And the rest of it

Bumps the utilities-patch group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [channels](https://github.com/django/channels) | `4.3.1` | `4.3.2` |
| [django-soft-delete](https://github.com/san4ezy/django_softdelete) | `1.0.21` | `1.0.22` |
| [django-treenode](https://github.com/fabiocaccamo/django-treenode) | `0.23.2` | `0.23.3` |
| [imap-tools](https://github.com/ikvk/imap_tools) | `1.11.0` | `1.11.1` |
| [python-gnupg](https://github.com/vsajip/python-gnupg) | `0.5.5` | `0.5.6` |
| [mkdocs-material](https://github.com/squidfunk/mkdocs-material) | `9.7.0` | `9.7.1` |
| [ruff](https://github.com/astral-sh/ruff) | `0.14.5` | `0.14.13` |



Updates `channels` from 4.3.1 to 4.3.2
- [Changelog](https://github.com/django/channels/blob/main/CHANGELOG.txt)
- [Commits](https://github.com/django/channels/compare/4.3.1...4.3.2)

Updates `django-soft-delete` from 1.0.21 to 1.0.22
- [Changelog](https://github.com/san4ezy/django_softdelete/blob/master/CHANGELOG.md)
- [Commits](https://github.com/san4ezy/django_softdelete/commits)

Updates `django-treenode` from 0.23.2 to 0.23.3
- [Release notes](https://github.com/fabiocaccamo/django-treenode/releases)
- [Changelog](https://github.com/fabiocaccamo/django-treenode/blob/main/CHANGELOG.md)
- [Commits](https://github.com/fabiocaccamo/django-treenode/compare/0.23.2...0.23.3)

Updates `imap-tools` from 1.11.0 to 1.11.1
- [Release notes](https://github.com/ikvk/imap_tools/releases)
- [Changelog](https://github.com/ikvk/imap_tools/blob/master/docs/release_notes.rst)
- [Commits](https://github.com/ikvk/imap_tools/compare/v1.11.0...v1.11.1)

Updates `python-gnupg` from 0.5.5 to 0.5.6
- [Release notes](https://github.com/vsajip/python-gnupg/releases)
- [Changelog](https://github.com/vsajip/python-gnupg/blob/master/release)
- [Commits](https://github.com/vsajip/python-gnupg/compare/0.5.5...0.5.6)

Updates `mkdocs-material` from 9.7.0 to 9.7.1
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.7.0...9.7.1)

Updates `ruff` from 0.14.5 to 0.14.13
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.14.5...0.14.13)

---
updated-dependencies:
- dependency-name: channels
  dependency-version: 4.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: utilities-patch
- dependency-name: django-soft-delete
  dependency-version: 1.0.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: utilities-patch
- dependency-name: django-treenode
  dependency-version: 0.23.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: utilities-patch
- dependency-name: imap-tools
  dependency-version: 1.11.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: utilities-patch
- dependency-name: python-gnupg
  dependency-version: 0.5.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: utilities-patch
- dependency-name: mkdocs-material
  dependency-version: 9.7.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: utilities-patch
- dependency-name: ruff
  dependency-version: 0.14.13
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: utilities-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/workflows/ci-docker.yml

@@ -35,7 +35,7 @@ jobs:
       contents: read
       packages: write
     outputs:
-      can-push: ${{ steps.check-push.outputs.can-push }}
+      should-push: ${{ steps.check-push.outputs.should-push }}
       push-external: ${{ steps.check-push.outputs.push-external }}
       repository: ${{ steps.repo.outputs.name }}
       ref-name: ${{ steps.ref.outputs.name }}
@@ -59,16 +59,28 @@ jobs:
         env:
           REF_NAME: ${{ steps.ref.outputs.name }}
         run: |
-          # can-push: Can we push to GHCR?
-          # True for: pushes, or PRs from the same repo (not forks)
-          can_push=${{ github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository }}
-          echo "can-push=${can_push}"
-          echo "can-push=${can_push}" >> $GITHUB_OUTPUT
+          # should-push: Should we push to GHCR?
+          # True for:
+          #   1. Pushes (tags/dev/beta) - filtered via the workflow triggers
+          #   2. Internal PRs where the branch name starts with 'feature-' - filtered here when a PR is synced
+
+          should_push="false"
+
+          if [[ "${{ github.event_name }}" == "push" ]]; then
+            should_push="true"
+          elif [[ "${{ github.event_name }}" == "pull_request" && "${{ github.event.pull_request.head.repo.full_name }}" == "${{ github.repository }}" ]]; then
+            if [[ "${REF_NAME}" == feature-* || "${REF_NAME}" == fix-* ]]; then
+              should_push="true"
+            fi
+          fi
+
+          echo "should-push=${should_push}"
+          echo "should-push=${should_push}" >> $GITHUB_OUTPUT
 
           # push-external: Should we also push to Docker Hub and Quay.io?
           # Only for main repo on dev/beta branches or version tags
           push_external="false"
-          if [[ "${can_push}" == "true" && "${{ github.repository_owner }}" == "paperless-ngx" ]]; then
+          if [[ "${should_push}" == "true" && "${{ github.repository_owner }}" == "paperless-ngx" ]]; then
             case "${REF_NAME}" in
               dev|beta)
                 push_external="true"
@@ -125,20 +137,20 @@ jobs:
           labels: ${{ steps.docker-meta.outputs.labels }}
           build-args: |
             PNGX_TAG_VERSION=${{ steps.docker-meta.outputs.version }}
-          outputs: type=image,name=${{ env.REGISTRY }}/${{ steps.repo.outputs.name }},push-by-digest=true,name-canonical=true,push=${{ steps.check-push.outputs.can-push }}
+          outputs: type=image,name=${{ env.REGISTRY }}/${{ steps.repo.outputs.name }},push-by-digest=true,name-canonical=true,push=${{ steps.check-push.outputs.should-push }}
           cache-from: |
             type=registry,ref=${{ env.REGISTRY }}/${{ steps.repo.outputs.name }}/cache/app:${{ steps.ref.outputs.cache-ref }}-${{ matrix.arch }}
             type=registry,ref=${{ env.REGISTRY }}/${{ steps.repo.outputs.name }}/cache/app:dev-${{ matrix.arch }}
-          cache-to: ${{ steps.check-push.outputs.can-push == 'true' && format('type=registry,mode=max,ref={0}/{1}/cache/app:{2}-{3}', env.REGISTRY, steps.repo.outputs.name, steps.ref.outputs.cache-ref, matrix.arch) || '' }}
+          cache-to: ${{ steps.check-push.outputs.should-push == 'true' && format('type=registry,mode=max,ref={0}/{1}/cache/app:{2}-{3}', env.REGISTRY, steps.repo.outputs.name, steps.ref.outputs.cache-ref, matrix.arch) || '' }}
       - name: Export digest
-        if: steps.check-push.outputs.can-push == 'true'
+        if: steps.check-push.outputs.should-push == 'true'
         run: |
           mkdir -p /tmp/digests
           digest="${{ steps.build.outputs.digest }}"
           echo "digest=${digest}"
           touch "/tmp/digests/${digest#sha256:}"
       - name: Upload digest
-        if: steps.check-push.outputs.can-push == 'true'
+        if: steps.check-push.outputs.should-push == 'true'
         uses: actions/upload-artifact@v6.0.0
         with:
           name: digests-${{ matrix.arch }}
@@ -149,7 +161,7 @@ jobs:
     name: Merge and Push Manifest
     runs-on: ubuntu-24.04
     needs: build-arch
-    if: needs.build-arch.outputs.can-push == 'true'
+    if: needs.build-arch.outputs.should-push == 'true'
     permissions:
       contents: read
       packages: write

.pre-commit-config.yaml

@@ -37,7 +37,7 @@ repos:
           - json
   # See https://github.com/prettier/prettier/issues/15742 for the fork reason
   - repo: https://github.com/rbubley/mirrors-prettier
-    rev: 'v3.6.2'
+    rev: 'v3.8.0'
     hooks:
       - id: prettier
         types_or:
@@ -49,7 +49,7 @@ repos:
           - 'prettier-plugin-organize-imports@4.1.0'
   # Python hooks
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.14.5
+    rev: v0.14.13
     hooks:
       - id: ruff-check
       - id: ruff-format
@@ -76,7 +76,7 @@ repos:
     hooks:
       - id: shellcheck
   - repo: https://github.com/google/yamlfmt
-    rev: v0.20.0
+    rev: v0.21.0
     hooks:
       - id: yamlfmt
         exclude: "^src-ui/pnpm-lock.yaml"

Dockerfile

@@ -30,7 +30,7 @@ RUN set -eux \
 # Purpose: Installs s6-overlay and rootfs
 # Comments:
 #  - Don't leave anything extra in here either
-FROM ghcr.io/astral-sh/uv:0.9.15-python3.12-trixie-slim AS s6-overlay-base
+FROM ghcr.io/astral-sh/uv:0.9.26-python3.12-trixie-slim AS s6-overlay-base
 
 WORKDIR /usr/src/s6
 

pyproject.toml

@@ -19,16 +19,16 @@ dependencies = [
   "azure-ai-documentintelligence>=1.0.2",
   "babel>=2.17",
   "bleach~=6.3.0",
-  "celery[redis]~=5.5.1",
+  "celery[redis]~=5.6.2",
   "channels~=4.2",
   "channels-redis~=4.2",
   "concurrent-log-handler~=0.9.25",
   "dateparser~=1.2",
   # WARNING: django does not use semver.
   #          Only patch versions are guaranteed to not introduce breaking changes.
-  "django~=5.2.5",
-  "django-allauth[mfa,socialaccount]~=65.12.1",
-  "django-auditlog~=3.3.0",
+  "django==5.2.10",
+  "django-allauth[mfa,socialaccount]~=65.13.0",
+  "django-auditlog~=3.4.1",
   "django-cachalot~=2.8.0",
   "django-celery-results~=2.6.0",
   "django-compression-middleware~=0.5.0",
@@ -47,20 +47,20 @@ dependencies = [
   "faiss-cpu>=1.10",
   "filelock~=3.20.0",
   "flower~=2.0.1",
-  "gotenberg-client~=0.12.0",
+  "gotenberg-client~=0.13.1",
   "httpx-oauth~=0.16",
   "imap-tools~=1.11.0",
   "inotifyrecursive~=0.3",
   "jinja2~=3.1.5",
   "langdetect~=1.0.9",
-  "llama-index-core>=0.12.33.post1",
-  "llama-index-embeddings-huggingface>=0.5.3",
-  "llama-index-embeddings-openai>=0.3.1",
-  "llama-index-llms-ollama>=0.5.4",
-  "llama-index-llms-openai>=0.3.38",
-  "llama-index-vector-stores-faiss>=0.3",
+  "llama-index-core>=0.14.12",
+  "llama-index-embeddings-huggingface>=0.6.1",
+  "llama-index-embeddings-openai>=0.5.1",
+  "llama-index-llms-ollama>=0.9.1",
+  "llama-index-llms-openai>=0.6.13",
+  "llama-index-vector-stores-faiss>=0.5.2",
   "nltk~=3.9.1",
-  "ocrmypdf~=16.12.0",
+  "ocrmypdf~=16.13.0",
   "openai>=1.76",
   "pathvalidate~=3.3.1",
   "pdf2image~=1.17.0",
@@ -77,10 +77,10 @@ dependencies = [
   "sentence-transformers>=4.1",
   "setproctitle~=1.3.4",
   "tika-client~=0.10.0",
-  "torch~=2.7.0",
+  "torch~=2.9.1",
   "tqdm~=4.67.1",
   "watchdog~=6.0",
-  "whitenoise~=6.9",
+  "whitenoise~=6.11",
   "whoosh-reloaded>=2.7.5",
   "zxing-cpp~=2.3.0",
 ]
@@ -89,13 +89,13 @@ optional-dependencies.mariadb = [
   "mysqlclient~=2.2.7",
 ]
 optional-dependencies.postgres = [
-  "psycopg[c,pool]==3.2.12",
+  "psycopg[c,pool]==3.3",
   # Direct dependency for proper resolution of the pre-built wheels
-  "psycopg-c==3.2.12",
-  "psycopg-pool==3.2.7",
+  "psycopg-c==3.3",
+  "psycopg-pool==3.3",
 ]
 optional-dependencies.webserver = [
-  "granian[uvloop]~=2.5.1",
+  "granian[uvloop]~=2.6.0",
 ]
 
 [dependency-groups]
@@ -127,7 +127,7 @@ testing = [
 ]
 
 lint = [
-  "pre-commit~=4.4.0",
+  "pre-commit~=4.5.1",
   "pre-commit-uv~=4.2.0",
   "ruff~=0.14.0",
 ]
@@ -152,7 +152,7 @@ typing = [
 ]
 
 [tool.uv]
-required-version = ">=0.5.14"
+required-version = ">=0.9.0"
 package = false
 environments = [
   "sys_platform == 'darwin'",
@@ -162,8 +162,8 @@ environments = [
 [tool.uv.sources]
 # Markers are chosen to select these almost exclusively when building the Docker image
 psycopg-c = [
-  { url = "https://github.com/paperless-ngx/builder/releases/download/psycopg-bookworm-3.2.12/psycopg_c-3.2.12-cp312-cp312-linux_x86_64.whl", marker = "sys_platform == 'linux' and platform_machine == 'x86_64' and python_version == '3.12'" },
-  { url = "https://github.com/paperless-ngx/builder/releases/download/psycopg-bookworm-3.2.12/psycopg_c-3.2.12-cp312-cp312-linux_aarch64.whl", marker = "sys_platform == 'linux' and platform_machine == 'aarch64' and python_version == '3.12'" },
+  { url = "https://github.com/paperless-ngx/builder/releases/download/psycopg-trixie-3.3.0/psycopg_c-3.3.0-cp312-cp312-linux_x86_64.whl", marker = "sys_platform == 'linux' and platform_machine == 'x86_64' and python_version == '3.12'" },
+  { url = "https://github.com/paperless-ngx/builder/releases/download/psycopg-trixie-3.3.0/psycopg_c-3.3.0-cp312-cp312-linux_aarch64.whl", marker = "sys_platform == 'linux' and platform_machine == 'aarch64' and python_version == '3.12'" },
 ]
 zxing-cpp = [
   { url = "https://github.com/paperless-ngx/builder/releases/download/zxing-2.3.0/zxing_cpp-2.3.0-cp312-cp312-linux_x86_64.whl", marker = "sys_platform == 'linux' and platform_machine == 'x86_64' and python_version == '3.12'" },

src/paperless_ai/tests/test_chat.py

@@ -11,14 +11,12 @@ from paperless_ai.chat import stream_chat_with_documents
 @pytest.fixture(autouse=True)
 def patch_embed_model():
     from llama_index.core import settings as llama_settings
+    from llama_index.core.embeddings.mock_embed_model import MockEmbedding
 
-    mock_embed_model = MagicMock()
-    mock_embed_model._get_text_embedding_batch.return_value = [
-        [0.1] * 1536,
-    ]  # 1 vector per input
-    llama_settings.Settings._embed_model = mock_embed_model
+    # Use a real BaseEmbedding subclass to satisfy llama-index 0.14 validation
+    llama_settings.Settings.embed_model = MockEmbedding(embed_dim=1536)
     yield
-    llama_settings.Settings._embed_model = None
+    llama_settings.Settings.embed_model = None
 
 
 @pytest.fixture(autouse=True)