From 8109ac9a1d72a57e461d34e52b75e95508a6ab18 Mon Sep 17 00:00:00 2001 From: Tony Santiago Date: Tue, 16 Sep 2025 16:43:24 -0400 Subject: [PATCH 1/3] Pin DSPy to version 2.6.27 for compatibility DSPy versions 2.7.0+ introduce breaking changes that cause compatibility issues with the Nova Prompt Optimizer SDK. Specifically: - Changes to internal DSPy APIs that the SDK relies on - Modified behavior in MIPROv2 optimizer integration - Potential issues with structured output parsing Pinning to 2.6.27 ensures: - Stable SDK behavior across environments - Consistent optimization results - Prevents unexpected breaking changes during SDK usage - Maintains compatibility with existing Nova SDK features This version has been tested and verified to work correctly with all Nova Prompt Optimizer functionality. --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 96341c2..7ce34ca 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,7 +2,7 @@ jinja2 boto3 botocore boto3-stubs -dspy +dspy==2.6.27 numpy==2.3.2 virtualenv==20.31.2 urllib3==2.5.0 From c7cbed0703f3dd6c0b7be07ebcde3e7de4047d9a Mon Sep 17 00:00:00 2001 From: Tony Santiago Date: Thu, 18 Sep 2025 00:49:26 -0400 Subject: [PATCH 2/3] Add CodeQL workflow for security scanning - Enables CodeQL analysis for Python code - Required for PR merge approval - Will unblock merge once analysis completes --- .github/workflows/codeql.yml | 38 ++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..0608386 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,38 @@ +name: "CodeQL" + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'python' ] + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + + - name: Autobuild + uses: github/codeql-action/autobuild@v3 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" From 7e6e33b13bf5e1856c34d9c681f65d07b3df08c5 Mon Sep 17 00:00:00 2001 From: Tony Santiago Date: Thu, 18 Sep 2025 00:52:01 -0400 Subject: [PATCH 3/3] Remove custom CodeQL workflow - use default setup - Repository already has default CodeQL setup enabled - Custom workflow conflicts with default configuration - Default setup will handle security scanning automatically --- .github/workflows/codeql.yml | 38 ------------------------------------ 1 file changed, 38 deletions(-) delete mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 0608386..0000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: "CodeQL" - -on: - push: - branches: [ "main" ] - pull_request: - branches: [ "main" ] - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: [ 'python' ] - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: ${{ matrix.language }} - - - name: Autobuild - uses: github/codeql-action/autobuild@v3 - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 - with: - category: "/language:${{matrix.language}}"