Bump uvicorn and retest quickstart flow

[dex-the-ai]

Summary

• bump uvicorn from 0.47.0 to 0.48.0
• refresh the repo-local execution scaffold from app/.env.example plus the canonical machine env and re-verify the FastAPI quickstart flow
• keep the Slack status notification step non-blocking while updating ravsamhq/notify-slack-action from v1 to v2
• defer the available fastapi 0.136.3 bump for now because pip-audit flags that release with advisory MAL-2026-4750 and no published fix version

Verification

• uv venv --clear --seed --python /usr/bin/python3.14 .venv
• python -m pip install -r requirements.txt
• pip-audit -f json
• python -m pytest -q
• uvicorn app.main:app --host 127.0.0.1 --port 8000
• exercised /docs, /openapi.json, GET /api/v1/airport/list?country=France&limit=2, GET /api/v1/hotel/autocomplete?name=Seal, POST /api/v1/hotel/filter?limit=2, and airport CRUD on airport_walkthrough_20260601_pr235

Evidence

• Final branch state passed python -m pytest -q: 47 passed, 9 warnings.
• Follow-up commit dad0c3e removes the airport-list SQL++ completeness guard and its query-shape tests per reviewer request, keeping the PR scoped to the dependency/workflow refresh.
• Final branch state passed pip-audit -f json with no known vulnerabilities.
• Live walkthrough succeeded again after dad0c3e for airport list, hotel autocomplete/filter, and airport create/read/update/delete against the running app.
• Swagger UI screenshot captured for reviewer proof.

pytest excerpt

47 passed, 9 warnings in 22.09s

API walkthrough excerpt

# /docs
200

# OpenAPI
Python Quickstart using FastAPI

# Airport CRUD delete
204

• tutorial-maintenance/runs/python-quickstart-fastapi/2026-05-26T19-28-05Z/verification.md
• tutorial-maintenance/runs/python-quickstart-fastapi/2026-05-26T19-28-05Z/walkthrough-final.log
• tutorial-maintenance/runs/python-quickstart-fastapi/2026-05-26T19-28-05Z/swagger-docs-final.png

Notes

• python -m pip list --outdated --format=json still reports fastapi 0.136.3 and transitive pydantic_core 2.47.0; the FastAPI bump was intentionally left out because of the current pip-audit advisory, and the transitive pydantic_core drift depends on a future direct pydantic release bump.
• I saw one transient baseline pytest failure on the first Capella-backed rerun, but an immediate rerun passed cleanly and the final branch state reproduced cleanly as 47 passed.
• Dockerfile / README Python-version drift remains unchanged in this pass to keep the PR focused on the safe dependency update.

Media evidence

• Captured the /docs Swagger surface from the final verified branch state.
• Shows the live API docs that match the CRUD walkthrough exercised in verification.

Notes

• Local artifact path: tutorial-maintenance/runs/python-quickstart-fastapi/2026-05-26T19-28-05Z/swagger-docs-final.png

- Short walkthrough video of the live `/docs` Swagger surface from the verified branch state. [Short walkthrough video of the FastAPI Swagger docs](https://res.cloudinary.com/dhwqj0ps2/video/upload/v1779836908/pr-evidence/couchbase-examples/python-quickstart-fastapi/pr-235/swagger-docs-final-walkthrough.webm)

Notes

• Local artifact path: tutorial-maintenance/runs/python-quickstart-fastapi/2026-05-26T19-28-05Z/swagger-docs-final.webm

[dex-the-ai]

Owner ping for this maintenance PR: @nithishr

Requesting review from the manifest-listed owner(s) where GitHub does not already show a pending review request.

[gemini-code-assist]

Code Review

This pull request updates the uvicorn dependency version from 0.47.0 to 0.48.0 in requirements.txt. There are no review comments, and I have no feedback to provide.

[dex-the-ai]

Dex update: I pushed follow-up changes.

• Added reviewer-facing Swagger UI evidence from the final verified branch state.

Verification / evidence

• Reconfirmed the final branch state as uvicorn 0.48.0 only, with fastapi held at 0.136.1 because pip-audit flags 0.136.3 with MAL-2026-4750 and no published fix version.
• Swagger UI screenshot: https://res.cloudinary.com/dhwqj0ps2/image/upload/v1779825294/tutorial-maintenance/python-quickstart-fastapi/pr-235/igq09rhzbxc6gdiejnyg.png

[dex-the-ai]

I pushed a workflow-only follow-up. The previous red test status was coming from the final Slack notification step (ravsamhq/notify-slack-action@v1 crashing with ImportError: cannot import name 'cache' from 'functools'), not from the FastAPI test run. This branch now uses ravsamhq/notify-slack-action@v2 and leaves the report step non-blocking so a notifier regression cannot flip a green test job red.

[dex-the-ai]

I pushed one more follow-up after the workflow fix. The rerun exposed a real FastAPI response-validation failure in /api/v1/airport/list: one returned row was missing airportname, so the endpoint was raising before the list test could complete. The branch now filters out incomplete airport rows before serializing the response and adds a focused regression test for that guard. I also syntax-checked the touched Python files with python3 -m py_compile before pushing.

[Copilot]

Pull request overview

This PR primarily updates the FastAPI quickstart dependency set by bumping uvicorn, while also adding airport response filtering and adjusting CI Slack notification behavior.

Changes:

• Bumps uvicorn from 0.47.0 to 0.48.0.
• Adds filtering for incomplete airport list rows and a unit test for missing required fields.
• Updates the Slack notification workflow action and makes that step non-blocking.

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 3 comments.

File	Description
requirements.txt	Updates the pinned uvicorn version.
app/routers/airport.py	Filters airport list results before returning them.
app/tests/test_airport.py	Adds a unit test for airport filtering behavior.
.github/workflows/tests.yml	Updates Slack notification action version and error handling.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.