: true vector_stores: default_embedding_model: model_id: nomic-ai/nomic-embed-text-v1.5 provider_id: sentence-transformers default_provider_id: faiss version: 2 INFO 2025-10-23 15:36:20,032 llama_stack.providers.utils.inference.inference_store:74 inference: Write queue disabled for SQLite to avoid concurrency issues WARNING 2025-10-23 15:36:20,422 llama_stack.providers.inline.telemetry.meta_reference.telemetry:84 telemetry: OTEL_EXPORTER_OTLP_ENDPOINT is not set, skipping telemetry INFO 2025-10-23 15:36:22,379 llama_stack.providers.utils.inference.openai_mixin:436 providers::utils: OpenAIInferenceAdapter.list_provider_model_ids() returned 105 models INFO 2025-10-23 15:36:22,703 uvicorn.error:84 uncategorized: Started server process [17328] INFO 2025-10-23 15:36:22,704 uvicorn.error:48 uncategorized: Waiting for application startup. INFO 2025-10-23 15:36:22,706 llama_stack.core.server.server:179 core::server: Starting up Llama Stack server (version: 0.3.0) INFO 2025-10-23 15:36:22,707 llama_stack.core.stack:470 core: starting registry refresh task INFO 2025-10-23 15:36:22,708 uvicorn.error:62 uncategorized: Application startup complete. INFO 2025-10-23 15:36:22,708 uvicorn.error:216 uncategorized: Uvicorn running on http://['::', '0.0.0.0']:8321 (Press CTRL+C to quit) ``` As you can see, prompts are attached to stores in config Testing: 1. Create prompt: ``` curl -X POST http://localhost:8321/v1/prompts \ -H "Content-Type: application/json" \ -d '{ "prompt": "Hello {{name}}! You are working at {{company}}. Your role is {{role}} at {{company}}. Remember, {{name}}, to be {{tone}}.", "variables": ["name", "company", "role", "tone"] }' ``` `{"prompt":"Hello {{name}}! You are working at {{company}}. Your role is {{role}} at {{company}}. Remember, {{name}}, to be {{tone}}.","version":1,"prompt_id":"pmpt_a90e09e67acfe23776f2778c603eb6c17e139dab5f6e163f","variables":["name","company","role","tone"],"is_default":false}% ` 2. Get prompt: `curl -X GET http://localhost:8321/v1/prompts/pmpt_a90e09e67acfe23776f2778c603eb6c17e139dab5f6e163f` `{"prompt":"Hello {{name}}! You are working at {{company}}. Your role is {{role}} at {{company}}. Remember, {{name}}, to be {{tone}}.","version":1,"prompt_id":"pmpt_a90e09e67acfe23776f2778c603eb6c17e139dab5f6e163f","variables":["name","company","role","tone"],"is_default":false}% ` 3. Query sqlite KV storage to check created prompt: ``` sqlite> .mode column sqlite> .headers on sqlite> SELECT * FROM kvstore WHERE key LIKE 'prompts:v1:%'; key value expiration ------------------------------------------------------------ ------------------------------------------------------------ ---------- prompts:v1:pmpt_a90e09e67acfe23776f2778c603eb6c17e139dab5f6e {"prompt_id": "pmpt_a90e09e67acfe23776f2778c603eb6c17e139dab 163f:1 5f6e163f", "prompt": "Hello {{name}}! You are working at {{c ompany}}. Your role is {{role}} at {{company}}. Remember, {{ name}}, to be {{tone}}.", "version": 1, "variables": ["name" , "company", "role", "tone"], "is_default": false} prompts:v1:pmpt_a90e09e67acfe23776f2778c603eb6c17e139dab5f6e 1 163f:default sqlite> ```	2025-10-27 11:12:12 -07:00
Luis Tomas Bolivar	63422e5b36	fix!: Enhance response API support to not fail with tool calling (#3385) ... # What does this PR do? Introduces two main fixes to enhance the stability of Responses API when dealing with tool calling responses and structured outputs. ### Changes Made 1. It added OpenAIResponseOutputMessageMCPCall and ListTools to OpenAIResponseInput but https://github.com/llamastack/llama-stack/pull/3810 got merge that did the same in a different way. Still this PR does it in a way that keep the sync between OpenAIResponsesOutput and the allowed objects in OpenAIResponseInput. 2. Add protection in case self.ctx.response_format does not have type attribute BREAKING CHANGE: OpenAIResponseInput now uses OpenAIResponseOutput union type. This is semantically equivalent - all previously accepted types are still supported via the OpenAIResponseOutput union. This improves type consistency and maintainability.	2025-10-27 09:33:02 -07:00
Luis Tomas Bolivar	f18b5eb537	fix: Avoid BadRequestError due to invalid max_tokens (#3667) ... This patch ensures if max tokens is not defined, then is set to None instead of 0 when calling openai_chat_completion. This way some providers (like gemini) that cannot handle the `max_tokens = 0` will not fail Issue: #3666	2025-10-27 09:27:21 -07:00
Derek Higgins	00d8414597	fix(tests): limit vector store providers for record mode in CI tests (#3898) ... The vector_provider_wrapper was only limiting providers to faiss/sqlite-vec for replay mode, but CI tests also run in record mode with the same limited set of providers. This caused test failures when trying to test against milvus, chromadb, pgvector, weaviate, and qdrant which aren't configured in the record job.	2025-10-27 09:22:49 -07:00
Sébastien Han	7c0e43424d	chore: remove duplicate provider definition (#3917) ... # What does this PR do? Files was present twice. Signed-off-by: Sébastien Han <seb@redhat.com>	2025-10-27 09:19:04 -07:00
dependabot[bot]	9c223d8593	chore(github-deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#3905) ... Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.2 to 5.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <h2>What's Changed</h2> <p><strong>BREAKING CHANGE:</strong> this update supports Node <code>v24.x</code>. This is not a breaking change per-se but we're treating it as such.</p> <ul> <li>Update README.md by <a href="https://github.com/GhadimiR"><code>@​GhadimiR</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/681">actions/upload-artifact#681</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@​nebuk89</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/712">actions/upload-artifact#712</a></li> <li>Readme: spell out the first use of GHES by <a href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/727">actions/upload-artifact#727</a></li> <li>Update GHES guidance to include reference to Node 20 version by <a href="https://github.com/patrikpolyak"><code>@​patrikpolyak</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/725">actions/upload-artifact#725</a></li> <li>Bump <code>@actions/artifact</code> to <code>v4.0.0</code></li> <li>Prepare <code>v5.0.0</code> by <a href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/734">actions/upload-artifact#734</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/GhadimiR"><code>@​GhadimiR</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/681">actions/upload-artifact#681</a></li> <li><a href="https://github.com/nebuk89"><code>@​nebuk89</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/712">actions/upload-artifact#712</a></li> <li><a href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/727">actions/upload-artifact#727</a></li> <li><a href="https://github.com/patrikpolyak"><code>@​patrikpolyak</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/725">actions/upload-artifact#725</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v5.0.0">https://github.com/actions/upload-artifact/compare/v4...v5.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="330a01c490"><code>330a01c</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/734">#734</a> from actions/danwkennedy/prepare-5.0.0</li> <li><a href="03f2824452"><code>03f2824</code></a> Update <code>github.dep.yml</code></li> <li><a href="905a1ecb59"><code>905a1ec</code></a> Prepare <code>v5.0.0</code></li> <li><a href="2d9f9cdfa9"><code>2d9f9cd</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/725">#725</a> from patrikpolyak/patch-1</li> <li><a href="9687587dec"><code>9687587</code></a> Merge branch 'main' into patch-1</li> <li><a href="2848b2cda0"><code>2848b2c</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/727">#727</a> from danwkennedy/patch-1</li> <li><a href="9b511775fd"><code>9b51177</code></a> Spell out the first use of GHES</li> <li><a href="cd231ca1ed"><code>cd231ca</code></a> Update GHES guidance to include reference to Node 20 version</li> <li><a href="de65e23aa2"><code>de65e23</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/712">#712</a> from actions/nebuk89-patch-1</li> <li><a href="8747d8cd76"><code>8747d8c</code></a> Update README.md</li> <li>Additional commits viewable in <a href="ea165f8d65...330a01c490">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-27 14:42:23 +01:00
dependabot[bot]	8ad9dd7d60	chore(github-deps): bump astral-sh/setup-uv from 7.1.0 to 7.1.1 (#3906) ... Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 7.1.0 to 7.1.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/setup-uv/releases">astral-sh/setup-uv's releases</a>.</em></p> <blockquote> <h2>v7.1.1 🌈 Fix empty workdir detection and lowest resolution strategy</h2> <h2>Changes</h2> <p>This release fixes a bug where the <code>working-directory</code> input was not used to detect an empty work dir. It also fixes the <code>lowest</code> resolution strategy resolving to latest when only a lower bound was specified.</p> <p>Special thanks to <a href="https://github.com/tpgillam"><code>@​tpgillam</code></a> for the first contribution!</p> <h2>🐛 Bug fixes</h2> <ul> <li>Fix &quot;lowest&quot; resolution strategy with lower-bound only <a href="https://github.com/tpgillam"><code>@​tpgillam</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/649">#649</a>)</li> <li>Use working-directory to detect empty workdir <a href="https://github.com/eifinger"><code>@​eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/645">#645</a>)</li> </ul> <h2>🧰 Maintenance</h2> <ul> <li>chore: update known checksums for 0.9.4 @<a href="https://github.com/apps/github-actions">github-actions[bot]</a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/651">#651</a>)</li> <li>chore: update known checksums for 0.9.3 @<a href="https://github.com/apps/github-actions">github-actions[bot]</a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/644">#644</a>)</li> </ul> <h2>📚 Documentation</h2> <ul> <li>Change version in docs to v7 <a href="https://github.com/eifinger"><code>@​eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/647">#647</a>)</li> </ul> <h2>⬆️ Dependency updates</h2> <ul> <li>Bump github/codeql-action from 4.30.7 to 4.30.8 @<a href="https://github.com/apps/dependabot">dependabot[bot]</a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/639">#639</a>)</li> <li>Bump actions/setup-node from 5.0.0 to 6.0.0 @<a href="https://github.com/apps/dependabot">dependabot[bot]</a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/641">#641</a>)</li> <li>Bump eifinger/actionlint-action from 1.9.1 to 1.9.2 @<a href="https://github.com/apps/dependabot">dependabot[bot]</a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/634">#634</a>)</li> <li>Update lockfile with latest npm <a href="https://github.com/eifinger"><code>@​eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/636">#636</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="2ddd2b9cb3"><code>2ddd2b9</code></a> chore: update known checksums for 0.9.4 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/651">#651</a>)</li> <li><a href="b7bf78939d"><code>b7bf789</code></a> Fix &quot;lowest&quot; resolution strategy with lower-bound only (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/649">#649</a>)</li> <li><a href="cb6c0a53d9"><code>cb6c0a5</code></a> Change version in docs to v7 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/647">#647</a>)</li> <li><a href="dffc6292f2"><code>dffc629</code></a> Use working-directory to detect empty workdir (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/645">#645</a>)</li> <li><a href="6e346e1653"><code>6e346e1</code></a> chore: update known checksums for 0.9.3 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/644">#644</a>)</li> <li><a href="3ccd0fd498"><code>3ccd0fd</code></a> Bump github/codeql-action from 4.30.7 to 4.30.8 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/639">#639</a>)</li> <li><a href="ce6dbd84e1"><code>ce6dbd8</code></a> Bump actions/setup-node from 5.0.0 to 6.0.0 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/641">#641</a>)</li> <li><a href="2382069a66"><code>2382069</code></a> Bump eifinger/actionlint-action from 1.9.1 to 1.9.2 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/634">#634</a>)</li> <li><a href="b1daf91f4e"><code>b1daf91</code></a> Update lockfile with latest npm (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/636">#636</a>)</li> <li>See full diff in <a href="3259c6206f...2ddd2b9cb3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-27 14:42:08 +01:00
dependabot[bot]	9d6e589120	chore(ui-deps): bump @types/node from 24.8.1 to 24.9.1 in /llama_stack/ui (#3912) ... Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.8.1 to 24.9.1. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-26 23:48:00 -04:00
dependabot[bot]	948951cc5c	chore(ui-deps): bump @tailwindcss/postcss from 4.1.14 to 4.1.16 in /llama_stack/ui (#3913) ... Bumps [@tailwindcss/postcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-postcss) from 4.1.14 to 4.1.16. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tailwindlabs/tailwindcss/releases"><code>@​tailwindcss/postcss</code>'s releases</a>.</em></p> <blockquote> <h2>v4.1.16</h2> <h3>Fixed</h3> <ul> <li>Discard candidates with an empty data type (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19172">#19172</a>)</li> <li>Fix canonicalization of arbitrary variants with attribute selectors (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19176">#19176</a>)</li> <li>Fix invalid colors due to nested <code>&amp;</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19184">#19184</a>)</li> <li>Improve canonicalization for <code>&amp; &gt; :pseudo</code> and <code>&amp; :pseudo</code> arbitrary variants (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19178">#19178</a>)</li> </ul> <h2>v4.1.15</h2> <h3>Fixed</h3> <ul> <li>Fix Safari devtools rendering issue due to <code>color-mix</code> fallback (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19069">#19069</a>)</li> <li>Suppress Lightning CSS warnings about <code>:deep</code>, <code>:slotted</code>, and <code>:global</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19094">#19094</a>)</li> <li>Fix resolving theme keys when starting with the name of another theme key in JS configs and plugins (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19097">#19097</a>)</li> <li>Allow named groups in combination with <code>not-*</code>, <code>has-*</code>, and <code>in-*</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19100">#19100</a>)</li> <li>Prevent important utilities from affecting other utilities (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19110">#19110</a>)</li> <li>Don’t index into strings with the <code>theme(…)</code> function (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19111">#19111</a>)</li> <li>Fix parsing issue when <code>\t</code> is used in at-rules (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19130">#19130</a>)</li> <li>Upgrade: Canonicalize utilities containing <code>0</code> values (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19095">#19095</a>)</li> <li>Upgrade: Migrate deprecated <code>break-words</code> to <code>wrap-break-word</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19157">#19157</a>)</li> </ul> <h3>Changed</h3> <ul> <li>Remove the <code>postinstall</code> script from oxide (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19149">#19149</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md"><code>@​tailwindcss/postcss</code>'s changelog</a>.</em></p> <blockquote> <h2>[4.1.16] - 2025-10-23</h2> <h3>Fixed</h3> <ul> <li>Discard candidates with an empty data type (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19172">#19172</a>)</li> <li>Fix canonicalization of arbitrary variants with attribute selectors (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19176">#19176</a>)</li> <li>Fix invalid colors due to nested <code>&amp;</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19184">#19184</a>)</li> <li>Improve canonicalization for <code>&amp; &gt; :pseudo</code> and <code>&amp; :pseudo</code> arbitrary variants (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19178">#19178</a>)</li> </ul> <h2>[4.1.15] - 2025-10-20</h2> <h3>Fixed</h3> <ul> <li>Fix Safari devtools rendering issue due to <code>color-mix</code> fallback (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19069">#19069</a>)</li> <li>Suppress Lightning CSS warnings about <code>:deep</code>, <code>:slotted</code>, and <code>:global</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19094">#19094</a>)</li> <li>Fix resolving theme keys when starting with the name of another theme key in JS configs and plugins (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19097">#19097</a>)</li> <li>Allow named groups in combination with <code>not-*</code>, <code>has-*</code>, and <code>in-*</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19100">#19100</a>)</li> <li>Prevent important utilities from affecting other utilities (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19110">#19110</a>)</li> <li>Don’t index into strings with the <code>theme(…)</code> function (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19111">#19111</a>)</li> <li>Fix parsing issue when <code>\t</code> is used in at-rules (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19130">#19130</a>)</li> <li>Upgrade: Canonicalize utilities containing <code>0</code> values (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19095">#19095</a>)</li> <li>Upgrade: Migrate deprecated <code>break-words</code> to <code>wrap-break-word</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19157">#19157</a>)</li> </ul> <h3>Changed</h3> <ul> <li>Remove the <code>postinstall</code> script from oxide (<a href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-postcss/issues/19149">#19149</a>)(<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19149">tailwindlabs/tailwindcss#19149</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="cbbbe84475"><code>cbbbe84</code></a> Release 4.1.16 (<a href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-postcss/issues/19185">#19185</a>)</li> <li><a href="b2e2435ccb"><code>b2e2435</code></a> Release 4.1.15 (<a href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-postcss/issues/19159">#19159</a>)</li> <li>See full diff in <a href="https://github.com/tailwindlabs/tailwindcss/commits/v4.1.16/packages/@tailwindcss-postcss">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-26 23:47:36 -04:00