Dev

[IAmVigneswaran]

Summary by CodeRabbit

• Documentation

  • Revamped docs for the v2 migration: new ephemeral local build/test workflow, updated README/AGENT/CHANGELOG, dev toolchain table, and Notion API compatibility notes.

• Chores

  • Require Python >=3.11,<3.15 (builds pinned to 3.14.x), pin Notion client/API target, remove legacy runtime/dev deps, and modernize CI/CD build and release workflows.

• Tests

  • Integration tests use live endpoints in CI, improved skip logic for missing credentials, and removed VCR-related tooling.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 1018d9bc-60ee-4f7c-9a68-29d8788bd690

📥 Commits

Reviewing files that changed from the base of the PR and between 47d30eb and 083c339.

📒 Files selected for processing (1)

• CHANGELOG.md

---

📝 Walkthrough

Walkthrough

v2.2.0 raises the Python baseline to >=3.11,<3.15 (CI/local 3.14), upgrades notion-client to ^3.1.0 (Notion API 2025-09-03), replaces host-based builds with a portable .build toolchain, standardizes GitHub Actions to pinned tooling and abatilo/actions-poetry@v3.0.2, and moves linting to setup.cfg/WPS.

Changes

CSV2Notion Neo v2.2.0 Release

Layer / File(s)	Summary
Platform and Dependency Baseline Updates pyproject.toml, .cursorrules, AGENT.MD, setup.cfg	Python requirement changed to >=3.11,<3.15; notion-client bumped to ^3.1.0 (Notion API 2025-09-03); removed legacy runtime deps; dev deps consolidated and python-dotenv set as dev-only for tests; linting moved to setup.cfg.
Ephemeral Build System and Portable Toolchain scripts/local-test-build.sh, scripts/README.md, .cursorrules, AGENT.MD, README.md	Rewritten local build: download/pin standalone CPython into .build/, pin pip/setuptools/Poetry/poetry-plugin-export, run Poetry from the portable toolchain, new CLI options (--comprehensive-test, --clean, --update, --show-outdated), and expanded troubleshooting/debug docs.
GitHub Actions Workflows Standardization .github/workflows/*.yml	Workflows use pinned Python/Poetry/setuptools/plugin versions, set POETRY_VIRTUALENVS_CREATE: false, use abatilo/actions-poetry@v3.0.2 with poetry-plugins input, upgrade artifact upload to actions/upload-artifact@v7, and remove VCR-disable pytest flags.
Release Packaging and Notarization .github/workflows/release_github.yml, .github/workflows/release_pypi.yml	Release jobs set pinned tooling envs, adjust Poetry setup, change artifact upload action versions, and revise macOS pkg signing/notarization and artifact layout.
Linting and Dev Dependency Consolidation setup.cfg, pyproject.toml, AGENT.MD	Flakehell removed; flake8 configured via setup.cfg using WPS rules; dev deps cleaned (pytest-vcr/testfixtures removed), types and tooling versions updated; docs updated with lint/typecheck commands.
Notion SDK retries and Integration Tests csv2notion_neo/notion_client.py, tests/test_upload.py, .cursorrules, AGENT.MD	Docstring and comments clarify SDK inner retries vs Neo outer retries; integration tests tighten exception handling and use live CI endpoints with secrets (VCR/pytest-vcr removed).
Release Notes and User-Facing Docs CHANGELOG.md, README.md, AGENT.MD	Added v2.2.0 changelog entry; updated README "From source" to require Python 3.11+, recommend the .build/ isolated toolchain, and documented the new build/test workflow and CI guidance.

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'Dev' is vague and does not convey meaningful information about the changeset, which includes significant v2 migration updates across multiple build files, CI/CD workflows, documentation, and dependencies.	Use a descriptive title that reflects the main changes, such as 'Migrate to v2.0.0 with Python 3.11+, Poetry 2.4.1, and Notion API 2025-09-03' or 'Update build tooling and CI/CD for v2 release.'

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dev

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 11

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

pyproject.toml (1)

7-7: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Bump the package version for this release.

Line 7 still says 2.1.0, but the rest of this PR is framed as the 2.2.0 toolchain refresh. If left as-is, the built artifact and published metadata will ship under the old version number.

Based on learnings: "Follow semantic versioning (MAJOR.MINOR.PATCH) and maintain backward compatibility across releases" and "Document breaking changes in changelog and maintain version history".

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pyproject.toml` at line 7, Update the package version from 2.1.0 to 2.2.0 by
changing the value assigned to the version key (the line containing "version =")
in pyproject.toml; also search the repo for any other occurrences of the old
version string (e.g., release notes, changelog, packaging metadata) and update
them to 2.2.0 so the built artifact and published metadata match this release.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/build.yml:
- Around line 55-58: Replace the two occurrences of the action reference
abatilo/actions-poetry@v3.0.2 with the corresponding immutable commit SHA (i.e.,
abatilo/actions-poetry@<commit-sha>) so the workflow is pinned to a specific
commit; locate the usages that include the with: poetry-version: ${{
env.BUILD_POETRY_VERSION }} and poetry-plugins: poetry-plugin-export==${{
env.BUILD_POETRY_PLUGIN_EXPORT_VERSION }} and update both action lines to use
the chosen commit SHA instead of the v3.0.2 tag.

In @.github/workflows/notion_delete_database_entries_test.yml:
- Around line 36-40: The workflow step using abatilo/actions-poetry@v3.0.2
should be pinned to an immutable commit SHA to harden the supply chain; locate
the step where "uses: abatilo/actions-poetry@v3.0.2" in the
notion_delete_database_entries_test.yml and replace the floating tag with the
specific commit SHA (e.g., abatilo/actions-poetry@<commit-sha>) and update any
other workflows using the same "uses: abatilo/actions-poetry@v3.0.2" occurrence
to the same SHA to ensure consistency.

In @.github/workflows/notion_image_upload_test.yml:
- Around line 36-40: The workflow step "Set up Poetry" currently references the
mutable tag uses: abatilo/actions-poetry@v3.0.2; replace that with an immutable
full commit SHA for the abatilo/actions-poetry action to prevent upstream tag
changes. Locate the "Set up Poetry" step (the line containing uses:
abatilo/actions-poetry@v3.0.2) and update the uses value to the
repository@<full-commit-sha> of the desired release commit (you can copy the SHA
from the action's GitHub repo), leaving the poetry-version and poetry-plugins
inputs unchanged.

In @.github/workflows/release_github.yml:
- Around line 41-45: Replace tag-based GitHub Action refs with pinned commit
SHAs for all referenced actions to avoid upstream tag movement: update
abatilo/actions-poetry@v3.0.2, actions/upload-artifact@v7,
actions/download-artifact@v8, actions/checkout@v6, actions/setup-python@v6, and
ncipollo/release-action@v1 to their corresponding full commit SHA refs in the
workflow (search for the exact strings "abatilo/actions-poetry",
"actions/upload-artifact", "actions/download-artifact", "actions/checkout",
"actions/setup-python", and "ncipollo/release-action" and replace the @<tag>
with @<commit-sha>).

In @.github/workflows/release_pypi.yml:
- Around line 36-40: The workflow step named "Set up Poetry ${{
env.BUILD_POETRY_VERSION }}" currently references abatilo/actions-poetry@v3.0.2
(tag-based); replace that tag with the action's full commit SHA to make the
reference immutable (e.g. abatilo/actions-poetry@<full-commit-sha>) and keep the
existing inputs (poetry-version and poetry-plugins) intact; update the uses line
in the same step so the release_pypi workflow pins the action to a fixed commit
instead of a floating tag.
- Around line 16-17: Update the workflow to use GitHub OIDC Trusted Publishing:
change the permissions block to include "id-token: write" (in addition to
contents: read), remove the long-lived secret reference POETRY_PYPI_TOKEN_PYPI:
${{ secrets.PYPI_TOKEN }}, and update the publish step that calls "poetry
publish" to use an OIDC-aware publisher action (e.g.
pypa/gh-action-pypi-publish) or configure the action to request an OIDC token
instead of secrets.PYPI_TOKEN so the job uses OIDC-based credentials for PyPI
publishing.

In @.github/workflows/unit_tests.yml:
- Around line 55-59: Replace the floating tag abatilo/actions-poetry@v3.0.2 in
the GitHub workflow step with the exact commit SHA corresponding to that v3.0.2
release so the action is pinned immutably; locate the step that uses "name: Set
up Poetry" and the uses: string "abatilo/actions-poetry@v3.0.2" and change it to
use the repo@<commit-sha> form for the v3.0.2 commit.

In `@CHANGELOG.md`:
- Line 3: The heading "### 2.2.0" uses an H3 under the main title; change it to
"## 2.2.0" (and update all other version headings that use "###") so headings
follow a consistent H2 level beneath the top-level title; ensure you replace
each "### <version>" entry with "## <version>" across the changelog so heading
levels are uniform.
- Around line 3-16: CHANGELOG lists release 2.2.0 but package metadata still
says 2.1.0 and the changelog heading level is inconsistent; update the version
in pyproject.toml (the [tool.poetry].version field) and in
csv2notion_neo/version.py (the __version__ assignment) to "2.2.0" so metadata
matches the changelog, and change the changelog version heading from "### 2.2.0"
to "## 2.2.0" (under the main "# Changelog" heading) to fix the heading
level/mdlint rule.

In `@README.md`:
- Around line 113-117: Update README.md to stop instructing users to run the
hardcoded venv binary path `.build/venv/bin/csv2notion_neo --help` (which is
incorrect given scripts/local-test-build.sh sets
virtualenvs.path="$root/.build/venv" and Poetry creates a project-specific
subdirectory). Replace that example with a stable command such as `poetry run
csv2notion_neo --help`, or add an alternative instructing users to obtain the
venv path via `poetry env info --path` and run `<that-path>/bin/csv2notion_neo
--help`; mention scripts/local-test-build.sh and the csv2notion_neo executable
to help locate the context.

In `@scripts/local-test-build.sh`:
- Around line 591-610: The script calls install_dependencies twice when
check_build_environment is false (once inside the "if ! check_build_environment"
branch and again after the fi); remove the duplicate by deleting the
install_dependencies "$UPDATE_FLAG" "$PACKAGES" call inside the "if !
check_build_environment" branch (or alternatively remove the trailing common
call and invoke install_dependencies once in each branch) so
install_dependencies is executed exactly once; refer to check_build_environment
and install_dependencies to find and update the duplicated invocation.

---

Outside diff comments:
In `@pyproject.toml`:
- Line 7: Update the package version from 2.1.0 to 2.2.0 by changing the value
assigned to the version key (the line containing "version =") in pyproject.toml;
also search the repo for any other occurrences of the old version string (e.g.,
release notes, changelog, packaging metadata) and update them to 2.2.0 so the
built artifact and published metadata match this release.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: f0c0f681-4c40-4246-bd31-bfa1f90963c0

📥 Commits

Reviewing files that changed from the base of the PR and between 3216756 and afb7683.

⛔ Files ignored due to path filters (1)

• poetry.lock is excluded by !**/*.lock

📒 Files selected for processing (15)

• .cursorrules
• .github/workflows/build.yml
• .github/workflows/notion_delete_database_entries_test.yml
• .github/workflows/notion_image_upload_test.yml
• .github/workflows/release_github.yml
• .github/workflows/release_pypi.yml
• .github/workflows/unit_tests.yml
• AGENT.MD
• CHANGELOG.md
• README.md
• csv2notion_neo/notion_client.py
• pyproject.toml
• scripts/README.md
• scripts/local-test-build.sh
• setup.cfg

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# List workflow files likely containing the relevant pins
ls -la .github/workflows || true

# Show the exact lines around the referenced ranges
nl -ba .github/workflows/build.yml | sed -n '1,140p' | sed -n '40,120p'

# Find all occurrences of abatilo/actions-poetry in the repo
rg -n "uses:\s*abatilo/actions-poetry@" -S .github/workflows || true
rg -n "abatilo/actions-poetry@" -S .github/workflows || true

# Also check if build.yml pins other actions to SHAs (for context)
rg -n "uses:" .github/workflows/build.yml || true

Repository: TheAcharya/csv2notion-neo

Length of output: 735

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Show line-numbered excerpts around the suspected areas
cat -n .github/workflows/build.yml | sed -n '40,90p'
cat -n .github/workflows/build.yml | sed -n '95,140p'

# Find all occurrences of the Poetry action
rg -n "uses:\s*abatilo/actions-poetry@" .github/workflows/build.yml || true
rg -n "abatilo/actions-poetry@" .github/workflows/build.yml || true

# Check whether this workflow pins actions to SHAs anywhere else
rg -n "uses:\s*[^#\n]+@([0-9a-f]{7,40})\b" .github/workflows/build.yml || true

Repository: TheAcharya/csv2notion-neo

Length of output: 3127

---

Pin abatilo/actions-poetry to a commit SHA (both occurrences)

.github/workflows/build.yml still uses abatilo/actions-poetry@v3.0.2 at lines 55-58 and 105-109; replace the tag references with immutable commit SHAs to prevent upstream retargeting and align with action pinning policy.

🧰 Tools

🪛 zizmor (1.25.2)

[error] 55-55: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/build.yml around lines 55 - 58, Replace the two
occurrences of the action reference abatilo/actions-poetry@v3.0.2 with the
corresponding immutable commit SHA (i.e., abatilo/actions-poetry@<commit-sha>)
so the workflow is pinned to a specific commit; locate the usages that include
the with: poetry-version: ${{ env.BUILD_POETRY_VERSION }} and poetry-plugins:
poetry-plugin-export==${{ env.BUILD_POETRY_PLUGIN_EXPORT_VERSION }} and update
both action lines to use the chosen commit SHA instead of the v3.0.2 tag.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# 1) Inspect the workflow around the referenced lines
sed -n '1,120p' .github/workflows/notion_delete_database_entries_test.yml | nl -ba | sed -n '25,70p'

# 2) Confirm all uses: refs in that file
echo "---- uses: occurrences in the workflow ----"
rg -n --hidden --no-ignore-vcs "^\s*uses:\s*" .github/workflows/notion_delete_database_entries_test.yml

# 3) Check whether abatilo/actions-poetry is pinned elsewhere in the repo
echo "---- abatilo/actions-poetry usages across repo ----"
rg -n --hidden --no-ignore-vcs "uses:\s*abatilo/actions-poetry@" . || true

# 4) Check whether any actions are pinned via commit SHA or digest in workflows (pattern heuristic)
echo "---- actions pinned via @<sha> or `@sha256` in workflows ----"
rg -n --hidden --no-ignore-vcs "uses:\s*[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+@([0-9a-f]{40}|sha256:[0-9a-f]{64})" .github/workflows || true

Repository: TheAcharya/csv2notion-neo

Length of output: 112

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

wf=".github/workflows/notion_delete_database_entries_test.yml"

# 1) Print the referenced area with line numbers (without nl)
echo "---- snippet around lines ~25-70 ----"
awk 'NR>=25 && NR<=70 {printf "%6d | %s\n", NR, $0}' "$wf"

# 2) Confirm all uses: refs in that file
echo "---- uses: occurrences in the workflow ----"
rg -n --hidden --no-ignore-vcs "^\s*uses:\s*" "$wf" || true

# 3) Check whether abatilo/actions-poetry is pinned elsewhere in the repo
echo "---- abatilo/actions-poetry usages across repo ----"
rg -n --hidden --no-ignore-vcs "uses:\s*abatilo/actions-poetry@" . || true

# 4) Heuristic: actions pinned via commit SHA (40 hex) or sha256 digest in workflows
echo "---- actions pinned via @<sha> or `@sha256` in workflows ----"
rg -n --hidden --no-ignore-vcs "^\s*uses:\s*[^#\s]+@([0-9a-f]{40}|sha256:[0-9a-f]{64})" .github/workflows || true

Repository: TheAcharya/csv2notion-neo

Length of output: 2683

---

Pin abatilo/actions-poetry to an immutable reference (commit SHA)

.github/workflows/notion_delete_database_entries_test.yml uses abatilo/actions-poetry@v3.0.2 (also present in multiple other workflows) with a floating tag, weakening the supply-chain boundary.

Suggested hardening

-      - name: Set up Poetry ${{ env.BUILD_POETRY_VERSION }}
-        uses: abatilo/actions-poetry@v3.0.2
+      - name: Set up Poetry ${{ env.BUILD_POETRY_VERSION }}
+        uses: abatilo/actions-poetry@<full-commit-sha> # v3.0.2

🧰 Tools

🪛 zizmor (1.25.2)

[error] 37-37: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/notion_delete_database_entries_test.yml around lines 36 -
40, The workflow step using abatilo/actions-poetry@v3.0.2 should be pinned to an
immutable commit SHA to harden the supply chain; locate the step where "uses:
abatilo/actions-poetry@v3.0.2" in the notion_delete_database_entries_test.yml
and replace the floating tag with the specific commit SHA (e.g.,
abatilo/actions-poetry@<commit-sha>) and update any other workflows using the
same "uses: abatilo/actions-poetry@v3.0.2" occurrence to the same SHA to ensure
consistency.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

FILE=".github/workflows/notion_image_upload_test.yml"
echo "== File exists? =="
test -f "$FILE" && echo "Found $FILE" || { echo "Missing $FILE"; exit 1; }

echo "== Relevant uses references =="
rg -n "uses:\s*abatilo/actions-poetry@" "$FILE" || true

echo "== Lines around 36-40 (as referenced) =="
nl -ba "$FILE" | sed -n '25,60p' 

echo "== Check trigger type (schedule vs others) =="
nl -ba "$FILE" | sed -n '1,80p' | sed -n '1,80p'

Repository: TheAcharya/csv2notion-neo

Length of output: 322

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

FILE=".github/workflows/notion_image_upload_test.yml"
echo "== File exists? =="
test -f "$FILE" && echo "Found $FILE" || { echo "Missing $FILE"; exit 1; }

echo "== Relevant uses references =="
rg -n "uses:\s*abatilo/actions-poetry@" "$FILE" || true

echo "== Lines around 36-40 (as referenced) =="
nl -ba "$FILE" | sed -n '25,60p'

echo "== Check trigger type (schedule vs others) =="
nl -ba "$FILE" | sed -n '1,80p'

Repository: TheAcharya/csv2notion-neo

Length of output: 322

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

FILE=".github/workflows/notion_image_upload_test.yml"
echo "== File exists? =="
test -f "$FILE" && echo "Found $FILE" || { echo "Missing $FILE"; exit 1; }

echo "== Top of file (trigger section) =="
sed -n '1,120p' "$FILE" | sed -n '1,120p'

echo "== Lines around uses: abatilo/actions-poetry@v3.0.2 =="
# Use awk to add line numbers (nl is missing)
awk '{printf "%6d:%s\n", NR, $0}' "$FILE" | rg -n "uses:\s*abatilo/actions-poetry@" -n --no-filename || true
# Print a small window around the match line number by locating it
MATCH_LINE="$(awk '/uses:\s*abatilo\/actions-poetry@v3\.0\.2/ {print NR; exit}' "$FILE")"
echo "Match line: $MATCH_LINE"
START=$((MATCH_LINE-8))
END=$((MATCH_LINE+8))
awk -v s="$START" -v e="$END" '{if (NR>=s && NR<=e) printf "%6d:%s\n", NR, $0}' "$FILE"

Repository: TheAcharya/csv2notion-neo

Length of output: 2772

---

Pin abatilo/actions-poetry to a full commit SHA.

This scheduled workflow still uses the mutable tag abatilo/actions-poetry@v3.0.2; lock it to an immutable commit to avoid unexpected upstream changes.

Suggested hardening

-      - name: Set up Poetry ${{ env.BUILD_POETRY_VERSION }}
-        uses: abatilo/actions-poetry@v3.0.2
+      - name: Set up Poetry ${{ env.BUILD_POETRY_VERSION }}
+        uses: abatilo/actions-poetry@<full-commit-sha> # v3.0.2

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Set up Poetry ${{ env.BUILD_POETRY_VERSION }}
	uses: abatilo/actions-poetry@v2.0.0
	uses: abatilo/actions-poetry@v3.0.2
	with:
	poetry-version: ${{ env.BUILD_POETRY_VERSION }}
	- name: Install poetry-plugin-export
	run: poetry self add poetry-plugin-export==1.9.0
	poetry-plugins: poetry-plugin-export==${{ env.BUILD_POETRY_PLUGIN_EXPORT_VERSION }}
	- name: Set up Poetry ${{ env.BUILD_POETRY_VERSION }}
	uses: abatilo/actions-poetry@<actual-commit-sha-here> # v3.0.2
	with:
	poetry-version: ${{ env.BUILD_POETRY_VERSION }}
	poetry-plugins: poetry-plugin-export==${{ env.BUILD_POETRY_PLUGIN_EXPORT_VERSION }}

🧰 Tools

🪛 zizmor (1.25.2)

[error] 37-37: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/notion_image_upload_test.yml around lines 36 - 40, The
workflow step "Set up Poetry" currently references the mutable tag uses:
abatilo/actions-poetry@v3.0.2; replace that with an immutable full commit SHA
for the abatilo/actions-poetry action to prevent upstream tag changes. Locate
the "Set up Poetry" step (the line containing uses:
abatilo/actions-poetry@v3.0.2) and update the uses value to the
repository@<full-commit-sha> of the desired release commit (you can copy the SHA
from the action's GitHub repo), leaving the poetry-version and poetry-plugins
inputs unchanged.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

FILE=".github/workflows/release_github.yml"
echo "== File: $FILE =="
echo

# Show the whole file with line numbers if it's small enough; otherwise show targeted ranges.
LINES=$(wc -l < "$FILE")
echo "Total lines: $LINES"
echo

if [ "$LINES" -le 350 ]; then
  cat -n "$FILE"
else
  echo "== Targeted ranges: lines 1-120 =="
  sed -n '1,120p' "$FILE" | cat -n
  echo
  echo "== Targeted ranges: lines 220-340 =="
  sed -n '220,340p' "$FILE" | cat -n
fi

echo
echo "== All `uses:` lines with their line numbers =="
rg -n "^\s*uses:\s*" "$FILE" || true

echo
echo "== `uses:` refs that look like tags (not SHAs) =="
# Heuristic: tag forms like `@v1/v2/v3` or `@main`, not 40+ hex SHA
rg -n "^\s*uses:\s*[^@]+@v[0-9]+|^\s*uses:\s*[^@]+@main|^\s*uses:\s*[^@]+@master|^\s*uses:\s*[^@]+@[a-zA-Z0-9._-]+$" "$FILE" || true

Repository: TheAcharya/csv2notion-neo

Length of output: 14735

---

Pin tag-based GitHub Actions in .github/workflows/release_github.yml to full commit SHAs before shipping

Leaving uses: refs on tags keeps the release path exposed to upstream tag movement. In this workflow, the following are still unpinned:

• abatilo/actions-poetry@v3.0.2 (line 42)
• actions/upload-artifact@v7 (lines 54, 60, 248, 254)
• actions/download-artifact@v8 (lines 96, 273, 279, 285, 291, 297)
• actions/checkout@v6 and actions/setup-python@v6 (lines 31, 34, 101)
• ncipollo/release-action@v1 (line 303)

Suggested hardening (for the refs originally called out)

-      - name: Set up Poetry ${{ env.BUILD_POETRY_VERSION }}
-        uses: abatilo/actions-poetry@v3.0.2
+      - name: Set up Poetry ${{ env.BUILD_POETRY_VERSION }}
+        uses: abatilo/actions-poetry@<full-commit-sha> # v3.0.2

-      - name: Save release python requirements
-        uses: actions/upload-artifact@v7
+      - name: Save release python requirements
+        uses: actions/upload-artifact@<full-commit-sha> # v7

-      - name: Save release python packages
-        uses: actions/upload-artifact@v7
+      - name: Save release python packages
+        uses: actions/upload-artifact@<full-commit-sha> # v7

-      - name: Save release binaries for macos
-        uses: actions/upload-artifact@v7
+      - name: Save release binaries for macos
+        uses: actions/upload-artifact@<full-commit-sha> # v7

-      - name: Save release binaries for ${{ matrix.OS_CODE }}
-        uses: actions/upload-artifact@v7
+      - name: Save release binaries for ${{ matrix.OS_CODE }}
+        uses: actions/upload-artifact@<full-commit-sha> # v7

🧰 Tools

🪛 zizmor (1.25.2)

[error] 42-42: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/release_github.yml around lines 41 - 45, Replace tag-based
GitHub Action refs with pinned commit SHAs for all referenced actions to avoid
upstream tag movement: update abatilo/actions-poetry@v3.0.2,
actions/upload-artifact@v7, actions/download-artifact@v8, actions/checkout@v6,
actions/setup-python@v6, and ncipollo/release-action@v1 to their corresponding
full commit SHA refs in the workflow (search for the exact strings
"abatilo/actions-poetry", "actions/upload-artifact",
"actions/download-artifact", "actions/checkout", "actions/setup-python", and
"ncipollo/release-action" and replace the @<tag> with @<commit-sha>).

[coderabbitai]

⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

FILE=".github/workflows/release_pypi.yml"
if [ ! -f "$FILE" ]; then
  echo "Missing $FILE"
  exit 1
fi

echo "== File: $FILE =="
nl -ba "$FILE" | sed -n '1,220p'

Repository: TheAcharya/csv2notion-neo

Length of output: 178

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

rg -n "PYPI_TOKEN|pypa/gh-action-pypi-publish|trusted|id-token|poetry publish|POETRY_PYPI_TOKEN_PYPI" .github/workflows || true

Repository: TheAcharya/csv2notion-neo

Length of output: 464

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail
# no-op: placeholder to ensure tool execution already requested

Repository: TheAcharya/csv2notion-neo

Length of output: 51

---

🏁 Script executed:

echo "Running previous shell scripts..."

Repository: TheAcharya/csv2notion-neo

Length of output: 103

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail
FILE=".github/workflows/release_pypi.yml"
nl -ba "$FILE" | sed -n '1,140p'

Repository: TheAcharya/csv2notion-neo

Length of output: 112

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail
rg -n "PYPI_TOKEN|POETRY_PYPI_TOKEN_PYPI|poetry publish|id-token|gh-action-pypi-publish|trusted publishing|Trusted Publishing" .github/workflows/release_pypi.yml || true

Repository: TheAcharya/csv2notion-neo

Length of output: 163

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail
FILE=".github/workflows/release_pypi.yml"
echo "---- release_pypi.yml (lines 1-90) ----"
nl -ba "$FILE" | sed -n '1,90p'
echo "---- release_pypi.yml (lines 90-170) ----"
nl -ba "$FILE" | sed -n '90,170p'

Repository: TheAcharya/csv2notion-neo

Length of output: 170

---

🏁 Script executed:

ls -la .github/workflows || true

Repository: TheAcharya/csv2notion-neo

Length of output: 674

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

FILE=".github/workflows/release_pypi.yml"
echo "== permissions block (top of file) =="
sed -n '1,80p' "$FILE" | cat

echo
echo "== find publish step area =="
sed -n '35,80p' "$FILE" | cat

Repository: TheAcharya/csv2notion-neo

Length of output: 1847

---

Migrate PyPI publishing to Trusted Publishing (OIDC) and remove secrets.PYPI_TOKEN.

In .github/workflows/release_pypi.yml, the workflow only sets permissions: contents: read and still publishes using a long-lived token via POETRY_PYPI_TOKEN_PYPI: ${{ secrets.PYPI_TOKEN }} with poetry publish. Trusted Publishing requires permissions: id-token: write and OIDC-based credentials so the token can be dropped. (docs.pypi.org)

Suggested direction

 permissions:
   contents: read
+  id-token: write
@@
-      - name: Publish to PyPI
-        env:
-          POETRY_PYPI_TOKEN_PYPI: ${{ secrets.PYPI_TOKEN }}
-        run: poetry publish
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@<full-commit-sha>

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/release_pypi.yml around lines 16 - 17, Update the workflow
to use GitHub OIDC Trusted Publishing: change the permissions block to include
"id-token: write" (in addition to contents: read), remove the long-lived secret
reference POETRY_PYPI_TOKEN_PYPI: ${{ secrets.PYPI_TOKEN }}, and update the
publish step that calls "poetry publish" to use an OIDC-aware publisher action
(e.g. pypa/gh-action-pypi-publish) or configure the action to request an OIDC
token instead of secrets.PYPI_TOKEN so the job uses OIDC-based credentials for
PyPI publishing.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Show the exact lines around the reported snippet
sed -n '1,120p' .github/workflows/unit_tests.yml | nl -ba | sed -n '45,75p'

# Check for any other references to abatilo/actions-poetry in the repo
rg -n "abatilo/actions-poetry" -S .github/workflows || true

Repository: TheAcharya/csv2notion-neo

Length of output: 112

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Show lines around the reported snippet (line-numbering via cat -n)
sed -n '40,80p' .github/workflows/unit_tests.yml | cat -n

# Find all references to abatilo/actions-poetry across workflows
rg -n "abatilo/actions-poetry" .github/workflows -S || true

Repository: TheAcharya/csv2notion-neo

Length of output: 2102

---

Pin abatilo/actions-poetry to an immutable SHA

unit_tests.yml (and other workflows) use the floating tag abatilo/actions-poetry@v3.0.2; pin to the exact commit SHA for that release.

Suggested hardening

-      - name: Set up Poetry ${{ env.BUILD_POETRY_VERSION }}
-        uses: abatilo/actions-poetry@v3.0.2
+      - name: Set up Poetry ${{ env.BUILD_POETRY_VERSION }}
+        uses: abatilo/actions-poetry@<full-commit-sha> # v3.0.2

🧰 Tools

🪛 zizmor (1.25.2)

[error] 56-56: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/unit_tests.yml around lines 55 - 59, Replace the floating
tag abatilo/actions-poetry@v3.0.2 in the GitHub workflow step with the exact
commit SHA corresponding to that v3.0.2 release so the action is pinned
immutably; locate the step that uses "name: Set up Poetry" and the uses: string
"abatilo/actions-poetry@v3.0.2" and change it to use the repo@<commit-sha> form
for the v3.0.2 commit.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial | ⚖️ Poor tradeoff

Consider adjusting heading level for consistency.

The markdown uses ### (h3) for version entries directly under the # (h1) title. While this is the existing pattern in the file, markdown best practices suggest using ## (h2) to avoid skipping heading levels.

Note: This matches the existing format throughout the file, so changing it would require updating all version entries for consistency.

🧰 Tools

🪛 markdownlint-cli2 (0.22.1)

[warning] 3-3: Heading levels should only increment by one level at a time
Expected: h2; Actual: h3

(MD001, heading-increment)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@CHANGELOG.md` at line 3, The heading "### 2.2.0" uses an H3 under the main
title; change it to "## 2.2.0" (and update all other version headings that use
"###") so headings follow a consistent H2 level beneath the top-level title;
ensure you replace each "### <version>" entry with "## <version>" across the
changelog so heading levels are uniform.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Check version consistency across package metadata files.

echo "=== Version in pyproject.toml ==="
rg -n '^version = ' pyproject.toml

echo -e "\n=== Version headers in CHANGELOG.md ==="
rg -n '^### \d+\.\d+\.\d+' CHANGELOG.md | head -5

echo -e "\n=== Any other version declarations ==="
rg -n 'version.*2\.[0-9]+\.[0-9]+' --type py --glob '!tests/**' --glob '!.venv/**' -C 1

Repository: TheAcharya/csv2notion-neo

Length of output: 318

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== CHANGELOG.md (top 40 lines) ==="
nl -ba CHANGELOG.md | sed -n '1,40p'

echo -e "\n=== pyproject.toml (top 80 lines) ==="
nl -ba pyproject.toml | sed -n '1,80p'

echo -e "\n=== csv2notion_neo/version.py (first 60 lines) ==="
nl -ba csv2notion_neo/version.py | sed -n '1,60p'

Repository: TheAcharya/csv2notion-neo

Length of output: 166

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== CHANGELOG.md (lines 1-40) ==="
cat -n CHANGELOG.md | sed -n '1,40p'

echo -e "\n=== pyproject.toml (lines 1-80) ==="
cat -n pyproject.toml | sed -n '1,80p'

echo -e "\n=== csv2notion_neo/version.py (lines 1-60) ==="
cat -n csv2notion_neo/version.py | sed -n '1,60p'

Repository: TheAcharya/csv2notion-neo

Length of output: 5361

---

Align package version metadata with the CHANGELOG (2.2.0).

• CHANGELOG.md lists ### 2.2.0, but pyproject.toml ([tool.poetry].version) and csv2notion_neo/version.py (__version__) both still say 2.1.0; update them together so shipped package metadata matches the release.
• CHANGELOG.md uses ### directly under # Changelog (heading increment/MD001); change version headings to ## for consistent markdown structure.

🧰 Tools

🪛 markdownlint-cli2 (0.22.1)

[warning] 3-3: Heading levels should only increment by one level at a time
Expected: h2; Actual: h3

(MD001, heading-increment)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@CHANGELOG.md` around lines 3 - 16, CHANGELOG lists release 2.2.0 but package
metadata still says 2.1.0 and the changelog heading level is inconsistent;
update the version in pyproject.toml (the [tool.poetry].version field) and in
csv2notion_neo/version.py (the __version__ assignment) to "2.2.0" so metadata
matches the changelog, and change the changelog version heading from "### 2.2.0"
to "## 2.2.0" (under the main "# Changelog" heading) to fix the heading
level/mdlint rule.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

tests/test_upload.py (1)

67-79: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Do not wrap yield in the integration-skip try/except.

Catching _INTEGRATION_SKIP_EXCEPTIONS around yield can swallow real test failures (raised back into the fixture) and reclassify them as skips. Limit skip handling to setup-only code, then yield outside that try.

Proposed fix

-    try:
-        client = get_notion_client(
-            args.token,
-            workspace=args.workspace,
-            is_randomize_select_colors=args.randomize_select_colors,
-        )
-
-        if not args.url:
-            args.url = new_database(args, client, csv_data)
-
-        yield csv_data, client, args
-    except _INTEGRATION_SKIP_EXCEPTIONS as exc:
-        pytest.skip(_integration_skip_reason(exc))
+    try:
+        client = get_notion_client(
+            args.token,
+            workspace=args.workspace,
+            is_randomize_select_colors=args.randomize_select_colors,
+        )
+
+        if not args.url:
+            args.url = new_database(args, client, csv_data)
+    except _INTEGRATION_SKIP_EXCEPTIONS as exc:
+        pytest.skip(_integration_skip_reason(exc))
+
+    yield csv_data, client, args

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/test_upload.py` around lines 67 - 79, The try/except that catches
_INTEGRATION_SKIP_EXCEPTIONS currently wraps the yield and can convert real test
failures into skips; restrict the exception handling to setup only by moving the
yield (and any teardown after it) outside the try block. Specifically, keep
calls to get_notion_client(...) and new_database(...) inside the try that
catches _INTEGRATION_SKIP_EXCEPTIONS, handle skips there, then perform yield
csv_data, client, args outside that try so exceptions raised into the fixture
are not swallowed.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@tests/test_upload.py`:
- Line 12: The import modernization left a use of Tuple in the return annotation
of load_client_and_data, causing NameError; update the function signature to use
collections.abc.Generator with the builtin tuple and builtin type where
appropriate (e.g., change Generator[Tuple[LocalData, NotionClient, Namespace],
None, None] to Generator[tuple[LocalData, NotionClient, Namespace], None, None])
and sweep any other Tuple/Type occurrences to builtin tuple/type; also ensure
you import Generator from collections.abc (or fully qualify it) and adjust
_INTEGRATION_SKIP_EXCEPTIONS entries if they referenced typing.Tuple/Type.

---

Outside diff comments:
In `@tests/test_upload.py`:
- Around line 67-79: The try/except that catches _INTEGRATION_SKIP_EXCEPTIONS
currently wraps the yield and can convert real test failures into skips;
restrict the exception handling to setup only by moving the yield (and any
teardown after it) outside the try block. Specifically, keep calls to
get_notion_client(...) and new_database(...) inside the try that catches
_INTEGRATION_SKIP_EXCEPTIONS, handle skips there, then perform yield csv_data,
client, args outside that try so exceptions raised into the fixture are not
swallowed.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 38b2b4b2-842e-44d9-b788-c66327c9f436

📥 Commits

Reviewing files that changed from the base of the PR and between afb7683 and 14ff6b1.

📒 Files selected for processing (1)

• tests/test_upload.py

[coderabbitai]

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Inspect the referenced file and the exact line region.
sed -n '1,80p' tests/test_upload.py | cat -n

# Search within the file for the typing names mentioned in the review.
rg -n "from typing import|Generator|Tuple|Type|_INTEGRATION_SKIP_EXCEPTIONS" tests/test_upload.py

# Check whether UP035 is referenced in repo lint config (ruff/pyupgrade/etc).
rg -n "UP035" . || true

Repository: TheAcharya/csv2notion-neo

Length of output: 3670

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Locate lint configuration files
ls -la
find . -maxdepth 2 -type f \( -name "pyproject.toml" -o -name "setup.cfg" -o -name "tox.ini" -o -name ".ruff.toml" \) 2>/dev/null || true

# Search for UP035 / pyupgrade / ruff rule config
rg -n "UP035|pyupgrade|\\bUP0[0-9]{2}\\b|ruff" -S pyproject.toml setup.cfg tox.ini .ruff.toml 2>/dev/null || true

# Also search in repo for UP035 mentions anywhere
rg -n "UP035" -S . || true

Repository: TheAcharya/csv2notion-neo

Length of output: 1599

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

sed -n '1,220p' pyproject.toml | cat -n
echo "---- ruff.toml ----"
sed -n '1,220p' ruff.toml | cat -n
echo "---- setup.cfg ----"
sed -n '1,260p' setup.cfg | cat -n

echo "---- search UP035 in configs ----"
rg -n "UP035" pyproject.toml ruff.toml setup.cfg .cursorrules || true
echo "---- search pyupgrade/typing-related rules ----"
rg -n "pyupgrade|typing|UP0[0-9]{2}" pyproject.toml ruff.toml setup.cfg .cursorrules || true

Repository: TheAcharya/csv2notion-neo

Length of output: 8500

---

🌐 Web query:

pyupgrade rule UP035 collections.abc.Generator typing.Tuple typing.Type

💡 Result:

The pyupgrade rule UP035 (also known as "deprecated-import" in Ruff) is designed to replace deprecated imports with their modern standard library equivalents based on your project's configured Python version [1]. While your query specifically mentions collections.abc.Generator, typing.Tuple, and typing.Type, it is important to clarify how UP035 handles these versus other rules like UP006: 1. UP035 (Deprecated Imports): This rule focuses on replacing imports that are officially deprecated by the Python standard library (e.g., typing.io, typing.re, or specific members that have been moved/deprecated) [1][2]. 2. UP006 (PEP 585): This rule specifically handles the PEP 585 modernization, which is what typically converts older typing-based generic types (like typing.List, typing.Tuple, typing.Dict) to their built-in counterparts (list, tuple, dict) and converts abstract base classes from the typing module to collections.abc (e.g., typing.Callable to collections.abc.Callable, typing.Sequence to collections.abc.Sequence) [3][4]. Regarding the specific types mentioned in your query: - collections.abc.Generator: This is generally considered the modern, preferred import path (standardized via PEP 585). If you are using typing.Generator, tools like Ruff/pyupgrade often target this for migration to collections.abc.Generator [3][4]. - typing.Tuple and typing.Type: These are typically handled by rule UP006, which upgrades them to the built-in types tuple and type (available since Python 3.9) [4]. In summary, if you are looking to clean up your imports to use the most modern, non-deprecated locations, UP035 will flag obsolete namespaces (like typing.io), while UP006 will handle the transition of generic types and abstract base classes to their built-in or collections.abc equivalents [1][4]. Always ensure your minimum supported Python version is configured correctly in your linter settings, as these rules are version-aware and will only apply changes that are safe for your target environment [1][3][5].

Citations:

• 1: https://docs.astral.sh/ruff/rules/deprecated-import/
• 2: [pyupgrade] Fix handling of typing.{io,re} (UP035) astral-sh/ruff#23131
• 3: PEP585: rewrite generic abstract class imports from collections.abc for --py3{7,8}-plus when from __future__ import annotations is on asottile/pyupgrade#799
• 4: Duplication and inconsistency between pep585 annotation rules: UP006, UP035 astral-sh/ruff#15246
• 5: UP035: Rewrite typing.Callable to collections.abc.Callable for Python 3.9.2+ astral-sh/ruff#2690

---

🌐 Web query:

ruff UP035 "deprecated-import" typing.Generator typing.Tuple typing.Type

💡 Result:

Ruff rule UP035 ("deprecated-import") identifies and helps modernize deprecated imports in Python code [1]. It is derived from the pyupgrade linter and focuses on replacing outdated imports with their modern standard library equivalents, primarily when the project's target Python version supports them [1][2]. For the specific types mentioned: 1. typing.Generator: Deprecated in favor of collections.abc.Generator (available since Python 3.9) [3][4]. 2. typing.Tuple: Deprecated in favor of the built-in tuple (available since Python 3.9) [3][4]. 3. typing.Type: Deprecated in favor of the built-in type (available since Python 3.9) [3][5]. These deprecations stem from PEP 585, which allowed standard library collections and types (like list, dict, tuple, type, and collections.abc types) to be used directly as generic types starting in Python 3.9 [4][6]. Because these built-in equivalents support subscripting directly, the aliases previously provided by the typing module became redundant [3][6]. When Ruff's UP035 rule is active, it flags these imports and often provides an automatic fix to update the code to use the modern equivalents [1][7]. Note that this rule respects your project's configured target Python version; it will only suggest these changes if your project's minimum supported version supports them [1][2].

Citations:

• 1: https://docs.astral.sh/ruff/rules/deprecated-import/
• 2: https://github.com/astral-sh/ruff/blob/main/crates%2Fruff_linter%2Fsrc%2Frules%2Fpyupgrade%2Frules%2Fdeprecated_import.rs
• 3: https://typing.python.org/en/latest/guides/modernizing.html
• 4: https://docs.python.org/release/3.10.0/library/typing.html
• 5: https://docs.python.org/release/3.10.19/library/typing.html
• 6: https://typing.python.org/en/latest/spec/historical.html
• 7: astral-sh/ruff@b0cbcd3

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "---- ruff.toml (tail) ----"
sed -n '1,220p' ruff.toml | cat -n
echo "---- ruff.toml (tail 80 lines) ----"
tail -n 120 ruff.toml | cat -n

# Also check for ruff target-version in pyproject.toml/setup.cfg
rg -n "target-version|target_version|py-version|python-version" pyproject.toml ruff.toml setup.cfg .cursorrules || true

Repository: TheAcharya/csv2notion-neo

Length of output: 6122

---

🏁 Script executed:

rg -n "\\b(Tuple|Type|Generator)\\b" tests/test_upload.py

Repository: TheAcharya/csv2notion-neo

Length of output: 282

---

🏁 Script executed:

sed -n '1,200p' .cursorrules

Repository: TheAcharya/csv2notion-neo

Length of output: 10980

---

🏁 Script executed:

rg -n "target-version|target_version|py-version|python-version" pyproject.toml ruff.toml setup.cfg .cursorrules || true

Repository: TheAcharya/csv2notion-neo

Length of output: 51

---

🏁 Script executed:

rg -n "\\bruff\\b" -S .github scripts pyproject.toml setup.cfg .cursorrules || true

Repository: TheAcharya/csv2notion-neo

Length of output: 51

---

🏁 Script executed:

find . -maxdepth 3 -type f \( -name "*pre-commit*" -o -name "*ruff*" -o -name "*tox*" \) -print
rg -n "ruff|UP035|pyupgrade" .pre-commit-config.yaml .github scripts pyproject.toml setup.cfg .cursorrules 2>/dev/null || true
ls -la .github/workflows || true
rg -n "ruff|UP035|pyupgrade" .github/workflows -S 2>/dev/null || true

Repository: TheAcharya/csv2notion-neo

Length of output: 686

---

🏁 Script executed:

find . -maxdepth 4 -type f \( -name ".pre-commit-config.yaml" -o -name ".pre-commit-config.yml" \) -print
find . -maxdepth 3 -type f -name "*.pre-commit*" -print
sed -n '1,220p' .github/workflows/unit_tests.yml | cat -n
sed -n '1,220p' .github/workflows/build.yml | cat -n

Repository: TheAcharya/csv2notion-neo

Length of output: 7060

---

🏁 Script executed:

rg -n "from __future__ import annotations" -S tests/test_upload.py || true

Repository: TheAcharya/csv2notion-neo

Length of output: 51

---

Fix the UP035 typing-import modernization to update all annotation usages

Ruff’s UP035 will push typing.Generator/typing.Tuple/typing.Type to modern equivalents (collections.abc.Generator, builtin tuple, builtin type). The proposed change only updates the imports and _INTEGRATION_SKIP_EXCEPTIONS, but removes Tuple while load_client_and_data still uses Generator[Tuple[...], None, None], which would raise NameError at import time. Update that return annotation to Generator[tuple[LocalData, NotionClient, Namespace], None, None] (and similarly update any other Tuple/Type references).

🧰 Tools

🪛 Ruff (0.15.15)

[warning] 12-12: Import from collections.abc instead: Generator

Import from collections.abc

(UP035)

---

[warning] 12-12: typing.Tuple is deprecated, use tuple instead

(UP035)

---

[warning] 12-12: typing.Type is deprecated, use type instead

(UP035)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/test_upload.py` at line 12, The import modernization left a use of
Tuple in the return annotation of load_client_and_data, causing NameError;
update the function signature to use collections.abc.Generator with the builtin
tuple and builtin type where appropriate (e.g., change
Generator[Tuple[LocalData, NotionClient, Namespace], None, None] to
Generator[tuple[LocalData, NotionClient, Namespace], None, None]) and sweep any
other Tuple/Type occurrences to builtin tuple/type; also ensure you import
Generator from collections.abc (or fully qualify it) and adjust
_INTEGRATION_SKIP_EXCEPTIONS entries if they referenced typing.Tuple/Type.