Migrate to uv, drop 3.9 and 3.10, fix tests

[PastelStorm]

Note

Medium Risk
Medium risk because it changes packaging/build tooling and CI execution (Poetry→uv, setuptools build) and adjusts split-PDF hook timeout/cleanup behavior, which can affect test stability and request handling.

Overview
Migrates the project from Poetry to uv: CI now installs via uv sync --locked, the Makefile runs lint/tests with uv run, and publishing is switched to uv build/uv publish with a hardened scripts/publish.sh (strict bash + Python >=3.11 guard). Python support is narrowed to 3.11+ (CI matrix and pylintrc), dependency versions are updated, and poetry.lock/poetry.toml are removed in favor of a setuptools-based pyproject.toml with dynamic versioning.

Improves split-PDF behavior and test robustness: the split hook now propagates request timeouts into chunk requests, scales the outer future timeout by concurrency “waves”, and ensures per-operation state is cleaned up on both success and dummy-request failures; corresponding unit/integration tests were updated (including relaxed equivalence checks for hi_res OCR outputs and longer client timeouts). Adds regression-guard unit tests to enforce key packaging/CI/publish invariants and multipart file serialization, and removes an unused/disabled encryption test suite.

^{Reviewed by Cursor Bugbot for commit 3e0d3d3. Bugbot is set up for automated code reviews on this repo. Configure here.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	github/​astral-sh/​setup-uv@​d0d8abe699bfb85fec6de9f7adb5ae17292296ff

View full report

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 3e0d3d3. Configure here.}

[cursor]

Falsy timeout value silently replaced by 60-minute default

Low Severity

The expression per_chunk = timeout_seconds or DEFAULT_FUTURE_TIMEOUT_MINUTES * 60 uses Python truthiness, so a timeout_seconds value of 0.0 (falsy) silently falls back to 3600 seconds. This is inconsistent with the client_timeout line above it, which correctly treats 0.0 as a real timeout via the is not None check. Using if timeout_seconds is not None instead of or would preserve the intended semantics for all numeric values.

Additional Locations (1)

• src/unstructured_client/_hooks/custom/split_pdf_hook.py#L645-L646

 

^{Reviewed by Cursor Bugbot for commit 3e0d3d3. Configure here.}