[FIX] Align python-dotenv to 1.2.2 across all packages (unbreak main after #2006)

[jaseemjaskp]

What

Aligns python-dotenv to 1.2.2 across every package and regenerates the affected uv.lock files, fixing an unsatisfiable dependency resolution on main.

Why

Dependabot #2006 ("Bump the uv group across 10 directories") bumped python-dotenv to 1.2.2 in most packages but left two stragglers behind:

• Root pyproject.toml (hook-check-django-migrations group) → python-dotenv==1.0.1
• unstract/connectors/pyproject.toml (test group) → python-dotenv~=1.0.0 (i.e. <1.1)

These are mutually unsatisfiable with workspace members that now require 1.2.2 (unstract-sdk1, unstract-workers, etc.), so main is currently broken. This surfaced on PR #2005 (and any PR branched off / merging current main) as two failed checks:

• test — uv resolution fails: unstract:hook-check-django-migrations depends on python-dotenv==1.0.1 and unstract-connectors:test depends on python-dotenv>=1.0.0,<1.1.dev0 conflict with the 1.2.2 requirement.
• build (worker-unified image) — uv sync --group deploy --locked fails with "The lockfile at uv.lock needs to be updated" because workspace resolution pulls in the stale connectors constraint.

The downstream library locks (filesystem, tool-registry, workflow-execution) were also left pinned at python-dotenv 1.0.1 by the same bump and are regenerated here for consistency.

How

• Bump root pyproject.toml python-dotenv==1.0.1 → ==1.2.2
• Bump unstract/connectors/pyproject.toml (test group) python-dotenv~=1.0.0 → ~=1.2.2
• Regenerate uv.lock for root, unstract/connectors, unstract/filesystem, unstract/tool-registry, unstract/workflow-execution (every lock diff is exclusively python-dotenv 1.0.1 → 1.2.2)

Can this PR break any existing features. If yes, please list possible items. If no, please explain why. (PS: Admins do not merge the PR without this section filled)

No. This only aligns a single dependency (python-dotenv) to the version (1.2.2) that the rest of the repo already uses, restoring a satisfiable resolution. No application code changes. Verified locally that uv lock --check passes for every package and that the previously-failing uv sync --group deploy --locked (worker-unified) now succeeds.

Database Migrations

• None

Env Config

• None

Relevant Docs

• None

Related Issues or PRs

• Follow-up to Bump the uv group across 10 directories with 4 updates #2006 (the bump that introduced the inconsistency)
• Unblocks [MISC] Auto-create default LLM profile in Prompt Studio with clearer upload tooltip #2005 (which fails only due to this inherited main breakage)

Dependencies Versions

• python-dotenv: 1.0.1 → 1.2.2 (root + connectors test group; locks aligned to the 1.2.2 already used everywhere else)

Notes on Testing

• uv lock --check passes for all packages (root, backend, prompt-service, platform-service, runner, x2text-service, tool-sidecar, workers, and all unstract/* libs)
• Reproduced the original failures on pristine main: uv sync --group deploy --locked --no-install-project --no-dev (the worker-unified build step) failed with "lockfile needs to be updated"; with this fix it succeeds.

Screenshots

Checklist

I have read and understood the Contribution Guidelines.

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f5944a3b-8d28-4f70-8572-1f9f5881ddb7

📥 Commits

Reviewing files that changed from the base of the PR and between 428c6b6 and 57d3d05.

⛔ Files ignored due to path filters (5)

• unstract/connectors/uv.lock is excluded by !**/*.lock
• unstract/filesystem/uv.lock is excluded by !**/*.lock
• unstract/tool-registry/uv.lock is excluded by !**/*.lock
• unstract/workflow-execution/uv.lock is excluded by !**/*.lock
• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (2)

• pyproject.toml
• unstract/connectors/pyproject.toml

---

Summary by CodeRabbit

• Chores
  • Updated Python environment management dependency to version 1.2.2 across development and testing environments.

Walkthrough

This PR updates the python-dotenv package across two project configuration files: the root pyproject.toml bumps the pinned version from 1.0.1 to 1.2.2 in the hook-check-django-migrations dev dependency group, while unstract/connectors/pyproject.toml updates the test dependency constraint from ~=1.0.0 to ~=1.2.2.

Changes

Python-dotenv version bump

Layer / File(s)	Summary
Python-dotenv dependency updates pyproject.toml, unstract/connectors/pyproject.toml	Both files update python-dotenv to version 1.2.2: root hooks pinned to exact version 1.0.1→1.2.2, and connectors test group uses compatible release constraint ~=1.0.0→~=1.2.2.

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title '[FIX] Align python-dotenv to 1.2.2 across all packages (unbreak main after #2006)' is clear, specific, and accurately summarizes the main change—updating a dependency version to fix broken dependency resolution.
Description check	✅ Passed	The description is comprehensive, covering all required template sections with detailed context: what changed, why it was needed, how it was fixed, impact analysis, related PRs, dependency versions, and testing verification.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/python-dotenv-version-conflict

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[greptile-apps]

Greptile Summary

This PR is a targeted dependency alignment fix that bumps python-dotenv from 1.0.1/~=1.0.0 to 1.2.2 in the two locations left behind by Dependabot PR #2006, then regenerates the five affected uv.lock files. No application code is touched.

• pyproject.toml: hook-check-django-migrations group pin changed from ==1.0.1 → ==1.2.2, unblocking uv workspace resolution.
• unstract/connectors/pyproject.toml: test-group specifier changed from ~=1.0.0 → ~=1.2.2, eliminating the <1.1 upper bound that conflicted with workspace members requiring 1.2.2.
• Five uv.lock files (root, connectors, filesystem, tool-registry, workflow-execution): regenerated with exclusively python-dotenv 1.0.1 → 1.2.2 changes and updated sdist/wheel hashes.

Confidence Score: 5/5

Safe to merge — changes are confined to a single dependency version string and mechanically regenerated lock files with no application code affected.

Every diff line across all seven files is a mechanical substitution of python-dotenv 1.0.1 → 1.2.2, including updated sdist/wheel hashes. The two pyproject.toml edits fix the exact constraint mismatches identified in the PR description, and the lock file regenerations are consistent with those edits. There is no application logic, no schema change, and no configuration change.

No files require special attention — all changes are deterministic lock-file output from uv lock.

Important Files Changed

Filename	Overview
pyproject.toml	Bumps python-dotenv from ==1.0.1 to ==1.2.2 in the hook-check-django-migrations dependency group to resolve workspace-level conflict
unstract/connectors/pyproject.toml	Bumps python-dotenv from ~=1.0.0 to ~=1.2.2 in the test dependency group; resolves the second straggler constraint that made uv resolution unsatisfiable
unstract/connectors/uv.lock	Lock file regenerated; only change is python-dotenv 1.0.1 → 1.2.2 with updated sdist/wheel hashes
unstract/filesystem/uv.lock	Lock file regenerated; only change is python-dotenv 1.0.1 → 1.2.2 with updated sdist/wheel hashes
unstract/tool-registry/uv.lock	Lock file regenerated; only change is python-dotenv 1.0.1 → 1.2.2 with updated sdist/wheel hashes
unstract/workflow-execution/uv.lock	Lock file regenerated; only change is python-dotenv 1.0.1 → 1.2.2 with updated sdist/wheel hashes
uv.lock	Root lock file regenerated; changes are exclusively python-dotenv 1.0.1 → 1.2.2 across workspace members, including the specifier floor bump from >=1.0.0 to >=1.2.2

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Dependabot #2006\nbumped python-dotenv to 1.2.2\nin most packages] --> B{Two stragglers left behind}
    B --> C[pyproject.toml\nhook-check-django-migrations\npython-dotenv==1.0.1]
    B --> D[connectors/pyproject.toml\ntest group\npython-dotenv~=1.0.0]
    C --> E[uv resolution fails:\nunsatisfiable constraints]
    D --> E
    E --> F[This PR: bump both to 1.2.2\nregenerate 5 uv.lock files]
    F --> G[root uv.lock]
    F --> H[connectors uv.lock]
    F --> I[filesystem uv.lock]
    F --> J[tool-registry uv.lock]
    F --> K[workflow-execution uv.lock]
    G & H & I & J & K --> L[Workspace resolution\nsatisfiable again]

Loading

_{Reviews (1): Last reviewed commit: "[FIX] Align python-dotenv to 1.2.2 acros..." | Re-trigger Greptile}

[github-actions]

Unstract test results

Per-group results

Status	Group	Tier	Passed	Failed	Errors	Skipped	Duration (s)
❌	unit-connectors	unit	64	12	0	3	16.7
❌	unit-core	unit	0	0	2	0	1.2
❌	unit-platform-service	unit	9	0	1	0	1.3
✅	unit-prompt-service	unit	15	0	0	0	19.1
✅	unit-rig	unit	53	0	0	0	3.3
✅	unit-runner	unit	11	0	0	0	2.9
✅	unit-sdk1	unit	354	0	0	0	20.4
❌	unit-tool-registry	unit	0	0	1	0	1.3
⚪	unit-workers	unit	0	0	0	0	17.2
	TOTAL		506	12	4	3	83.5

Critical paths

⚠️ Critical paths not yet covered

• auth-login — User can log in and obtain a session cookie. (entry: POST /api/v1/auth/login; declared coverage: no groups declared)
• adapter-register-llm — Register and validate an LLM adapter. (entry: POST /api/v1/adapter/; declared coverage: no groups declared)
• workflow-create-execute — Create a workflow, configure source+destination, execute, poll, fetch result. (entry: POST /api/v1/workflow/{id}/execute/; declared coverage: e2e-workflow)
• api-deployment-run — Deploy a workflow as an API, POST a document, receive structured JSON. (entry: POST /deployment/api/{org}/{name}/; declared coverage: e2e-api-deployment)
• prompt-studio-fetch-response — Prompt Studio: create project, add prompt, run single-pass, get response. (entry: POST /api/v1/prompt-studio/prompt-studio-tool/{id}/fetch_response/; declared coverage: e2e-prompt-studio)
• pipeline-etl-execute — Run an ETL pipeline from source connector to destination. (entry: POST /api/v1/pipeline/{id}/execute/; declared coverage: no groups declared)
• usage-token-tracking — Per-execution token usage is recorded and retrievable. (entry: GET /api/v1/usage/get_token_usage/; declared coverage: no groups declared)
• workflow-execution-fan-out — Multi-file workflow execution fans out to file-processing workers and rejoins. (entry: internal: backend → rabbitmq → workers/file_processing; declared coverage: no groups declared)
• callback-result-delivery — Async results are posted back via the callback worker. (entry: internal: workers/callback → backend /internal endpoints; declared coverage: no groups declared)

✅ Covered critical paths

• tool-sandbox-exec — covered by unit-runner