From b92c0d883de67dfe850ccaacb54ca4657e96fb94 Mon Sep 17 00:00:00 2001 From: AJ Barea Date: Mon, 1 Jun 2026 09:53:47 -0400 Subject: [PATCH] =?UTF-8?q?docs(roadmap):=20correct=20uv=20versioning-stra?= =?UTF-8?q?tegy=20note=20=E2=80=94=20lockfile-only=20unconfirmed=20for=20u?= =?UTF-8?q?v?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The 2026-05-30 note claimed dependabot-core#12162 closing made the versioning-strategy: lockfile-only fleet fix live. 2026-06-01 verification: #12162 closed for its requester's 'increase' value, not lockfile-only for uv; astral's uv-Dependabot guide never mentions versioning-strategy; current sources report it not fully supported for uv. The note contradicted techne's own template comment ('not supported for uv yet'). Corrected to: still deferred, do not edit the fleet until astral/GitHub docs list versioning-strategy for uv; /techne:sisters check 7 stays the mitigation. --- ROADMAP.md | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/ROADMAP.md b/ROADMAP.md index e2f617c..948c638 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -77,18 +77,24 @@ queued for when that drift class recurs. Renovate (shared `extends` preset). Also re-enable the `uv` ecosystem on kourai once dependabot-core#14004 (workspace mis-targeting) closes — **re-checked 2026-05-30: still open**, so kourai's uv deferral stands. -- **uv toolchain-floor churn → unblocked 2026-05-30.** Dependabot's uv ecosystem - bumps pyproject floors (not just uv.lock), so ruff/ty floors drift across - sisters unevenly as releases land — caught and re-aligned via `/techne:sisters` - check 7 (e.g. 2026-05-25). **dependabot-core#12162 (uv `versioning-strategy` - support) is now closed (`completed`, ~2026-02)**, so the queued fix is live: add - `versioning-strategy: lockfile-only` to the uv entries (template + repos) so - Dependabot stops bumping floors and the churn ends. Verify uv accepts the - `lockfile-only` value specifically before the fleet edit — #12162 tracked the - versioning-strategy umbrella (its requester wanted `increase`), so confirm the - exact value lands. Renovate's `update-lockfile` rangeStrategy is the equivalent - if the fleet ever moves there. `research(2026-05)`: dependabot/dependabot-core#12162 - closed-completed (the open blocker this item waited on). +- **uv toolchain-floor churn — still deferred (re-verified 2026-06-01).** Dependabot's + uv ecosystem bumps pyproject floors (not just uv.lock), so ruff/ty floors drift + across sisters unevenly as releases land — caught and re-aligned via + `/techne:sisters` check 7 (e.g. 2026-05-25), which remains the mitigation. The + queued fix was `versioning-strategy: lockfile-only` on the uv entries, gated on + dependabot-core#12162. **2026-06-01 verification says not ready, despite the issue + closing:** #12162 closed (`completed`) but tracked the umbrella for its requester's + `increase` value, not `lockfile-only` for uv; astral's own uv↔Dependabot guide + (docs.astral.sh/uv/guides/integration/dependabot) documents only `package-ecosystem` + + `cooldown` and **never mentions `versioning-strategy`**, and current sources report + it "not fully supported for uv." Applying `lockfile-only` fleet-wide would push + unverified config (silently ignored at best, broken updates at worst), so the + template comment ("not supported for uv yet") stands — do **not** edit the fleet + until astral's guide or the GitHub options reference explicitly lists + `versioning-strategy` for the uv ecosystem. Renovate's `update-lockfile` + rangeStrategy is the equivalent if the fleet ever moves there. `research(2026-06)`: + astral uv-Dependabot guide (no versioning-strategy); #12162 closed for `increase`, + uv `lockfile-only` support unconfirmed. ---