Modernize packaging #193

abhiaagarwal · 2025-05-22T21:44:23Z

Description

This migrates the old setuptools-based packaging to instead use the pyproject.toml format, with uv as the package manager and hatchling as the build system. This mainly avoids adding the transitive dependencies of build and setuptools that are currently packaged with the sdk.

Moves CI over to use uv.

References

Closes #192

Review Checklist

I have clicked on "allow edits by maintainers".
I have added documentation for new/changed functionality in this PR or in a PR to openfga.dev [Provide a link to any relevant PRs in the references section above]
The correct base branch is being used, if not main
I have added tests to validate that the change in functionality is working as expected

Summary by CodeRabbit

New Features
- Added comprehensive project metadata, dependency groups, and build configuration to the project configuration file.
Bug Fixes
- Corrected a minor path in the type checking configuration.
Documentation
- Improved import examples in the README.
- Updated API documentation to remove the name filter from the list_stores method.
Refactor
- Removed support for the name parameter in the list_stores API client methods.
Chores
- Migrated dependency and build management to modern standards, removing legacy packaging files and requirements.
- Updated GitHub Actions workflow to use a new Python environment and dependency management tool.

linux-foundation-easycla · 2025-05-22T21:44:30Z

The committers listed above are authorized under a signed CLA.

✅ login: abhiaagarwal / name: Abhi Agarwal (69979bf, 7030fe4, 278ec03)
✅ login: evansims / name: Evan Sims (8667a66)

socket-security · 2025-05-22T21:45:19Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	mypy@1.17.1 ⏵ 1.17.0
	coverage@7.10.3 ⏵ 7.10.1	⁺¹
	ruff@0.12.8 ⏵ 0.12.7
	griffe@1.11.1 ⏵ 1.9.0
	multidict@6.6.4 ⏵ 6.6.3
	backports-asyncio-runner@1.2.0

View full report

socket-security · 2025-05-22T21:45:21Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		`[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.17.0/LICENSE) From: uv.lock → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.17.0.dist-info/licenses/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.17.0.dist-info/licenses/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.17.0.dist-info/licenses/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.17.0.dist-info/licenses/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.17.0.dist-info/licenses/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.17.0.dist-info/licenses/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.17.0.dist-info/licenses/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.17.0.dist-info/licenses/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.17.0.dist-info/licenses/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.17.0.dist-info/licenses/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.17.0.dist-info/licenses/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.17.0.dist-info/licenses/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.17.0.dist-info/licenses/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.17.0.dist-info/licenses/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.17.0.dist-info/licenses/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.17.0.dist-info/licenses/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.17.0.dist-info/licenses/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.17.0.dist-info/licenses/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.17.0.dist-info/licenses/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.17.0.dist-info/licenses/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.17.0.dist-info/licenses/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.17.0.dist-info/licenses/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.17.0.dist-info/licenses/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.17.0.dist-info/licenses/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.17.0.dist-info/licenses/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.17.0.dist-info/licenses/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.17.0.dist-info/licenses/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has a License Policy Violation. License: Python-2.0.1 (mypy-1.17.0.dist-info/licenses/LICENSE) From: `?` → `pypi/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
See 21 more rows in the dashboard

View full report

abhiaagarwal · 2025-05-22T21:55:41Z

Marking this as draft to make the upstream changes in sdk-generator, I'll force push on this branch.

evansims · 2025-07-30T16:03:32Z

Hey @abhiaagarwal 👋 Thanks a lot for contributing this! Now that the upstream Generator changes are merged, would you be up for updating this to bring the repo in sync?

abhiaagarwal · 2025-07-30T17:58:23Z

@evansims absolutely!

Signed-off-by: Abhi Agarwal <[email protected]>

coderabbitai · 2025-07-30T18:04:54Z

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

This change migrates the Python SDK project from legacy packaging and dependency management using setup.py, requirements.txt, and test-requirements.txt to a modern, PEP 621-compliant pyproject.toml configuration. The GitHub Actions workflow is updated to use the uv tool for environment setup, dependency management, and building. Documentation and code are updated to remove support for the name parameter in list_stores methods.

Changes

Cohort / File(s)	Change Summary
Modern packaging migration `pyproject.toml`, `setup.py`, `requirements.txt`, `test-requirements.txt`	Introduced `pyproject.toml` with project metadata, dependencies, and build configuration. Removed legacy `setup.py`, `requirements.txt`, and `test-requirements.txt` files.
Workflow modernization `.github/workflows/main.yaml`	Updated CI to use `uv` for Python setup, dependency management, and builds, replacing `actions/setup-python`, `pip`, and manual build commands.
API parameter removal (async client) `openfga_sdk/api/open_fga_api.py`	Removed `name` parameter from `list_stores` and `list_stores_with_http_info` methods and their documentation.
API parameter removal (sync client) `openfga_sdk/sync/open_fga_api.py`	Removed `name` parameter from `list_stores` and `list_stores_with_http_info` methods and their documentation.
Documentation updates `docs/OpenFgaApi.md`	Updated API documentation and usage examples to remove references to the `name` parameter for `list_stores`.
README import simplification `README.md`	Consolidated import statements in the "List Users" example for clarity.

Sequence Diagram(s)

sequenceDiagram
    participant GitHub Actions
    participant uv
    participant Python Environment

    GitHub Actions->>uv: Setup Python (setup-uv)
    uv->>Python Environment: Create environment, install dependencies (uv sync)
    GitHub Actions->>uv: Run tests/lint/build (uv run, uv build)
    uv->>Python Environment: Execute commands in managed environment

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Assessment against linked issues

Objective	Addressed	Explanation
Migrate from legacy packaging (`setup.py`, `requirements.txt`) to modern tooling (`pyproject.toml`) (#192)	✅
Remove unnecessary dependencies like `build` and `setuptools` from runtime requirements (#192)	✅
Use a modern dependency tool (e.g., `uv` or `poetry`) for dependency management (#192)	✅

Assessment against linked issues: Out-of-scope changes

Code Change	Explanation
Removal of `name` parameter from `list_stores` methods and documentation (`openfga_sdk/api/open_fga_api.py`, `openfga_sdk/sync/open_fga_api.py`, `docs/OpenFgaApi.md`)	Removing the `name` parameter is unrelated to the packaging modernization objective in #192.
Consolidation of import statements in README example (`README.md`)	README import simplification is unrelated to packaging modernization.

Possibly related PRs

chore: update readme import error #202: Updates import paths in the README, which is similar to the README import consolidation in this PR.

Suggested labels

release, documentation

Suggested reviewers

evansims

✨ Finishing Touches

🧪 Generate unit tests

Create PR with unit tests
Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- I pushed a fix in commit <commit_id>, please review it.
- Open a follow-up GitHub issue for this discussion.
Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (`.coderabbit.yaml`)

You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
Please see the configuration documentation for more information.
If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

Visit our Status Page to check the current availability of CodeRabbit.
Visit our Documentation for detailed information on how to use CodeRabbit.
Join our Discord Community to get help, request features, and share feedback.
Follow us on X/Twitter for updates and announcements.

coderabbitai

Actionable comments posted: 2

🔭 Outside diff range comments (2)

pyproject.toml (1)
139-144: mypy section contains invalid keys & list-valued exclude

packages is not a recognised mypy config option, and exclude expects a single regex string, not an array. Current config will cause “Unknown configuration option” errors and silently ignore the intended exclude.
-[tool.mypy]
-python_version = "3.10"
-packages = "openfga_sdk"
-exclude = [
-    "openfga_sdk/models",
-]
+[tool.mypy]
+python_version = "3.10"
+# Match anything under openfga_sdk/models
+exclude = "(^|/)openfga_sdk/models/"
openfga_sdk/sync/open_fga_api.py (1)

1308-1316: Update test invocations to remove the name parameter
The name argument was removed from list_stores_with_http_info and now passing it will raise FgaValidationException. Existing tests still call list_stores(name=…), so they must be updated:

• test/sync/open_fga_api_test.py:474
• test/api/open_fga_api_test.py:1892

Please remove (or replace) the name="test-store" argument in these calls and adjust assertions to match the new behavior.

🧹 Nitpick comments (4)

pyproject.toml (2)

37-42: Consider pinning upper bounds for all runtime deps

Only urllib3 has an explicit <3 cap; the other three libraries can introduce breaking API changes in any major release. Adding upper-bound pins (e.g. <4) avoids accidental breakage for your consumers.

47-55: [dependency-groups] is hatch-specific – document it

Readers unfamiliar with Hatch will not immediately know how to install the dev group (uv pip install -e . -G dev, hatch env create, etc.). A short comment in this stanza or in CONTRIBUTING/README will prevent onboarding friction.
.github/workflows/main.yaml (1)
70-77: Cache key should include uv.lock / resolved deps

cache-dependency-glob: "**/pyproject.toml" ignores the lock-file generated by uv pip compile.
If uv.lock (or .venv.json) changes but pyproject.toml stays the same, CI may reuse a stale cache.
cache-dependency-glob: |
  **/pyproject.toml
  **/uv.lock
docs/OpenFgaApi.md (1)
643-651: Example call still uses api_instance.api_instance; drop the redundant attribute

The SDK client returned by openfga_sdk.OpenFgaApi(...) already exposes the endpoint methods.
Using api_instance.api_instance.list_stores(...) in the snippet will raise an AttributeError for real code and may confuse users. Update the example to a single api_instance:
-        api_response = await api_instance.api_instance.list_stores(
-            page_size=page_size,
-            continuation_token=continuation_token
-        )
+        api_response = await api_instance.list_stores(
+            page_size=page_size,
+            continuation_token=continuation_token
+        )
(No further issues with the removal of the obsolete name parameter were found.)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d675336 and 69979bf.

⛔ Files ignored due to path filters (1)

uv.lock is excluded by !**/*.lock

📒 Files selected for processing (9)

.github/workflows/main.yaml (2 hunks)
README.md (1 hunks)
docs/OpenFgaApi.md (1 hunks)
openfga_sdk/api/open_fga_api.py (1 hunks)
openfga_sdk/sync/open_fga_api.py (1 hunks)
pyproject.toml (2 hunks)
requirements.txt (0 hunks)
setup.py (0 hunks)
test-requirements.txt (0 hunks)

💤 Files with no reviewable changes (3)

requirements.txt
test-requirements.txt
setup.py

🔇 Additional comments (1)

openfga_sdk/api/open_fga_api.py (1)

1314-1314: LGTM! Parameter removal properly implemented.

The removal of the name parameter from the all_params list correctly implements the API change described in the PR summary. This change is consistent with the method documentation and aligns with the coordinated updates across async/sync clients.

.github/workflows/main.yaml

README.md

abhiaagarwal · 2025-07-30T18:58:20Z

Hmmm, it seems that #202 needs to be updated upstream as well

evansims · 2025-08-05T05:42:33Z

Thanks @abhiaagarwal! I've got a PR created on the Generator to bring it up-to-date with 202 now.

evansims · 2025-08-12T15:12:51Z

👋 @abhiaagarwal, we just merged that PR. Sorry for the delay; we had to fix some tooling on the Generator repo to unblock that. You should be good to go now!

abhiaagarwal requested a review from a team as a code owner May 22, 2025 21:44

abhiaagarwal marked this pull request as draft May 22, 2025 21:55

abhiaagarwal and others added 3 commits July 30, 2025 14:01

Modernize packaging, move to uv

7030fe4

Migrate ci/cd to uv

278ec03

Sync upstream changes

69979bf

Signed-off-by: Abhi Agarwal <[email protected]>

abhiaagarwal force-pushed the modernize-package branch from 95803ec to 69979bf Compare July 30, 2025 18:04

abhiaagarwal marked this pull request as ready for review July 30, 2025 18:07

abhiaagarwal requested review from a team as code owners July 30, 2025 18:07

coderabbitai bot reviewed Jul 30, 2025

View reviewed changes

.github/workflows/main.yaml Show resolved Hide resolved

README.md Show resolved Hide resolved

Merge branch 'main' into modernize-package

8667a66

Modernize packaging #193

Are you sure you want to change the base?

Modernize packaging #193

Uh oh!

Conversation

abhiaagarwal commented May 22, 2025 • edited by coderabbitai bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description

References

Review Checklist

Summary by CodeRabbit

Uh oh!

linux-foundation-easycla bot commented May 22, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

socket-security bot commented May 22, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

socket-security bot commented May 22, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

abhiaagarwal commented May 22, 2025

Uh oh!

evansims commented Jul 30, 2025

Uh oh!

abhiaagarwal commented Jul 30, 2025

Uh oh!

coderabbitai bot commented Jul 30, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Review skipped

Walkthrough

Changes

Sequence Diagram(s)

Estimated code review effort

Assessment against linked issues

Assessment against linked issues: Out-of-scope changes

Possibly related PRs

Suggested labels

Suggested reviewers

Chat

Support

CodeRabbit Commands (Invoked using PR/Issue comments)

Other keywords and placeholders

CodeRabbit Configuration File (.coderabbit.yaml)

Status, Documentation and Community

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

abhiaagarwal commented Jul 30, 2025

Uh oh!

evansims commented Aug 5, 2025

Uh oh!

evansims commented Aug 12, 2025

Uh oh!

Uh oh!

abhiaagarwal commented May 22, 2025 •

edited by coderabbitai bot

Loading

linux-foundation-easycla bot commented May 22, 2025 •

edited

Loading

socket-security bot commented May 22, 2025 •

edited

Loading

socket-security bot commented May 22, 2025 •

edited

Loading

coderabbitai bot commented Jul 30, 2025 •

edited

Loading

CodeRabbit Configuration File (`.coderabbit.yaml`)