chore: remove diskcache dependency from lock

[mckornfield]

Summary by CodeRabbit

• Chores
  • Removed a package dependency and updated dependency configuration overrides
  • Refreshed third-party vulnerability records and license metadata across project tracking systems

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 24a3cb4c-72ac-4d86-9e84-1acd65909b6c

📥 Commits

Reviewing files that changed from the base of the PR and between afb3001 and 03f80af.

⛔ Files ignored due to path filters (1)

• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (4)

• pyproject.toml
• third_party/licenses.jsonl
• third_party/osv-licenses.json
• third_party/requirements-main.txt

💤 Files with no reviewable changes (2)

• third_party/licenses.jsonl
• third_party/requirements-main.txt

---

📝 Walkthrough

Walkthrough

diskcache is blocked via a sys_platform == 'never' override in pyproject.toml (CVE-2025-69872) and removed from third_party/requirements-main.txt. Its license record is dropped from third_party/licenses.jsonl, its vulnerability entry from third_party/osv-licenses.json, and the Apache-2.0 license count decremented accordingly.

Changes

diskcache removal for CVE-2025-69872

Layer / File(s)	Summary
Override and requirements removal pyproject.toml, third_party/requirements-main.txt	pyproject.toml adds a diskcache entry under tool.uv.override-dependencies conditioned on sys_platform == 'never'; requirements-main.txt removes the diskcache==5.6.3 pin with its hashes and # via ragas comment.
License and OSV record cleanup third_party/licenses.jsonl, third_party/osv-licenses.json	diskcache JSONL license record removed; diskcache vulnerability block removed from the packages array; litellm GHSA-4xpc-pv4p-pm3w record updated with a new modified timestamp and revised related entries; Apache-2.0 count decremented from 81 to 80.

Suggested labels

chore

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	Title accurately describes the main change: removing diskcache dependency from lock files across multiple configuration and metadata files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch cve-again-for-020/mck

---

_{Comment @coderabbitai help to get the list of available commands.}

[github-actions]

Suite	Lines Covered	Line Rate	Branch Rate
Unit Tests	20908/27478	76.1%	61.2%
Integration Tests	12109/26247	46.1%	19.5%