LCORE-1216: Fix wrong llama-stack-api version

[are-ces]

Description

llama-stack-api version should be 0.4.3, same as llama-stack

Type of change

• Refactor
• New feature
• Bug fix
• CVE fix
• Optimization
• Documentation Update
• Configuration Update
• Bump-up service version
• Bump-up dependent library
• Bump-up library or tool used for development (does not change the final image)
• CI configuration change
• Konflux configuration change
• Unit tests improvement
• Integration tests improvement
• End to end tests improvement
• Benchmarks improvement

Tools used to create PR

Identify any AI code assistants used in this PR (for transparency and review context)

• Assisted-by: (e.g., Claude, CodeRabbit, Ollama, etc., N/A if not used)
• Generated by: (e.g., tool name and version; N/A if not used)

Related Tickets & Documents

• Related Issue #
• Closes #

Checklist before requesting a review

• I have performed a self-review of my code.
• PR has passed all pre-merge test jobs.
• If it is a core feature, I have added thorough tests.

Testing

• Please provide detailed steps to perform tests related to this code change.
• How were the fix/results from this change verified? Please provide relevant screenshots or results.

Summary by CodeRabbit

• Chores
  • Updated several package versions and lockfile hashes to keep dependencies current and reproducible.
  • Adjusted build metadata (Python interpreter reference) and tooling versions for compatibility.
  • Cleaned and clarified commented entries related to optional/packaging components.

[coderabbitai]

Walkthrough

Dependency adjustments across build and lock files: a llama-stack-api version change in pyproject.toml, edits to requirements-build.txt (comments and tool versions), extensive hash/version updates in requirements.hashes.source.txt, and removals from requirements.hashes.wheel.txt.

Changes

Cohort / File(s)	Summary
Project manifest pyproject.toml	Downgraded llama-stack-api from 0.4.4 to 0.4.3.
Build requirements requirements-build.txt	Updated Python header, added/changed entries/comments (e.g., cython, dunamai), bumped maturin and setuptools, and adjusted commented references to grpcio/starlette.
Source lock/hashes requirements.hashes.source.txt	Large set of package version and hash updates (many packages bumped or added, e.g., authlib, blobfile, fastapi, litellm, openai, polyleven, wcwidth, plus llama-stack-api change). Full hash replacements for updated packages.
Wheel lock/hashes requirements.hashes.wheel.txt	Removed entries and hashes for grpcio==1.76.0, pyaml==25.7.0, and starlette==0.50.0.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• LCORE-1140: Updated dependencies #975 — Related dependency and lock/hash updates across requirements files with overlap in packages like llama-stack, openai, and litellm/grpcio.

Suggested reviewers

• radofuchs
• umago
• tisnik

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically identifies the bug fix being made: correcting the llama-stack-api version to 0.4.3, which aligns with the primary changes across the three requirement files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

requirements-build.txt (1)

33-38: ⚠️ Potential issue | 🟠 Major

Resolve duplicate hatchling pins before release.

The compiled requirements file contains two pinned versions of hatchling (1.26.3 on line 33 and 1.28.0 on line 38), generated by pybuild-deps during the build process. This happens because conflicting transitive dependencies cannot resolve to a single version—notably, hatch-fancy-pypi-readme appears in the dependency chains for both versions. Before releasing, regenerate the requirements by running make konflux-requirements after ensuring your source constraints in pyproject.toml (or any constraint overrides) can be satisfied with a single hatchling version. If pybuild-deps still produces duplicates, investigate the version requirements of packages like hatch-fancy-pypi-readme, llama-stack-client, openai, a2a-sdk, einops, and related build dependencies.

[tisnik]

LGTM

[tisnik]

it's been bumped on purpose - to fix CVE