Skip to content

Clean up deprecated files, reorganize docs, fix filelock CVE #14

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
DiTo97 merged 4 commits into from
Dec 28, 2025
Merged

Clean up deprecated files, reorganize docs, fix filelock CVE #14

DiTo97 merged 4 commits into from
Dec 28, 2025

Conversation

Copy link
Contributor

Copilot AI commented Dec 28, 2025
edited
Loading

Repository housekeeping: remove obsolete monorepo artifacts after workspace migration, consolidate documentation, and patch filelock TOCTOU vulnerability.

Changes

  • Removed deprecated files

    • README.old.md, Dockerfile.old - leftover from pre-workspace structure
    • src/ directory - monorepo code superseded by packages/ workspace
    • requirements.txt - autogenerated file superseded by uv.lock

  • Documentation reorganization

    • Created docs/ directory with lowercase naming: implementation-summary.md, package-structure.md
    • Updated internal references to new paths

  • Security patch

    • Pinned filelock>=3.20.1 in pyproject.toml (CVE fix for symlink attack during lock creation)
    • Updated uv.lock: 3.18.0 → 3.20.1

  • Configuration cleanup

    • Removed src = ["src"] from ruff config
    • Removed obsolete known-first-party imports
    • Removed requirements-txt-fixer and uv-export pre-commit hooks
Original prompt

This section details on the original issue you should resolve

<issue_title>house keeping</issue_title>
<issue_description>The repository needs some house keeping:

  • unused files that should be deleted: README.old.md, Dockerfile.old and all the files within src/ as the original monorepo has been split in a uv workspace
  • implementation_summary.md and PACKAGE_STRUCTURE.md should be maintained as docs in a docs/ folder, with lowercase naming and easy to read for both human engineers as well as AI coding assistants
  • filelock should be forced with version >=3.20.1 . It is a sub-dependecy of other stuff, but currently raising the moderate security concern: filelock has a TOCTOU race condition which allows symlink attacks during lock file creation </issue_description>

Comments on the Issue (you are @copilot in this section)

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI and others added 2 commits December 28, 2025 18:13
@DiTo97
Clean up repository: remove old files, reorganize docs, fix filelock …
296980f 
…security issue

Co-authored-by: DiTo97 <40361744+DiTo97@users.noreply.github.com>
@DiTo97
Update documentation to reflect new file locations
aebf384 
Co-authored-by: DiTo97 <40361744+DiTo97@users.noreply.github.com>
Copilot AI changed the title [WIP] Perform housekeeping by removing unused files and updating docs Clean up deprecated files, reorganize docs, fix filelock CVE Dec 28, 2025
Copilot AI requested a review from DiTo97 December 28, 2025 18:17
@DiTo97
Copy link
Owner

DiTo97 commented Dec 28, 2025

@copilot works great. Is requirements.txt still used? Otherwise, I'd remove it, would be one more thing to maintain.

@DiTo97
Remove obsolete requirements.txt and related pre-commit hooks
c3a2fc4 
Co-authored-by: DiTo97 <40361744+DiTo97@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Dec 28, 2025

@copilot works great. Is requirements.txt still used? Otherwise, I'd remove it, would be one more thing to maintain.

You're correct—requirements.txt was no longer used. It was being autogenerated by the uv-export pre-commit hook, but since the project uses uv with pyproject.toml and uv.lock, and the Dockerfile uses uv sync directly, it was redundant.

Removed in c3a2fc4 along with the requirements-txt-fixer and uv-export pre-commit hooks.

DiTo97
DiTo97 approved these changes Dec 28, 2025
View reviewed changes
Copy link
Owner

@DiTo97 DiTo97 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@DiTo97 DiTo97 marked this pull request as ready for review December 28, 2025 18:37
@DiTo97 DiTo97 merged commit 995d6ed into main Dec 28, 2025
4 checks passed
@DiTo97 DiTo97 deleted the copilot/house-keeping-repo-cleanup branch December 28, 2025 18:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@DiTo97 DiTo97 DiTo97 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@DiTo97 DiTo97

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

house keeping

2 participants

@DiTo97