agnes-the-ai-analyst

Author	SHA1	Message	Date
dependabot[bot]	970067e6c3	chore(deps): bump python-multipart from 0.0.26 to 0.0.27 Bumps [python-multipart](https://github.com/Kludex/python-multipart) from 0.0.26 to 0.0.27. - [Release notes](https://github.com/Kludex/python-multipart/releases) - [Changelog](https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md) - [Commits](https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27) --- updated-dependencies: - dependency-name: python-multipart dependency-version: 0.0.27 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-07 09:09:45 +02:00
Vojtech	38f6b639d2	feat(observability): request_id end-to-end + dev debug toolbar + centralized logging (#136 ) Cuts release 0.20.0. ## Highlights - X-Request-ID header on every response + sanitized to [A-Za-z0-9_-] (CRLF log-forging mitigation) - Error pages (HTML + JSON 500) surface request_id for support tickets - Dev debug toolbar gated by DEBUG=1 — fastapi-debug-toolbar with custom DuckDBPanel - Centralized app.logging_config.setup_logging() replaces 23 scattered basicConfig calls - Telegram bot drops bot.log file — stdout only (BREAKING) ## Devin findings addressed - BUG_0001: .env.template no longer claims FastAPI debug=True - BUG_0002: subprocess extractor logs INFO to stderr again - ANALYSIS_0003: _wants_html no longer matches Accept: / (curl gets JSON as before) - BUG on b1c6ee9: HTML 500 page no longer leaks str(exc) in production - BUG on b13d2fe: 2 CLAUDE.md compliance flags (transform.py + ws_gateway) accepted as scope-limited logging refactor — follow-up to update CLAUDE.md if needed See CHANGELOG [0.20.0] for full notes.	2026-04-29 22:54:21 +02:00
dependabot[bot]	6e93461918	chore(deps): bump python-multipart from 0.0.24 to 0.0.26 Bumps [python-multipart](https://github.com/Kludex/python-multipart) from 0.0.24 to 0.0.26. - [Release notes](https://github.com/Kludex/python-multipart/releases) - [Changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md) - [Commits](https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.26) --- updated-dependencies: - dependency-name: python-multipart dependency-version: 0.0.26 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-21 13:26:19 +00:00
dependabot[bot]	043ae4b378	chore(deps): bump authlib from 1.6.9 to 1.6.11 Bumps [authlib](https://github.com/authlib/authlib) from 1.6.9 to 1.6.11. - [Release notes](https://github.com/authlib/authlib/releases) - [Changelog](https://github.com/authlib/authlib/blob/v1.6.11/docs/changelog.rst) - [Commits](https://github.com/authlib/authlib/compare/v1.6.9...v1.6.11) --- updated-dependencies: - dependency-name: authlib dependency-version: 1.6.11 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-17 00:41:27 +00:00
ZdenekSrotyr	86fe4b411d	fix: upgrade urllib3 1.26→2.6.3 — resolves all 4 Dependabot security alerts Removed kbcstorage from all dependency groups (optional + dev) so urllib3 is no longer pinned to <2.0. Legacy Keboola client is available via manual install: pip install kbcstorage	2026-04-09 14:53:30 +02:00
ZdenekSrotyr	809448e02b	fix: move kbcstorage to optional dep — unblocks urllib3 security updates kbcstorage pins urllib3<2.0.0 which blocks Dependabot security patches. Moved to [project.optional-dependencies] keboola-legacy since the primary extraction path uses the DuckDB Keboola extension, not kbcstorage. Legacy fallback uses lazy import — app works without it installed.	2026-04-09 14:46:50 +02:00
ZdenekSrotyr	1ebf50bd78	fix: upgrade setup-uv@v5 → v8 (Node.js 24 native), add uv.lock - setup-uv@v8 runs on Node.js 24 natively — no more deprecation warnings - Removed FORCE_JAVASCRIPT_ACTIONS_TO_NODE24 workaround (no longer needed) - Added uv.lock for reproducible dependency resolution	2026-04-09 14:16:55 +02:00

7 commits