Commit Graph

5 Commits

Author SHA1 Message Date
bvandeusen df76fd75d8 feat(attachments): fail-soft archive_extractor (zip/cbz/rar/7z)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-19 11:11:37 -04:00
bvandeusen 3b5f894435 feat(provenance): nh3 HTML sanitizer for scraped post descriptions
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-18 18:05:45 -04:00
bvandeusen 0f47c7485b chore(fc2a): catch up on stale dep pins — current versions across the board
Audit against PyPI revealed almost every pin in requirements.txt and
requirements-ml.txt was significantly behind. Most bumps are minor-major
catch-up; a handful are major-version jumps.

requirements.txt:
- quart       0.19  -> 0.20
- hypercorn   0.16  -> 0.18  (now declares 3.14 support)
- asyncpg     0.30  -> 0.31
- psycopg     3.2   -> 3.3
- alembic     1.13  -> 1.18  (5 minors stale)
- pgvector    0.2   -> 0.4   (2 minors stale)
- celery      5.4   -> 5.6
- redis       5.0   -> 7.4   (major jump)
- cryptography 44   -> 48
- pillow      11.1  -> 12    (major jump; 12.x has 3.14 wheels)
- gallery-dl  1.27  -> 1.32  (5 minors stale)
- python-dotenv 1.0 -> 1.2
- structlog   24.1  -> 25.5  (major jump)

(sqlalchemy 2.0 line is current. imagehash 4.3.2 was already in range.)

requirements-ml.txt (not exercised by CI yet; FC-2b territory):
- torch                 2.2  -> 2.12   (10 minors stale)
- torchvision           0.17 -> 0.27   (CAVEAT: excludes Python 3.14.1
                                        specifically — inline comment added)
- transformers          4.40 -> 5.8    (major)
- onnxruntime           1.17 -> 1.26
- huggingface-hub       0.22 -> 1.14   (major)
- opencv-python-headless 4.9 -> 4.13

The torchvision 3.14.1 exclusion is a real footgun — the python-ci
runner pulls python:3.14-bookworm (latest patch); if that ever resolves
to 3.14.1, the ml-worker image build will fail. FC-2b will exercise this
path for the first time, so the constraint is documented inline rather
than worked around now.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-14 13:26:37 -04:00
bvandeusen 8988423c95 fix(fc2a): bump Pillow, asyncpg, psycopg, cryptography for Python 3.14 wheel coverage
CI failed at 'pip install -r requirements.txt' with Pillow 10.4.0 sdist
building from source under Python 3.14 and exiting with KeyError: '__version__'
(no 3.14 wheel exists for the 10.x line). The same risk applied to
asyncpg 0.29 (also no 3.14 wheel) and to psycopg 3.1.x (dep resolver was
backtracking through every minor trying to find a 3.14-compatible combo).

Bumps:
- pillow:       10.2-10.x -> 11.1-11.x   (11.x has 3.13+ wheels)
- asyncpg:      0.29       -> 0.30       (0.30 added 3.13/3.14 wheels)
- psycopg:      3.1.x      -> 3.2.x      (current line, stable resolver)
- cryptography: 42         -> 44-45      (current abi3 wheels; the 42 line
                                          worked via abi3 but bumping aligns
                                          with the newer cffi-on-3.14 path)

This is the operator-flagged risk from FC-1 ("scientific stack may still be
catching up on 3.14 wheels — worth confirming before locking in"), realized.
The fix is to pin newer minimums, not to back off to 3.13.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-14 13:02:47 -04:00
bvandeusen 13eaa35f1c feat: scaffold backend Python project (Quart + SQLAlchemy + Celery deps)
Pins runtime and ML deps separately so the regular web image stays lean.
Configures ruff for py312 with bugbear, async, and pyupgrade lints enabled.
psycopg sync driver included up-front for alembic.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-14 07:31:39 -04:00