build(deps): bump the uv group across 1 directory with 9 updates#9
Open
dependabot[bot] wants to merge 61 commits intomainfrom
Open
build(deps): bump the uv group across 1 directory with 9 updates#9dependabot[bot] wants to merge 61 commits intomainfrom
dependabot[bot] wants to merge 61 commits intomainfrom
Conversation
…ument processing - Added detailed logging for application startup and error handling in app.log and errors.log. - Increased access token expiration time from 3600 to 43200 minutes in config.py. - Expanded max tokens limit from 2048 to 8192 in LlmSettings. - Updated response modes in RagSettings to include additional options. - Improved document processing by applying custom chunking settings based on notebook configurations. - Enhanced prompt templates for better formatting and citation guidelines in llamaindex_prompts.py. - Added support for enabling/disabling reranking in query builder and reranker services.
…t prep Add encryption at rest for OAuth tokens, SSRF protection for URL processing, and security headers middleware. Disable HS256 JWT algorithm for asymmetric-only verification. Add database indexes for query performance. Update Python to 3.11.8, pin Qdrant to v1.7.4, and enable model pre-download in Docker. Reduce debug mode, remove sensitive config from docker-compose, and add comprehensive error handling with logging improvements. Configure PostgreSQL password via env variable and restrict CORS to explicit methods/headers in production.
… flexible CORS config)
…hcheck, pgbouncer)
…eddings and hybrid search with LlamaIndex.
…for TTS workload - Increase worker CPU from 1 to 2 cores and memory from 2.5GB to 4GB to accommodate TTS processing - Add healthcheck with liveness endpoint for worker container reliability - Add stop_grace_period of 120s for graceful shutdown - Reduce worker concurrency from 2-3 to 1 per queue to prevent memory exhaustion - Increase high priority timeout from 10min to 30min for podcast generation
…dcasts, quizzes, flashcards, and mindmaps.
Allow Google Cloud TTS credentials to be passed as JSON through the GOOGLE_CREDS_JSON environment variable. The credentials are written to a temp file and GOOGLE_APPLICATION_CREDENTIALS is set accordingly, enabling easier deployment in containerized environments like Coolify.
…eneration using Google Cloud TTS.
- Implement exponential backoff with jitter for transcript fetching - Add multiple client fallback chain (web, ios, android, mweb) for audio downloads - Support proxy configuration from environment variables - Improve cookie handling to only use browser cookies in development - Add HLS protocol fallback as last resort for downloads - Handle rate limiting (429) and transient errors gracefully
- Add youtube_cookies.txt and youtube_cookies_base64.txt with YouTube-specific cookies - Update youtube_processor.py to search for youtube_cookies.txt in additional locations - Remove old cookies.txt volume mounts from docker-compose.yml
Integrate yt-dlp-getpot-wpc plugin for automatic PO Token generation using browser automation, eliminating the need for manual token management. - Add yt-dlp-getpot-wpc dependency for automatic PO Token generation - Install chromium and chromium-driver in Docker for browser automation - Configure yt-dlp to use wpc provider for PO Token generation - Update client priority to prefer mweb client with automatic PO Token
Removes the WebPoClient PO Token Provider (wpc) from the YouTube ingestion pipeline. This includes removing the dependency from pyproject.toml and requirements.txt, removing the youtubepot configuration from youtube_processor.py, and updating the README. Also refreshes YouTube authentication cookies. BREAKING CHANGE: PO token generation for YouTube downloads is no longer handled automatically. Users must install yt-dlp-getpot-wpc separately if needed.
… citations Pass the original filename through the document processing pipeline to replace temp file names (e.g., tmphxad5tz0.docx) with real names in stored documents and citations. Fetch the real filename from the DB in the queue task before processing, and update response utilities to detect and replace temp filenames in citation lookups.
Implement comprehensive database connection pool monitoring with leak detection and saturation tracking. Increase pool limits to support higher production workloads. - Add connection checkout tracking with leak warnings (>30s duration) - Implement pool saturation alerts at 80% utilization threshold - Create /pool health endpoint for operational monitoring - Increase pool size from 10 to 20 and overflow from 15 to 25 - Remove sensitive cookie files and debug token scripts from repository - Update gitignore patterns for cookies, tokens, and secrets - Tune queue worker pools to 2-5 connections for resource balance
--- updated-dependencies: - dependency-name: aiohttp dependency-version: 3.13.3 dependency-type: direct:production dependency-group: uv - dependency-name: brotli dependency-version: 1.2.0 dependency-type: direct:production dependency-group: uv - dependency-name: transformers dependency-version: 4.53.0 dependency-type: direct:production dependency-group: uv - dependency-name: yt-dlp dependency-version: 2026.2.21 dependency-type: direct:production dependency-group: uv - dependency-name: langchain-community dependency-version: 0.3.27 dependency-type: direct:production dependency-group: uv - dependency-name: nltk dependency-version: 3.9.3 dependency-type: indirect dependency-group: uv - dependency-name: pypdf dependency-version: 6.7.4 dependency-type: direct:production dependency-group: uv - dependency-name: python-multipart dependency-version: 0.0.22 dependency-type: direct:production dependency-group: uv - dependency-name: requests dependency-version: 2.32.4 dependency-type: direct:production dependency-group: uv ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
This was referenced Mar 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.