Teknium 624e4a8e7a chore: regenerate uv.lock with hashes, use lockfile in setup (#2812) ...

- Regenerate uv.lock with sha256 hashes for all 2965 package artifacts
- Add python_version marker to yc-bench (requires >=3.12)
- Update setup-hermes.sh to prefer 'uv sync --locked' for hash-verified
  installs, with fallback to 'uv pip install' when lockfile is stale

This completes the supply chain hardening: pyproject.toml bounds the
version ranges, and uv.lock pins exact versions with cryptographic
hashes so tampered packages are rejected at install time.

2026-03-24 08:42:45 -07:00

3.4 KiB

Raw Blame History

View Raw